© 2006 ibm corporation building information society with innovation business process...
Post on 18-Dec-2015
213 views
TRANSCRIPT
© 2006 IBM Corporation
Building Information Society with Innovation
Business Process Transformation: Componentization
András Pataricza,Budapest University of Technology and Economics
University Relations
Academic Days | May 9-10, 2006 | Barcelona, Spain
2
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Service Oriented Architecture
3
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
SOA reference architecture
Dev
elo
pm
en
t S
erv
ice
s
Business Innovation and Optimization Services
Interaction Services
Process Services
Information Services
Enterprise Service Bus
IT S
ervi
ce
Man
age
me
nt
Partner Services
Business Application
Services
Ap
pli
cat
ion
sAccess Services
Infrastructure Services
Modeling, composition Deployment/implementation Monitoring
4
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
SOA lifecycle
Requirement analysismodeling & simulationdesign
design testing
Integrationhumanprocessinformation
Application and service monitoring
Identity managementBusiness indicators
FinancialBusiness/IT harmonizationProcess control
5
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Model-Driven Architecture for Classical Approaches
ModelXform.
Code Generation
Source code
PlatformIndependent
Model
PlatformSpecificModel
platformdescription
6
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Model-Driven Architecture for SOA
ModelXform.
Service mapping
+deployment
Service invocationBusiness workflow
Configuration
PlatformIndependent
Model
PlatformSpecificModel
ServiceCatalogue/Standard
(eg. BPEL)
© 2006 IBM Corporation
Building Information Society with Innovation
Componentization and requirements
A functionally correct system has to fulfill additional non-functional requirements, as well
8
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Requirement classes
9
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
SOA systems are vulnerable
Dev
elo
pm
en
t S
erv
ice
s
Business Innovation and Optimization Services
Interaction Services
Process Services
Information Services
Enterprise Service Bus
IT S
ervi
ce
Man
age
me
nt
Partner Services
Business Application
Services
Ap
pli
cat
ion
sAccess Services
Infrastructure Services
Modeling, composition Deployment/implementation Monitoring
ComplexityCompletenessConsistency
PlatformsOutsourcing?
Parasitic interaction
Not ownedAvailabilityReliability
Complexity?Correctness?
Compliance to standards
Security
10
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
V&V problems in non-functional design
Proof of correctness
Performance prediction
Qualitative dependabilityassessment(fault impact
analysis)
Damage confinement and recovery Error detection
Performability control
Availability … prediction
SLA requirements specification
Quantitative dependabilityassessment
© 2006 IBM Corporation
Building Information Society with Innovation
Core: Mathematical Analysis
Huge complexity ->Importance of mathematical analysis integrated into the design workflow
12
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Engineeringmodel
Implementation
Design
Mathematicalmodel
Automatedmodel generation
Analysis tool
Mathematical analysis
Back-annotation
Code generation
Mechanized approach
13
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Transformation development
Metamodels
Graph transformation rules
Transformation control structure
Transformation development &
testing
Source modelNative transformation
pluginTarget model
Transformation trace, debug information
Plu
gin
gene
rato
rTransformation design time
Transformation runtime
14
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
VIATRA 2 as Eclipse Generative Model Transformer
GMT is an independent part of the Eclipse Modeling Project led by IBM and Borland
© 2006 IBM Corporation
Building Information Society with Innovation
Design verification
Complex, critical business processes require a proof of correctness covering ALL the cases of operations
Proof of correctness
16
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Objectives
Service composition (e.g. BPEL)– Widespread tool support
