Exposing a service through Sentinets Virtual Service concept


This time we will follow up on the Service Virtualization concept I mentioned in my previous post.
  • Service redesign
  • Apply security
  • Monitoring
Service redesign Why? A webservice might not have been developed by your team, a changes in the web service should not break your existing implementation, it might not meet certain standards, resulting for example as shown in the figure below, in a ‘large’ wsdl which contains a lot of methods, of which you only need one. Consider the port in BizTalk generated based on a web service, it is generated with every method defined in the webservice, if one of the methods changes, it will lead to a broken solution, although we only needed to implement a single method.

  clip_image002
  http://abdulrafaysbiztalk.wordpress.com/

We can change this by defining a Virtual Service layer around the webservice, for this, we will use the public Geoipservice which (unfortunately) only exposes 2 methods (but I think the example provides a good example);

clip_image004







1) GetGeoIPContext
2) GetGeoIP


Time to fire up Sentinet;

image
Sentinet is a web-based product where you can build of a repository of artefacts such as Access rules, Services, Policies, etc)
We will import the wsdl of the GeoIPService by added a new SOAP service, after which we will get a dialog where we should paste the wsdl;
image
It will download the metadata;
image
And display the metadata extracted from the wsdl, and allows us to define if we will directly use the service by ticking ‘Add service in active state’ (if not, we can prevent this service to be accessible from Sentinet after the import);
image
After the import, when can view the details of our service;
image
image
And start with….Virtualisation, we click on the Node (physical endpoint where we host the service) and define the type of service we would like to create;
image
Note: We can select SOAP (WCF bindings) and as well REST, so already…we can do transport mediation, our service can be exposed with a different binding with which it was exposed originally.
We define metadata about the service;
image
And that’s it….altough the service won’t do anything yet….
image
The next step is to design the service, and this is where the magic will happen;
image
The designer allows us to REDEFINE the WSDL, we can define one or multiple endpoints, and even add methods from one or multiple webservices…we can combine service, change service expose, and as we will see later on, control the security.
We will modify the service, so we need to click on ‘Modify’;
image
We can drop the GeoIPService (imported WSDL) on the designer of the Virtual Service, this by dragging it from the repository to the designer;
image
This will update the designer;
image
By selecting the methods we want to expose;
image
We can control how the virtual service will be exposed! Additionally, we can define where to host the service, by selecting a Node;
image
This allows us to modify how we expose the Virtual Webservice;
image
We will select a policy, which is a WCF-Binding, applied to the endpoint;
image
Note: We can define ‘common’ bindings and place them in a shared repository, allowing company policies.
In this case we will select the basicHttp binding;
image
So at this point, we have redesigned the service, changed the endpoint, how about setting up securiity?
Sentinet provides access rules, which can be design in a graphical designer, as well as defined in an Xml editor. You can actually copy-paste the Xml and the designer will update. There are a lot of predefined keywords available, for instance the Transaction Count.
Let’s assume that the webservice should not be called more than 5x a minute, we can define a Dos Attack Protection rule, this will block requests exceeding this rule! We can define our customer behavior as there is a .Net extension point, but it already possible to apply rules based on security (is a certificate provided, is a SAML token available with certain metadata, is a specific value in the message defined etc;
image
We can drag the rule to the Web service, and even to specific methods (however, there’s only 1 left after our redesign Knipogende emoticon);
image
We can define multiple rules, and define which rule has precedence;
image
Our service definition is now complete, however our service is not exposed, we can do this by promoting our service;
image
We will promote our service, which places it in the active state;
image

So that’s it, we have created our virtual service, in the next post we will use it and monitor it by using the additional monitoring capabilities of Sentinet.

Kind regards,
Sander
Tags van Technorati: ,








Comments

Post a Comment

Popular posts from this blog

Azure implementation guidelines

In My post ‘ Service Bus Management ’ I pointed out a way of implementing a DTAP strategy for managing the Service Bus environment. There’s now a great post available from Microsoft which goes into more detail about other aspects of managing the Azure subscriptions and other artefacts which is quite useful when setting up your Azure environments. Follow this link to the ‘Azure Implementation Guidelines’ HTH, Sander
Read more

Focus and innovation - recap of the last 2 years

It's been a long time since my last post. Hereby a partial explanation for that, with the note that this blog will remain active for the purpose of being a resource for historical references. My IT career started with programming, and adventures within holland, as well as overseas. When I realised programming is something you can specify, I figured that providing added value is crucial for a long term career and decided to focus on process centric roles. I started with webservice integration and eventually from that to process integration using BizTalk. The great feeling when discussing high level processes and implementing solutions within days, even highly scalable and interfacing with LOB systems is great. After several years of implementing solutions like these, I started questioning if all of this work was justified by the business case, if the solution was actually contributing, if the choices had been valid. In other words, I needed to understand the choices made. When...
Read more

Centralized SSO Application Configuration Data Store

Image
Reading application configuration data from a Single Sign-On database is a well-known concept within the BizTalk community. There are other means of retrieving application configuration data for BizTalk, yet retrieving them from SSO is the most powerful one. Microsoft has built an SSO Application Configuration Snap-In that provides a good user experience maintaining custom configuration data. With the Snap-In you will also get code for a .NET Helper Class to support retrieval of application configuration data in BizTalk. This approach has some major benefits. Your application configuration data is cached, has a built in refresh mechanism (ESSO Service) and is secure. What if you have a requirement that to remotely (from a non-BizTalk machine) retrieve application configuration data, because you like to benefit from SSO Config Store? Consider the following diagram In this scenario a mapping is implemented using a Functoid based on a shared helper class that reads the co...
Read more