Click here to close now.

Welcome!

Security Authors: Skytap Blog, Pat Romanski, Elizabeth White, Srinivasan Sundara Rajan, John Wetherill

Related Topics: SOA & WOA, Java, XML, Virtualization, Web 2.0, Cloud Expo, Security

SOA & WOA: Article

Cloud-Friendly BPM: The Power of Hypermedia-Oriented Architecture

We must bring together the worlds of SOA, BPM, Cloud, REST, and HOA.

When ZapThink last wrote about Business Process Management (BPM) in the Cloud in March 2012, we challenged both vendors and BPM customers to rethink their approach to BPM software, eschewing a heavyweight middleware approach for the lightweight, hypermedia-oriented approach that Representational State Transfer (REST) encourages. And while we did generate some short-lived buzz, most of the response - or lack thereof - was little more than a resounding silence.

True, work on Cloud-friendly, REST-based BPM continues in certain dusty corners of academia, most notably in the research of Cesare Pautasso, a professor at the University of Lugano in Switzerland. But in spite of his notable contributions to Thomas Erl's SOA with REST book, the enterprise software and Cloud marketplaces have largely either ignored or misunderstood his research as well as ZapThink's on this topic.

While it's amusing to theorize a vast vendor conspiracy, positing middleware dinosaurs actively working to distract their customer base from lighter weight, Cloud-friendly approaches, the reality is likely to be far more mundane. People just don't get it. Or to be precise, our audience doesn't get how all the pieces-BPM, REST, Cloud, and even a bit of SOA-fit together. To help resolve this confusion, let's resort to an age-old technique: let's draw some pictures.

Framing the Cloud-Friendly BPM Problem
Let's start this discussion with an illustration of an admittedly simplistic business process involving one person and some back-end system, as shown in Figure 1 below.

Figure 1: Simple Two-Tier Process

Note that in the figure above, the user might tackle a few tasks, and then the server takes over, executing a few tasks on its own. While the server is busy doing its thing, the user might query the server as to the current status of the process.

So far so good, but we don’t want our server to serve only one user at a time. After all, the whole point of the client/server pattern is that it is many to one. As a result, we need to introduce the notion of a process instance. For the sake of simplicity let’s assume that we don’t have more than one person participating in a particular instance at the same time. But we might have multiple people each running their own instance of a process, for example, completing a purchase on a Web site, as shown in Figure 2 below.

Figure 2: Two Tier Process with Instance

In the figure above, the BPM engine running on the server spawns a process instance to deal with the interactions with the user. If multiple users initiate the same process, the server can instantiate as many process instances as necessary, and the engine keeps track of where every user is in their instance—in other words, the instance state.

How to keep track of all this state information in a scalable, robust manner is at the core of numerous distributed computing challenges. Today’s BPM engines generally run on Enterprise Service Buses (ESBs), which maintain state by spawning threads—short-lived, specialized object instances that run in the execution environment of the ESB. But while threads are short-lived, process instances might take days or weeks to complete, and furthermore, threads are specific to the execution environment, making cross-ESB processes difficult to implement. For these reasons, we call state management the Achilles Heel of traditional, heavyweight (Web Services-based) SOA.

If such ESB-centric issues weren’t bad enough, the Cloud introduces a new wrinkle. Because we want to run our server in the Cloud, we don’t want to use it to maintain any state information, because we expect virtual machine (VM) instances to fail. In the Cloud, we provide automated recovery from failure rather than avoiding failure. However, if we store all the state information in the underlying persistence tier (not shown), then we limit our scalability, since every time anyone clicks a link, we must update a database somewhere.

What we need is a better way of dealing with state information that both allows our BPM engines to be Cloud friendly, and also frees us from the limitations of our ESBs. Or perhaps we must reinvent our ESBs to work in the Cloud. However you slice the problem, Hypermedia-Oriented Architecture (HOA) has the answer.

HOA to the Rescue
As ZapThink has discussed before, many people misconstrue REST as an API style that features a uniform interface, where in reality it’s a style of software architecture for building hypermedia systems. Why is the latter definition a better one? Because Roy Fielding, its creator, says so. That being said, work continues on the architectural context of REST, perhaps extending Fielding’s original thinking, as well as beyond the API style that most techies think of when they think about REST. We call this extension of the REST architectural style Hypermedia-Oriented Architecture, or HOA.

