If more than a handful of services are up and running, and if any are mission-critical, you need to manage them the way you would any network resource. Several vendors offer dashboardlike solutions that monitor the health of services, maintain service levels, scale performance, set up fail-overs, handle exceptions, and so on. This is made possible by the wonder of XML messaging, which allows intermediaries -- services in themselves, sometimes packaged in appliances -- to tap into message streams.
Intermediaries establish a new slice of functionality between the network layer and the application layer. Among other benefits, intermediaries virtualize services, creating proxies that hide the details of a service’s implementation from clients and thereby add security. They may also throw in XML firewall or acceleration features, as well as the ability to modify large groups of services from a single control panel -- to respond to changes in regulatory statutes, for example, or to meet new security requirements.
Services management is slowly moving toward standardization with OASIS’s approval of WSDM (Web Services Distributed Management) last March. A second specification, WS-Management, which overlaps a bit with WSDM but focuses on managing network hardware rather than on application-level messaging, was submitted to the Distributed Management Task Force by Intel, Microsoft, and Sun Microsystems last June. But today, for all practical purposes, you need to use the same Web services management solution across your SOA deployment if you really want centralized control. As Bob Laird of MCI puts it, “It’s a big mess right now, and we just have to muddle through.”
Interestingly, the pure-plays -- including Actional, AmberPoint, Blue Titan, and SOA Software -- lead the way in Web services management. But the big network management players are catching up: BMC, Computer Associates, Hewlett-Packard, IBM, and Novell are all sponsors of WSDM and are in various stages of incorporating Web services management into their offerings. In addition, Cisco’s AON (Application-Oriented Networking) initiative should soon result in networking equipment with service management capabilities.
“We use AmberPoint,” says Scott Thompson of H&R Block, although he admits he has rolled out that vendor’s solution in a limited fashion. “We’re taking baby steps,” he says, “starting out with basic service-level management monitoring. Then we played with exception monitoring, but we really want to mature the model into managing encryption, decryption, authentication, and authorization types of functions.”
Ben Moreland of The Hartford cites “the ability to be notified when there’s an SLA failure or there is a failure in the service [and] the ability to enforce policies” as reasons his organization deployed a Web service management tool.
Some see centralized policy management as the most important promise of all. It’s relatively easy to check the health of Web services running locally, but to reconfigure thousands of Web services across an organization, you need a standard that works across platforms. The WS-Policy standard is designed to address this, but implementation in products remains at an early phase.