Service Delivery Broker - Digital Services Management
Transcript of Service Delivery Broker - Digital Services Management
Service Delivery BrokerDigital Services Management
Direção de Internet e TecnologiaJune 2015
António Cruz+351 962 041 [email protected]
This document is confidential. Unauthorized use or disclosure of the included information is strictly prohibited.
BACKGROUND AND CONTEXT
ARCHITECTURE
API LIFECYCLE MANAGEMENT
APPS & APIS SECURITY
MARKETPLACES & BACKOFFICE
CONCLUSIONS
AGENDA
EXECUTIVESUMMARY
Service Delivery Broker (SDB), a Cloud product developed at PT/SAPO, drastically reduces development e�ort and time-to-market of innovative multi-channel apps and services.
SDB is a proven, reliable, multi-tenant and cloud-scalable SOA platform, architected to support end-to-end services lifecycle management, and standards-based integration in mission-critical environments.
BACKGROUND AND CONTEXT
Packaged application vendors and SaaS providers are taking service orientation for granted, and, more and more, are publishing the functionality they sell as Web APIs. Mobile applications increasingly use private and public APIs to access enterprise systems of record, necessitating adequate governance and oversight.
“
The Case for APIs
Whether it is technology or service providers o�ering their functionality, or private companies giving access to some of their data according to di�erent charging models, the number of APIs available publicly grows by the day. Their usage is multiplied by a growing population of mobile devices and computing platforms (Web, tablets, smartphones, TVs, video game consoles, cars and more, such as "things" in the Internet of Things [IoT]) ”
Source: Gartner Magic Quadrant for Application Services Governance, April 2015
The Case for APIs
API Business Ecosystem
Historically, the front, middle and back o�ces of an enterprise were integrated point to point by tight coupling, suitable only for a small number of integrations.
1Front o�ce
Business ecosystem
Mid
dle
o�ceBack o�
ceEDI
API Business Ecosystem
With SOA, enterprises adopted an architecture using a service bus for integration, creating loose coupling and the potential for reuse and flexibility. The complexity of integration meant use remained largely internal to the enterprise.
2Enterpriseservice bus
(SOA)
Business ecosystem
EDIEDI
API Business Ecosystem
The new architectural principle and programming model based on RESTful APIs reduces integration cost and complexity, so integrations can scale for many internal as well as external.
Source: PwC Technology Forecast 2012, Issue 2 – The Business Value of APIs
3
Business ecosystem
API
Project Background
In order to sustain its Web Ads business, PT/SAPO’s network of over
required managing and integrating a lot ofheterogenous APIs, capabilities and content.
business partnersand providers200
Project Background
The main business drivers were:
Faster time-to-marketto build and launch innovative services.
Multichannel apps development agility(Mobile, Web,and TV)
Project Background
The main business drivers were:
A standardized catalog, made of agnostic and reusable APIs.
Developers should not have to worry about transversal aspects such as authentication, authorization, access policies, transformations, caching, etc., on every project, over and over again.
SDB Today
SDB is a multi-tenant, carrier-grade, high-performance and high-available cloud solution, developed by PT/SAPO.
Today it delivers:
40million
requests/day
7000
APIs endpoints
13TB
data tra�c/month
23%GROWTH
YoY
SDB Today
Enabling API lifecycle management, authentication, authorization, E2E tracing, intermediate routing, data format and data model transformations, policy enforcement, validation, caching, etc.
Based on Service Orientation principles, ITSM best practices and implementing industry standards: W3C/OASIS/IETF, ITIL, OAuth 2.0, OpenID Connect, etc.
SDB is a multi-tenant, carrier-grade, high-performance and high-available cloud solution, developed by PT/SAPO.
SDB Enabled Faster Apps Development
PT’s Portfolio of Mobile, Web and TV Apps
APIManagement
SDN / NFV
M2M / Internet of Things
Big Data
Enterprise APIs Catalog
API Management Scenarios
Use Cases and Awards
In extensive use since 2006, SDB became a key enabler for building a service-oriented architecture at PT Group.It currently manages thousands of APIs endpoints, enabling application capabilities across online, IPTV and telco services.
SDB was recognised by TMForum as “a proven, reliable and cloud-scalable platform that enables end-to-end service lifecycle management and standards-based integration for mission critical, service-oriented environments”.
Pipeline Innovation Awards recognized SDB as “a top innovator for advancements in the following communications technology categories: Cloud and Product Innovation”.
Deployed at Oi since May 2014, SDB manages and provides secure access to Oi APIs and applications to partners and integrators, providing insight on product usage and reducing customer complaints by easing diagnostics with its extensive tracing facilities.