– Design errors in choreography
– Lack of formal verification
Objectives:– Formal proof of compliance to the requirements on workflow
– Derivation of mathematical analysis models by model transformations
Formal analysis of workflows– Formal workflow semantics
– Formal verification of properties
– E.g. variable access
– Fault simulation: assessment of error propagation
17
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
A Workflow Example
RecordingEstablish
type
Policy
Premium
Reject
Basic activity
Beginning of parallel execution
End of parallel execution
PayControl flow
Selection
18
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Verification of Workflows
Workflow (BPEL)
Formal model
(dataflow network)
Analysis model
(Promela)
Model checker(SPIN )
Requirement (LTL
expression)
Positive result
Negative result +
counterexample
Simulation
19
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Verification of Workflows
Workflow (BPEL)
Formal model
(dataflow network)
Analysis model
(Promela)
SPIN modelchecker
Requirement (LTL
expression)
Positive result
Negative result +
counterexample
Simulation
IBM WebSphereIntegration Developer
20
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Verification of WorkflowsDataflow Network
(generated)• Abstract data• Hierarchic modeling • Model refinement
Workflow (BPEL)
Formal model
(dataflow network)
Analysis model
(Promela)
SPIN modelchecker
Requirement (LTL
expression)
Positive result
Negative result +
counterexample
Simulation
Representation in the VIATRA2 framework
• Dataflow Network generated from parsed BPEL model
21
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Verification of Workflows
Workflow (BPEL)
Formal model
(dataflow network)
Analysis model
(Promela)
SPIN modelchecker
Requirement (LTL
expression)
Positive result
Negative result +
counterexample
Simulation
Requirements• LTL: linear temporal logical expression
Target requirement•Business level: „no unauthorized business transaction” •Implementation level: „each variable should be initialized prior to a read access”
22
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Workflow (BPEL)
Formal model
(dataflow network)
Analysis model
(Promela)
SPIN modelchecker
Requirement (LTL
expression)
Positive result
Negative result +
counterexample
Simulation
Verification of Workflows
Model checker• Evaluation of LTL expressions• Exhaustive state space traversal
23
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Workflow (BPEL)
Formal model
(dataflow network)
Analysis model
(Promela)
SPIN modelchecker
Requirement (LTL
expression)
Positive result
Negative result +
counterexample
Simulation
Verification of Workflows
ModelltranszformációModel transformationVIATRA2 framework
24
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Abstraction: qualitative modeling
Formal methods have strict complexity limitations– Efficient, but still faithful abstractions are needed
Qualitative abstraction:– A few of qualitative values out of an enumerated data type set
– No detailed data representation
– Drastic state space (analysis complexity) reduction
Systematic methodology: predicate abstraction
25
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Example Full model:
IF credit_requested < 2.000.000 THEN approval(director) ELSE approval(board)
Deterministic abstraction:IF minor_credit_requested THEN approval(director) ELSE approval(board)
– No representation is needed for value of credit_requested,
– Only a single binary value (minor_credit_requested) representing the mode of operation
– Invariant wrt. the limit of 2.000.000 changes
Nondeterministic abstraction:CHOOSE (approval(director), approval(board))
– No representation is needed for value of credit_requested,
– No representation of the logic of selecting the mode of operation
– Details -> random behavior
26
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Estimation of the effects of a fault in a business workflow
A resource/operation is good / faulty / missing (FAULT) → System behavior ?
Analysis principle:– Assign faults to resources / operations
– Trace the flow of errors (ERROR)
– Check: is a service to the user affected (FAILURE) ?
