Deploying Web Services: Bringing NNEC To The Edge

NATO UNCLASSIFIED19 September 2006

Deploying Web Services: Deploying Web Services: Bringing NNEC Bringing NNEC

To The EdgeTo The Edge

Presentation to MCC 2006Presentation to MCC 2006

James BuschJames BuschPrincipal ScientistPrincipal ScientistNC3A The HagueNC3A The Hague

NATO UNCLASSIFIED 2

Deploying Web Services:Deploying Web Services:Bringing NNEC to the EdgeBringing NNEC to the Edge

Brief Intro to NNEC

Brief Intro to SOA and Web Services

Deployed Web Services Experiment

Conclusions

NATO UNCLASSIFIED 3

NNEC?NNEC?

““It is a global, Web-enabled platform for multiple forms It is a global, Web-enabled platform for multiple forms of collaboration. This platform enables individuals, of collaboration. This platform enables individuals, groups, companies and universities anywhere in the groups, companies and universities anywhere in the world to collaborate - for the purposes of innovation, world to collaborate - for the purposes of innovation, production, education, research, entertainment [and] production, education, research, entertainment [and] war-making - like no creative platform before.”war-making - like no creative platform before.”

New York Times columnist Thomas L. Friedman on IT’s Effect on Globalization, 2006

NATO UNCLASSIFIED 4

NNEC!NNEC!

““Future operations will be more complex and Future operations will be more complex and multidimensional. The planning and execution of multidimensional. The planning and execution of operations will ... [require] truly interoperable forces. operations will ... [require] truly interoperable forces. To support this end, the use of Alliance forces must To support this end, the use of Alliance forces must change from a pattern of de-confliction to one of change from a pattern of de-confliction to one of integration where emerging technologies and concepts, integration where emerging technologies and concepts, like network-enabled capability, are increasingly used.”like network-enabled capability, are increasingly used.”

NATO’s Strategic Commanders, 2004

NATO UNCLASSIFIED 5

NNEC ChallengeNNEC Challenge Information comes from many sources and is Information comes from many sources and is

needed by many different users. It must be:needed by many different users. It must be: Securely Securely SharedShared CommonlyCommonly Understood Understood IntegratedIntegrated and Analyzed and Analyzed

…but how?

?

NATO UNCLASSIFIED 6

NNEC Feasibility StudyNNEC Feasibility StudyAmbitionsAmbitions

Identify types of C2ISR capabilities required to ‘enable’ Identify types of C2ISR capabilities required to ‘enable’ NATO Network Centric OperationsNATO Network Centric Operations Based on agreed Missions, Concepts of Operations, Based on agreed Missions, Concepts of Operations,

involving use of Modular Force Structures such as the NRF involving use of Modular Force Structures such as the NRF (NATO Response Force)(NATO Response Force)

Utilization of Capability Based Planning approach to identify Utilization of Capability Based Planning approach to identify ‘mix’ of National and NATO capabilities ‘mix’ of National and NATO capabilities

Develop a Strategy and Roadmap for realization of a Develop a Strategy and Roadmap for realization of a Networking and Information InfrastructureNetworking and Information Infrastructure (NII) (NII) To ‘enable’ required C2ISR capabilities and to support the To ‘enable’ required C2ISR capabilities and to support the

broader needs of the Alliance.broader needs of the Alliance. Involves networking of national funded, NATO common Involves networking of national funded, NATO common

funded and multi-national funded capabilities funded and multi-national funded capabilities

NATO UNCLASSIFIED 7

Main Technical Components of NIIMain Technical Components of NII

CommunicationsCommunications Information and Integration ServicesInformation and Integration Services Information AssuranceInformation Assurance Service ManagementService Management

NNEC Information

Infrastructure(NII)

CommunicationServices

Ch3

Information andIntegration Services

Ch4

InformationAssurance Services

Ch5

Service Management& Control Services

Ch6

NATO UNCLASSIFIED 8

Information SystemsInformation SystemsRecommendations for the NIIRecommendations for the NII

Service Oriented ArchitectureService Oriented Architecture Loose coupling, dynamic discovery, service orientedLoose coupling, dynamic discovery, service oriented

Open and accepted standardsOpen and accepted standards XML, SOAP, UDDI, WS-Security, etc.XML, SOAP, UDDI, WS-Security, etc.

