Virtualization Expo on Ulitzer

Service virtualization is the ability to create a virtual service from one or more predefined service files.  Service files are usually generated as a Web Service Description Language (WSDL, pronounced Wizdel, see tutorial for introduction to WSDL) file by service containers running business application developed in Java, .NET, PHP type programming languages. 

Service virtualization combines and slices business services deployed independent of the operating systems, programming language or hosting location. The services may be off-premise cloud services (SaaS, PaaS, IaaS)  or on-premise services deployed in a corporate data center. An intermediary cloud gateway sits between the producer and the consumer and aggregates the WSDLs. Based on policies enforced on the cloud gateway, only authorized operations are exposed to the consumers. A sample topology is as follows:

In the virtualization diagram above, services A, B and C are deployed on-premise in the corporate data center whereas service D, E, and F are deployed off-premise at a cloud hosting provider such as Amazon EC2 or Rackspace.  The services produced are imported into a Cloud Gateway such as Forum Sentry, aggregated and then published to the consumers based on the credentials provided by the consumers at design-time. 

A new WSDL is generated by the Cloud Gateway that provides only those services that a consumer is entitled to see.  For example, in the diagram above, the internal consumer is provided a WSDL that only contains information related to services A-E, whereas the external consumer is provided a WSDL that contains only services B and F.  The consumers are not aware of whether the services are hosted on-premise in the Data Center or off-premise in the Cloud.

VIRTUES OF SERVICE VIRTUALIZATION

Security: The virtual WSDLs expose or hide operations extracted from imported source WSDLs selectively based on consumer authorization levels. The WSDL endpoints are cloaked with only intermediary's endpoints exposed.  Security is centeralized on the cloud gateway and decoupled from the business applications.  As services morph, the security policies can be controlled centrally.  Any security exposure can be rapidly remediated at the gateway without requiring immediate attention for "patching" a large number of services deployed across data centers and cloud providers.  Endpoint URL obfuscation that removes indications of  technology being deployed such as .jsp, .asmx, .php extensions provides a level of comfort to consumers by indicating a well integrated and standardized set of services.  Endpoint obfuscation also decreases techology-stack (Java, .NET, LAMP) specific attack vectors thereby reducing the attack surface area increased by exposing services.

Consistency: Virtualization provides the ability to select operations from multiple WSDLs and expose them to clients as a coherent single WSDL.  The alternate path to this technique is to provide multiple WSDLs generated by each container.  Typical containers take a class file or set of methods and generate a set of service definitions as a WSDL file.  Virtualization enables importing and aggregating such services generated from a variety of service container such as IBM WebSphere, WebLogic Server, Apache Axis, and .NET, selectively picking services that a consumer is authorized to see, and then generating a sub-set WSDL that only contains artifacts (XSD Schema, Message Definitions, Operation Names, Binding)  that a consumer is allowed to see.

Productivity:The main benefit of virtualization is the ability to mix and match operations without having to mannually copy and paste parts of the desired WSDLs into new WSDL files. It allows a corporations to generate a composite library of all supported operations and only expose the ones required for a particular consumer.  Service virtualization also provides a central location for service version management and service cataloguing.

Reliability: A service may be deployed redundantly on-premise and off-premise for capacity planning and management.  If an on-premise service is inundated with traffic, a cloud gateway can redirect traffic to off-premise cloud services.  In a catastrophic situation where either the data center or a cloud provider suffers an outage, a cloud gateway can provide fail-over capabilities.  A cloud gateway can also be used for failover across multi-cloud deployments.  As corporations migrate services to cloud providers, multi-cloud deployments that enable fault tolerance across clouds will become more prevalent.

Some of the challenges of Service Virtualization addressed by sophisticated Cloud Gateways, such as Forum Sentry include:

• Protecting service endpoints through endpoint obfuscation.
• Resolving different schemas that share the same namespace.
• Reconciling incompatible constraints for elements that appear in multiple schemas.
• Exposing the list of WSDLs that developers should be working on based on developer credentials. Although external trading partners typically require a single WSDL, internal developers work with multiple WSDLs. A list of WSDL needs to be retrieved from the cloud gateway to better manage developers working across multiple WSDLs.
• Fault tolerance in multi-cloud deployments.

Service Virtualization is a crucial part of Federated SOA and cloud-based deployments. The vices of free-for-all operations can quickly result in chaos.  Highly distributed enviroments that require automated interaction with suppliers and customers as well as external service providers (SaaS, PaaS, IaaS) can only be controlled through cloud gateways that provide strong service virtualization.

• Con Edison Partners with Detectent to Target Theft of Service by Identifying and Analyzing Consumer Usage Patterns
• The Benefits of Virtualization in a Cloud
• Hosting.com Launches ColdFusion 9 in the Cloud