Click here to close now.

Welcome!

Security Authors: Liz McMillan, Pat Romanski, Lori MacVittie, Elizabeth White, Ed Featherston

Related Topics: Microservices Journal, Java, XML, Virtualization, Web 2.0, Cloud Expo, Security

Microservices Journal: Article

Cloud-Friendly BPM: The Power of Hypermedia-Oriented Architecture

We must bring together the worlds of SOA, BPM, Cloud, REST, and HOA.

When ZapThink last wrote about Business Process Management (BPM) in the Cloud in March 2012, we challenged both vendors and BPM customers to rethink their approach to BPM software, eschewing a heavyweight middleware approach for the lightweight, hypermedia-oriented approach that Representational State Transfer (REST) encourages. And while we did generate some short-lived buzz, most of the response - or lack thereof - was little more than a resounding silence.

True, work on Cloud-friendly, REST-based BPM continues in certain dusty corners of academia, most notably in the research of Cesare Pautasso, a professor at the University of Lugano in Switzerland. But in spite of his notable contributions to Thomas Erl's SOA with REST book, the enterprise software and Cloud marketplaces have largely either ignored or misunderstood his research as well as ZapThink's on this topic.

While it's amusing to theorize a vast vendor conspiracy, positing middleware dinosaurs actively working to distract their customer base from lighter weight, Cloud-friendly approaches, the reality is likely to be far more mundane. People just don't get it. Or to be precise, our audience doesn't get how all the pieces-BPM, REST, Cloud, and even a bit of SOA-fit together. To help resolve this confusion, let's resort to an age-old technique: let's draw some pictures.

Framing the Cloud-Friendly BPM Problem
Let's start this discussion with an illustration of an admittedly simplistic business process involving one person and some back-end system, as shown in Figure 1 below.

Figure 1: Simple Two-Tier Process

Note that in the figure above, the user might tackle a few tasks, and then the server takes over, executing a few tasks on its own. While the server is busy doing its thing, the user might query the server as to the current status of the process.

So far so good, but we don’t want our server to serve only one user at a time. After all, the whole point of the client/server pattern is that it is many to one. As a result, we need to introduce the notion of a process instance. For the sake of simplicity let’s assume that we don’t have more than one person participating in a particular instance at the same time. But we might have multiple people each running their own instance of a process, for example, completing a purchase on a Web site, as shown in Figure 2 below.

Figure 2: Two Tier Process with Instance

In the figure above, the BPM engine running on the server spawns a process instance to deal with the interactions with the user. If multiple users initiate the same process, the server can instantiate as many process instances as necessary, and the engine keeps track of where every user is in their instance—in other words, the instance state.

How to keep track of all this state information in a scalable, robust manner is at the core of numerous distributed computing challenges. Today’s BPM engines generally run on Enterprise Service Buses (ESBs), which maintain state by spawning threads—short-lived, specialized object instances that run in the execution environment of the ESB. But while threads are short-lived, process instances might take days or weeks to complete, and furthermore, threads are specific to the execution environment, making cross-ESB processes difficult to implement. For these reasons, we call state management the Achilles Heel of traditional, heavyweight (Web Services-based) SOA.

If such ESB-centric issues weren’t bad enough, the Cloud introduces a new wrinkle. Because we want to run our server in the Cloud, we don’t want to use it to maintain any state information, because we expect virtual machine (VM) instances to fail. In the Cloud, we provide automated recovery from failure rather than avoiding failure. However, if we store all the state information in the underlying persistence tier (not shown), then we limit our scalability, since every time anyone clicks a link, we must update a database somewhere.

What we need is a better way of dealing with state information that both allows our BPM engines to be Cloud friendly, and also frees us from the limitations of our ESBs. Or perhaps we must reinvent our ESBs to work in the Cloud. However you slice the problem, Hypermedia-Oriented Architecture (HOA) has the answer.

HOA to the Rescue
As ZapThink has discussed before, many people misconstrue REST as an API style that features a uniform interface, where in reality it’s a style of software architecture for building hypermedia systems. Why is the latter definition a better one? Because Roy Fielding, its creator, says so. That being said, work continues on the architectural context of REST, perhaps extending Fielding’s original thinking, as well as beyond the API style that most techies think of when they think about REST. We call this extension of the REST architectural style Hypermedia-Oriented Architecture, or HOA.

