The Good, the Bad, and the Ugly of Service-Oriented Architecture
page 5 of 7
by Tom Fuller
Average Rating: 
Views (Total / Last 10 Days): 38875/ 74

The Bad

As I mentioned previously, crossing service boundaries is, without a doubt, expensive. Moving toward service orientation has to be done knowing that there are costs, some obvious and some hidden. The first cost I will discuss is the first one on the tips of most developers’ tongues; of course, I’m talking about performance. Performance should not be used as a driving factor for deciding whether or not to move toward service orientation. We should always keep Moore’s Law in mind any time we look at performance as a requirement. I will loosely describe Moore’s Law by paraphrasing it. Essentially computing power and data density has been proven to almost double every 18 months and that trend is expected to continue for years to come. It is my belief that this same growth potential can be applied to network bandwidth. This means that our performance concerns today are not likely to be as significant a concern tomorrow. Always remember that one of the key reasons enterprises want to start implementing reusable services is application longevity.

With all that said, there are some strategies that should be used to carefully monitor potential performance problems. Wire-level tracing and message size is a key metric for understanding service-oriented performance issues. Asynchronous invocation is another important strategy when using service orientation, as it will allow applications to avoid locking situations under heavy load. Finally, always beware of over-extending legacy components. Although there are obvious benefits to renewing that investment, not all components are ready for the stresses introduced by high-volume, online synchronous traffic. I can’t stress enough how important extensive quality control practices are in a service-oriented enterprise.

When developing services in a service-oriented architecture, we are always forced to code to the lowest common denominator when it comes to things like security, type systems, and tools. Security introduces a number of challenges. Interoperable security is very complicated. Both method-level security and role-based security become very challenging to implement when considering interoperability concerns. Service orientation also immediately violates a key security tenet that says you should always look to minimize your attack surface. Extending services over universal channels exposes them to the same attacks as any other code that can be invoked over HTTP. This type of code has traditionally been attacked regularly because of its accessibility.

Interoperability is still very challenging especially if your goal is complete toolkit interoperability. What that means is that any Java Web Services toolkit can consume a contract from an ASP.NET web service, and vice-versa. This introduces numerous challenges. Developers have to avoid intrinsic types and empty arrays. There are a number of date and time issues when going across platforms, and there are very careful decisions that have to be made when deciding how a contract and schema are exposed to heterogeneous clients.

The tools available today for service-oriented development are still somewhat unsophisticated and, at times, even create problems when using their embedded features. A good example of this is how Visual Studio .NET allows developers to create proprietary web services and will at times generate code proxies that have deficiencies. The tools for service-oriented development continue to evolve, and Visual Studio 2005 is a great improvement over previous versions. Developers are free to modify and build things by hand if they are so inclined, but productivity suffers immensely.

Other issues that are costly but can be overcome are durability, data type centralization, and standards. Durability becomes an issue when design strategies are not followed that ensure autonomy in a delivered service. This can create a situation where services and all dependent applications become increasingly brittle. Data type centralization is challenging as well. Type ambiguity begins when centralized types are not reused across varying services. For example if your company uses something called an “Order” that type should be defined and used consistently across services that act upon an “Order”.

Lastly I will mention the issue of standards. I know it seems hypocritical to consider standards a negative even though they have gotten us to where we are, but I’ll explain why. Currently the standards that are available are quite extensive. This makes them difficult to digest and frequently misunderstood. Also, there are a lot of standards currently available. Reading them all is probably unrealistic, and these standards are still in their infancy. Most of them are less than five years old and will continue to evolve. Because of these issues, the standards driving SOA can be quite overwhelming.

View Entire Article

User Comments

Title: Project   
Name: Dude MaN (for protection)
Date: 2007-10-11 10:07:28 AM
hey i am doing a report on the pro and cons on Architecture can u help me.
Title: RE: Great article, but Moore's Law?   
Name: Tom Fuller
Date: 2005-09-01 10:00:55 PM
Just realized I was cut off when I posted my response. Sorry for taking so long to notice......

