A client posed the following hybrid cloud use case and question:
An customer would have most (if not all) of their back office on-premise currently (i.e. in an data center). Over the next ~5 years, we expect three new scenarios to emerge:
1) back office functionality could move to SaaS (pure public cloud)
where the function (billing, inventory management) is delivered as a
2) back office functionality could move to a hosted environment where the back office vendor hosts the application for
3) back office functionality could move to a colo facility where deploys servers in a neutral data center
How does the WSO2 platform support these use cases effectively and efficiently?
The proposed use cases indicate an expected shift in hosting options. From on-premise hosting within the client data center, towards a hybrid environment, where back office functions are distributed across SaaS applications, back office service partners, and co-location facilities. The hosting shift creates a situation where security, policy, identity, monitoring, management, data, business processes, services, APIs, and rules must communicate, coordinate, and interact across a hybrid environment. The hybrid environment contains physically distributed functions executing across heterogeneous platform containers, which often exhibit disparate domains of control, numerous service integration points, and differing semantics. Because traditional on-premise middleware application platforms traditionally offer services (i.e. security, identity, monitoring, management, clustering, and logging) that don’t reach beyond a homogenous and localized platform environment, a hybrid cloud environment creates use case execution challenges.
Common use case challenges when building solutions on a hybrid cloud environment include:
- Dynamically provisioning and reconfiguring the environment to minimize spend, maximize scale, and continually satisfy resource consumption demands.
- Ensuring conformance with solution security policies
- Unified governance and consistence policy enforcement
- Integrating Cloud service data, processes, identities, and rules
- Establishing consistent and effective user experience across composite solutions
The WSO2 enterprise middleware platform incorporates architectural principles and services that solve hybrid cloud use case challenges. For example, architectural principles of federation, delegation, architecture distribution, loose coupling, and interoperability. Federation, delegation, and trust are used to bridge autonomous domains. Interoperability and open standards unify machine images, shape traffic, and maintain application sessions to deliver a consistent user experience and effective policy enforcement. Service orientation integrates provider services and simplifies complexity. Loose coupling and architecture distribution is achieved by delivering modular, autonomous features and exposing control interfaces. Service management, auto-scalers, and cloud controllers automatically provisions resources and right-sizes a distributed environment.
The platform conforms to an architecture pattern separating policy enforcement, policy decision, and policy information points. Each enforcement, decision, and information point may be distributed across a hybrid cloud environment. The WSO2 platform contains numerous interoperable standards (e.g. SCIM, SAML2, OAuth, JSON, XML, SOAP, WS-Policy, OpenStack, AWS EC2 API) supporting identity provisioning, entitlement assertion, messaging, and IaaS management.
WSO2 Stratos Cloud Platform Services (i.e. identity and entitlement, registry, mediation, and Cloud resource management) bridge disparate domains of control. Cloud resource management services should span a distributed topology, automate deployment, and enable dynamic wiring. Mediation services consistently enforce policies while integrating data, processes, identities, and rules. Cloud resource management services and cloud instances access registry services to dynamically register and discover resources (or resource attributes).
When building a hybrid cloud, analyze service portfolio factoring, define data semantics, validate provisioning scenarios, wire business event distribution, and evaluate business service granularity. Establish a plan to federate identity, enforce attribute based access control, and share entitlement decisions.