76 M IDDLEWARE N ETWORKS: C ONCEPT, D ESIGN AND D EPLOYMENT 2. Deploy mandatory and guaranteed network services, such as active user and service directory as opposed to voluntary services offered by users or corporations, such as hosting that the network must guarantee, and 3. Develop a standard and open service supporting network middleware that imple - ments the set of agreed upon capabilities and exports appropriate interfaces on which services can be developed, deployed, and managed In this chapter we take a closer look at these three issues dealing with development and delivery of network - enabled and online services. We describe the problems, the opportunities for a new solution, and the benefits of the solution to the users, the cor - porations, the information content and service providers, and the network operators. As we indicated in the Introduction, there is a broader issue here dealing with how and where such a solution should be deployed. Although the incentive comes from the Internet, the focus is not on the Internet itself. The Internet is driven by free market forces that do not react well to the imposition of new and untried standards. This is a self - regulating protection mechanism that partially led to its current success. The focus should rightfully be on the restructuring of privately owned and managed service network such as they exist in carrier networks, university campuses, enterprise net - works, ISPs and ASPs. These network islands are the hot spots where most of the Inter - net activity originates or terminates. These are the places that can be reengineered or that can be constructed in a green - field environment to comply with service platform standards. They are also the places that can demonstrate to the rest of the Internet the successes or failures of deploying the proposed solution. Before proceeding, we clarify some common terms used throughout this text. For instance, we speak of services and platforms which are heavily overloaded terms in the industry. Unless we precisely define these terms confusion may result in applying the terms outside their intended context. The most important terms are application, ser - vice, and offer: Application An application is any computer tool and its supporting resources, data, and interfaces employed by users. Here we are concerned mainly with net - work - enabled applications. These can be either client tools or servers. An email client, a web browser, or a document server are examples of network - enabled applications. Service This refers to application services as opposed to network fabric services such as QoS or VPNs. A service is any bundled collection of applications that comprises a specific policy and that can be accessed by a single IP address, port number, and protocol; a service is a registered server applica - tion(s). Some examples of services include chat services, web hosting ser - vices, and electronic commerce services. TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 77 Offer An offer is a service provided by ISPs and carriers consisting of a complete set of business services. This includes the supporting customer care and billing services. Examples include hosting and IP telephony offers. The following terms refer to the implementation of services and offer: Interface An interface is a connection and interaction between hardware, software and users. Different types of interfaces exist between different kinds of components comprising the user interface between users and computers, application programming interfaces ( APIs) between various software lay - ers but primarily between applications and the underlying system, and communication interfaces between distributed systems dictated by spe - cific protocols. Protocol A protocol comprises the rules for inter - component communication. It includes a syntax to format data, a semantics on coordination and error handling, as well as timing for control of sequence and speeds. Protocols operate over many layers. For example, IP is a link - layer communication protocol. NNTP, SMTP, CIFS, and HTTP are application - layer protocols. Component A component is an application providing specific functionality to a larger system or an offer. We also equate this term with essential services of a plat- form such as an email component. An environment is a specification configuration for a collection of software or hardware. Environment System A system is a collection of components that perform a certain task operat - ing within a specific environment. A system’s value is in its capabilities offered to the compliant applications and in insulating the applications from the underlying hardware and network components. Capability A capability refers to a specific feature of a system. A component of a sys - tem implements various capabilities offered by that system. Middleware Middleware here refers to a network operating system that supports appli - cations. Middleware is seen as both the supporting system and the applica - tion programming interfaces (APIs) that provide functionality to the applications. TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 78 M IDDLEWARE N ETWORKS: C ONCEPT, D ESIGN AND D EPLOYMENT Platform A platform is a system in the form of middleware bundled with essential offers and providing a development environment for developing new and integrating existing services and applications. Trust is a technical word, one that is subject to varying definitions in spe - cific contexts. Attempts to rigidly define “trust’ will instead establish stan - dards for security, and provide methods to evaluate these standards. For example, the Trusted Computer Security Evaluation Criteria (known as the “Orange Book”) defines many different levels of trusted computer systems. In general, trust indicates that the systems’ administrators are willing to allow some kind of access, for example the sharing or alteration of infor - mation. The establishment of trust typically includes administrative per - missions and leverages cryptographically secure methods. These methods can establish identities, and provide various secure services. Trust Non - repudiation Non - repudiation establishes the unique source or entity to which an action is attributable. There is a distinction between technical non - repudiation and legal non - repudiation. Technical non - repudiation assumes the algo - rithms and systems work correctly; for example, the private key has not been compromised in an asymmetric - key cryptosystem. Legal non - repudi - ation supports these assumptions; for example to establish that no one else had the private key; this is an issue for Laws and Courts that this text does not venture into. 3.1 The Market for Online Services The market for network - enabled and online services is large and fast growing; the demand for these services by businesses and consumers is seemingly insatiable. As well, the associated media attention has spawned tremendous industry interest, finan - cial investment, and business opportunity. Forecasts predict fast growth in every sub sector of network - enabled and online ser - vices: access, hosting, electronic commerce, and intelligent communications. Busi - nesses look to the “online” market as a mechanism to either provide better value or expanded business reach. They expect that network - enabled and online services will increase top line revenue growth and/or lower bottom line costs and expenses. • Cheaper distribution channels and methods, access to broader, global markets, and