““Federation of Systems” vice “System of Systems” ConceptFederation of Systems” vice “System of Systems” Concept Autonomous Systems Autonomous Systems Federated ServicesFederated Services

National Centric – no NATO “GIG”National Centric – no NATO “GIG” Flexible level of national participation (CMM concept)Flexible level of national participation (CMM concept)

Incorporation of legacy systemsIncorporation of legacy systems Interface to – as opposed to eliminate – existing capabilityInterface to – as opposed to eliminate – existing capability This includes new “Value Added” services such as REPThis includes new “Value Added” services such as REP

Metadata supported information sharing and exchangeMetadata supported information sharing and exchange XML as common languageXML as common language Development of “ontologies” to support information sharingDevelopment of “ontologies” to support information sharing Usage of NATO XML RegistryUsage of NATO XML Registry

NATO UNCLASSIFIED 9


Brief Intro to NNEC


Conclusions


NATO UNCLASSIFIED 10

Service Oriented ArchitectureService Oriented Architecture

Service Oriented Architecture is the future of system development:

“…the single most important theme in modern application development is service oriented architecture…” – Gartner Group

Recommended in NNEC Feasibility Study! Information is provided as a series of “Services” – which can be as granular as you

like A “Consumer” requests information from a “Producer” (Service) and receives a

response with some kind of data

Benefits– Rapidly integrate new and existing systems into the ‘sharing network’ maximize interoperability.

– Utilize ‘open source’ and COTS that support ‘open standards’ minimize cost and reduce/eliminate vendor dependencies.

– Securely share information across various security levels amongst various coalition partners.

– Reduced integration costs and time compared with current approaches and technologies.

Web Services – an instantiation of SOA – holds promise for solving traditional integration problems using commonly available technologies – XML, HTTP, TCP/IP, etc. – and enabling integration with minimal or no changes to underlying (new or existing) systems


What is Service Oriented Architecture?What is Service Oriented Architecture?

Publish

Data and applications available for use accessible via services. Metadata added to services based on producer’s format.

Service Producer

• Describes content using metadata• Posts metadata in catalogs for discovery• Exposes data and applications as services

Discover

Request/Invoke

• Searches metadata catalogs to find data services

• Analyzes metadata search results found• Pulls selected data based on metadata

understanding

Automated search of data services using metadata. Pulls data of interest. Based on producer registered format and definitions, translates into needed structure.

Service Consumer

Service Enabled Infrastructure

MessagingServices

MonitoringServices

RegistryServices

SecurityServices

TransformationServices

DataServices


SOA SOA Web Services Web Services

SOASOA is an enterprise is an enterprise architecturearchitecture

Web ServicesWeb Services is an is an implementationimplementation of that architecture… of that architecture… ……following a following a common suite of standards (W3C, OASIS, etc.)common suite of standards (W3C, OASIS, etc.)

XML for dataXML for data SOAP for messagingSOAP for messaging HTTP over TCP for transportHTTP over TCP for transport UDDI for registering servicesUDDI for registering services WSDL for describing servicesWSDL for describing services

Can be used to open a controlled “window” into an existing Can be used to open a controlled “window” into an existing application (aka the Web Service application (aka the Web Service interfaceinterface))


Web Services – How they workWeb Services – How they work

Registry (Discovery

Service) Security Service

Service (Information

Provider)


Provider)


Provider)

NetworkServices come “on line” (join the network)

Web

Services

Interface

Web Services

Interface

Web S

ervices

Inte

rface



Brief Intro to NNEC


Conclusions



Web Services Pattern 1:Web Services Pattern 1:Synchronous Request-ResponseSynchronous Request-Response

Consumer makes request from Service and Consumer makes request from Service and waitswaits for for responseresponse

No state (persistence) – Service “forgets” about No state (persistence) – Service “forgets” about Consumer as soon as response is sentConsumer as soon as response is sent

PlusesPluses Simple, most basic modelSimple, most basic model Easy to implement (any web browser can be a client)Easy to implement (any web browser can be a client) Loose coupling between Client and ServiceLoose coupling between Client and Service

MinusesMinuses Client waits on ServiceClient waits on Service Data is only received when asked for (not good for time-Data is only received when asked for (not good for time-

dependent data)dependent data)


Web Services Pattern 1:Web Services Pattern 1:Synchronous Request-ResponseSynchronous Request-Response

User

Use Case 1: Synchronous User, No Broker

Service

Request Message

Response Message

... (2) User issuesRequest to Service andwaits for Response tobe generated (data is

“pulled”)

(1) Producer Service can onlyrespond to requests (cannot

initiate messaging)...