The PT Service Delivery Broker solution is particularly noteworthy as it fulfils many of the requirements for a Cloud Service Broker while adding robust tools and industry standards based governance to e�ectuate compliance with SOA Best Practices and e�cient Product and Service Lifecycle Management.
Eric G TroupCTO, WW Communications and Media IndustryMicrosoft Corporation
Portugal Telecom/SAPO’s Service Delivery Broker will solve and speed up current monetization challenges Telcos’s industry faces nowadays, optimizing their opportunities, reducing their time-to-market and development e�ort in a more quick and inexpensive way.
Sérgio MartinsHome Entertainment Product ManagerLG Portugal
Web services by INE's statistical information, available through the Service Delivery Broker, enables the di�usion of statistical indicators in a simple, e�cient and responsive way that adapts to the needs of Internet users in Portugal.
Maria Manuela MartinsChief of the Communications and Image ServicesInstituto Nacional de Estatística
References
References
ARCHITECTURE
Service Orientation is not Optional
SOA drastically reduces complexity associated to multi-platform, multi-vendors, multi-programming environments.
GOING FROM...Similar apps requiring multiple connections to each resource.
Knowledge of the source code for each resource is necessary
Forcing usage of specific programming languages
Consumer applications are coupled with underlying technology ContentIT ResourcesNetwork Resources
SOA drastically reduces complexity associated to multi-platform, multi-vendors, multi-programming environments.
...TOSimilar app interfaces will be developed in specific languagesbut standard resource interfaces are already available.
Knowledge of underlying resources technology is not necessary
Developers code in their most proficient language against standardized interfaces
Most common infrastructure aspects are abstracted and standardized ContentIT ResourcesNetwork Resources
Enterprise APIs Catalog
Domain APIs
Service Delivery Broker
Service Orientation is not Optional
Agile Development and Delivery
Most common features are enabled through a configuration.
APIsMarketplaces
TV
Web
MobileDomain-SpecificAPIs
Enterprise APIsCatalog
Messaging
Content
TV
BSS/OSS
IaaS
PaaS
Service Delivery Broker
Concept
Design
Develop
Deploy
Operate
Retire
Users and apps authentication
Resources access authorization
Access policies (e.g. throttling)
Data & format transformations
Content-based routing
Web caching
Load-balancing
API compositions
Stateless workflows
Payment/billing/provisioningintegration
Agile Development and Delivery
Most common features are enabled through a configuration.
Solution Logical Architecture
SDB Marketplace
SDB Runtime
SDB Support Services
Service Enablers
Network Data/IT External
SDB Connect SDB Backo�ce
APIs
Identity Gateway Product Lifecycle Management
Token Manager
Application Manager
Apps
Catalog
Aut
hent
icat
e
Tran
sfor
m
Cac
he
Val
idat
e
Rout
e
Thro
ttle
...
Transaction Trade Configuration Metadata Notification Usage Metric Incident Import/Export ...
API Lifecycle Management
Run as aCloud Service
AND / OR
Run onPremises
Define a Concept Create a Product O�er In Business
Concept Design Develop Deploy Operate Change
TVWebMobile 3 Parties Others
SDB Components
Other Marketplace IdentityGateway Backo�ce
Runtime
Support Services
Distributed Cache Core Databases Tracing Databases
TracingAuthorization Access Control
CatalogProduct
Management ...
MonitoringServices
MonitoringDatabases
AuthenticationServices Core
End-user
Storage
TENANT
C
TENANT
BTENANT
A
FE
3FE
4FE
5FE
2FE
1
Multi-Tenancy & Dynamic Load Balancing
# of frontends allocated to each tenant can change in realtime
N entities sharing a database instance
Many entities over a single installation
SharedDatabases
API LIFECYCLE MANAGEMENT
GROWTHYoY
API Lifecycle Management
Process-driven activities that must be done in collaboration.
Based on best practices and industry standards:
CONCEPTService Manager
DESIGNService Designer
DEVELOPService Developer
DEPLOYService Transition
Manager
OPERATEService Operator
RETIREChange Manager
Role-Based Access Control
Granular profilesand access authorizationsto all configuration items.
ProductManager
API/AppDeveloper
TransitionManagerPartner
ServiceOperator
Real-Time End-To-End Tracing
Visibility on what apps Users accessed, what APIs those apps accessed,and what resources those APIs accessed.
APP“VOD App on iOS”
USER“[email protected]”
RESOURCE“Server A on Farm X”
API“SubscriberManagement API”
End-To-End Tracing
LOGICAL
Name of requested API
App that sent the request
Raw response
Detailed message flow
PHYSICAL
User login
Server that answered to the request
End-To-End Tracing
Event Management
Real-time notifications on interesting events, thresholds violations, and abnormal conditions.
