Skip to main content

Extended Enterprise::Exposed Broker application pattern::Runtime patterns

Overview

On this page, three categories of Runtime patterns are described:

Generic Exposed Broker runtime patterns

The Exposed Broker application pattern can be thought of as an extension to the Broker application pattern. It extends the solution to include external partners by exposing their processes to the broker.

Exposed Broker application pattern::Runtime pattern

Exposed Broker application pattern::Runtime pattern Application Server / Services Application Server / Services Application Server / Services Network Infrastructure Protocol Firewall Connector Domain Firewall Exposed Broker Directory and Security Services Rules Directory Application Server / Services Application Server / Services
Design Last Updated: 11-11-2005
(Click a node to get a detailed explanation.)

The Broker tier of the application pattern is implemented with an Exposed Broker node. The Exposed Broker node exposes external processes to the broker functions within the node. A variation of this would be to use the Exposed Broker to expose internal processes to external partners.

The Application Server and Services nodes may host the source & target applications themselves, or may act as a service proxy. For example, for a mashup service provider, the backend applications nodes may be implemented as service proxies for remote applications providing the actual services.

The Connector in the Enterprise Demilitarized Zone provides connectivity from the Enterprise Secure Zone to the Inter-enterprise Zone. It may be a low level component (e.g. TCP/IP infrastructure) or it may have more advanced capabilities such as caching of reusable content (e.g. a Web server).

The Directory and Security Services supplies authentication and authorization services. It also holds the user ID and password and related privileges. This node typically leverages LDAP-based directories. It also contains configuration information needed to support secure access between the enterprise and partner services.

The information format transformation/ translation service functionality of the Broker node may be implemented in a different logical node.

Representational State Transfer (REST) provides a mechanism for exchanging pre-defined XML messages between partners using a simple URL mapping approach.

In an integration architecture exchanging messages using Web Services, RAMP extends and puts additional constraints on WS-I profiles to provide additional functionality in message specifications.

SOA profile

In this second section we specialize the Exposed Broker pattern for the SOA environment using the SOA profile. The SOA profile terminology is indicated using the [SOA] qualifier.

The generic Exposed Broker, Rules Directory and Partner Infrastructure in the figure above are specialized in the SOA profile to:

  • an Exposed ESB Gateway (supporting the Exposed requirement)
  • an ESB (supporting the Broker and Rules Directory requirement plus the SOA infrastructure requirement for service location transparency and interoperability, encapsulated reusable business function and explicit implementation-independent interfaces)
  • Service Consumers and Providers representing the Partner infrastructure and Enterprise services.

[SOA]Exposed Broker application pattern::Runtime pattern (aka Exposed ESB Gateway composite pattern)

Exposed Direct Connection::Runtime pattern Application Server / Services Application Server / Services Application Server / Services Network Infrastructure Protocol Firewall Connector Domain Firewall Exposed ESB Gateway Directory and Security Services Enterprise Service Bus Application Server / Services Application Server / Services
Design Last Updated: 11-11-2005
(Click a node to get a detailed explanation.)

Next, review product mappings for this Runtime design.

Close [x]

SOA

The original set of PI patterns is intended to satisfy a wide generic set of integration requirements, not just SOA. The SOA profile specialises these more general patterns for the SOA environment.

Close [x]

App Server/Services

Applications rely on services provided by their hosting server to interact with other applications. These are modeled using the application server/service node. Some examples of services provided by this node include:

  • A TCP/IP pipe established using the hosting operating system
  • A servlet or Enterprise JavaBean (EJB) invoked by WebSphere Application Server
  • The Java Message Service (JMS) or Java 2 Platform, Enterprise Edition (J2EE) Connector application programming interfaces (APIs) provided by WebSphere

Close [x]

Network Infrastructure

Network Infrastructure includes the network infrastructure, which allows connectivity between enterprises. This infrastructure has unspecified internal characteristics. Only the means with which to interact with it are specified.

Close [x]

Directory and Security Services

This node supplies authentication and authorization services. It also holds the user ID and password and related privileges. This node typically leverages Lightweight Directory Access Protocol (LDAP)-based directories and contains configuration information needed to support secure and controlled access to services.

