Using policy analytics in WebSphere Service Registry and Repository

Policies are an important part of an SOA governance framework and SOA decision-making. The policy analytics feature in WebSphere Service Registry and Repository V7 helps you monitor the collection and presentation of policy performance, to enable an SOA governance analyst to evaluate policy effectiveness.

Neha Jain (nehjain5@in.ibm.com), Software Engineer, IBM

Photo of Neha JainNeha Jain is a Test Specialist on the WebSphere Service Registry and Repository team at the IBM Software Lab in Bangalore, India. She has been with IBM for two years and she holds a Bachelors degree in Computer Science and Engineering. You can contact Neha at nehjain5@in.ibm.com.



Andrew Leonard (andrew_m_leonard@uk.ibm.com), Software Engineer, IBM

Photo of Andrew LeonardAndrew Leonard is a Lead Developer on the WebSphere Service Registry and Repository development team at the IBM Software Lab in Hursley, United Kingdom. He has been with IBM for 21 years and has worked in development roles on the CICS, WebSphere Application Server J2EE messaging, and WebSphere Application Server SI Bus messaging development teams. You can contact Andrew at andrew_m_leonard@uk.ibm.com.



04 May 2011

Also available in Chinese

Introduction

What are policies?

In SOA, policies are automated business rules that must be adhered to for the successful execution of the action on which they are applied. They are an important part of an SOA governance framework. Policies help ensure consistent decision-making for repetitive tasks. Examples of policy types include security, message transmission, and governance. WS-Policy is a specification that enables Web services to use XML to advertise their policies (for example in quality-of-service policies) and for Web service consumers to specify their policy requirements. According to the XML Access Control Markup Language (XACML) protocol, certain policy points are defined:

Policy Administration Point (PAP)
Creates security policies and stores these policies in the appropriate repository.
Policy Enforcement Point (PEP)
Performs access control by making decision requests and enforcing authorization decisions.
Policy Information Point (PIP)
Serves as the source of attribute values, or the data required for policy evaluation.
Policy Decision Point (PDP)
Evaluates the applicable policy and renders an authorization decision.

IBM® WebSphere® Service Registry and Repository performs the following policy-related tasks:

  • Supports the WS-Policy specification by enabling the authoring of policies, and acts as a PAP for WS-Policies.
  • Stores policies imported from WebSphere Application Server and WebSphere Message Broker.
  • Applies these policies to WSDL documents in accordance with the WS-PolicyAttachment specification.
  • Defines and applies metadata Governance Validator policies, which are applied to various service artifacts to manage the decisions involved in the life cycle management of services and their metadata.
  • Collects and presents design-time policy analytics data using WebSphere Business Space widgets (V7.0 or later).

The Governance Policy Validator (GPV) is used to control operations that can be performed on specific entities in WebSphere Service Registry and Repository, based on the metadata (properties, relationships, and classifications) attached to those entities. Policy rules are specified in an XML file. Thus in effect, GPV policies are those for which the GPV acts as a policy enforcement point. GPV policies also include the three types of policies in the Governance Enablement Profile:

Life cycle transition policies
Control which user roles can perform transitions on a object in a life cycle.
Life cycle detail policies
Enforce constraints on objects for certain life cycle transitions.
Life cycle update policies
Determine which roles can update or delete objects that are in a specific state in a life cycle.

WebSphere Service Registry and Repository V7 or later provides support for design-time policy analytics data, which lets you measure the pass and failure rate of a given policy, or of all policies stored in WebSphere Service Registry and Repository. This feature also helps to check the WS-I compliance of WSDL documents stored in the registry. Calculated analytics data (generated as a result of CRUD and governance events) is logged into the analytics database and displayed via widgets in the Business Space UI. Policy analytics is an important feature of WebSphere Service Registry and Repository and determines the performance of the governance policies and how many times a given policy passed or failed over selected time periods. Your enterprise can use this analytics data to monitor the effectiveness of the applied policies and check which policy is failing the maximum number of times and becoming a bottleneck, and then take appropriate action.

Policy analytics features in WebSphere Service Registry and Repository V7

  • List the overall performance of all the policies in the Registry over a given time period.
  • List top X most passing/failing policies over a given time period.
  • List the details (pass/fail rate) for a given policy over a given time period:
    • The subject to which this policy applies
    • Related error message (in case of policy failure)
  • Show the WS-I compliance status and reports for WSDL documents in the Registry.

