Scaling Without the Scramble

Understanding the four dimensions of scalability will help you successfully take XML and Web services-based SOAs enterprise-wide

Your Web services pilot project works. In fact, it works so well that departments are clamoring to have one just like it. Now your project must scale—and fast—to deliver the benefits promised. Before you leap, take a good look at four critical measures of scalability that will determine how well your pilot gets off the ground enterprise-wide. Ensuring large-scale, secure scalability will depend on how well your transaction, operations, development, scale and organizational processes can scale to accommodate the fledgling service.

How do you know? Here are guidelines to help you identify potential obstacles and avoid the success scramble.

The Good News—It Works

With every new technology, architects create frameworks and prototypes to determine how to maximize the technology’s value for their enterprises. When Peter Hastings (not his real name) was asked by his company’s outsourced benefits administration business unit (OBA) to provide a prototype gateway for enabling XML-based system-to-system integration between OBA and a new client, he designed and created a proxy that successfully delivered a secure, reliable prototype.

It succeeded, and the OBA unit began generating revenue months earlier than it would have with a custom integration project. Furthermore, its costs were dramatically lower. It succeeded so well, in fact, that OBA realized that XML-based integration gave the company a significant competitive advantage. The OBA unit decided to make it the basis of every new customer connection. Uh oh.

The Bad News—It Works Well

Suddenly, Hastings’ prototype gateway was supporting production systems. Every new connection – while still significantly faster and easier than custom integration – still required modification to interoperate with clients’ systems, accommodate security variability, and ensure 24x7 service availability. Beepers proliferated. Other business units demanded the solution. The success scramble accelerated.

What is Successful Scalability?

Scalability is single most important factor in transforming a successful IT pilot into a widely used operational system that provides competitive advantage for the enterprise. Successful XML pilots are proliferating. According to Nemertes Research LLC, “over 80 percent of benchmark participants … report meeting their return-on-investment objectives faster than anticipated”.

Used in application development, XML exposes application logic to the same threats faced by an enterprise network. Therefore, XML Web services (defined as standards-based application-to-application programming interfaces) must have a reliable mechanism for all the operational functions that normally insulate traditional applications – security, load balancing, failover, platform interoperability, debugging, audit support, and others. Since every XML service requires these functions, it’s logical to deploy an infrastructure that provides them rather than programming them into each application. However, in crossing over from applications to infrastructure, a unique set of scalability requirements is created. Only when the infrastructure fully addresses those requirements can the enterprise optimize XML.

Hastings knew that the prototype gateway infrastructure would have to scale to meet growing demand across the company. He also knew that an ad hoc approach to deploying it would result in continuous scrambles to manage unanticipated scalability demands. This is the same challenge faced by the 75 percent of the Fortune 500 already using XML Web services. Hastings looked to his underlying service infrastructure and evaluated its ability to scale in four ways—transactional, developmental, operational, and organizational.

For those taking XML Web services pilots to the production stage, these guidelines can help you assure an underlying supporting infrastructure that delivers the comprehensive scalability and security required for fully adopting SOA, XML, and Web services.

  • Transactional scalability: a measure of the infrastructure’s ability to provide dedicated processing for computationally expensive XML. An infrastructure has high transactional scalability when it can handle increased volume without proportionally increasing latency or requiring additional servers. Ideally, security and operational functions are described in specific policies that can be executed at optimized enforcement points. Place these points geographically or logically close to specific applications for minimized latency and targeted policy processing. You should be able to easily add policy enforcement points to support increasing demand, and accommodate distributed processing, load balancing and failover.

  • Development Scalability: allows the organization to enable application developers and programmers to focus on what they do best, rather than having to become experts in other areas, such as security, application performance, policy development, and operational infrastructure functionality. Move these services requirements to the infrastructure. A scalable development infrastructure frees business logic developers from having to incorporate these (and other) considerations and focus solely on delivering discrete, reusable application logic.

  • Operational Scalability: how quickly and easily can the organization move a fledgling XML Web service from application development through testing, quality assurance (QA), staging, and production phases. All required policies, related services, schemas, certificates, and other resources must remain intact. Distributed systems built with XML services use external resources and infrastructure. As developers create and modify XML services, these resources must be deployed as the service moves out of the development lab and towards production. The enterprise should expect that the underlying service infrastructure frames and supports an automated, intuitive process for migrating everything through each phase.

  • Organizational Scalability: successful XML infrastructure enables access to its services by any project. For example, for a Fortune 100 company, an XML Web service was used to deploy an application that allowed test-takers to reserve their seat in advance of the testing date. The business application developer knows that the application must access and provide real-time information, such as the number of seats still available. The security professional does not necessarily know about the specific business requirements, but does know that for global deployment, the application must be secured over multiple platforms, be protected against threats from multiple sources, and comply with specific regulatory requirements. The operational team’s main concern is that they enable the application to be continuously, quickly available to anyone who needs it.

The infrastructure should automatically enable each team to achieve its goals while ensuring central approval, predictability, and enforcement. It should also provide business units with the necessary tools for securely adopting the framework, provisioning appropriate policies their employees and partners, and coordinate workflow to enable proper, but rapid authorizations and approvals.

No Scramble—Just Success

Hastings identified and deployed a secure XML infrastructure that supports his institution’s expanding use of XML. Multiple project teams from many different business units use the infrastructure, yet it is managed by a central telecom/networking management team and monitored by the security team. The infrastructure was deployed in less than a month and can be staged to match XML service load demands.

In the past, Hastings required three to four months of custom programming, testing, and staging for new connections and services. Now, new secure services and connections are provisioned in under a week. Thanks to the measurable success of this new infrastructure, the organization is rapidly adopting it across projects and business initiatives.

All Scale, No Scramble

It is never too soon to plan for success. A scalable, secure XML infrastructure will enable any enterprise to realize immediate advantages: reduced application integration costs, easy information exchange, and fast time to revenue. Before you plan to scale your Web service, first take a look at the infrastructure supporting it, and avoid the success scramble.

About the Author

Andrew Nash is CTO of Reactivity and a known leader in PKI and Web-services security markets. He is co-author of numerous Web services specifications including Web Services Security, WS-Trust, WS-Federation, WS-Secure Conversation and WS-Security Policy. Andrew is an author of an RSA Press book on Public Key Infrastructure, a member of the OASIS Web Services Security TC and was chairman of the PKI Forum Technical Working Group.