Is it bad idea to base business to business (B2B) type of integration projects on the microservices architecture?
By Microservices we mean autonomous services directly interfacing with each other by loosely coupled interfaces, typically REST. Dump pipes and smart endpoints. Could this lightweight principle work in the large scale B2B integration? Or is this where the more heavyweight SOA solutions are still more justified?
Consider the X-Road, national service portal of Estonia for example.
According to their web page, "The X-Road is an open source data exchange layer solution that enables organizations to exchange information over the Internet. The X-Road is a centrally managed distributed integration layer between Information Systems that provides a standardized and secure way to produce and consume services. The X-Road ensures confidentiality, integrity and interoperability between data exchange parties.
How would the microservices approach adapt to the integration project of this scale if we ignore juristic requirements for centrally managed gateway? Would it end up as unmanageable without central integration provider and well-defined WSDL contracts? Also, important thing to consider is the identity management and access control across the autonomous systems.
X-Road is the software that is used nationwide in the Estonian data exchange layer X-tee and in the Suomi.fi Data Exchange Layer service in Finland. X-Road is the data exchange layer between the national service portals (eesti.ee , suomi.fi) and various data sources, registries and information systems. Therefore, X-Road and a national service portal are two different, independent information systems.
I think that a contract, an agreement between a service provider and service consumers, is a must have requirement in both SOA and microservice-based solutions. One of the key aspects of both approaches is the ability to deploy services independent of one another. The independence is achieved using versioned and well-defined contracts. The underlying technology and implementation of a service can be changed as long the contract does not change.
X-Road can be used as a data exchange layer for solutions based on both SOA and microservices. Compared to direct point-to-point integrations X-Road implements a set of common features to support and facilitate data exchange. X-Road provides the following features out of the box:
address management
message routing
access rights management
organization level authentication
machine level authentication
transportation layer encryption
time-stamping
digital signature of messages
logging
error handling.
The identity of each organization and technical entry point (Security Server) is verified using certificates that are issued by a trusted Certification Authority (CA) when an organization joins an X-Road ecosystem. The identities are maintained centrally, but all the data is exchanged directly between a consumer and provider. Message routing is based on organization and service level identifiers that are mapped to physical network locations of the services by X-Road. All the evidence regarding data exchange is stored locally by the data exchange parties, and no third parties have access to the data. Time-stamping and digital signature together guarantee non-repudiation of the data sent via X-Road.
In addition, each service published on X-Road must provide a service description, currently a WSDL description. However, a native REST support will be available in 2019 and then OpenAPI service descriptions will be supported too.
No, Microservices is an absolutely fine and cool way of building B2B integration systems because it showcases a lot of qualities that you want to have when building such systems:
Higher fault tolerance via circuit breakers
No domino effect if other systems are down
Eventual consistency
High availability via CRQS and event sourcing.
Ease of maintenance and disposability of sync systems.
Related
I am learning about microservices and I don't understand what the real difference
between creating a REST API and creating microservices?
I’m working in Go, but my question applies over all languages.
The Microservices approach is about breaking your system ("pile of code") into many small services, each typically has its own:
Clear business-related responsibility
Running process
Database
Code version control (e.g. git) repository
API (the protocol how other services / clients will contact the Microservice)
UI
The services themselves are kept small so as your system grow, there are more services - rather than larger services.
Microservices can use REST, RPC, or any other method to communicate with one another, so REST or an API is really orthogonal to the topic of microservices...
Reference: What is an API? In English, please.
API = Application Programming Interface
Microservices = an architecture
In short
Microservice should expose a well-defined API.
Microservice is the way you may want to architect your solution
API is what your consumers see.
You can expose API without microservices in the backend (in fact, most non-training scenarios don't require microservices).
You may want to read http://samnewman.io/books/building_microservices/ before you decide on using microservices (unless this is for training purposes).
Microservice is well defined when you are following SOC - seperation of Concern on the entity/domain level ,where each entity / domain are independent of any other service.
for example user service will only be responsible for storing, updating and deleting user related informations.