The central principle of HOA is the HATEOAS REST constraint: hypermedia is the engine of application state. In essence, HOA separates two different types of state information: application state and resource state. Application state corresponds to the user’s place in the runtime workflow consisting of hyperlinked representations, while resource state remains on the server, keeping track of persisted state information and state information that multiple users share.

On the one hand, HATEOAS requires hypermedia to manage all state information specific to individual clients, and on the other hand, delegates all other state information to the server. REST also specifies a set of verbs for querying an changing state information: GET for querying resource state without changing it, and three verbs that change the resource state: POST for initializing a resource, PUT for updating a resource, and DELETE for deleting a resource (assuming we’re using HTTP as our transport protocol).

Note, therefore, that all verbs other than GET change the resource state, while all verbs, including GET, change the application state. Furthermore, all state information appears in the messages between client and server: the requests from client to resource, and the representations from resource to client. By extension, HATEOAS requires us to only use POST, PUT, or DELETE when—and only when—we must update resource state.

With this principle in mind, we have a real problem with the process in Figure 2. Note that the server is maintaining application state, which HOA forbids. But we can’t solve this problem simply by picking up the process instance from the server and sticking it in the client and expecting it to work properly, because sometimes we really do want to update the resource state. We somehow need to separate the process instance into two (or more) pieces so that hypermedia on the client can be the engine of application state while the BPM engine remains the engine of resource state.

Figure 3 below illustrates this principle. The client sends a POST to the server, which initializes a resource. In this case, that new resource sends a hypermedia representation to a stateless intermediary which caches the representation. This hypermedia representation is essentially an abstraction of a dynamic set of hyperlinked representations, for example, one or more php scripts that can generate a set of hyperlinked Web pages. Once the intermediary has the hypermedia representation, it returns the initial representation (for instance, a Web page) to the client.

Figure 3: HOA-Based Process with Stateless Intermediary

From that point on, as long as the client is navigating the application via hypermedia, changing only the application state as the user moves from one step in the process to the next, there is no need to change the resource state—and thus, no further POSTs, PUTs, or DELETEs are allowed. The client may perform a GET, because GETs change only the application state. The intermediary may be able to handle the GET on its own (if the necessary information is resident in the cache) or can turn around and perform a GET on an underlying resource, if necessary.

Furthermore, the application state may change without any interactions with the intermediary or the server by leveraging programmatic capabilities on the client. If the client is an arbitrary piece of software then this capability is trivial. But even if the client is a browser, it’s possible to change the state of an application without fetching anything from the server. In fact, there are many was to accomplish this feat.

Sometimes, of course, a hypermedia application, which we might also call a HOA process, must update resource state, for example, when it’s time to process the user’s credit card or change the number of widgets in inventory. Then—and only then—do we perform a PUT.

The most important characteristic of the process in Figure 3 is the fact that the intermediary is entirely stateless. If for some reason the VM that is hosting the hypermedia representation that is serving the client crashes, the Cloud environment must simply spawn a replacement and reload the same hypermedia representation as before. The client won’t lose its place because the hypermedia on the client are maintaining the application state. Similarly, we can horizontally scale the middle tier however and whenever we like. Instead of one VM hosting a particular hypermedia representation, we could have two or a hundred, and it doesn’t matter which one responds to a particular GET from the client.

Combining HOA Processes and Traditional BPM
The problem with the example in Figure 3, of course, is that every client’s process is separate from every other client’s process. However, most business processes in today’s organizations involve multiple parties—either multiple people or multiple enterprise applications or some combination.

On first glance, HOA doesn’t address such complex processes, since HATEOAS only deals with application state, not resource state. Fortunately, HOA works perfectly fine in this broader context as well, because it calls for a separation of application and resource state while providing for multiple ways to update resource state. After all, POST, PUT, and DELETE all update resource state, and any user can execute these verbs for a particular resource. Figure 4 below illustrates this more complex process.

Figure 4: HOA Process with Composite RESTful Service

In the figure above, a POST from a client instructs the BPM engine to instantiate a process instance on the server as in Figure 2. The first step in this process creates a hypermedia representation for the client to interact with as in Figure 3. Meanwhile, the resource state may change via any event, including a server-generated event or the action of a different user. If a user executes a PUT on the client to the hypermedia representation on the intermediary, then that representation turns around and PUTs to the appropriate underlying resource. Or perhaps the client PUTs to an underlying resource directly. Either way, the PUT goes to a hyperlink the client obtained from a previous representation at an earlier step in the process.