Modeling and analysis:– Data items colored as good / faulty / suspicious
– A component connected to another one in a potentially erroneous state is suspicious
– Static worst case approximation: Damage Confinement Region
27
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Dataflow Networks
G(Variable.state!=Fault_written)
Variable Uninitialized Written Read Written and read Fault written Fault written and read
Activity Control Data D_F_Control
Node
State
Port
ChannelToken
28
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Mapping a Workflow to Dataflow Networks
RecordingEstablish
type
Policy
Premium
Recording Establish type
Beginningof parallelexecution
End of parallel Execution
Policy
Premium
© 2006 IBM Corporation
Building Information Society with Innovation
Early dependability assessment
Objective: identification of the critical processes and their dependence on services and resourcesReinforcement of the workflow (ABFT)
30
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Systematic analysis techniques (overview)
1. Fault tree analysis
2. Event tree analysis
3. Cause-consequence analysis
4. Failure mode and effects analysis (FMEA)
→ Risk matrix with acceptable hazards
31
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Fault tree analysisService
unavailable
Failure of servers
Primaryserverfailure
Networkswitchfailure
Secondaryserverfailure
Failoverunsuccessful
HAmiddleware
failure
Server software designfailure
SPOF
PossibleSPOF
(not analyzed)
System leveleffect
Basicevents
Serviceunavailable
Serviceunavailable
Failure of servers
Primaryserverfailure
Primaryserverfailure
Networkswitchfailure
Networkswitchfailure
Secondaryserverfailure
Failoverunsuccessful
Failoverunsuccessful
HAmiddleware
failure
Server software designfailure
SPOF
PossibleSPOF
(not analyzed)
System leveleffect
Basicevents
32
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Quantitative analysis
Probabilities assigned to basic events– Component data book, estimation, measurements
Probability of system level failure is computed– AND gate: product of probabilities
– OR gate: sum of probabilities
Independent basic events are assumed here. Problems:
– Correlated basic events
– Handling the scenario of basic events (fault tree is a static snapshot)
33
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Failure mode and effects analysis
Failures and system level effects are listed Advantages:
– Systematic analysis of component failures
– Efficiency of redundancy can be estimated
Component Failure mode Probability Effect
Network switch
- garbage out - broken link
35% 65%
- access denied
- service timeout
... ... ... ...
34
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Risk matrix and acceptable hazards
Hazard effect Catastrophic Critical Marginal Negligible
Frequent
Probable Network switch failure
Primary server failure
Occasional Server sw. failure
Secondary server failure
Remote HA middle- ware failure
Improbable
Impossible
Protectionlevel
35
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Dynamics: Qualitative Data Fault Simulation / Model Checking
Variable 1 Uninitialized Written Read Written and read Fault written Fault written and read
Activity A Read Control Data D_F_Control
Variable 2 Uninitialized Written Read Written and read Fault written Fault written and read
Activity A Write Control Data D_F_Control
36
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Simulation of the Error Propagation Dynamics
Variable Uninitialized Written Read Written and read Fault written Fault written and read
If Control Data D_F_Control
Otherwise Control
Activity Control Data D_F_Control
Activity Control Data D_F_Control
37
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Dependable design patterns
Critical elements of the model can be replaced
N-Version programming– Here: N-Version Invocation
– Simultaneous invocation of multiple service implementations (variants)
Recovery Block– Here: Sequential invocation
of variants
– Until the result is acceptable
– Adjudicator?
Version 1
Version N
Version 2 VOTER
Version 1
Version N
Version 2
Fails
Fails
© 2006 IBM Corporation
Building Information Society with Innovation
Quantitative Dependability Analysis
Prediction of quantitative service/business level characteristics
Performability control
Availability … predictionSLA
requirements specification
Quantitative dependabilityassessment
39
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Objectives
Composite services Composed of basic service components Only partial control over the different servicesAnalysis of composite services According to SLA parameters of services
(e.g. throughput, reliability, availability) User perceived service:
potentially different service levels for different users Required parameters for the invoked services Guaranteed parameters for the main serviceNon-functional analysis PREDICTION of
– Dependability metrics for the services
– Business impacts WHAT-IF analysis
40
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Phased Mission SystemsUpper layer: phases
•Operational life•Tree or cyclic Petri Net•One active phase („performing action X”)•Routing may depend on resource states
DEEM tool •Dependability Evaluation of Multiple-phased Systems•Representation: Deterministic and Stochastic Petri Nets•Evaluation: Markov Regenerative Processes•Developed in Pisa/Florence
Multiple Phased Systems •Systems which lifecycle consists of different phases•Phases have different resource characteristics
•Expected response time•Failure rate, etc.
