Dawit Lessanu

Over the past decade IT systems have grown in the variety of solutions, platforms, frameworks and implementation approach options available to organizations. This growth points to greater heterogeneity across and increased complexity within these systems. Coupling this with the drive to organize, reduce costs and gain efficiencies creates a need for a proven methodology towards tackling both the complexity and the discipline necessary to successfully achieve a mature first-class IT organization. Enterprise architecture (EA) is increasingly becoming acknowledged as a methodology to help address a wide variety of industry-specific needs based on best practices. Similarly service-oriented architecture (SOA) as a discipline has become increasingly popular as a methodology of improving organizational agility and reducing costs. SOA and EA have evolved into mature approaches to solving many of the goals and challenges businesses face today. This article explores possibilities of where service-oriented analysis, the first step towards achieving an SOA, can and should take place within an EA, specifically concerning the Department of Defense Enterprise Architecture Framework (DoDAF) version 2.0. Service-oriented analysis is the first step in migrating towards an SOA. The goal of service-oriented analysis, while multifaceted, primarily seeks to deliver a standard set of services that comprise a service inventory. The SOA methodology addresses the question of what services need to be built and what logic should be encapsulated by each service. The process through which one conducts service-oriented analysis is supported in many ways within the strategic top-down approach of the enterprise architecture (EA) methodology. Service-oriented analysis, therefore, can and more importantly should be seen as a necessary part of any successful EA endeavor.

Mamoon Yunus

This article compares centralized and decentralized application security models. It focuses on technical costs and organizational considerations while comparing these models. The analysis shows that centralized management of security policies has significant advantages over decentralized application security deployments including cost reduction, better risk mitigation and greater freedom for application developers to focus on creating business value. Now, more than ever before, the global business environment expects greater customer service, demands deeper value chain integration and drives fiercer competition while requiring corporations to perform efficiently with diminishing resources. IT departments are in the midst of this global storm and are now pushed to deliver applications rapidly while minimizing costs. Fortunately, with the maturity of agile development, SOA and related standards, and cloud computing, the foundations are available for building resilient, nimble and cost effective IT infrastructure that is responsive to business needs. Modern applications that meet current business needs consume information from multiple sources, internal and external. Composite application, Rich Internet Application, service APIs, virtualization, and cloud services provide extensive integration of data for real-time information access. This drive to open up business applications for integration comes at a cost: application security. As companies move towards opening up systems for greater information access they expose systems to broader security risks, including sensitive data leak, unauthorized information access and an increasing vulnerability attack surface area. In this article, we will contrast centralized and decentralized security models and explore how corporations are using centralized application security for cost-effective, consistent, and manageable security. Application security is deployed within corporations in centralized (hub-spoke), decentralized (point-to-point) or hybrid models.

Hamidreza Sattari and Shameer Kunjumohamed

This article, adapted for the Service Technology Magazine from the Spring Web Services 2 Cookbook, covers integration testing using Spring-JUnit support, server-side integration testing using MockWebServiceClient, client-side integration testing using MockWebServiceServer, monitoring TCP messages of a Web Service using TCPMon, and monitoring and load/functional testing a Web Service using soapUI. New software development strategies require comprehensive testing in order to achieve the quality in the software development process. Test-driven design (TDD) is an evolutionary approach to the development process, which combines the test-first development process and re-factoring. In the test-first development process, you write a test before writing the complete production code to simplify the test. This testing includes unit testing as well as integration testing. Spring provides support for integration testing features using the spring-test package. These features include dependency injection and loading the application context within the test environment. Writing a unit test that uses mock frameworks (such as EasyMock and JMock to test a Web Service) is quite easy. However, it is not testing the content of the XML messages, so it is not simulating the real production environment of testing. Spring Web Services 2.0 provides features to create server-side integration tests as well as the client-side one. Using these integration test features, it is very simple to test a SOAP service without deploying it on the server when you are testing the server side, and without the need to set up a server when you are testing the client side. In the first recipe, we will discuss how to use the Spring framework for Integration testing. In the next two recipes, new features for integration testing of Spring-WS 2.0 are detailed. In the last two recipes, using tools, such as soapUI and TCPMon for monitoring and testing Web Services, are presented.