The central principle of HOA is the HATEOAS REST constraint: hypermedia is the engine of application state. In essence, HOA separates two different types of state information: application state and resource state. Application state corresponds to the user’s place in the runtime workflow consisting of hyperlinked representations, while resource state remains on the server, keeping track of persisted state information and state information that multiple users share.

On the one hand, HATEOAS requires hypermedia to manage all state information specific to individual clients, and on the other hand, delegates all other state information to the server. REST also specifies a set of verbs for querying an changing state information: GET for querying resource state without changing it, and three verbs that change the resource state: POST for initializing a resource, PUT for updating a resource, and DELETE for deleting a resource (assuming we’re using HTTP as our transport protocol).

Note, therefore, that all verbs other than GET change the resource state, while all verbs, including GET, change the application state. Furthermore, all state information appears in the messages between client and server: the requests from client to resource, and the representations from resource to client. By extension, HATEOAS requires us to only use POST, PUT, or DELETE when—and only when—we must update resource state.

With this principle in mind, we have a real problem with the process in Figure 2. Note that the server is maintaining application state, which HOA forbids. But we can’t solve this problem simply by picking up the process instance from the server and sticking it in the client and expecting it to work properly, because sometimes we really do want to update the resource state. We somehow need to separate the process instance into two (or more) pieces so that hypermedia on the client can be the engine of application state while the BPM engine remains the engine of resource state.

Figure 3 below illustrates this principle. The client sends a POST to the server, which initializes a resource. In this case, that new resource sends a hypermedia representation to a stateless intermediary which caches the representation. This hypermedia representation is essentially an abstraction of a dynamic set of hyperlinked representations, for example, one or more php scripts that can generate a set of hyperlinked Web pages. Once the intermediary has the hypermedia representation, it returns the initial representation (for instance, a Web page) to the client.

Figure 3: HOA-Based Process with Stateless Intermediary

From that point on, as long as the client is navigating the application via hypermedia, changing only the application state as the user moves from one step in the process to the next, there is no need to change the resource state—and thus, no further POSTs, PUTs, or DELETEs are allowed. The client may perform a GET, because GETs change only the application state. The intermediary may be able to handle the GET on its own (if the necessary information is resident in the cache) or can turn around and perform a GET on an underlying resource, if necessary.

Furthermore, the application state may change without any interactions with the intermediary or the server by leveraging programmatic capabilities on the client. If the client is an arbitrary piece of software then this capability is trivial. But even if the client is a browser, it’s possible to change the state of an application without fetching anything from the server. In fact, there are many was to accomplish this feat.

Sometimes, of course, a hypermedia application, which we might also call a HOA process, must update resource state, for example, when it’s time to process the user’s credit card or change the number of widgets in inventory. Then—and only then—do we perform a PUT.

The most important characteristic of the process in Figure 3 is the fact that the intermediary is entirely stateless. If for some reason the VM that is hosting the hypermedia representation that is serving the client crashes, the Cloud environment must simply spawn a replacement and reload the same hypermedia representation as before. The client won’t lose its place because the hypermedia on the client are maintaining the application state. Similarly, we can horizontally scale the middle tier however and whenever we like. Instead of one VM hosting a particular hypermedia representation, we could have two or a hundred, and it doesn’t matter which one responds to a particular GET from the client.

Combining HOA Processes and Traditional BPM
The problem with the example in Figure 3, of course, is that every client’s process is separate from every other client’s process. However, most business processes in today’s organizations involve multiple parties—either multiple people or multiple enterprise applications or some combination.

On first glance, HOA doesn’t address such complex processes, since HATEOAS only deals with application state, not resource state. Fortunately, HOA works perfectly fine in this broader context as well, because it calls for a separation of application and resource state while providing for multiple ways to update resource state. After all, POST, PUT, and DELETE all update resource state, and any user can execute these verbs for a particular resource. Figure 4 below illustrates this more complex process.

Figure 4: HOA Process with Composite RESTful Service

In the figure above, a POST from a client instructs the BPM engine to instantiate a process instance on the server as in Figure 2. The first step in this process creates a hypermedia representation for the client to interact with as in Figure 3. Meanwhile, the resource state may change via any event, including a server-generated event or the action of a different user. If a user executes a PUT on the client to the hypermedia representation on the intermediary, then that representation turns around and PUTs to the appropriate underlying resource. Or perhaps the client PUTs to an underlying resource directly. Either way, the PUT goes to a hyperlink the client obtained from a previous representation at an earlier step in the process.