Lower layer: resources•Representing the state of the system•Characteristics depend on the actual phase
41
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Example: Phased Mission Systems
Stochastic modeling Phased operational life System changes during the phases
– E.g. resource states
System characteristics depend on the actual phase– E.g. phase-dependent failure rates
Mission goal depends on system state– Degradation
Dependability modeling and analysis– Described as GSPN
– Originally for mission-critical systems
42
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
SOA service flows as PMS
SOA service flow as PMS The operational life is built of distinct steps
– Web service invocations are the phases
– The dependability requirements of the phases are different
– Based on Service Level Agreements– The execution of the phases depends on the result of
previous steps
– Restricted operation if a service invocations fails Dependability of the main service Bottleneck analysis Sensitivity analysis
– Component’s failure rate System dependability
43
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Modeling vs monitoring based SOA lifecycle
Process modeling and analysis RT data acquisition and monitoring
112
2
3
45
678
9
10
11
Enterprise Service Bus
Service (J2EE)
Service (Web)
Service (e-mail)
IMS transaction
Service (human)
Hitelkérelem létrehozása
Előzetesen jóváhagyva?(üzleti szabály)
START
IGEN
Hitelképesség-ellenőrzés
NEM
Fedezet foglalása
Hitelbírálati jóváhagyás
Hitelkockázat értékeléseJóváhagyva?
Elutasító email küldése
IGEN
NEM
Kockázatos?(Üzleti szabály)
IGEN
NEMElfogadás email küldése
VÉGE
Service (human)
Service (Web)
© 2006 IBM Corporation
Building Information Society with Innovation
Model-based optimization ofService Deployment
Availability aware deployment of services:integrated deployment design and optimizationunder cost and performance constraints
Performability control
Availability …
prediction
SLA requirements specification
Quantitative dependabilityassessment
45
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Objective
Enterprise Information Systems– Towards Service Oriented Architecture
System development– Model-Driven Architecture
Quality aspects of services– Growing importance
Simultaneous assurance of – Required availability level
– Performance
– Cost minimization
46
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Model-Driven Architecture + QoS analysis
ModelXform.
CodeGeneration
Source code
PlatformIndependent
Model
PlatformSpecificModel
QoSmodel &
properties
platformdescription
QoSanalysis
Analysisresults
47
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Model-Driven Architecture + QoS-based synthesis
ModelXform.
CodeGeneration
Source code
PlatformIndependent
Model
PlatformSpecificModel
QoSmodel &
properties
platformdescription
QoSsynthesis
Synthesisresults
48
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Architecture Synthesis – Design space
Total Cost of Ownership(TCO)
Availability Capacity
49
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
J2EE Architecture
J2EE Server
CORBAServer
IIOP
LDAP
RDBMSSQL
MessageQueue
JMS
EJB ContainerRMI
Client
EJB Container
IIOPClient
JSP ServletServlet Container
HTTPClient Other
Resource
???
