Monday, July 07, 2008
| It almost seems like there is more blog comment on Progress Software's acquisition of Mindreef (terms not disclosed) then Progress Software's acquisition of the much larger Iona. The Progress/Iona news was originally broken by Jeff Schneider of Momentum SI, as reported by Joe McKendrick. Joe McKendrick comments that: "With IONA and Mindreef, Progress is clearly aiming to develop and offer an end-to-end suite of SOA products � from integration to management". Progress has acquired in this area before, e.g. one of Vordel's competitors in the XML Networking area, Westbridge Technology, is part of the Progress/Sonic family. So is Actional which focussed on Web Services Management. The addition of Iona and Mindreef can be seen as Progress "going wide" by offering, as Joe McKendick says, a "full end-to-end suite of SOA products".http://blogs.zdnet.com/service-oriented/?p=1138 This makes sense. In our own Vordel product suite , we have the SOAPbox testing tool which, although not competing directly with Mindreef, is an example of an SOA testing tool. It is part of our product suite which includes our XML Gateway, XML Firewall, Service Usage Reporting, and, managing it all, our Policy Director (which direct policy out to the XML Networking components around the network). As in the wider world beyond SOA, testing is often seen as an afterthought. But, like Progress, we have seen that is it important to have a testing tool as part of our suite. SOAPbox allows back-end services to be tested prior to the placement of an XML Gateway on the network. For example, if the XML Gateway is going to be used to throttle back the XML load to a level which can be managed by the back-end Services, then SOAPbox is used to test to see what this throttling level should be. The latest version of SOAPbox also simulates attacks on Services, attacks which of course are blocked by our XML Networking products. So, it is important to "go wide" by having a testing tool as part of an overall suite. But, it is also important to "do deep". When I read Joe McKendrick's analysis, I noticed the trackback from the iTKO blog. I jumped to the take on the iTKO blog, because I was very interested in their analysis, coming as it does from another SOA testing tool vendor. They were keep to point out that iTKO is a "SOA testing" company, not a "SOAP testing" company as in the case of Mindreef which focussed on SOAP and WSDL. But, they also mentioned an elephant in the room: SOAPUI. SOAPUI is a very capable SOAP testing tool which has a free basic version. The "basic" version is actually very capable. At Vordel we've often seen it used in Proof Of Concept bake-offs between vendors. The existence of SOAPUI means that other testing tools must "go deep" in order to add value. SOAPbox, as you might expect, goes deep on security. If you want to generate SAML 2.0 assertions on the client to send up to a SAML Relying Party, there aren't a lot of tools out there which will allow you to do this in just a few clicks, and with no coding. But, SOAPbox will. Similarly, in the latest version of SOAPbox, the insertion of attacks into XML messages is simple, in order to use it as an "attack dog" against Services which must be tested. So, the message from the Progress acquisition of Mindreef is that it's important for testing tools to both "go wide" (as part of an overall suite) and "go deep" (not be commoditized by SOAPUI). 3:51:41 PM  comment [0] | |
Steve Craggs on the "Litebytes" blog from Lustratus Research discusses Intel's foray into the XML software library market:
Turns out Intel are striking back at the burgeoning SOA Appliances market. The Intel claim is that its 'software appliance' performs at least as well as Appliances, and is therefore a better option.
http://blog.lustratusresearch.com/litebytes/2008/06/will-intels-att.html
http://blog.lustratusresearch.com/litebytes/2008/06/will-intels-att.html
As background, the software which Intel sells is the core of the old Sarvega product, which Intel acquired. They now sell this as a software XML toolkit.
Here at Vordel we make both software XML appliances and hardware XML appliances. Both have their advantages. Software XML Appliances have two key niches:
- Virtualization. In a virtualized environment, you can bring new instances of software XML Gateways on-stream instantly. This is simply not possible for a hardware product, where there are delivery lead-times.
- Policy development and testing. Even in situations where an organization wishes to go live with hardware XML appliances, it often makes sense to develop and test policies using a software instance of the XML appliance. This makes sense for cost and logistical reasons.
Perhaps the biggest worry I have, however, is that whatever one company has done in software, someone else can do too, and unless it is patent protected, there would be nothing to stop an appliance maker coming up with a super-fast parser, and then putting it into microcode.
http://blog.lustratusresearch.com/litebytes/2008/06/will-intels-att.html
This is a good point. Let's look at a case in point, in detail:http://blog.lustratusresearch.com/litebytes/2008/06/will-intels-att.html
Crypto acceleration hardware is widely available, from companies like Cavium and nCipher, and it is greatly beneficial in accelerating XML Signature and XML Encryption. Such hardware is actually *more* useful for XML content-level security than for SSL, because with XML Encryption and XML Signature, you are usually doing assymetric operations for each message, whereas with SSL, you are only doing it at the initial handshake stage (WS-SX hasn't taken off sufficiently to change this yet).
So, it makes sense for XML appliances (like Vordel's) to contain crypto acceleration hardware. Also, as Intel point out, you can get really good XML processing performance by using highly-optimized code running on the latest multi-core processors. Those are the best of both worlds.
Take a step back and think about crypto accelerators: how do they do their acceleration? Is it "just fast because it's on hardware?". No, it is fast because it allows many operations (for SSL handshaking to multiple clients) to be done in a parallel fashion, not pushed one-at-a-time through the main CPU. If you apply the same thinking to an XML appliance, then you can run the XML structural and syntactic validation in highly-optimized code on the main CPU at the same time as the XML Signature checking on the crypto accelerator board. Then, you benefit from concurrency. You also are getting the best of both worlds: crypto processing on the crypto card and XML processing using highly-optimized code on the core CPU. XML per-message latency goes way down, using this method. Why do I mention this example in reference to Steve Cragg's comment about patents? Because it's something Vordel has patented: "Method and system for the simultaneous processing of document structure and electronic signature for electronic documents" .
I'd predict that despite the "software only" crowd (presently Intel would be in that category) or the "hardware only" crowd (e.g. IBM), there will still be a place for vendors like Vordel who provide both software and hardware XML appliances.
