A Framework for Secure Management of Web Services (SMaWS) in Enterprise Application Integration

This dissertation addresses challenges currently faced by enterprises that have embraced the new technology called Web Service in order to reduce the cost of enterprise application integration (EAI) as well as improve operational efficiency of their mission-critical business processes. The nature of Web Service introduces new challenges such as dependency among applications, and a failure in one application can lead to a failure in other dependent applications. Such challenges have led to a growing need for enterprises to confront Web Service monitoring and management issues as a priority. As a solution, this dissertation proposes a SMaWS (Secure Management of Web Services) infrastructure for secure monitoring and management of Web Services. Its goals are to provide deeper visibility into Web Service runtime activities as compared to currently Web Service management tools; access to information about the Quality of Service (QoS) of these Web Services; and a unified monitoring environment for Web Services deployed across enterprise business units. This enables an earlier detection of poor performance problem in each interdependent Web Service, which would lead to a faster diagnose and fixing of possible performance issue, and thus maximize availability. This dissertation describes the requirements analysis for monitoring and management of Web Services across an enterprise environment. It describes the architecture and design of the SMaWS infrastructure proposed for secure monitoring and management of Web Service. The proposed SMaWS framework enables the instrumentation of existing and newly developed Web Service applications, and extracts Web Service performance statistics. It determines Web Service identity, reliability, availability, security, usage, and license used by Web Service consumers to access a given service. This dissertation describes the SMaWS Repository and Security concepts that are proposed to address the challenges faced by most distributed architectures to enable the client applications determine the location of the server (“bootstrapping problem”), and at the same time ensuring both the integrity and confidentiality of parties involved. Finally, this dissertation presents a prototype implementation of SMaWS Manager Application and Sample SMaWS Web Service applications. The experimental results obtained, in terms of overhead induced by the SMaWS framework on the monitored Web Service applications, demonstrate the feasibility of the SMaWS infrastructure

Web Service Offerings Infrastructure (WSOI) -- A Management Infrastructure . . .

While the recent technologies for XML (Extensible Markup Language) Web Services are an important step towards the goal of application-toapplication (A2A) and business-to-business (B2B) integration, they do not address all management-related issues. Our Web Service Offerings Language (WSOL) enables formal specification of important management information -- classes of service (modeled as service offerings), various types of constraint (functional, QoS, access rights), and management statements (e.g., prices, penalties, and management responsibilities) -- for XML Web Services. To demonstrate the usefulness of WSOL for the management of XML Web Services and their compositions, we have developed a corresponding management infrastructure, the Web Service Offerings Infrastructure (WSOI). WSOI enables monitoring and accounting of WSOL service offerings and their dynamic manipulation. To support monitoring of WSOL service offerings, we have extended the Apache Axis open-source SOAP engine with WSOI-specific modules, data structures, and management ports. To support dynamic manipulation of WSOL service offerings, we have developed appropriate algorithms, protocols, and management port types and built into WSOI modules and data structures for their implementation. Apart from provisioning of WSOL-enabled XML Web Services, we are using WSOI to perform experiments comparing dynamic manipulation of WSOL service offerings and alternatives

Extending an open source enterprise service bus for multi-tenancy support

Within the Cloud computing approach, Platform as a Service is a way to provide customers with the capability to deploy acquired or consumer-created applications onto the Cloud infrastructure. It relieves these of the need to install and run their own infrastructure or to manage and control the underlying Cloud infrastructure. Whereas providers of such services try to serve as many customers as possible to exploit economies of scale, especially small and medium businesses profit from this approach, because they can save the high up front and administrative cost of installing and running their own processing systems and applications. In order to offer an Enterprise Service Bus as a proven technology known from the field of Service-Oriented Architectures as a Platform in the Cloud it has to be made multi-tenant aware. This fulfills the Platform as a Service providers' need to raise the overall utilization and to maximize revenue by serving multiple customers from one system instance. This master's thesis develops a concept to extend an Enterprise Service Bus by multi-tenancy support with respect to communication and implements this concept in an open source product. The concept and implementation are evaluated by application to a scenario originating from the European project 4CaaSt

Supporting Autonomic Management of Clouds: Service-Level-Agreement, Cloud Monitoring and Similarity Learning