Using policy analytics in WebSphere Service Registry and Repository

Your can enable the WebSphere Service Registry and Repository policy analytics feature by loading a few configuration files and configuring Business Space to display the required widgets. These configuration files are related to filtering events that are emitted and logged in the policy analytics database and the cleanup of this database. Events are generated by user operations, including create, update, delete, retrieve, transition, make_governable, and remove_governance.

Policy analytics configuration files

GPVEventEmitter
Defines the type of events that the GPV emits, and controls the policy events emitted on the basis of userids, roles, policies, assertions, and user operations such as create, delete, retrieve, delete, transition, make_governable, and remove_governance.
EventServerConfiguration
The policy analytics configuration file that filters the events that are logged in the WebSphere Service Registry and Repository database.
AnalyticsCleanupConfiguration
Manages the amount of policy analytics data stored in WebSphere Service Registry and Repository database. The number of days that the data is retained is specified in the configuration file.
AnalyticsDatabaseScheduler
Determines when the policy analytics cleanup task is run.

These three configuration files are in the Configuration perspective under ActiveProfile => Policy Analytics. You can change these settings using the WebSphere Service Registry and Repository Web UI. Figure 1 shows the set of logged events to the analytics database as a subset of all events based upon these configuration files:

Figure 1.Logged events in policy analytics as a subset of all events
Logged events in policy analytics as a subset of all events

Loading the four policy analytics configuration files

Event emitter configuration file
GPVEventEmitter
Event server Logging configuration file
EventServerConfiguration
Analytics database cleanup configuration file
AnalyticsCleanupConfiguration
Analytics database scheduler
AnalyticsDatabaseScheduler

To access the Load policy analytics configuration page, perform the following actions:

  1. Switch to the Configuration perspective if necessary: Select Configuration in the Perspective list.
  2. Click Active Profile => Policy Analytics.
  3. Click Load Policy Analytics Configuration
Figure 2. Location of policy analytics configuration files
Location of policy analytics configuration file

When you have specified the required file, click OK to load the policy analytics configuration. For more information on modifying and uploading these configuration files, see Policy analytics in the WebSphere Service Registry and Repository information center.

Configuring and setting up a policy analytics space in Business Space

Business Space is used to graphically display the analytics data using widgets. Business Space consists of multiple spaces, each of which may have multiple tabs. A Business Space "space template" is provided to create a policy analytics space to view the policy analytics data.

To configure Business Space for WebSphere Service Registry and Repository, see Configuring Business Space in the WebSphere Service Registry and Repository information center. Then log in to Business Space and create a new space using the Service Registry policy analytics template.

Widgets for policy analytics in Business Space

There are two main tabs in the policy analytics space: Governance Policies and WS-I Compliance:

  • Governance policies
    • Monitor and analyse analytics for SOA policy life cycle governance.
    • Show overall effectiveness over different time scales.
    • Highlight problem policies.
    • Analyse specific policies and drill down to detailed governance information.
  • WS-I compliance
    • Track and measure WS-I compliance for your organization.
    • Show overall WS-I compliance statistics.
    • Highlight non-compliant documents.
    • Analyse specific WSDL documents and drill down to WS-I compliance report for detailed information.

Governance Policies tab

Here are the widgets in the Governance Policies tab:

Service Registry Governance Policies Overview widget

Figure 3.Service Registry Governance Policies Overview widget: Date range
Service Registry Governance Policies Overview widget: Date range

The tab on the top of the page helps you select the date range for which the performance of the policies is displayed.

Overall policy pass and failure rate

This chart displays the performance of all the policies for which the event data is logged in the policy analytics database. The total number as well as the percentage of passing and failing policies is displayed:

Figure 4. Policies Overview widget: Overall policy pass and failure rate
Policies Overview widget: Overall policy pass and failure rate

Top passing and failing policies

This chart displays the top x passing or failing policies among the total policies in WebSphere Service Registry and Repository over a specified time period. If you hover the cursor over a specific policy, the absolute number of times the policy passed or failed is also displayed:

Figure 5.Policies Overview widget: Top passing or failing policies
Policies Overview widget: Top passing or failing policies

Governance Policies Overview Widget settings

Chart colors
By default, the passing policy overview is represented in green and the failing policy overview is displayed in red. You can change the colors according to your preference.
Chart type
The overview widget contains two charts: Overall policy effectiveness and Top passing/failing policies. For both, you can select a chart type of pie chart, bar graph, or tabular view.
Maximum number of policies for top passing/failing policies chart:
Default value for this field is 5, which you can change according to your preference.
Top passing/failing policies query type
Query type can be either the actual number of policies that passed/failed out of the total policy enforcements, or else the passing/failing policies as a percentage of the actual policy enforcements.
Initial chart period
Helps to specify the time period for which the result chart is displayed.
Figure 6.Governance Policies Overview Widget settings
Governance Policies Overview Widget settings

Governance Policy Effectiveness Details widget

This widget is affected by changes in the Overview widget. The policy selected in the Overview widget is elaborated in the Details widget: the total number of times a given policy passed or failed against the number of times the policy was applied. The absolute count is displayed.

