Best Practices: SOA Application Design Analysis


Governance is an important aspect of any SOA project. Enterprise governance policies need to be translated into concrete and actionable directives that influence design. Here are some of the common governance concerns:

  • Security - includes authentication, authorization, access control, confidentiality, integrity and the like. Your analysis may identify a mandate to employ technologies and standards such as WS-Security (secure SOAP message), SAML (single sign-on), SSL, and other WS-Policy Assertions (privacy, Quality of Service).
  • Resiliency - includes the need to ensure that a process can recover in the event of system/component failure
    • ActiveVOS provides support for WS-ReliableMessaging, which allows messages to be delivered reliably between processes and partners in the presence of system or application failures
    • ActiveVOS supports process persistence, which is required for recovery and failover. Please be aware that persistence comes at the price of increased resource consumption and increased response time due to database-related activities. ActiveVOS allows specifying a persistence policy on a per process basis which should provide some flexibility in this regard.
    • ActiveVOS supports engine clustering configuration which provides failover capability, if it is required
  • Compliance - compliance to company and governmental regulations such as Sarbanes Oxley or Basel II need to be considered. These often require the ability to continuously measure, control and audit business activities.
    • The requirement of logging and auditing of business processes is an integral part of the business requirements. ActiveVOS provides logging and process persistence capabilities for deployment and process execution activities.  Specify the logging and persistence policy to be consistent with the compliance requirements
    • Critical business process may need to have high availability and the service window may be small or non-existent. Therefore, the ability to support the upgrade of deployed process without interruption of the running instances may be critical. ActiveVOS provides a runtime version management feature using versioning policy. A versioning policy for a process version can specify effective/expiration date of a new version, running instances disposition and retention period of completed/faulted process instances. Design these policies to be consistent with the compliance requirement.
    • Monitor BPEL engine alerts - ActiveVOS can be configured to generate events when certain KPIs of the engine have reached predefined thresholds, for example, if the faulted processes count has reached a certain value. Create a Monitor Alert Service process if you want to receive these engine events.
    • Monitor process fault alerts - create an alert service process to receive events related to unhandled fault generated in processes.