WebServices & Microservices

-

What is a Web Service?

Applications which are accessed via HTTP APIs are often called Web Services. In other words, a web service is a function that can be accessed by other programs over the web (HTTP).
How many different kinds of Web Services are there?
Primarily, there are two types of Web Services, Simple Object Access Protocol (SOAP) and Representational State Transfer (REST).
A SOAP Web Service, accepts a request in XML format and generates an output in XML format.
A REST Web Service is more versatile and can accept XML as well as JSON as request and generates an output in XML as well as JSON, or even HTML.

Microservices

The microservice architectural style involves developing single applications that can work together as a suite of small services, each running in its individual process and communicating with lightweight mechanisms such as an HTTP resource API. These services require bare minimum centralized management, use different data storage technologies, and can be written in different programming languages. These services, built around business capabilities, can also be deployed independently by machinery that supports fully automated deployment.
  • Using different programming languages/technologies/DB.
  • Is using different data storage technologies.

How Are Microservices Different to SOA

  • Service-oriented architecture(SOA): an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network.
  • The traditional monolithic applications use complex binary formats, SOA/Web services-based applications use text messages based on the complex message formats (SOAP) and schemas (xsd).
  • When you have a business capability implemented as a service, you need to define and publish the service contract.
  • In SOA/Web services world, WSDL is used to define the service contract, but, as we all know, WSDL is not the ideal solution for defining microservices contract as WSDL is insanely complex and tightly coupled to SOAP.
  • Microservices:  a software architecture style in which complex applications are composed of small, independent processes communicating with each other using language-agnostic APIs. Microservices based software's automatically scales up based on resources consumption. A good Analogy for Microservices based software would be an empty balloon initially - utilizes very less resources, but as it scales up, compared to a balloon filled with Gas/water, starts utilizing more resources. Hence a microservices based Software can be scaled up to handle complex/higher load conditions.  
  • In Microservices Architecture, REST is the unanimous choice as it provides a simple messaging style implemented with HTTP request-response, based on resource API style. Therefore, most microservices implementations are using HTTP along with resource API based styles (every functionality is represented with a resource and operations carried out on top of those resources). 
  • message formats
  • In most microservices-based applications, they use simple text-based message formats such as JSON and XML on top of HTTP resource API style. 
  • Since we build microservices on top of REST architectural style, we can use the same REST API definition techniques to define the contract of the microservices. 
  • service contracts
  • Microservices use the standard REST API definition languages such as Swagger and RAML to define the service contracts.
RAML

RESTful API Modeling Language (RAML) is a language intended to describe RESTful APIs.  RAML is written in the YAML human-readable data serialization language.
The goal of RAML is to provide all the necessary information to describe RESTful APIs, thus providing a simpler way to design APIs.



  • For other microservices implementation which are not based on HTTP/REST (such as Thrift), we can use the protocol level 'Interface Definition Languages(IDL)' (e.g.: Thrift IDL).
  • With the use of API-GW pattern, the microservice becomes even more lightweight as all the non-functional requirements are implemented at the Gateway level. Non-functional capabilities such as security, monitoring and throttling.
  • Microservices has its own private database and they can't directly access the database owned by other microservices. 
  • Service Registry & Service Discovery:  In Microservices architecture, the number of microservices that you need to deal with is quite high. And also, their locations change dynamically owing to the rapid and agile development/deployment nature of microservices. Therefore, you need to find the location of a microservice during the runtime. The solution to this problem is to use a Service Registry.
  • Client-side Discovery — In this approach, the client or the API-GW obtains the location of a service instance by querying a Service Registry. 
  • Server-side Discovery — With this approach, clients/API-GW sends the request to a component (such as a Load balancer) that runs on a well-known location. That component calls the service registry and determines the absolute location of the microservice.  
  • Microservices deployment solutions such as Kubernetes(http://kubernetes.io/v1.1/docs/user-guide/services.html) offers service-side discovery mechanisms.

Deployment

When it comes to microservices architecture, the deployment of microservices plays a critical role and has the following key requirements:
  • Ability to deploy/un-deploy independently of other microservices.
  • Must be able to scale at each microservices level (a given service may get more traffic than other services). 
  • Building and deploying microservices quickly. 
  • Failure in one microservice must not affect any of the other services.
Docker (an open source engine that lets developers and system administrators deploy self-sufficient application containers in Linux environments) provides a great way to deploy microservices addressing the above requirements. The key steps involved are as follows:   
  • Package the microservice as a (Docker) container image.
  • Deploy each service instance as a container.
  • Scaling is done based on changing the number of container instances.
  • Building, deploying, and starting microservice will be much faster as we are using Docker containers (which is much faster than  a regular VM)
Kubernetes is extending Docker's capabilities by allowing to manage a cluster of Linux containers as a single system, managing and running Docker containers across multiple hosts, offering co-location of containers, service discovery, and replication control. As you can see, most of these features are essential in our microservices context too. Hence using Kubernetes (on top of Docker) for microservices deployment has become an extremely powerful approach, especially for large scale microservices deployments.