Microservice backend and frontend microservice can further be splitted in 2 parts
frontend microservice which exposes rest endpoint just like Web API
backend microservice which actually perform all the operations.
Rest API is more of endpoints exposed to outer world and can be used with microservices as well, as explained above.
The majority of the answers is based on the old-school understanding of API as a programmatic interface. Nowadays, this meaning is melted and start confusing people becuase some developers started (for simplicit or by mistake) interpred the API of an application as the application per se. In such case, it is impossible to distinguish between the modern API and Microservices. Nonetheless, we can say that an API-application can comprise many Microservices, the most of which interact within the application via Microservice's APIs while others may expose their APIs as Applications's APIs. Also, a Microservice (as a service) may not include other Microservices (services), but may orchestrate a composition of Microservices via API-bases invocations. Applications may contain Microservices but, in the best practices, may not contain other Applications.
Microservices
A microservice architecture is about slicing an application logic into small pieces or "components" that can act between them and/or be exposed through an API.
API
A (web) application need to design the business logic with all set of object entities (model) and possible operations on them.
An (Application Programming Interface][https://en.wikipedia.org/wiki/Application_programming_interface) is a way of making the requests to an application by exposing specific entry-points that are in charge of invoking the appropriate application operations.
ReST(ful) APIs
("ReST" as in Representational State Transfer) are APIs complying with at least these 5 constraints:
User-interface is distinct from data storage and manipulation (Client-Server architecture)
No client context is stored on the server ("stateless")
Server responses must, implicitly or explicitly, define themselves as cacheable or not
Client does not have to be aware of the layers between him and the server
Response/request messages must be: be self-descriptive; allow to identify a resource; use representations allowing to manipulate the resources; announce available actions and resources ("Uniform interface").
"The real difference"
So, while these notions are obviously related, they are clearly distinct concepts:
Being ReSTful or not, an API exposes operations provided by a server that might (but not necessarily) be shelled into smaller components (microservices).
Also, while a typical web (ReST)API uses the HTTP protocol between the client and the server, components within a microservice architecture might communicate using other protocol(s) (e.g. WAMP, AMQP, JSON-RPC, XML-RPC, SOAP, ...)
In layman's term, if you have a web API server and you split them into several independent mini servers, use a proxy-server and load-balancer to clusterize them, and (optionally, give each a separate database entity), that is a microservice architecture.
I am looking into options for implementing single sign-on (by which I mean a single set of user credentials authenticating against a single, shared, identity store) across a range of websites.
All of the websites nominally belong the same organisation (and so we can assume a trusted relationship between them), but are hosted on different domains, and span different technologies - inc. .NET, Java and PHP.
We are consolidating all user profiles into a single back-end CRM system, and need some way to provide robust access to this for all current (and future) web properties.
We have a nascent SAML provider running, and the default option is to extend access to this across all the (currently) unsupported properties. Is this the best option? All the online references to SSO products (CAS, CoSign etc.) seem to be very old (2004+).
Have a look at Microsoft's ADFS v2.0 which support .NET
There are commercial products that do this e.g. PingIdentity, and open source ones e.g. OpenAM.
These products all support SAML.
For Java, put something like OpenAM in front of it or use the OpenSSO / OpenAM fedlet.
For PHP, use simpleSAMLphp.
The keyword to use to get current references would be something "SAML federation".
Refer SAML-based products and services
Use of the SAML protocol here makes a ton of sense. It could even allow you to federate with cloud-based services if/when your company decides to go that direction.
SAML does not require the target servers (aka "service providers" or "relying parties" in MS parlance) to be referenced using a fully qualified domain name with a common DNS root. It is also technology agnostic so it really doesn't matter what HTTP stack the service provider is running.
I'm not sure what interfaces are available to your back-end CRM system, but LDAP or SQL connections are typically used to get identity claim information and build the SAML response.
A few Identity Provider products you may want to research include Microsoft ADFS, PortalGuard (for whom I work) and Ping.
Recently a friend of mine asked me about N-Tier architectures and I was able to explain to him about 1, 2 and 3 tier architectures with examples. But I was stuck when I wanted to give examples for more than 3 tiers. I googled and binged for help, but could not find any decent examples.
