Rajarshi Bhose is a Senior Research Associate and Manager at the Cloud Computing Center of Excellence at SETLabs, Infosys Technologies. Kiran Nair specializes in J2EE, client-server architecture and performance lifecycle analysis. He is also part of the Cloud Computing Center of Excellence at SETLabs. They can be contacted at [email protected] and [email protected], respectively.
For most organizations, success depends on value-added service differentiation, with operational margins adding to revenue generation. Agility for service differentiation is leading organizations to build applications from existing, pre-built applications and services, as well as integrating new capabilities into existing functionality by creating composite applications. "Application composition" is a style of application design characterized by rapid configurability, enabling business workflows through assembly of customizable and configurable re fabricated assets and can be deployed at runtime to access diverse enterprise resources and are required for executing the business scenarios while taking advantage of standardized based processes. Applications designed using such a style are called "composite applications". "Hybrid composite applications" are a subcategory of composite applications where the a single composite is developed as well as deployed in distributed environment. Service-component architectures (SCA) which provide a simplified component programming model for implementing business services provide one way by which composite applications can be built.
Elastic computing has made it possible for organizations to use cloud computing and a minimum of computing resources to build and deploy a new generation of applications. Using the capabilities provided by the cloud, enterprises can quickly create hybrid composite applications on the cloud using the best practices of service-component architectures (SCA).
Since SCA promotes all the best practices used in service-oriented architectures (SOA), building composite applications using SCA is one of the best guidelines for creating cloud-based composite applications. Applications created using several different runtimes running on the cloud can be leveraged to create a new component , as well as hybrid composite applications which scale on-demand with private/public cloud models can also be built using secure transport data channels.
In this article, we show how to build and integrate composite applications using Apache Tuscany, the Eucalyptus open source cloud framework, and OpenVPN to create a hybrid composite application. To show that distributed applications comprising of composite modules (distributed across the cloud and enterprise infrastructure) can be integrated and function as a single unit using SCA without compromising on security, we create a composite application that components spread over different domains distributed across the cloud and the enterprise infrastructure. We then use SCA to host and integrate this composite application so that it fulfills the necessary functional requirements. To ensure information and data security, we set up a virtual private network (VPN) between the different domains (cloud and enterprise), creating a point-to-point encrypted network which provides secure information exchange between the two environments.
The technologies and tools we use include:
- Apache Tuscany, a lightweight architectural platform which facilitates integration of composite applications based on the guidelines specified by Open Service Component Architecture (OASIS OpenSCA). Integrated applications developed in different languages, spanning across multiple domains can be integrated using this platform. In this article, we use Apache Tuscany SCA as the primary infrastructure solution for creating and hosting the domains, components etc. These domains will be spread across the cloud and enterprise infrastructure, thus creating a composite application.
- Eucalyptus Open Cloud, short for "Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems," is an open source cloud infrastructure solution which implements cloud computing infrastructure. It is currently API compatible with Amazon EC2, S3 and EBS. We use the Eucalyptus Cloud as the cloud platform on which a part of the composite application resides. Because that Eucalyptus Open Cloud is interface compatible with Amazon AWS, the techniques presented here are also for public clouds like Amazon AWS.
- OpenVPN is an open source VPN solution which provides private, secure data tunnels between point-to-point or server-to-multiclient networks. It uses OpenSSL-based encryption for data and control channel security. We use OpenVPN to create a virtual private network for providing secure and encrypted information and data transfer between the enterprise infrastructure and the cloud.
Deployment Architecture: Incorporating Apache Tuscany SCA and OpenVPN Over a Hybrid Environment
As Figure 1 illustrates, we developed a simple distributed composite application which uses the web service binding provided by Apache Tuscany SCA to communicate between the client (Domain 2, hosted on enterprise infrastructure) and the server (Domain 1, hosted on the cloud). The part of the application which is hosted on the enterprise system references a component exposed as a service on the cloud; resulting in the creation of a seamlessly integrated composite application spread over the cloud and enterprise infrastructure.
Security was one of our chief concerns when developing applications spread over diverse domains and using the Internet as the primary medium for connectivity. We used OpenVPN for a secure tunnel for information and data transfers. The tunnel is built only after certificate validations at multiple layers; the data sent over this tunnel is encrypted. This provides enterprise-level security for application compartmentalization and integration.
In this example, our application, hosted on the local infrastructure, calls a remote service hosted on the cloud. A message provided by this remote service is displayed in the local environment. Domain 1, the domain residing on the local infrastructure, hosts a composite compromising of a single component. This component will reference a service hosted on Domain 2, hosted on the cloud. The binding used here is web service binding. SCA provides the capability for changing the binding protocol with the change of a single line in the composite. The service-oriented structure provided by this architecture ensures that the inner-level design implementation or composition will in no way be affected by this. The security blanket offered by the VPN tunnel will take care of the security loopholes that may pop up during any change in the mode of communication by the composite application.