Security

we can leverage the widely used API-Security standards such as OAuth2 and OpenID Connect to find a better solution to our Microservices security problem. Before we dive deep into that, let me just summarize the purpose of each standard and how we can use them. 
  • OAuth2 - Is an access delegation protocol. The client authenticates with authorization server and gets an opaque token which is known as 'Access token'. An Access token has zero information about the user/client. It only has a reference to the user information that can only be retrieved by the Authorization server. Hence, this is known as a 'by-reference token' and it is safe to use this token even in the public network/internet.  
  • OpenID Connect behaves similarly to OAuth, but, in addition to the Access token, the authorization server issues an ID token which contains information about the user. This is often implemented by a JWT (JSON Web Token) and that is signed by an authorization server. So, this ensures the trust between the authorization server and the client. JWT token is therefore known as a 'By-value token' as it contains the information of the user and obviously is not safe to use it outside the internal network. 
these are the key steps involved in implementing microservices security:
  • Leave authentication to OAuth and the OpenID Connect server(Authorization Server), so that microservices successfully provide access given someone has the right to use the data.
  • Use the API-GW style, in which there is a single entry point for all the client request. 
  • Client connects to authorization server and obtains the Access Token (by-reference token). Then send the access token to the API-GW along with the request. 
  • Token Translation at the Gateway - API-GW extracts the access token and sends it to the authorization server to retrieve the JWT (by value-token). 
  • Then GW passes this JWT along with the request to the microservices layer. 
  • JWTs contains the necessary information to help in storing user sessions, etc. If each service can understand a JSON web token, then you have distributed your identity mechanism which is allowing you to transport identity throughout your system.
  • At each microservice layer, we can have a component that processes the JWT, which is a quite trivial implementation. 

Comments

Post a Comment

Popular posts from this blog

QA's approach 2 Java - Understanding Static context

-
Image
            Static Members Flow Class members In java application we are defining objects for communication.Every Object is represented as a model(class). Hence, java application is the combination of classes. And every class in java application is allowed to define following members. 1) static members 2) non-static members Static members flow using JVM architecture : Java class supports definition of 4 static members. 1) static main method 2) static block 3) static variable 4) static method Static main method Example class Demo { //empty..... } How to Compile & Execute a simple Java program? 1) Save the program in "d-drive" with name Demo.java 2) Open command prompt, navigate to the path where the java program is stored 3) Compilation: cmd/> javac Demo.java Demo.class file will be generated. 4) Execution:  cmd/>java Demo Error : main method not found... main method : 1) It is static method, hence...
Read more

QA's approach 2 Java - Collections Framework & Generics Introduction

-
Image
Why Collections & why is it called a Framework? First Question: Why Collections? Collections are used to overcome problems with variables, arrays, classes like size problem, type problem, non existence of predefined operations/methods, etc. To get a Overview of the above discussed problems, click on this link What is a Framework? Its a semi-finished re-usable application, providing some low level services, which can be customized according to our requirement.  Second Question: Why is it called a Framework? Collection API is available in util package & its called a Framework for the reason that, java programmers were not restricted to just utilize the existing classes making them final but was allowed to expand on top of the exiting classes inheriting them. Collections framework gives a clear example of when to use Interface & abstract class Classification of Collection Framework: In Collection Framework all the classes are classified into 3 cat...
Read more

Technologies - Log4J - Create Log4j Configuration File - Where ? How ? What ?

-
  Typical Steps involved in Creating Log4j Configuration file Configure the root logger - What to Log - info/debug/error/fatal messages Configure individual loggers (if needed). Specify appenders -- Where to Log -- in File/Console, etc Specify message layout/Pattern -- How to Log - format to log the message Configuring a Layout PatternLayout lets you determine how data is extracted from log events and formatted for output based on a conversion pattern. Conversion patterns act as placeholders for data that appears in each log event.  For example, let’s break down a PatternLayout commonly used in Log4j: <PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/> %d{HH:mm:ss.SSS} formats the date in terms of hours, minutes, seconds, and milliseconds. %t displays the Logger’s current thread. %level displays the severity of the log event. %logger displays the name of the Logger. %m displays the event’s message. Finally, %n adds a new line for the next e...
Read more