Useful for:

• Services where the information is not time-dependent (e.g. document repositories)

• Situations where Clients only want data when it asks

• When simplicity is important

• Situations where Client and Service(s) have no knowledge of each other


Web Services Pattern 2:Web Services Pattern 2: Asynchronous “Push” (aka Publish-Subscribe) Asynchronous “Push” (aka Publish-Subscribe)

Consumer asks Service to send data whenever it is Consumer asks Service to send data whenever it is available (“subscribes” to Service)available (“subscribes” to Service)

Consumer implements a “listener”; Service implements Consumer implements a “listener”; Service implements capability to initiate messages (not just respond)capability to initiate messages (not just respond)

PlusesPluses Data is “pushed” out as soon as it is available, and only when Data is “pushed” out as soon as it is available, and only when

it changesit changes Client doesn’t have to wait on serviceClient doesn’t have to wait on service Less back-and-forth between client and server? Less back-and-forth between client and server? (more on this (more on this

later…)later…) MinusesMinuses

Both Consumer and Service must implement capability Both Consumer and Service must implement capability beyond the basicbeyond the basic

Consumer and Service are forced to “know” about each otherConsumer and Service are forced to “know” about each other


Web Services Pattern 2:Web Services Pattern 2:Asynchronous “Push”Asynchronous “Push”

User

Use Case 2: Asynchronous User, No Broker

Service

Message

Message

... (3) Userissues Request to

Service and“forgets” about

it...

... (4) Message is sentwhen data ready (can occur

repeatedly) and isreceived and processed by

User

Listener Service

... (2) Userimplements a

“Listener” WebService capable of

receivingmessages...

Push Service

(1) Producer Serviceimplements a “push” servicewhich can initiate message

sending...

Ack

Ack

Useful for:

• Service offering very time-sensitive information (e.g. (near)real-time tracks)

• Client who wants new information as soon as it is available without having to ask for it

• Reducing the number of queries between Client and Service?


The Overhead of Web ServicesThe Overhead of Web Services

““XML/SOAP Adds So Much Overhead!”XML/SOAP Adds So Much Overhead!”

<?xml version=…><?xml version=…> <SOAP-ENV:Envelope …><SOAP-ENV:Envelope …> <SOAP-ENV:Body…><SOAP-ENV:Body…> <XML Content…><XML Content…> Payload goes here…Payload goes here… </XML Content></XML Content> </SOAP-ENV:Body></SOAP-ENV:Body> </SOAP-ENV:Envelope></SOAP-ENV:Envelope>

The Disadvantage Is:The Disadvantage Is: Lots of overhead from all the tags, headers, white spaceLots of overhead from all the tags, headers, white space

The Benefits Are:The Benefits Are: Structured information via XML (vital for information sharing, Structured information via XML (vital for information sharing,

interoperability)interoperability) SOAP Envelope used for WS-Security, WS-Federation, etc.SOAP Envelope used for WS-Security, WS-Federation, etc.


The Overhead of Web Services (2)The Overhead of Web Services (2)

XML “Efficiency”XML “Efficiency” Huge advances in last few yearsHuge advances in last few years W3C Efficient XML Interchange Working GroupW3C Efficient XML Interchange Working Group working on working on

standard for efficient XML transmissionstandard for efficient XML transmission Reduce XML documents by factor of 100Reduce XML documents by factor of 100 Maintain all the benefits of XML, mostly lose the Maintain all the benefits of XML, mostly lose the

drawbackdrawback

But…But… Digital Signatures and Encryption remain problematicDigital Signatures and Encryption remain problematic

Add more overhead for securityAdd more overhead for security Don’t compress wellDon’t compress well