I think we'll see in the future that if the services that are intended to stand the test of time are delivered as tightly coupled portions of a business application then those services will in the long run lose any level of autonomy (which would be another one of those tenets).

This has been at the heart of almost every discussion I've had with people about SOA lately and I plan to write another article in the upcoming weeks titled "SOA Design Strategies: Adhering to the 4 Tenets". This will go into detail on these very issues we are discussing.

Thanks again for taking a look at my article and I appreciate your criticism.
Title: RE: Great article, but Moore's Law?   
Name: Tom Fuller
Date: 2005-08-30 10:05:45 PM
Thank you for the feedback. I have to admit the loose application of Moore's Law in the article has come under some crticism. What I will say is that I did not intend to say poor design was justified through my use of Moore's law in the article. I really wanted to use it more as a high level comparison to show that there is little to no doubt that the capabilities of our hardware and infrastructure will only continue to increase. It is that increase that could neutralize any of these minor performance concerns with SOAP based transports and message serialization. This does not mean that you can completely dismiss performance concerns today but SOA will continue to focus on delivering loosley coupled systems that can last longer than the applications we delivered in the past. That in my mind means we should consider the potential capabilities of the network and the hardware that these systems will depend on.

The rest of your comments seem to focus on the design issues surrounding service orientation and they are certainly valid. It is too often the case that common layered architectures fall into the trap of future proofing everything that is built because of the constant pains associated with versioning. This comes back to an issue of agility in your software delivery process. I know this is easier said than done but, the fact remains, if there was no concern that services could be delivered outside of the natural release schedule of an application then you could avoid this "Field of Dreams" approach you talk about.

You have also made a very powerful statement below and that was, "some sort of agreement on what the service is all about should be reached". This covers two of the critically important tenets of SO. You are talking about boundaries being explicit here and that services exchange contracts and schema not objects and types. I think we'll see in the future that if the services that are intended to stand the test of time are delivered as ti
Title: Great article, but Moore's Law?   
Name: TravelMonkey
Date: 2005-08-29 12:25:20 AM

A great article overall!

However, I was a bit dismayed by the fact that you seem to use Moore's Law (or a variant thereof) as a scapegoat to allow for poor performance today. I may be stretching what you said a bit, but you seem to imply that somewhat adequate performance from SOA is OK today, because Moore's Law will take effect and in 18 months things will be better.

Has Moore's Law been extended to include networks now? I have not done the math, but I would say it's a reach to say that it has held true for our bandwidth.

At any rate, I would advocate creating the best performing design and code you can today, and leave Moore's Law as a nice theory, not an excuse if you can't make good performing code. SOA doesn't NEED to be poorly performing, though I think poorly written web services have doomed it with that stigma at times, to some purists. I think an "outside the firewall" scenario does allow for some "slop" in the code, as one expects slower performance out in the cloud due to network latencies beyond our control. However, for an intranet app, the SOA needs to scream. Internal users are far less forgiving of slow performance.

I also don't think SOA implies poor performance--I think poor design implies poor performance. Spend some of the expense of SOA on ensuring your design meets good performance standards from the beginning; you'll save money in the long run by making apps that perform today.

I think another potential money pit that needs to be examined is to ensure that you don't get bitten by the "Field of Dreams" scenario. You know--"If you build it, they will come." I don't feel that SOA is about that. Make sure service consumers are in place (a real need is identified) and that some form of contract is in place. I'm not necessarily advodating contract-first, but some sort of agreement on what the service is all about should be reached.

Your article is a great overall view of SOA, I think. Well done.

Title: Nice article   
Name: user
Date: 2005-08-25 2:50:40 PM
Really nice condeptual article. Can you give real time example where some company is already using SOA.


Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-07-23 4:26:18 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search