Cloud computing has grown rapidly during the past few years and has become a fundamental paradigm in the Information Technology (IT) area. Clouds enable dynamic, scalable and rapid provision of services through a computer network, usually the Internet. However, managing and optimising clouds and their services in the presence of dynamism and heterogeneity is one of the major challenges faced by industry and academia. A prominent solution is resorting to selfmanagement as fostered by autonomic computing. Self-management requires knowledge about the system and the environment to enact the self-* properties. Nevertheless, the characteristics of cloud, such as large-scale and dynamism, hinder the knowledge discovery process. Moreover, cloud systems abstract the complexity of the infrastructure underlying the provided services to their customers, which obfuscates several details of the provided services and, thus, obstructs the effectiveness of autonomic managers. While a large body of work has been devoted to decisionmaking and autonomic management in the cloud domain, there is still a lack of adequate solutions for the provision of knowledge to these processes. In view of the lack of comprehensive solutions for the provision of knowledge to the autonomic management of clouds, we propose a theoretical and practical framework which addresses three major aspects of this process: (i) the definition of services’ provision through the specification of a formal language to define Service-Level-Agreements for the cloud domain; (ii) the collection and processing of information through an extensible knowledge discovery architecture to monitor autonomic clouds with support to the knowledge discovery process; and (iii) the knowledge discovery through a machine learning methodology to calculate the similarity among services, which can be employed for different purposes, e.g. service scheduling and anomalous behaviour detection. Finally, in a case study, we integrate the proposed solutions and show the benefits of this integration in a hybrid cloud test-bed

Surveillance dynamique de compositions de services web à l'aide de protocoles de comportement

Dans ce travail nous proposons une adaptation du paradigme de la programmation par contrat - contrats exprimés sous forme de protocoles de comportement - au contexte des architectures orientées services, et ce à travers la conception d'un cadre d'applications (framework) supportant l'ensemble du processus de contractualisation, à savoir, la définition des contrats, la surveillance dynamique et la réaction en fonction du respect ou non des règles établies. La solution proposée permet de détecter les ruptures de contrat à chaud, c'est-à-dire en cours d'exécution des compositions de services, ouvrant ainsi la porte à l'instauration de mécanismes dynamiques de compensation. Les contrats surveillés représentent des protocoles de comportements de processus BPEL, ce qui permet de définir des contraintes sur l'ordre d'exécution des opérations publiques des services partenaires. Nous en présentons également une mise en œuvre, BPEL.RPM, qui est adaptable, dans le sens où elle peut aisément intégrer des modules externes de compensation, mais qui est aussi portable, puisqu'elle fonctionne indépendamment de l'environnement d'exécution des services Web. \ud ______________________________________________________________________________ \ud MOTS-CLÉS DE L’AUTEUR : services Web, programmation par contrat, surveillance dynamique, BPEL

Managing Service Dependencies in Service Compositions

In the Internet of Services (IoS) providers and consumers of services engage in business interactions on service marketplaces. Provisioning and consumption of services are regulated by service level agreements (SLA), which are negotiated between providers and consumers. Trading composite services requires the providers to manage the SLAs that are negotiated with the providers of atomic services and the consumers of the composition. The management of SLAs involves the negotiation and renegotiation of SLAs as well as their monitoring during service provisioning. The complexity of this task arises due to the fact that dependencies exist between the different services in a composition. Dependencies between services occur because the complex task of a composition is distributed between atomic services. Thus, the successful provisioning of the composite service depends on its atomic building blocks. At the same time, atomic services depend on other atomic services, e.g. because of data or resource requirements, or time relationships. These dependencies need to be considered for the management of composite service SLAs. This thesis aims at developing a management approach for dependencies between services in service compositions to support SLA management. Information about service dependencies is not explicitly available. Instead it is implicitly contained in the workflow description of a composite service, the negotiated SLAs of the composite service, and as application domain knowledge of experts, which makes the handling of this information more complex. Thus, the dependency management approach needs to capture this dependency information in an explicit way. The dependency information is then used to support SLA management in three ways. First of all dependency information is used during SLA negotiation the to ensure that the different SLAs enable the successful collaboration of the services to achieve the composite service goal. Secondly, during SLA renegotiation dependency information is used to determine which effects the renegotiation has on other SLAs. Finally, dependency information is used during SLA monitoring to determine the effects of detected violations on other services. Based on a literature study and two use cases from the logistics and healthcare domains different types of dependencies were analyzed and classified. The results from this analysis were used as a basis for the development of an approach to analyze and represent dependency information according to the different dependency properties. Furthermore, a lifecycle and architecture for managing dependency information was developed. In an iterative approach the different artifacts were implemented, tested based on two use cases, and refined according to the test results Finally, the prototype was evaluated with regard to detailed test cases and performance measurements were executed. The resulting dependency management approach has four main contributions. Firstly, it represents a holistic approach for managing service dependencies with regard to composite SLA management. It extends existing work by supporting the handling of dependencies between atomic services as well as atomic and composite services at design time and during service provisioning. Secondly, a semi-automatic approach to capturing dependency information is provided. It helps to achieve a higher degree of automation as compared to other approaches. Thirdly, a metamodel for representing dependency information for SLA management is shown. Dependency information is kept separately from SLA information to achieve a better separation of concerns. This facilitates the utilization of the dependency management functionality with different SLA management approaches. Fourthly, a dependency management architecture is presented. The design of the architecture ensures that the components can be integrated with different SLA management approaches. The test case based evaluation of the dependency management approach showed its feasibility and correct functioning in two different application domains. Furthermore, the performance evaluation showed that the automated dependency management tasks are executed within the range of milliseconds for both use cases. The dependency management approach is suited to support the different SLA management tasks. It supports the work of composite service providers by facilitating the SLA management of complex service compositions