Gijs in 't Veld

This article is geared to help CIOs, IT managers and architects understand: when to use BizTalk Server, SQL Server, Windows Server AppFabric; when to use Azure Service Bus; when to use hybrid integration architecture; the Federated Enterprise Service Bus (ESB); integration of PaaS and SaaS applications; and how to design future proof integration patterns. Integration is key in a best-of-breed application landscape, B2B (business-to-business) scenarios or service-oriented architecture (SOA). Applications, functions and services need to exchange data in order to participate in business processes. In the early days, integration was done by creating peer-to-peer connections between applications using direct database interaction, exchanging proprietary import/export files or executing API (application programming interface) calls. Over time, this resulted in unmanageable and badly performing applications due to the well-known “spaghetti integration” dilemma. With the arrival of the enterprise application integration (EAI) server, integration got a more sophisticated approach. However, very often it still results in peer-to-peer connection spaghetti, but now with a broken (hub) in the middle. Especially with the acceptance of SOA, the ESB integration pattern was born: loosely coupled integration through an Enterprise Service Bus, preferably based on the principles of service design by Thomas Erl, thereby creating a manageable and flexible abstraction layer. But, the risk of creating unmanageable and non-performing integration architectures is still there; it is said that the greatest competitor of integration middleware is the developer. Traditionally, integration middleware (the common name for the group of products facilitating ESB, EAI, B2B) is hosted and operated by the company that also hosts the back-end applications that are used to support the company business processes. For some scenarios, mainly B2B, external providers are sometimes used to integrate the third parties outside the company firewalls.

One of the vitality triggers that we documented a while back when putting the SOA Governance book together was the industry shift trigger. When a shift in the industry occurs we, as custodians of a service, revisit its implementation and usage to determine whether further enhancements or changes should be made. Industry shifts may relate to business change, but can also be caused by developments within IT. Of course, one of the primary objectives of service-orientation is to enable us to design solutions inherently flexible to such change.

An example of a pending shift in the service technology sector is the arrival of semantic Web innovation as part of mainstream IT. As we explore how and where semantic Web technologies and industry standards can be adopted and incorporated we further need to understand the associated impacts. This highlights the benefits of inherent architectural loose coupling that service-orientation advocates and, in many cases, demands. The separation of contract from service implementation, the separation of resources within the service architecture, and the separation of service consumer programs from the service implementation itself, all help us phase in additional layers of semantic substance and intelligence without necessarily requiring an upheaval of established solutions.

I am looking forward to discussing this shift in more detail at this year's Symposium in London where we expect semantic Web topics to be referenced in relation to SOA, cloud computing, and other areas of service technology, more so than in previous events. Time to pull that trigger…

Thomas Erl, Series Editor and Site Editor

A full PDF of the entire April 2012 issue is now available. Downloaded issues contain high-resolution versions of all articles and author biographies.

• SOA Architect Certification
  April 30 - May 4, 2012 • Las Vegas, NV, USA
• SOA Architect Certification
  April 30 - May 4, 2012 • Bangalore, India
• Cloud Technology Professional Certification
  May 7-9, 2012 • Las Vegas, NV, USA
• SOA Analyst Certification
  May 7, 9-10, 15-16, 2012 • Quito, Ecuador
• SOA Architect Certification
  May 7-11, 2012 • Frankfurt, Germany
• SOA Architect Certification
  May 7-11, 2012 • Toronto, ON, Canada
• Cloud Technology Professional Certification
  May 8-10, 2012 • Dubai, UAE
• Cloud Technology Professional Certification
  May 12-14, 2012 • Kuala Lumpur, Malaysia
• SOA Architect Certification
  May 14-18, 2012 • Sydney, Australia
• Cloud Technology Professional Certification
  May 15-17, 2012 • Safat, Kuwait
• Cloud Technology Professional Certification
  May 21-23, 2012 • Naardens, Netherlands
• SOA Architect Certification
  May 21-25, 2012 • Arlington, VA, USA
• Cloud Technology Professional Certification
  May 29-31, 2012 • London, UK
• Cloud Technology Professional Certification
  June 4-6, 2012 • Tokyo, Japan

	Arcitura IT Certified Professionals (AITCP) Facebook Page
	International SOA, Cloud + Service Technology Symposium Series Facebook Page and Conference Photo Albums
	Official Facebook Page for Prentice Hall Service-Oriented Computing Series from Thomas Erl

	Arcitura Education Official Twitter Account (fastest way to receive AITCP updates)
	International SOA, Cloud + Service Technology Symposium Series
	Prentice Hall Service-Oriented Computing Series from Thomas Erl

	Arcitura IT Certified Professionals (AITCP) LinkedIn Group
	International SOA, Cloud + Service Technology Symposium Series LinkedIn Group
	Prentice Hall Service-Oriented Computing Series from Thomas Erl LinkedIn Group