We might call the process running on the server a Composite RESTful Service, because the intermediary may abstract the entire server-based process via one or more RESTful URIs. A simple example of a Composite RESTful Service is a chat window application. Multiple users share the same chat session, so clearly the chat session state is part of the resource state.

There are a few essential points to keep in mind about the illustration in Figure 4. First, the intermediary remains stateless and therefore Cloud-friendly. We must maintain resource state in the persistence tier, but since we’ve offloaded the maintenance of application state to the client, we won’t be overburdening our database. We may also interact with our Composite RESTful Service via RESTful interactions, an essential benefit that Prof. Pautasso emphasizes in his research. And finally, not only is the middle tier horizontally scalable and elastic, so is the client tier—because every user brings their own client to the process.

The ZapThink Take
With the addition of an appropriate approach to building a RESTful Service abstraction, Figure 4 also serves as an illustration of how to implement RESTful SOA, what ZapThink refers to as “next generation” SOA in our Licensed ZapThink Architect (LZA) course as well as in my new book, The Agile Architecture Revolution. We therefore have a single, simple diagram bring together the worlds of SOA, BPM, Cloud, REST, and HOA.

The secret to getting all these architectural trends to work well together centers on how we deal with state information. We must first separate application state from resource state, and then subsequently take the conceptual leap to understanding that the best way to implement our business processes is by combining HOA processes with Composite RESTful Services. Once we make this leap, however, the pieces of this complicated puzzle finally fall into place.

Image credit: Bruce Guenter

More Stories By Jason Bloomberg

Jason Bloomberg is the leading expert on architecting agility for the enterprise. As president of Intellyx, Mr. Bloomberg brings his years of thought leadership in the areas of Cloud Computing, Enterprise Architecture, and Service-Oriented Architecture to a global clientele of business executives, architects, software vendors, and Cloud service providers looking to achieve technology-enabled business agility across their organizations and for their customers. His latest book, The Agile Architecture Revolution (John Wiley & Sons, 2013), sets the stage for Mr. Bloomberg’s groundbreaking Agile Architecture vision.

Mr. Bloomberg is perhaps best known for his twelve years at ZapThink, where he created and delivered the Licensed ZapThink Architect (LZA) SOA course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovel Technologies in 2011. He now runs the successor to the LZA program, the Bloomberg Agile Architecture Course, around the world.

Mr. Bloomberg is a frequent conference speaker and prolific writer. He has published over 500 articles, spoken at over 300 conferences, Webinars, and other events, and has been quoted in the press over 1,400 times as the leading expert on agile approaches to architecture in the enterprise.

Mr. Bloomberg’s previous book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation. He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting).