HTTP Engine
JDBC
• Entity beans• Persistence management
• Backend services• messaging• authentication• databases
•Session beans•Business logic•Service access points
• Servlets and Java Server Pages• Web-based user interface
50
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
QoS model for services
Stand-alone components– QoS attributes
– Capacity requirement (throughput)
– Availability requirement Links
– Represents single usage relationship
– Directed
– QoS attributes are propagated
ServiceAA = 99.99%, C=100/min
ServiceBA = 99.99%
«StatelessSessionBean»Serv iceA
+ operation() : void
tagsQOS_Availabil ity: 99.99%QOS_Capacity: 100
«StatelessSessionBean»Serv iceB
+ op() : void
tagsQOS_Availabil ity: 99.99%
«uses»
51
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
General Resource Model
Applicationcomponent<<Client>>
Server computer<<Resource>>
Deploys to
QoSValueRequiredQoS
OfferedQoS
52
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Mapping components to the QoS Model
Fault model– Hardware components
– Independent faults
– Operating system
– Application server software
– The application components are treated fault-free
– Majority of the code – automatically generated– Formally verified
QoS Service Component– EJB Module
– atomic deployment unit Component availability
– Max(required availability for the services) < minimal availability of the runtime platform running the beans in the module
Capacity requirements– Sum of capacity reqs. of the contained
beans
53
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Architecture Optimization – Objective Function
HWm
System musednumbermTCOTCO )(_)(
System
Node1 Node2 Node3 Node4 Node5
Total Cost of Ownership of the system
Total Cost of Ownership of the specific node type
Actual number of nodes from the specified type
54
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Architecture Optimization – Component Workload Balance
)(
)()(_)(idependsj
jWorkloadineedCapacityiWorkload
)(
)()(_)(idependsj
jWorkloadineedCapacityiWorkload
Service1W = 100
Service2W = 50
Service3C = 150
Actual workload of the specified component
Defined direct load of the component
Indirect workload from depending services
55
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Architecture Optimization – Component Throughput Limits
)(
)()(_)(idependsj
jWorkloadineedCapacityiWorkload
)(
)()(:mdeployeds
sWorkloadSFmCapacityHWm
Service1W = 100
Service2W = 50
Service3W = 150
Node1C = 200
Node2C= 200
A specific hardware node of the system
Capacity of node m(from benchmark)
Saturation factorThe maximum load (0..1) on the machine
Aggregate workload of all components running on the node.
56
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Architecture Optimization – Availability Effect of Interactions
)(
)()(_)(idependsj
jWorkloadineedCapacityiWorkload
serviceneededrunning)j(HW,j
)j(HW)i(HW
srvc.reqrunning
HWall
act
AA)availHW(P)availableHW(P
)availableservicesneededAllavailableHW(P)i(A
Service1 Service2Service3
A = ?
Node1A = 99
Node2A = 99
Actual availability of the componentAvailability of the deployment target HW
Availability of the deployment target HW of invoked services
57
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Architecture Optimization – Availability Requirements
Constraints cont’d
)(
)()(_)(idependsj
jWorkloadineedCapacityiWorkload
)i(A)i(A:servicesi requiredact
Actual availability of the component
Required availability of the component
© 2006 IBM Corporation
Building Information Society with Innovation
Dependability consolidation
Numerous applications implemented with no dependability considerations, but delivering business critical services ?
59
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
IT Service Management Processes are Interdependent
Service LevelManagement Framework
Service Catalogue
Service LevelAgreements
Evaluate andReport
Service LevelAchievements
Assess Service Level
Results
FormulateService LevelImprovement
Plan
EvaluateService LevelManagementPerformance
DetermineAvailability
Requirements
FormulateAvailability
Criteria
DefineAvailability
Targets
EstablishMeasures
and Reporting
Monitor, Analyze, and
Report
InvestigateUnavailability
ProduceAvailability
Plan
Availability Management
Service Level Management
Detect and Record Incident
Classification and Initial Support
Investigate and
Diagnose
Resolution and
Recovery
Own, Monitor, Track, and
Communicate
Close Incidents
Incident Reports
Incident Management
IT FinancialManagement Framework
Plan and Control
IT Budgets
PerformIT FinancialAccounting
AdministerIT Charging
EvaluateManagementPerformance
IT Financial Management
60
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Today’s Service Visibility Challenges
Exploding complexity Accelerated change Silo-based management views Visibility is the key to success
– Know and control what you have
– Change it effectively
Automated architecture discovery – IBM Tivoli Application Dependency Discovery Manager (TADDM)
Components and interdependencies ALL THE FORMAL METHODS PRESENTED BEFORE CAN BE
(RE)USED!