Close [x]

Protocol Firewall Node

A firewall is a hardware/software system that manages the flow of information between the Internet and an organization's private network. Firewalls can prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets, and can block some virus attacks -- as long as those viruses are coming from the Internet. A firewall can separate two or more parts of a local network to control data exchange between departments. Components of firewalls include filters or screens, each of which controls transmission of certain classes of traffic. Firewalls provide the first line of defense for protecting private information, but comprehensive security systems combine firewalls with encryption and other complementary services, such as content filtering and intrusion detection.

Firewalls control access from a less trusted network to a more trusted network. Traditional implementations of firewall services include:

  • Screening routers, (the Protocol Firewall)
  • Application gateways (The Domain Firewall)

A pair of Firewall Nodes provides increasing levels of protection at the expense of increasing computing resource requirements. The Protocol Firewall is typically implemented as an IP Router.

See Also

Additional Resources

  • (in English) ESS

Close [x]

Domain firewall node

A firewall is a hardware/software system that manages the flow of information between the Internet and an organization's private network. Firewalls can prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets, and can block some virus attacks -- as long as those viruses are coming from the Internet. A firewall can separate two or more parts of a local network to control data exchange between departments. Components of firewalls include filters or screens, each of which controls transmission of certain classes of traffic. Firewalls provide the first line of defense for protecting private information, but comprehensive security systems combine firewalls with encryption and other complementary services, such as content filtering and intrusion detection.

Firewalls control access from a less trusted network to a more trusted network. Traditional implementations of firewall services include:

  • Screening routers (the Protocol Firewall)
  • application gateways (The Domain Firewall)

A pair of Firewall Nodes provides increasing levels of protection at the expense of increasing computing resource requirements. The Domain Firewall is typically implemented as a dedicated server Node.

See Also

Additional Resources

  • (in English) ESS

Close [x]

Connector

Connectors provide the connectivity between two components. A connector is always present to facilitate interaction between two components.

Depending on the required level of detail, a connector can be:

  • A primitive (or unmodelled) connector, represented by a simple line between components
  • A component (or modelled) connector, represented by a rectangle on a line between components

A connector may be an adapter connector, a path connector, or both.

Close [x]

Exposed Broker

The Exposed Broker node is an extension of the Broker node. It exposes external processes to the broker functions within the node. A variation of this would be to use the Exposed Broker to expose internal processes to external partners.

Close [x]

Rules Directory

The rules directory contains the rules generally used to control the mode of operation of an interaction, depending on external factors. Examples of such rules are:

  • Business data mapping rules (for adapter connectors)
  • Process execution rules and intermediate results
  • Autonomic rules (such as priority in a shared environment)
  • Security rules
  • Capacity and availability rules

The rules directory may or may not exist. If it exists, it can still be left off the Runtime pattern when analysis determines that interaction rules are not an important part of the solution, for example.

Close [x]

ESB

The ESB is a key enabler for a SOA as it provides the capability to route and transport service requests from the service requester to the correct service provider. The true value of the ESB concept, however, is to enable the infrastructure for SOA in a way that reflects the needs of today’s enterprise: to provide suitable service levels and manageability, and to operate and integrate in a heterogeneous environment.

Furthermore the ESB needs to be centrally managed and administered and have the ability to be physically distributed.

Close [x]

Exposed ESB Gateway

An Exposed ESB Gateway node makes the services of one organization available to others, and vice versa, in a controlled and secure manner. Although this might require capabilities such as partner provisioning and management, which are distinct from ESB capabilities, the intent of this component is different from the intent of the ESB, which is to provide a service infrastructure within an organization. For both these reasons, the Exposed ESB Gateway is likely to be integrated to, but not be a part of, the Enterprise Service Bus.
The connection between the app service/services node in the partner zone and the network infrastructure in the inter-enterprise zone could be an HTTP server, an ESB, an Exposed ESB Gateway, or a firewall. Therefore, depending on security requirements, the Exposed ESB Gateway node can be inside or outside of the Enterprise Demilitarized Zone.