We might call the process running on the server a Composite RESTful Service, because the intermediary may abstract the entire server-based process via one or more RESTful URIs. A simple example of a Composite RESTful Service is a chat window application. Multiple users share the same chat session, so clearly the chat session state is part of the resource state.

There are a few essential points to keep in mind about the illustration in Figure 4. First, the intermediary remains stateless and therefore Cloud-friendly. We must maintain resource state in the persistence tier, but since we’ve offloaded the maintenance of application state to the client, we won’t be overburdening our database. We may also interact with our Composite RESTful Service via RESTful interactions, an essential benefit that Prof. Pautasso emphasizes in his research. And finally, not only is the middle tier horizontally scalable and elastic, so is the client tier—because every user brings their own client to the process.

The ZapThink Take
With the addition of an appropriate approach to building a RESTful Service abstraction, Figure 4 also serves as an illustration of how to implement RESTful SOA, what ZapThink refers to as “next generation” SOA in our Licensed ZapThink Architect (LZA) course as well as in my new book, The Agile Architecture Revolution. We therefore have a single, simple diagram bring together the worlds of SOA, BPM, Cloud, REST, and HOA.

The secret to getting all these architectural trends to work well together centers on how we deal with state information. We must first separate application state from resource state, and then subsequently take the conceptual leap to understanding that the best way to implement our business processes is by combining HOA processes with Composite RESTful Services. Once we make this leap, however, the pieces of this complicated puzzle finally fall into place.

Image credit: Bruce Guenter

More Stories By Jason Bloomberg

Jason Bloomberg is the leading expert on architecting agility for the enterprise. As president of Intellyx, Mr. Bloomberg brings his years of thought leadership in the areas of Cloud Computing, Enterprise Architecture, and Service-Oriented Architecture to a global clientele of business executives, architects, software vendors, and Cloud service providers looking to achieve technology-enabled business agility across their organizations and for their customers. His latest book, The Agile Architecture Revolution (John Wiley & Sons, 2013), sets the stage for Mr. Bloomberg’s groundbreaking Agile Architecture vision.

Mr. Bloomberg is perhaps best known for his twelve years at ZapThink, where he created and delivered the Licensed ZapThink Architect (LZA) SOA course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovel Technologies in 2011. He now runs the successor to the LZA program, the Bloomberg Agile Architecture Course, around the world.

Mr. Bloomberg is a frequent conference speaker and prolific writer. He has published over 500 articles, spoken at over 300 conferences, Webinars, and other events, and has been quoted in the press over 1,400 times as the leading expert on agile approaches to architecture in the enterprise.

Mr. Bloomberg’s previous book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation. He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting).