XML is still not appropriate for every situationXML is still not appropriate for every situation Very small messagesVery small messages Streaming dataStreaming data


The Network Effect of Web ServicesThe Network Effect of Web Services

Two factors affect the performance of Web ServicesTwo factors affect the performance of Web Services

ThroughputThroughput: The number of requests handled in a given : The number of requests handled in a given time period by the service (measured on server side)time period by the service (measured on server side)

LatencyLatency: The round-trip time between sending the : The round-trip time between sending the request and receiving a response (throughput + request and receiving a response (throughput + network transit). Impacted by:network transit). Impacted by: Amount of bandwidth available (real and effective)Amount of bandwidth available (real and effective) Message size/compositionMessage size/composition

Additional overhead imposed by HTTPAdditional overhead imposed by HTTP


Web Services at the “Edge”?Web Services at the “Edge”?

Key component in transformed NATO is “lightweight” Key component in transformed NATO is “lightweight” (tactical) client(tactical) client Mobile userMobile user Deployed CJTFDeployed CJTF

So what are effects on Web Service performance ofSo what are effects on Web Service performance of Reduced network bandwidthReduced network bandwidth Network congestionNetwork congestion Larger/smaller volumes of dataLarger/smaller volumes of data


EPW1038 at CWID 2006EPW1038 at CWID 2006

Experiment designed to test variety of Web Service Experiment designed to test variety of Web Service calls in a variety of network conditionscalls in a variety of network conditions

Query returning small amounts of data Query returning small amounts of data (small request, (small request, small response)small response)

Query returning large amounts of data Query returning large amounts of data (small request, large (small request, large response)response)

Publish large amounts of data Publish large amounts of data (large request, small (large request, small response)response)

Subscribe to “pushed” track and weather information Subscribe to “pushed” track and weather information (potentially very large amounts of data)(potentially very large amounts of data) Related to RTO-061 experiment described yesterdayRelated to RTO-061 experiment described yesterday

Where are inefficiencies and what (if anything) can be Where are inefficiencies and what (if anything) can be done?done?


Network 1: Local LANNetwork 1: Local LAN

CWID “Purple” Network

NC3A “Purple” Network

CF

BL

Ne

t

CSSI/IVASFederated Search Svcs

CSSI/IVASData Sources

CSSI/IVAS Client

EIS Core Enterprise Services

• Clients and all Services local to CWID (Norway)

• Network capacity of 100 Mbps


Network 2: Remote Services via Network 2: Remote Services via CFBLNetCFBLNet

• Clients local to CWID (Norway)

• Services remote at NC3A (Netherlands) accessed via CFBLNet backbone

• Network capacity of +/- 2 Mbps



CF

BLN

et



CSSI/IVAS Client



Network 3: Remote Services via UMTSNetwork 3: Remote Services via UMTS

• Clients local to CWID (Norway)

• Services remote at NC3A (Netherlands) accessed via UMTS (mobile phone network)

• Network capacity of 30 - 300 Kbps





CSSI/IVAS Client



Network Instrument ObserverNetwork Instrument Observer


Web Service Simple QueryWeb Service Simple Query

Client

Service

REQUEST

RESPONSE


Web Services CommunicationsWeb Services Communicationson a Simple Queryon a Simple Query

Client

Service

Initiation

Acknowledgement (1st phase handshake)

Acknowledgement (2nd phase handshake)

REQUEST

Acknowledgment

RESPONSE

Acknowledgment

Termination

Termination Acknowledgement

Fact: Network performance is strongly influenced by the number of packets!

Conclusion: Web Services back-and-forth adds significant traffic in the form of many small packets. Reducing these small messages helps increase efficiency.


Network Capacity EffectsNetwork Capacity Effectson Web Service performanceon Web Service performance

0

2000

4000

6000

8000

10000

12000

100000 2000 300 80

Bandwidth

Tim

e Query (small)

Query (large)

Publish

Web Services worked well until the worst bandwidth/message size configuration. Performance degradation is not linear but logarithmic; trends for large and small messages are nearly identical.

Conclusion: Until the “pipe” becomes very small (relative to message size) the size of the message has less impact than the number of packets.