61
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
How TADDM Works
API
Discovery Engine & Sensors
Data Center Reference Model
Application Mapping Database
Run-Time Environment
External Applications
TADDMClient
TADDM Server
62
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Automated Application Maps Provides the Visibility
Application Service Management
INVENTORY ORDER ENTRY LOGISTICS PRICINGAUTOMATED APPLICATION INFRASTRUCTURE MAPS
INVENTORY ORDER ENTRY LOGISTICS PRICING
InfrastructureComponent Monitors
© 2006 IBM Corporation
Building Information Society with Innovation
Service Availability Forum
Platform consolidationFine granular redundancy, fast error detection and recovery are key factors in HA
Performability control
Availability prediction
64
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
SA Forum and objectives
A consortium of industry-leading companies:– Network Equipment Providers
– Computer System Vendors
– Silicon, Board and System Platform Providers
– System Integrators
– Application, Middleware and Operating System Vendors
Mission: – enable the use of commercial off-the-shelf building blocks
in the creation of high availability network infrastructure services
Approach: – Develop and publish HA and management software interface specifications
– Promote and facilitate their adoption by the industry
65
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Systems Management
Interface
Hardware Platform Interface
(HPI)
Application Interface
Specification (AIS)
Application Management Framework
(AMF)
Carrier Grade OSCarrier Grade OS
Hardware Platform Hardware Platform
Communications FabricCommunications Fabric
Application Management FrameworkApplication Management Framework
SMI
SMI
Oth
er
Mid
dle
wa
re
Highly Available Applications
HPI
HA Middleware
Application Interface Specification
SA Forum Standard Interface Specifications
66
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Application Management FrameworkApplication Management Framework
Application Interface SpecificationApplication Interface Specification
Components Service Units
Node 1 Node 2 Node 3
Cluster
Service Group : 2 + 1 redundancy
Service Group : 1+1
Redundancy
SG 1+1
Application Management Framework (AMF)
67
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Application Interface Specification (AIS)
Carrier Grade OSCarrier Grade OS
Hardware Platform Hardware Platform
Application Interface SpecificationApplication Interface Specification
Cluster MembershipBookkeeping of nodes joining and leaving the cluster
Cluster MembershipBookkeeping of nodes joining and leaving the cluster
CheckpointService
CheckpointService
EventServiceEvent
ServiceMessaging
ServiceMessaging
ServiceLockingServiceLockingService
Notification ServiceNotification ServiceLoggingService
LoggingService
Carrier Grade OSCarrier Grade OS
Hardware Platform Hardware Platform
Application Interface SpecificationApplication Interface Specification
Cluster MembershipBookkeeping of nodes joining and leaving the cluster
Cluster MembershipBookkeeping of nodes joining and leaving the cluster
CheckpointService
CheckpointService
EventServiceEvent
ServiceMessaging
ServiceMessaging
ServiceLockingServiceLockingService
Notification ServiceNotification ServiceLoggingService
LoggingService
Application Interface SpecificationApplication Interface Specification
Cluster MembershipBookkeeping of nodes joining and leaving the cluster
Cluster MembershipBookkeeping of nodes joining and leaving the cluster
CheckpointService
CheckpointService
EventServiceEvent
ServiceMessaging
ServiceMessaging
ServiceLockingServiceLockingService
Notification ServiceNotification ServiceLoggingService
LoggingService
Cluster MembershipBookkeeping of nodes joining and leaving the cluster
Cluster MembershipBookkeeping of nodes joining and leaving the cluster
CheckpointService
CheckpointService
EventServiceEvent
ServiceMessaging
ServiceMessaging
ServiceLockingServiceLockingService
Notification ServiceNotification ServiceLoggingService
LoggingService
68
Building Information Society with Innovation
University Relations -- Academic Days | May 9-10, 2006 | Barcelona, Spain © 2006 IBM Corporation
Proof of correctness
Performance prediction
Qualitative dependabilityassessment(fault impact
analysis)
Damage confinement and
recovery Error detectionPerformability
control
Availability … prediction
SLA requirements specification
Quantitative dependabilityassessment
Conclusion
Non-functional requirements are critical to business success
The entire lifecycle has to be covered
40 years of fault-tolerant computing research can be reused
Ongoing research and development
– University
– Spinoff (optXware)
Internationally– ReSIST NoE