Managing Service Dependencies in Service Compositions

In the Internet of Services (IoS) providers and consumers of services engage in business interactions on service marketplaces. Provisioning and consumption of services are regulated by service level agreements (SLA), which are negotiated between providers and consumers. Trading composite services requires the providers to manage the SLAs that are negotiated with the providers of atomic services and the consumers of the composition. The management of SLAs involves the negotiation and renegotiation of SLAs as well as their monitoring during service provisioning. The complexity of this task arises due to the fact that dependencies exist between the different services in a composition. Dependencies between services occur because the complex task of a composition is distributed between atomic services. Thus, the successful provisioning of the composite service depends on its atomic building blocks. At the same time, atomic services depend on other atomic services, e.g. because of data or resource requirements, or time relationships. These dependencies need to be considered for the management of composite service SLAs. This thesis aims at developing a management approach for dependencies between services in service compositions to support SLA management. Information about service dependencies is not explicitly available. Instead it is implicitly contained in the workflow description of a composite service, the negotiated SLAs of the composite service, and as application domain knowledge of experts, which makes the handling of this information more complex. Thus, the dependency management approach needs to capture this dependency information in an explicit way. The dependency information is then used to support SLA management in three ways. First of all dependency information is used during SLA negotiation the to ensure that the different SLAs enable the successful collaboration of the services to achieve the composite service goal. Secondly, during SLA renegotiation dependency information is used to determine which effects the renegotiation has on other SLAs. Finally, dependency information is used during SLA monitoring to determine the effects of detected violations on other services. Based on a literature study and two use cases from the logistics and healthcare domains different types of dependencies were analyzed and classified. The results from this analysis were used as a basis for the development of an approach to analyze and represent dependency information according to the different dependency properties. Furthermore, a lifecycle and architecture for managing dependency information was developed. In an iterative approach the different artifacts were implemented, tested based on two use cases, and refined according to the test results Finally, the prototype was evaluated with regard to detailed test cases and performance measurements were executed. The resulting dependency management approach has four main contributions. Firstly, it represents a holistic approach for managing service dependencies with regard to composite SLA management. It extends existing work by supporting the handling of dependencies between atomic services as well as atomic and composite services at design time and during service provisioning. Secondly, a semi-automatic approach to capturing dependency information is provided. It helps to achieve a higher degree of automation as compared to other approaches. Thirdly, a metamodel for representing dependency information for SLA management is shown. Dependency information is kept separately from SLA information to achieve a better separation of concerns. This facilitates the utilization of the dependency management functionality with different SLA management approaches. Fourthly, a dependency management architecture is presented. The design of the architecture ensures that the components can be integrated with different SLA management approaches. The test case based evaluation of the dependency management approach showed its feasibility and correct functioning in two different application domains. Furthermore, the performance evaluation showed that the automated dependency management tasks are executed within the range of milliseconds for both use cases. The dependency management approach is suited to support the different SLA management tasks. It supports the work of composite service providers by facilitating the SLA management of complex service compositions

Model-Driven Online Capacity Management for Component-Based Software Systems

Capacity management is a core activity when designing and operating distributed software systems. It comprises the provisioning of data center resources and the deployment of software components to these resources. The goal is to continuously provide adequate capacity, i.e., service level agreements should be satisfied while keeping investment and operating costs reasonably low. Traditional capacity management strategies are rather static and pessimistic: resources are provisioned for anticipated peak workload levels. Particularly, enterprise application systems are exposed to highly varying workloads, leading to unnecessarily high total cost of ownership due to poor resource usage efficiency caused by the aforementioned static capacity management approach. During the past years, technologies emerged that enable dynamic data center infrastructures, e. g., leveraged by cloud computing products. These technologies build the foundation for elastic online capacity management, i.e., adapting the provided capacity to workload demands based on a short-term horizon. Because manual online capacity management is not an option, automatic control approaches have been proposed. However, most of these approaches focus on coarse-grained adaptation actions and adaptation decisions are based on aggregated system-level measures. Architectural information about the controlled software system is rarely considered. This thesis introduces a model-driven online capacity management approach for distributed component-based software systems, called SLAstic. The core contributions of this approach are a) modeling languages to capture relevant architectural information about a controlled software system, b) an architecture-based online capacity management framework based on the common MAPE-K control loop architecture, c) model-driven techniques supporting the automation of the approach, d) architectural runtime reconfiguration operations for controlling a system’s capacity, e) as well as an integration of the Palladio Component Model. A qualitative and quantitative evaluation of the approach is performed by case studies, lab experiments, and simulation