The fact that it is named N-tier makes me think that 'N' can be any number starting from 1. But I couldn't find any examples for 4 or 5 tier.
Can somebody share some examples of N-tier architectures that involves more than 3 tiers?
Fundamental Services : e.g. Database, Directory Services, File & Print Services, Hardware abstraction. This tier is increasingly called the platform.
Business Domain Tier : An Application Server such JavaEE including EJB, DCOM or CORBA Service Objects. Provide business functionality, increasing using SOA and Micro-services.
Presentation Tier : e.g. Java Servlets/JSP, ASP, PHP. This tier will increasingly include WebServices as proxies and adaptors for business tier services.
Client Tier : Thin clients like HTML Pages on Browsers and Rich Clients like Java WebStart & Flash.
In Java EE it is common to divide the Business Domain tier into Data-Access (Entity Beans) & Business Services (Session Beans).
In an Enterprise SOA (Service Oriented Architecture) the ESB (Enterprise Service Bus) would typically exist as an additional tier between tiers 1 & 2. It may be part of the platform provision.
In Mashups you could have an aggregation tier between tier 3 & 4.
The move to being called N-Tier is a reflection of the move to increasingly componentised architectures from the older client-server to first 3-Tier then 4-Tier. The defining characteristic of a tier is a clearly defined interface with a separation of concerns.
Five minutes ago I've read an article of this
https://www.nginx.com/blog/time-to-move-to-a-four-tier-application-architecture
Client is where you read it
Api or your application back-end is where you assemble it ..
Data aggregation.. Either goes through the jsons/xmls from outsourced things or queries on your database and lastly service tier is where you actually do the query on database or run function on big data or read GPS locations and maps from google ... That is how I see it in this case. It simply divided the data layer from three tier.
But this N-tier model is totally abstract so you can tear your infrastructure until you have some logically atomic parts only. Still dividing the previous structure.
I'm leaning towards less abstract and more practical explanation that answers the question: "How and why do I want to split my system into tiers and where do I place them on the servers?"
Essentially, when you create a simple website that uses a database, you already have 3-tiers "out of the box":
data tier - the database. But if you are using a short-lived memory cache or file system then we might argue if that can be considered a "tier" or not.
application tier - the code that executes on your server(s).
presentation (or client) tier - the code that executes on the client's machine and presents the results to the client
Now, how do we get the 4th tier?
Most probably, there is no need to split the client tier. It's on the client's device and we want to keep it as simple and efficient as possible.
Could we split the data tier? I have seen some systems with APIs around databases, Azure blobs, file systems etc. to create some subsystem that could be considered a tier. But is that still the same data tier (a.k.a fundamental services tier) or can we consider it a separate entity? And if we separate it out, will it be on the same physical (or virtual) server as our database, so we can protect the data from direct access?
However, in most cases, it's the application layer that gets split.
One part is still named application tier. It becomes an internal API web application and lives in secured zone where it can access the database. Nobody can access the database directly, but only through this application layer.
The other part becomes a consumer of the application tier APIs through some kind of a connection (HTTP client etc.). The consumer might be called presentation tier (confusing - wasn't it the same as client tier?), even if it itself has only JSON APIs and no any user-friendly formats.
But then the question arises: in which cases we, developers, might want to complicate our lives and split our web application into presentation tier and application tier, instead of keeping them as layers inside the same web application?
At serious workloads, a separate application tier might be good for scalability or it might be a requirement of security to deny database connectivity to the web server that is exposed to users (even the intranet ones).
I have seen some ambitious projects going for 4-tier from the start and then cursing themselves for overengineering things. You have to keep track of those internal connections, security, authentication tokens, keeping sockets under control (not opening a new HTTP connection on every request), avoiding accidental sharing of data of multiple parallel requests through carelessly created global HTTP client instance etc.
That would depend on what you want to call a Tier. Each vertical of the Presentation layer could be called a tier.
Mobile app or webpage frontend (one page Javascript and the like)
The caching or CDN (Content Delivery Network) as another layer.