Overhead of HTTP/SOAPOverhead of HTTP/SOAPon a Simple Queryon a Simple Query

Bytes of Server Bytes of Server ResponseResponse

Total Bytes of Total Bytes of “conversation”“conversation”

Percent of Percent of Bytes that are Bytes that are “overhead”“overhead”

Small QuerySmall Query 675675 19201920 65%65%

Large QueryLarge Query 42914291 55365536 25%25%

Web Services (with SOAP and HTTP headers, plus the various small messages in the conversation) can add significant overhead

Conclusion: The impact is much less on larger messages than on small. Configure for larger packet sizes where possible.


Web Service Publish-SubscribeWeb Service Publish-Subscribe

Client

Service

Initiation

Acknowledgement (1st phase handshake)

Acknowledgement (2nd phase handshake)

REQUEST (“Subscribe”)

Acknowledgment

RESPONSE

Acknowledgment

RESPONSE

Acknowledgment

RESPONSE

Acknowledgment

RESPONSE

Acknowledgment

RESPONSE

Acknowledgment


Overhead of Multicast (“push”) vs. Overhead of Multicast (“push”) vs. Request-ResponseRequest-Response

Sample Size Sample Size (Bytes) of (Bytes) of Server Server ResponseResponse

Packets in Packets in “conversation”“conversation”

Approx. total Approx. total Bytes in Bytes in “conversation”“conversation”

Percent of Bytes Percent of Bytes that are that are “overhead”“overhead”

SynchronousSynchronous 10001000 99 23002300 56%56%

AsynchronousAsynchronous 10001000 3 (after 3 (after subscribe)subscribe)

15001500 33%33%

When data is “push”ed asynchronously, there are less packets in the conversation – generally an initiation, the message itself, and an acknowledgment from the recipient (client).

Conclusion: “Push” of data asynchronously reduces HTTP/SOAP overhead because there are less messages in the “conversation”.



Brief Intro to NNEC


Conclusions



ConclusionsConclusions

NNEC FS has suggested an NII architecture featuringNNEC FS has suggested an NII architecture featuring Service Oriented Architecture Service Oriented Architecture (implemented as (implemented as Web ServicesWeb Services where feasible) where feasible)

Loosely coupled, dynamically discoverable systems (services)Loosely coupled, dynamically discoverable systems (services) Extremely valuable interoperability tool in the “enterprise” environment Extremely valuable interoperability tool in the “enterprise” environment

(strategic, operational)(strategic, operational) On-going work already moving in this directionOn-going work already moving in this direction (including operationally)(including operationally)

Tests showed Web Services remained functional at low network Tests showed Web Services remained functional at low network capabilitiescapabilities Except once message volume far exceeded available bandwidthExcept once message volume far exceeded available bandwidth Appropriate for really low bandwidth (highly tactical) settings? Appropriate for really low bandwidth (highly tactical) settings? Still uncertain…Still uncertain…

Number of packets on network had bigger impact than larger request or Number of packets on network had bigger impact than larger request or response messagesresponse messages Minimize the HTTP “conversations” where possibleMinimize the HTTP “conversations” where possible Tweak HTTP settings (e.g. MTU) to enable fewer, larger packetsTweak HTTP settings (e.g. MTU) to enable fewer, larger packets Eliminate superfluous messages (e.g. DNS pings) from network Eliminate superfluous messages (e.g. DNS pings) from network

Multi-cast (i.e. “push”) Web Services have a network performance Multi-cast (i.e. “push”) Web Services have a network performance advantage over request-responseadvantage over request-response Not appropriate for all situationsNot appropriate for all situations


Questions ?Questions ?


Contacting NC3AContacting NC3A

NC3A Brussels

Visiting address:

Bâtiment ZAvenue du Bourget 140B-1110 BrusselsTelephone +32 (0)2 7074111Fax +32 (0)2 7078770

Postal address:NATO C3 AgencyBoulevard Leopold IIIB-1110 Brussels - Belgium

NC3A The Hague

Visiting address:

Oude Waalsdorperweg 612597 AK The Hague

Telephone +31 (0)70 3743000Fax +31 (0)70 3743239

Postal address:NATO C3 AgencyP.O. Box 1742501 CD The HagueThe Netherlands

Documents

Deploying Web Services: Bringing NNEC To The Edge