@ThingsExpo Stories
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
When it comes to the Internet of Things, hooking up will get you only so far. If you want customers to commit, you need to go beyond simply connecting products. You need to use the devices themselves to transform how you engage with every customer and how you manage the entire product lifecycle. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show how “product relationship management” can help you leverage your connected devices and the data they generate about customer usage and product performance to deliver extremely compelling and reliabl...
SYS-CON Events announced today that CodeFutures, a leading supplier of database performance tools, has been named a “Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. CodeFutures is an independent software vendor focused on providing tools that deliver database performance tools that increase productivity during database development and increase database performance and scalability during production.
The IoT market is projected to be $1.9 trillion tidal wave that’s bigger than the combined market for smartphones, tablets and PCs. While IoT is widely discussed, what not being talked about are the monetization opportunities that are created from ubiquitous connectivity and the ensuing avalanche of data. While we cannot foresee every service that the IoT will enable, we should future-proof operations by preparing to monetize them with extremely agile systems.
There’s Big Data, then there’s really Big Data from the Internet of Things. IoT is evolving to include many data possibilities like new types of event, log and network data. The volumes are enormous, generating tens of billions of logs per day, which raise data challenges. Early IoT deployments are relying heavily on both the cloud and managed service providers to navigate these challenges. Learn about IoT, Big Data and deployments processing massive data volumes from wearables, utilities and other machines.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
“In the past year we've seen a lot of stabilization of WebRTC. You can now use it in production with a far greater degree of certainty. A lot of the real developments in the past year have been in things like the data channel, which will enable a whole new type of application," explained Peter Dunkley, Technical Director at Acision, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Intelligent Systems Services will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Established in 1994, Intelligent Systems Services Inc. is located near Washington, DC, with representatives and partners nationwide. ISS’s well-established track record is based on the continuous pursuit of excellence in designing, implementing and supporting nationwide clients’ mission-critical systems. ISS has completed many successful projects in Healthcare, Commercial, Manufacturing, ...
PubNub on Monday has announced that it is partnering with IBM to bring its sophisticated real-time data streaming and messaging capabilities to Bluemix, IBM’s cloud development platform. “Today’s app and connected devices require an always-on connection, but building a secure, scalable solution from the ground up is time consuming, resource intensive, and error-prone,” said Todd Greene, CEO of PubNub. “PubNub enables web, mobile and IoT developers building apps on IBM Bluemix to quickly add scalable realtime functionality with minimal effort and cost.”
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo (http://www.CloudComputingExpo.com), moderated by Ashar Baig, Research Director, Cloud, at Gigaom Research, Nate Gordon, Director of T...
Sensor-enabled things are becoming more commonplace, precursors to a larger and more complex framework that most consider the ultimate promise of the IoT: things connecting, interacting, sharing, storing, and over time perhaps learning and predicting based on habits, behaviors, location, preferences, purchases and more. In his session at @ThingsExpo, Tom Wesselman, Director of Communications Ecosystem Architecture at Plantronics, will examine the still nascent IoT as it is coalescing, including what it is today, what it might ultimately be, the role of wearable tech, and technology gaps stil...
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
The Internet of Things (IoT) is causing data centers to become radically decentralized and atomized within a new paradigm known as “fog computing.” To support IoT applications, such as connected cars and smart grids, data centers' core functions will be decentralized out to the network's edges and endpoints (aka “fogs”). As this trend takes hold, Big Data analytics platforms will focus on high-volume log analysis (aka “logs”) and rely heavily on cognitive-computing algorithms (aka “cogs”) to make sense of it all.
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities. In his session at @ThingsExpo, Gary Hall, Chief Technology Officer, Federal Defense at Cisco Systems, will break down the core capabilities of IoT in multiple settings and expand upon IoE for bo...
With several hundred implementations of IoT-enabled solutions in the past 12 months alone, this session will focus on experience over the art of the possible. Many can only imagine the most advanced telematics platform ever deployed, supporting millions of customers, producing tens of thousands events or GBs per trip, and hundreds of TBs per month. With the ability to support a billion sensor events per second, over 30PB of warm data for analytics, and hundreds of PBs for an data analytics archive, in his session at @ThingsExpo, Jim Kaskade, Vice President and General Manager, Big Data & Ana...
For years, we’ve relied too heavily on individual network functions or simplistic cloud controllers. However, they are no longer enough for today’s modern cloud data center. Businesses need a comprehensive platform architecture in order to deliver a complete networking suite for IoT environment based on OpenStack. In his session at @ThingsExpo, Dhiraj Sehgal from PLUMgrid will discuss what a holistic networking solution should really entail, and how to build a complete platform that is scalable, secure, agile and automated.
We’re no longer looking to the future for the IoT wave. It’s no longer a distant dream but a reality that has arrived. It’s now time to make sure the industry is in alignment to meet the IoT growing pains – cooperate and collaborate as well as innovate. In his session at @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, will examine the key ingredients to IoT success and identify solutions to challenges the industry is facing. The deep industry expertise behind this presentation will provide attendees with a leading edge view of rapidly emerging IoT oppor...
In the consumer IoT, everything is new, and the IT world of bits and bytes holds sway. But industrial and commercial realms encompass operational technology (OT) that has been around for 25 or 50 years. This grittier, pre-IP, more hands-on world has much to gain from Industrial IoT (IIoT) applications and principles. But adding sensors and wireless connectivity won’t work in environments that demand unwavering reliability and performance. In his session at @ThingsExpo, Ron Sege, CEO of Echelon, will discuss how as enterprise IT embraces other IoT-related technology trends, enterprises with i...
When it comes to the Internet of Things, hooking up will get you only so far. If you want customers to commit, you need to go beyond simply connecting products. You need to use the devices themselves to transform how you engage with every customer and how you manage the entire product lifecycle. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show how “product relationship management” can help you leverage your connected devices and the data they generate about customer usage and product performance to deliver extremely compelling and reliabl...