Release 5.0 of the AmberPoint SOA runtime governance software—AmberPoints biggest release to date—recognizes that as more and more services are added, it becomes too complicated to manage each service one at a time.
And it recognizes that not all components in a loosely coupled virtual application are Web services based on XML and SOAP (Simple Object Access Protocol).
The new version includes a policy system that enables automatic policy provisioning. Drawing from a library of templates, users can set up simple, pre-defined policies around load balancing, failover, versioning, message routing, logging and security.
Users can also create custom, compound policies related to content, service level agreements, exception handling and more.
"Assigning policies one at a time in a manual way doesnt work well when applications start to really scale. [The policy system] lets you do this in a holistic fashion. The benefit is that you eliminate any mistakes that would occur [because of] people not remembering to carry out steps," said Ed Horst, vice president of marketing for the Oakland, Calif., company.
The policy system also provides a view of established policies so that users can see which services have which policies, which services would be impacted by planned policies before they are applied, and whether there are conflicting authorization policies.
One beta tester working with the new release predicted that a lot of the time-consuming "hassle" of creating and deploying policies for each Web service may go away thanks to the new policy system, according to Jorge Mercado, SOA architect at MedicAlert Foundation International in Turlock, Calif.
"They have a turnkey policy solution where you can pre-define policies, create a category of services, and any service in a category gets those policies applied to it," Mercado said.
"That makes the administrators life much simpler," said Ann Thomas Manes, vice president and research director at Burton Group in Cambridge, Mass. "What makes SOA work is policy-driven management and control. They totally delivered on that," she added.
AmberPoint 5.0 also adds new pre-built agents that provide visibility and control over non-SOAP elements such as database management systems, EJB (Enterprise JavaBeans) and JMS, as well as Web services platforms from BEA Systems Inc., IBM, JBoss Inc. and Microsoft Corp.
Users can also extend agents to provide visibility into custom services, middleware, and third-party components such as blade servers and transports.
The release also adds a new security system that represents "a big expansion in the kinds of security policies we can enforce," Horst said.
Along with an extensive library of security policies, the security system supports standards such as Web Services-Security 1.0 and SAML (Security Assertion Markup Language) 1.1. It also integrates with third-party security systems based on LDAP and with the IBM Tivoli Access Manager.
A new GUI in the security system simplifies security policy definition and provides visibility into "where checkpoints are and where encryption occurs," making security violations easier to spot, Horst said.
AmberPoint also boosted the performance of its software in the latest release. It is twice as fast at handling single-threaded requests and five times faster at handling multi-threaded requests.
The new release is due by years end.