Frontend or API tier
The business layer, could also be split if the service requires multiple microservices. For instance
a Business process tier
an Administration tier.
Then the data Layer split into:
Database
Data Lake
Reporting
Enterprise Service Bus
Third party access data (where your app is connecting to other APIs)
For more see Cloud Application Architecture
A four tier architecture consists of the following
a. client tier -- node.js angularJs, etc basically independent of server side and UI team work on the client artifact independently
b. Aggregation tier --- content delivery networks (akamai)
c. api tier -- gateway for all the server side calls and can have its own caching
d. services tier -- includes internal or external services...
An easy example of 4 tier architecture is RMI JDBC Servlet. This involves
The client tier
The application server for theservlet
Rmi server for server program
Jdbc server for database
I have heard a lot of people talking recently about middleware, but what is the exact definition of middleware? When I look into middleware, I find a lot of information and some definitions, but while reading these information and definitions, it seems that mostly all 'wares' are in the middle of something. So, are all things middleware?
Or do you have an example of a ware that isn't middleware?
Lets say your company makes 4 different products, your client has another 3 different products from another 3 different companies.
Someday the client thought, why don't we integrate all our systems into one huge system. Ten minutes later their IT department said that will take 2 years.
You (the wise developer) said, why don't we just integrate all the different systems and make them work together? The client manager staring at you... You continued, we will use a Middleware, we will study the Inputs/Outputs of all different systems, the resources they use and then choose an appropriate Middleware framework.
Still explaining to the non tech manager
With Middleware framework in the middle, the first system will produce X stuff, the system Y and Z would consume those outputs and so on.
Middleware is a terribly nebulous term. What is "middleware" in one case won't be in another. In general, you can expect something classed as middleware to have the following characteristics:
Primarily (usually exclusively) software; usually doesn't need any specialized hardware.
If it weren't there, applications that depend on it would have to incorporate it as part of their application and would experience a lot of duplication.
Almost certainly connects two applications and passes data between them.
You'll notice that this is pretty much the same definition as an operating system. So, for instance, a TCP/IP stack or caching could be considered middleware. But your OS could provide the same features, too. Indeed, middleware can be thought of like a special extension to an operating system, specific to a set of applications that depend on it. It just provides a higher-level service.
Some examples of middleware:
distributed cache
message queue
transaction monitor
packet rewriter
automated backup system
Wikipedia has a quite good explanation: http://en.wikipedia.org/wiki/Middleware
It starts with
Middleware is computer software that connects software components or applications. The software consists of a set of services that allows multiple processes running on one or more machines to interact.
What is Middleware gives a few examples.
There are (at least) three different definitions I'm aware of
in business computing, middleware is messaging and integration software between applications and services
in gaming, middleware is pretty well anything that is provided by a third-party
in (some) embedded software systems, middleware provides services that applications use, which are composed out of the functions provided by the hardware abstraction layer - it sits between the application layer and the hardware abstraction layer.
Simply put Middleware is a software component which provides services to integrate disparate systems together.
In an complex enterprise environment, there are a number of challenges when you need to integrate two or more enterprise systems together to talk to each other. Normally these systems do not understand each others language as they are developed on different platforms using different languages (like C++, Java, Cobol, etc.).
So here comes middleware software in picture which provides services like
transformation of messages formats from one app to other,
routing and enriching messages besides taking care of security,
encryption,
validation and
applying different business rules to these messages.
A typical example of middleware is an ESB products like IBM message broker (WMB/IIB), WESB, Datapower XI50, Oracle Fusion, Mule and many others.
Therefore, middleware sits mostly in between the service consuming apps and services provider apps and help these apps to talk to each other.
Middleware is about how our application responds to incoming requests. Middlewares look into the incoming request, and make decisions based on this request. We can build entire applications only using middlewares. For e.g. ASP.NET is a web framework comprising of following chief HTTP middleware components.
Exception/error handling
Static file server
Authentication
MVC
As shown in the above diagram, there are various middleware components in ASP.NET which receive the incoming request, and redirect it to a C# class (in this case a controller class).
