SOMA: Service-oriented management architecture

Demands in intrusion prevention are leading vendors to create new network management solutions

The problems network managers face in today's data center are increasingly complex. Changes in network usage models require the remapping of traffic flows. New intrusion threats demand stronger security measures. Using virtualization to migrate workloads across physical resources requires constant reallocation of network resources. The list goes on. In response, systems management vendors are constructing their solutions differently from the way they used to.

The new approach to network management - and systems management generally - is based on service-oriented management architecture (SOMA). Vendors are building SOMA-based network management appliances, agents and proxy agents that are flexible and capable of evolving as management needs evolve. Adaptability was limited in past network management solutions, but it's largely a given with SOMA.

Under SOMA, all important management operations are implemented as services (such as for retrieving device status, for device control, for changing configuration settings and for provisioning). Each service is a software component with a formally defined, message-based, request-response interface. The business logic behind each interface is hidden from users. Messages are in XML and are passed among services running within a device via a management services bus (MSB). Programming a management application or an agent is relatively easy because all available management functionality is exposed via consistent interfaces, and most services are highly reusable.

When new services are required, implementers can write new code or encapsulate and integrate commercial or open source legacy-management code: Either way, the code is hidden behind formal service interfaces. Used this way, SOMA unifies what otherwise would be disparate management solutions.

Services provide simple or complex functionality. A simple service might, for example, return a device's current temperature settings or fan speeds, and a more complex service might perform complex diagnostics requiring the correlation of information from multiple sensors and internal event logs. Services can cooperate with one another, and more sophisticated services can be formed by layering atop lower-level services. A vendor can, for example, provide management agents for an entire gamut of routers, from low-end to high-end, by picking appropriate services from a services library.

SOMA services can be used to construct management agents, proxy agents, management appliances or applications. Because SOMA does not dictate the type of client application that must be used, GUI, Web, or even fully automated applications requiring no human intervention can be used. Such client applications typically invoke services remotely via management protocols.

The client applications are connected to the MSB via protocol adapters that call for services. A given appliance or agent must support at least one protocol adapter, but often will support several. SOMA services running on management appliances or agents might themselves need other protocol adapters to interact with the hardware or software elements they are responsible for.

Being able to support many management protocols is a huge advantage: It ensures, for example, that a newer device with a SOMA agent can be managed by legacy management applications or frameworks via older protocols (such as SNMP), or by newer applications via newer protocols.

With SOMA, a device vendor could future-proof his device by making it able support Web-services-oriented management protocols, such as Common Information Model-XML, WS-Management and Web Services Distributed Management. (The newer protocols natively support XML-based request formats and require less mediation work by their respective adapters.)

Advanced SOMA implementations offer extreme flexibility. Agents can load new services and protocol adapters on the fly without computers having to shut down or reboot. New intrusion-fighting services, for example, could be downloaded like antibodies, or services could be updated. Being able to load new protocol adapters on the fly could let vendors future-proof their devices by distributing new protocol adapters as soon as they're available or needed.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about EvolveHISVIA

Show Comments