When XML accelerators were new around 1999 they helped alleviate some of the CPU drain that arose from processing...
highly dense XML messages. After a decade of acquisitions and increases in SOA messaging complexity, the accelerator has given rise to a broader-purposed set of XML appliances in which acceleration is often ancillary to security, governance and integration features. Often referred to as XML gateways or SOA appliances, some of these specialized hardware tools can now act as brokers between providers and consumers of Web services.
Acceleration is certainly a huge part of the value. But if we're looking at the XML message, we can do other things.
As part of an ongoing SOA deployment in the Commonwealth of Massachusetts, Enterprise Architect Pasquale Iocola said security was the number one reason for deploying XML appliances.
"On the front end we envisioned a set of gateways that would play the role of an intelligent firewall," said Iocola. "So they provide security and control access to business information."
The Massachusetts Executive Office of Health and Human Services (HHS) currently runs three DataPower XI50 SOA Appliances from IBM Corp. Iocola said the organization selected DataPower for its strengths in security, performance and service virtualization. After beginning to use the appliances around 2006, Iocola said he can implement sophisticated security policies without having to "reinvent the wheel" in the back end. From an acceleration standpoint, he said response time for certain transactions has gone from 30 seconds to under five seconds.
"These have been outstanding from a performance point of view," said Iocola. "At an average point in time there are 80 concurrent users for some of the most critical services." But as powerful as IBM's XML appliance is, there is always room for improvement. One area where Iocola said the devices have trouble is handling large messages. To remain efficient, he said, the appliances need to offload messages approaching 2 GB to other components.
The need for acceleration arose around the turn of the century when the SOA community adopted XML as the dominant format for Web service messaging.
"We went to XML as the lingua franca," said Scott Morrison, CTO and chief architect at Layer 7 Technologies, Inc. "The problem is there is so much complexity there and you'll inevitably run into a lot of problems with interpretation."
Incoming XML messages need to be translated into a format that local applications can interpret. These messages come written in text, which requires more processing power to work with than something like binary code. So vendors like DataPower, Inc., Forum Systems, Inc., Layer 7 and Reactivity, Inc. developed hardware appliances with microprocessors and firmware specialized for XML handling. These would sit in front of the applications and translate incoming XML traffic so that application servers would not have to be as burdened. Some of these also included security features that would search incoming traffic for any trace of malware.
The market for pure-play XML accelerators has diminished, analysts and experts say. Commodity hardware has increased in speed and decreased in price and a $50,000 appliance may not always be the desired option for acceleration alone. Morrison said many enterprises would rather just throw a number of inexpensive machines at the problem. Some general-purpose processors, such as Intel's i7 line, now come standard with native support for XML processing.
Over time, XML appliances gained a host of features that enhanced how XML could be interpreted and manipulated.
"Acceleration is certainly a huge part of the value," said Ron Schmelzer, Senior Analyst and Founder of ZapThink, LLC. "But if we're looking at the XML message, we can do other things. We can enforce security; we can do management, routing or transformation; we can do queuing, failover and load balancing."
The more these management and governance roles are put into an appliance, the less strain XML creates for the underlying system. Schmelzer emphasized that the fundamental idea of service-oriented architecture is to have flexibility and loose coupling. Having an appliance to act as a network intermediary, he said, means being able to implement sophisticated policies without having to go in and change the whole system. Iocola also mentioned this as one of his favorite aspects of the hardware.
As SOA itself has matured, so have the use cases of XML appliances. As in the case of the Massachusetts State health services organization, many enterprises use these appliances in a firewall role that ensures clean and secure transformation of XML before it reaches local applications. Yet in many ways, some of the modern appliances bring enterprise service bus (ESB) capabilities to the edge of an enterprise network, said Kevin Anderson, program director of worldwide connectivity and integration marketing at IBM DataPower. Anderson has been with DataPower since before IBM acquired the company in 2005.
"It became known here at IBM as another ESB, in appliance form factor," said Anderson. "We didn't position it that way but they were right; the use cases that they fit in were ESB-like scenarios."