Figure 7.Policy Effectiveness Details widget: Individual instance pass/fail rate
Policy Effectiveness Details widget: Individual instance pass/fail rate

The failure instances -- the date and time along with the subject on which the policy is applied -- are displayed for the selected policy passes or failures. The subject may be an SLA, a WSDL file, or any other artifact in WebSphere Service Registry and Repository.

Figure 8.Failure instances for a single policy
Figure 8.Failure instances for a single policy

The reason why the applied policy failed is also displayed, with the error message code and message:

Figure 9. Policy Effectiveness Details widget: Error messages
Policy Effectiveness Details widget: Error messages

Governance Policy Effectiveness Details widget settings

Chart colors
As in the Overview widget, the default colors are green for pass and red for fail, and you can change them according to your preference.
Chart type
You can select a chart type of pie chart, bar graph, or tabular view.
Default selected policy outcome details
Either the policy pass or policy fail instances can be reported.
Initial chart period
Helps to specify the time period for which the result chart is displayed.
Figure 10.Governance Policy Effectiveness Details widget settings
Governance Policy Effectiveness Details widget settings

WS-I compliance report tab

Web Services Interoperability (WS-I) is a standard from the World Wide Web Consortium to ensure that WSDL documents support interoperability between services from different vendors. The WS-I Compliance tab in the Policy Analytics space helps you track and measure WS-I compliance for your organization:

Figure 11.Overall WS-I Compliance widget
Overall WS-I Compliance widget

All WSDL files stored in WebSphere Service Registry and Repository are placed in one of these four categories:

  • Compliant
  • Non-compliant
  • Partially compliant
  • Not tested

The selected sector in the pie-chart is detailed in the right hand panel of the widget, which displays the names of the WSDL documents. For example, you can obtain the names of non-compliant WSDL documents. The lower right panel displays the error and warning messages from the selected WSDL document WS-I compliance report, with type, message, and reason for non-compliance via the error code.

WS-I Compliance Widget settings

Chart colors
Default colors for the four categories of WSDL documents can be changed according to your preference.
Chart type
WS-I compliance results can be displayed as a pie-chart, bar graph, or table.
Selected WS-I compliance document details
You can select the category of documents for which the details are displayed.
Figure 12. WS-I Compliance widget settings
WS-I Compliance widget settings

Policy analytics architecture

The GPV is the governance policy enforcement engine in WebSphere Service Registry and Repository, and here is how the policy analytics functions interact with the GPV component:

Figure 13. Policy analytics architecture
Policy analytics architecture

When a transition or any other event in WebSphere Service Registry and Repository causes a policy to be enforced, an event is emitted for the Analytics Event Server. This event is emitted if it is supposed to as specified in the GPVEventEmitter.xml configuration file. Out of all the emitted events, only the ones specified in EventServerConfiguration.xml are logged into the policy analytics database, which contains several tables that store information related to the events and error messages. These events conform to the Common Base Event (CBE) standard.

Business Space widgets query analytics data via the REST API supported by WebSphere Service Registry and Repository. The analytics query engine queries the WebSphere Service Registry and Repository policy analytics database to retrieve the information to be displayed in the Business Space widgets. The results are communicated from WebSphere Service Registry and Repository to Business Space via REST responses.

Conclusion

The policy analytics feature is a significant addition to the ability of WebSphere Service Registry and Repository V7 to manage the overall SOA governance framework in your organization. SOA governance requires a consistent decision-making framework for repetitive decisions, enforced via policy enforcement. Gauging the effectiveness of applied policies helps you measure how well your organization is complying with stated policies, take steps to avoid policy failures, and if appropriate, modify the failing policies to suit the changing needs of your organization.

Resources

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into WebSphere on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=WebSphere
ArticleID=656639
ArticleTitle=Using policy analytics in WebSphere Service Registry and Repository
publish-date=05042011