Client App SDB Runtime
ServiceHitBegin
OutboundRequestBegin
OutboundRequestEnd
ServiceHitEnd
Service Enabler
Complex EventProcessor Engine
NotificationsSubscribers
OutputDB
Event Streams
Aggregate, Filter, and Correlate
Store
Notify
Complex Event Processing (CEP)
SDB Runtime
ServiceHitBegin
Output
CEP Statement
Running inside
the CEP engine
Event Stream
select current_time() as Time, count(*) as Valuefrom ServiceHitBegin(Service="XPTO").win:time_batch(1 second)
Deploying of new metrics through a configuration
Results can be sent to a database, URL, email, Role, etc.
• Filters events of XPTO service from ServiceHitBeginstream
• Sums all filtered events
• Executes every 1 second
• Notifies other interested parties and/or services
Real-Time Reporting & Statistics
APPs & APIs SECURITY
OAuth Protocol
OAuth is a open standard for authorization.
It provides... a method for clients to access server resources on behalf of a resource owner (such as a di�erent client or an end-user).
a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections.
Old Enterprise
Identity management iscentralized and internal
Service provider controlsusers access to resources
UsersResources
The OAuth Shift
(Hybrid)
New Enterprise
Identity management isdecentralized and external
Users control apps accessto resources
Apps
UsersResources
Apps
OpenID Connect Protocol
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
It allows... clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users.
SERVICE DELIVERY BROKER BACKENDFRONTEND
Security Model for Apps and APIs
SDB TenantAdministrator
SDB Runtime
SDB
Sup
port
Serv
ices
SDBBacko�ce
Social Identity AdaptersFacebook, Google,Twitter, LinkedIn, etc...
Web-basedApp
App User
Corporate IdPs WS-Federation Adapter
TokenManager
IdentityGateway
AppsAuth
Config
SDB Connect
APIs
6
2
3
4
OAuth 2.0
OpenID Connect
Tokens
5
1
7
One Protocol, Multiple Identity Providers Option
OpenID Connect
MARKETPLACES & BACKOFFICE
API Marketplaces
store.services.sapo.pt market.mobizz-project.eu
Provider & Partner Backo�ce
Partners and Product O�erings management.
CONCLUSIONS
Product Di�erentiation
Several SDB di�erentiating aspects make it a best choice, when comparing to other proposals:
Lightweight and standards-based, SDB integrates existing processes, securing, extending and evolving systems and applications in an incremental, non-intrusive way that adjusts to any kind of business.
Closely following TM Forum and ITSM best practices, SDB ensures that governance and best practices are followed and validated by automating the service management lifecycle, from Service Design through Development, Transition, and Operation.
O�ering a natural, easy-to-follow experience for each service management role, SDB drastically minimizes the e�ort needed to use, create, configure, test, publish and monitor well-designed services in multi-channel, multi-platform environments.
Delivered as a multi-tenant cloud service, and supporting pay-as-you-go models for both service providers and consumers, SDB is able to o�er the best cost/value relationship.
Target Audience
...looking for a functionally complete application services governance technology and services set.
...looking to enforce governance through everyday decisions, and devising several policies that must be adhered to.
...trying to adopt a digital operating model, powered by Web APIs and supported by API management platforms.
In the process, they also want to open new business opportunities for their enterprises in permeable digital ecosystems.
...looking for application services governance functionality, developer portals, API metering and billing.
Project TeamsEnterprise Architects CIOs / CTOs Companies
Take-Aways
SDB Runtime & Backo�ce Drastically accelerate launch of multi-channel application and services.
Reduce capital and operational expenditure on integration e�ort.
Standard policies and guidelines for application and services development.
API management lifecycle based on TM Forum/ITSM best practices.
SDB Connect Agile integration between applications and internal/external identity providers.
Standards-based user login and application access to services on web, mobile and TV applications.
Integrated multi-channel application access management for user, developer and service provider roles.
SDB Marketplace & Backo�ce Fast time-to-market and monetization of API-based product o�ers.
Flexible configuration of both subscription and pay-per-use business models.
Self-service portals for managing o�ers, subscriptions, access and metering.
Service Delivery Broker Facets
ServiceDeliveryBroker
ITSMPractices
IAMas a
Service
APIMarketplace
SOAGovernance
Service Delivery BrokerDigital Services Management
Direção de Internet e TecnologiaJune 2015
António Cruz+351 962 041 [email protected]
This document is confidential. Unauthorized use or disclosure of the included information is strictly prohibited.