A critical difference between an appliance and an ESB is that an appliance does not host services. Anderson said the similarity is in the way both can act to mediate messaging. Both an ESB and an appliance can convert protocols and data formats, take on policies, and allow for routing. An appliance like the XI50 used by the HHS is really more of an integration device, he said. It can convert data to and from a variety of formats of which XML is only one. But an appliance sits at the "edge" of an enterprise where an ESB might be central to the middleware stack.
Even if some XML appliances are starting to behave more like ESBs, there are challenges when trying to use them for that kind of function. Enterprises usually require a different kind of integration at the edge of their networks, said Dan Foody, VP of product management at the Progress Software Corp. Actional division. Where an ESB may handle a handful of internal protocols, he said appliances that route and transform external business-to-business traffic can be thrust into a much wider set of integration requirements.
"When you look at B2B integration, you're often dealing with a partner management problem," said Foody. "Inside an enterprise you might be dealing with two, three or four formats that you're transforming at any given time. When you're dealing with the B2B world you might have 1,000 partners each of which are using a different variant of a data format."
When working with XML and standards-based formats, an appliance can be a valuable integration tool, Foody said. But if an enterprise needs to work with a large number of incoming messages in proprietary formats, appliances can pose a challenge. As a closed-box piece of hardware, XML appliances tend to be less open and configurable than an ESB. This is good for security, but challenging for integration. Appliances have a smaller "surface area for attacks" as opposed to a general-purpose ESB, he said. But for a high degree of configurability, he said, these devices often require a company to have specialized skills in XML and Extensible Stylesheet Language (XSL).
Another challenge some companies have with XML appliances is determining who in the organization will work with them.
"Here you are spanning the roles of application development and network administration," said Schmelzer. "That's often a cause of conflict. You have to determine who loses control in this situation."
XML appliances reach for the cloud
The U.K.-based 451 Group, Inc. predicts the next stage of evolution for XML appliance technology might be bridging corporate networks with the cloud.
Our rough conjecture is that the cloud management space is where the maximum growth is for these XML gateway devices.
Director of Product ManagementCISCO
"To my mind, the SOA governance functionality these guys have built up over time can be extended into acting as a cloud-edge proxy," said Steve Coplan, an analyst with 451, "an entirely networking and security enforcement category."
The closest analogy to this would be in the way SSL VPNs help to separate the corporate networks from the public Internet, he continued. He said that over time, 451 expects there will be a need for a cloud federation broker that provides some level of workload policy management and/or data portability and security.
"Emergence of the cloud is impacting the market," said Tony Baer, an analyst with Ovum, Inc. "providing another option for customers who want to offload processing for instances where their policies will permit data manipulation off premises."
An example may be Crosscheck Networks, Inc., which purchased Forum Systems in 2009 and sells the Forum Sentry XML Gateway as a tool for both SOA and cloud computing. In the past, these appliances have been adept at integrating Software as a Service (SaaS), said Mamoon Yunus, CEO of Crosscheck. Though SaaS has now come under the cloud umbrella, it is nothing new.
"What's happened in the past two years is Infrastructure as a Service (IaaS) has become a play," said Yunus. "Not only are you integrating with third-party service providers but you're moving your hardware infrastructure to vendors like GoGrid, Amazon EC2 or RackSpace."
Moving forward, the control functionality of XML appliances will be useful in load balancing between IaaS providers, Yunus said. He sees an opportunity for this sort of technology to act as a "central controller for inter-cloud traffic management."
Cisco Systems, Inc., which acquired XML appliance vendor Reactivity in 2007, has also started looking at cloud computing.
"Our rough conjecture is that the cloud management space is where the maximum growth is for these XML gateway devices," said Indrajit Roy, director of product management for data center application delivery services at Cisco.
Some vendors are even starting to sell XML "virtual" appliances specifically for cloud computing. Layer 7 now has a Secure Span XML Virtual Appliance that helps monitor, control and manage services in public, private and hybrid cloud environments.
As vendors look to the cloud and XML appliances move farther from their roots as hardware-based XML acceleration, breadth of integration features and configurability may come to be the main issues to consider when shopping for one.