Middleware is a general term for software that serves to "glue together" separate, often complex and already existing, programs. Some software components that are frequently connected with middleware include enterprise applications and Web services.
There is a common definition in web application development which is (and I'm making this wording up but it seems to fit): A component which is designed to modify an HTTP request and/or response but does not (usually) serve the response in its entirety, designed to be chained together to form a pipeline of behavioral changes during request processing.
Examples of tasks that are commonly implemented by middleware:
Gzip response compression
HTTP authentication
Request logging
The key point here is that none of these is fully responsible for responding to the client. Instead each changes the behavior in some way as part of the pipeline, leaving the actual response to come from something later in the sequence (pipeline).
Usually, the middlewares are run before some sort of "router", which examines the request (often the path) and calls the appropriate code to generate the response.
Personally, I hate the term "middleware" for its genericity but it is in common use.
Here is an additional explanation specifically applicable to Ruby on Rails.
Middleware stands between web applications and web services that natively can't communicate and often are written in different languages/frameworks.
One such example is OWIN middleware for .NET environment, before owin people were forced to host web apps in a microsoft hosting software called IIS. After owin was developed, it has added capacity to host both in IIS and self host, in IIS was just added support for Owin which acted as an interface. Also it become possible to host .NET web apps on Linux via Mono, which again added support for Owin.
It also added capacity to create Single Page Applications, Owin handling Http request/response context, so on top of owin you can add authentication/authorization logic via OAuth2 for example, you can configure middleware to register a class which contains logic of user authentification (for ex. OAuth2 implementation) or class which contains logic of how to manage http request/response messages, that way you can make one application communicate with other applications/services via different data format (like json, xml, etc if you are targeting web).
Some examples of middleware: CORBA, Remote Method Invocation (RMI),...
The examples mentioned above are all pieces of software allowing you to take care of communication between different processes (either running on the same machine or distributed over e.g. the internet).
From my own experience with webwork, a middleware was stuff between users (the web browser) and the backend database. It was the software that took stuff that users put in (example: orders for iPads, did some magical business logic, i.e. check if there are enough iPads available to fill the order) and updated the backend database to reflect those changes.
It is just a piece of software or a tool on which your application executes and rapplication capabilities with respect to high availability,scalability,integrating with other softwares or systems without you bothering about your application level code changes .
For example : The operating system on which your application runs requires an I.P change , you do not have to worry about it in your code , it is the middleware stack on which you can simple update the configuration.
Example 2 : You experience problems with your runtime memory allocation and feel that the your application usage has increased , you do not have to much about it unless you have a bug or bottleneck in your code , it is easily achievable by tuning middleware software configuration on which your application runs.
Example 3 : You have multiple disparate software and you need them to talk to each other or send data in a common format which is understandable by all the systems then this is where middleware systems comes handy.
Hope the information provided helps.
it is a software layer between the operating system
and applications on each side of a distributed computing system in a network. In fact it connects heterogeneous network and software systems.
If I am not wrong, in software application framework, based on the context, you can consider middleware for the following roles that can be combined in order to perform certain activities in between the user request and the application response.
Adapter
Sanitizer
Validator
I always thought of it as the oldest software I have had to install. The total app used a web server, a database server, and an application server. The web server being the middleware between the data and the app.
I am interested in finding a business model for a software product (iprocurement). However, I got quite confused between ASP (Application Service Provider) and Saas models. What are the differences?
Thanks in advance.
Though medium of delivery is the same i.e. internet, ASP takes a packaged-base approach while SaaS takes product approach. ASP provider need not be a manufacturer of the product. He can be a trader or a middleman who takes the responsibility of selling it and customising and implementing it when required. On the other hand, a system based on Saas model had been designed, built, delivered, configured and implemented normally by a single party who has total control of the system.
In case of ASP there can be multiple instances (or implementations) of a software running on a single server, suitable as per customer needs while in case of SaaS, a single software will serve to many clients allowing them to configure the service as per their requirement.
The fundamental difference is how software is built and used. ASP follows traditional development with a twist when it comes to deployment. It is built on data centric and it is deployed as an application with a centralized host sever. SaaS is built on service centric and deployed as web services.