@ThingsExpo Stories
SYS-CON Events announced today that AIC, a leading provider of OEM/ODM server and storage solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. AIC is a leading provider of both standard OTS, off-the-shelf, and OEM/ODM server and storage solutions. With expert in-house design capabilities, validation, manufacturing and production, AIC's broad selection of products are highly flexible and are configurable to any form factor or custom configuration. AIC leads the industry with nearly 20 years of ...
SYS-CON Events announced today that Vicom Computer Services, Inc., a provider of technology and service solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. They are located at booth #427. Vicom Computer Services, Inc. is a progressive leader in the technology industry for over 30 years. Headquartered in the NY Metropolitan area. Vicom provides products and services based on today’s requirements around Unified Networks, Cloud Computing strategies, Virtualization around Software defined Data Ce...
How is unified communications transforming the way businesses operate? In his session at WebRTC Summit, Arvind Rangarajan, Director of Product Marketing at BroadSoft, will discuss how to extend unified communications experience outside the enterprise through WebRTC. He will also review use cases across different industry verticals. Arvind Rangarajan is Director, Product Marketing at BroadSoft. He has over 19 years of experience in the telecommunications industry in various roles such as Software Development, Product Management and Product Marketing, applied across Wireless, Unified Communic...
As we approach the next @ThingsExpo, to be held June 9-11 at the Javits Center in New York, my thoughts naturally turn to the Internet of Things. The IoT is a leviathan—in the best possible sense of the term—that will sweep up most everything in the ocean of data and technology being created today and tomorrow. But rather than try to grasp all of its possible uses, for today I'm looking at “just” the Industrial Internet part. I just read a long paper co-authored by Tim Berners-Lee about the possibility of describing a “web science,” that is, discipline that combines the study involved ...
The best mobile applications are augmented by dedicated servers, the Internet and Cloud services. Mobile developers should focus on one thing: writing the next socially disruptive viral app. Thanks to the cloud, they can focus on the overall solution, not the underlying plumbing. From iOS to Android and Windows, developers can leverage cloud services to create a common cross-platform backend to persist user settings, app data, broadcast notifications, run jobs, etc. This session provides a high level technical overview of many cloud services available to mobile app developers, includi...
Enterprise IoT is an exciting and chaotic space with a lot of potential to transform how the enterprise resources are managed. In his session at @ThingsExpo, Hari Srinivasan, Sr Product Manager at Cisco, will describe the challenges in enabling mass adoption of IoT, and share perspectives and insights on architectures/standards/protocols that are necessary to build a healthy ecosystem and lay the foundation to for a wide variety of exciting IoT use cases in the years to come.
SYS-CON Events announced today that B2Cloud, a provider of enterprise resource planning software, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. B2cloud develops the software you need. They have the ideal tools to help you work with your clients. B2Cloud’s main solutions include AGIS – ERP, CLOHC, AGIS – Invoice, and IZUM
The IoT Bootcamp is coming to Cloud Expo | @ThingsExpo on June 9-10 at the Javits Center in New York. Instructor. Registration is now available at http://iotbootcamp.sys-con.com/ Instructor Janakiram MSV previously taught the famously successful Multi-Cloud Bootcamp at Cloud Expo | @ThingsExpo in November in Santa Clara. Now he is expanding the focus to Janakiram is the founder and CTO of Get Cloud Ready Consulting, a niche Cloud Migration and Cloud Operations firm that recently got acquired by Aditi Technologies. He is a Microsoft Regional Director for Hyderabad, India, and one of the f...
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immediate and actionable interpretation of events as they happen. Another aspect concerns how to deliver ...
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and easy to use. MangoApps has been named a "Market Leader" by Ovum Research and a "Cool Vendor" by Gartner...
SYS-CON Media announced today that @ThingsExpo Blog launched with 7,788 original stories. @ThingsExpo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @ThingsExpo Blog can be bookmarked. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on Twitter at @MicroservicesE
SYS-CON Events announced today that robomq.io will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. robomq.io is an interoperable and composable platform that connects any device to any application. It helps systems integrators and the solution providers build new and innovative products and service for industries requiring monitoring or intelligence from devices and sensors.
Wearable technology was dominant at this year’s International Consumer Electronics Show (CES) , and MWC was no exception to this trend. New versions of favorites, such as the Samsung Gear (three new products were released: the Gear 2, the Gear 2 Neo and the Gear Fit), shared the limelight with new wearables like Pebble Time Steel (the new premium version of the company’s previously released smartwatch) and the LG Watch Urbane. The most dramatic difference at MWC was an emphasis on presenting wearables as fashion accessories and moving away from the original clunky technology associated with t...
SYS-CON Events announced today that Litmus Automation will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Litmus Automation’s vision is to provide a solution for companies that are in a rush to embrace the disruptive Internet of Things technology and leverage it for real business challenges. Litmus Automation simplifies the complexity of connected devices applications with Loop, a secure and scalable cloud platform.
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, will provide some practical insights on what, how and why when implementing "software-defined" in the datacenter.
So I guess we’ve officially entered a new era of lean and mean. I say this with the announcement of Ubuntu Snappy Core, “designed for lightweight cloud container hosts running Docker and for smart devices,” according to Canonical. “Snappy Ubuntu Core is the smallest Ubuntu available, designed for security and efficiency in devices or on the cloud.” This first version of Snappy Ubuntu Core features secure app containment and Docker 1.6 (1.5 in main release), is available on public clouds, and for ARM and x86 devices on several IoT boards. It’s a Trend! This announcement comes just as...
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons. In the IoT vision, every new "thing" - sensor, actuator, data source, data con...
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this case) takes into account the number and quality of contextual references that a user receives.