expanded services are mechanisms to achieve more revenue (as shown in Figure 3 - 1). TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. T HE M ARKET FOR O NLINE S ERVICES 79 Figure 3 - 1: Building Global Markets • Online product distribution, lower marketing costs and cheaper services are paths to better manage costs – both expenses as well as capital Network - enabled and online services can be segmented into four sectors: access, host - ing, electronic commerce, and intelligent communications. • Access is defined as software, hardware, and services for the ability to connect to and then use any data space – typically the “Internet” • Hosting is usually the capability to aggregate content and present it through a single venue. However, this content can be single, specialized services, or aggre - gated, broad consumer - oriented services such as America On Line (AOL) or Prodigy • Electronic Commerce is defined as support of secure, transaction - oriented activ - ities across networks such as electronic distribution, banking and finance capa - bilities; catalog sales, collaboration, software distribution, Cybercash, home - banking, electronic document interchange (EDI), electronic and fax mail, or work flow • Intelligent Communications is the integrated (and intelligent) utilization of com - munications with and across other common information sources and devices (phone/voice, data, cellular, pagers, hand - helds, fax, etc.). From this base of PCs and telephony, the set - top “platform” becomes an easy extension. Examples include integrated multimedia phone, integrated wireless/cellular communica - tions, personal digital assistants (PDA), pagers, conference linkages, translation services (language and data), and conversion services (voice - to - email, email - to - voice) TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 80 M IDDLEWARE N ETWORKS: C ONCEPT, D ESIGN AND D EPLOYMENT 3.2 Issues with the Development and Delivery of Network - Enabled and Online Services However, given the technology that is available today, network carriers and Content Providers are increasingly unable to provide the kinds of network - enabled and online services that businesses and consumers are demanding: • Network - enabled and online services typically consist of (a) an underlying pro - prietary administrative service infrastructure and (b) value - added content. The administrative service infrastructure consists of those services which enable the value - added content to be delivered such as registration, authentication, cus - tomer care, or billing Currently, there is no available “off - the - shelf” administrative service infrastruc - ture to run online services. This infrastructure has had to be developed – from scratch – for each new online service (as well as the existing content for the online service) Network carriers and Content Providers have found that the development of this administrative infrastructure dramatically increases the cost and significantly delays the delivery of the value - added content to businesses and consumers This approach, both incredibly expensive and time - consuming, may cause con - tent providers to miss market windows (and lose any “first mover” advantages) • Developed apart from telephone and digital video services provided by network carriers, most network - enabled and online services lack integration with the most fundamental network - enabled and online service – the consumer’s tele - phone for voice and video services. Today’s problems will become magnified as new data types such video, fax, expanded voice, and bandwidth - on - demand are added to the complexities of tomorrow • Finally, even when developed, network - enabled and online services are typically not “carrier grade”; that is, designed for scaling to profitable volume. In most cases, this has proven to be very difficult as quality of service (predictable high performance with consistent reliability) deteriorates significantly when the number of consumers grows large Providing services to hundreds of thousands – even millions – of consumers around the world is a very complex and difficult task. Today’s solutions, given today’s client - server technology architecture, is to over - provi - sion. Often, addition of more machines requires more human resources as well. This cuts into operating profit and margins. TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. I SSUES WITH THE D EVELOPMENT AND D ELIVERY OF N ETWORK- E NABLED AND O NLINE S ERVICES 81 3.2.1 Implications of these Issues These issues with the development and delivery of network - enabled and online ser - vices have had several implications for network carriers and consumers. 1. The result has been network - enabled and online services that, to date, have been unable to provide the value that businesses and consumers have wanted. Today’s solutions are offered as individual, “point” solutions and have little “integration” capabilities such as the ability to technically interoperate or “semantically” link con - tent with other solutions. From the Consumer’s point of view, network - enabled and online services require additional telephone lines (when used extensively), have inconsistent performance, and lack satisfactory safety and security for electronic commerce. The services are sometimes difficult to install; for example, loading a new service may disrupt an existing service. With each having a separate, proprietary account registration process, the services are often difficult to learn. The services are standalone and non - interoperable; information from multiple services cannot be easily interconnected 2. Clearly, in spite of problems, these services are looked to by the market with great anticipation. Today, network carriers may already carry some portion of this con - tent provider’s network traffic. However, in many cases, this traffic fails to leverage the network carrier’s primary assets – voice capabilities More importantly, these services are being conceived, delivered, and managed out - side the partnership with the network carrier. This increasingly places the network carrier in the role of being a “tactical” provider of transport services and not as a strategic partner. Long term, network carriers could potentially lose their most valuable asset – their customer base The resulting market is advancing at an uneven pace, sometimes racing faster than the technologies can follow, and other times proceeding unevenly, too slowly, and too expensively. Many problems still defy cost - effective solutions. 3.2.2 Network - Enabled and Online Services Architecture To help solve these problems and enable network carriers and ASP’s to become strate - gic providers, two areas must be reviewed: the current network architecture that is being used to deliver the network - enabled and online services as well as the future market requirements for these services. Currently, the network architecture for delivering network - enabled and online services is client - server. Client - server features intelligent end points that communicate over a non - intelligent network (refer to Figure 3 - 2): • The server endpoint provides the services with both the administrative service infrastructure as well the as service content. The infrastructure is the set of core TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 82 M IDDLEWARE N ETWORKS: C ONCEPT, D ESIGN AND D EPLOYMENT Figure 3 - 2: First Generation Architecture for Network - Enabled Services administrative functions that enable the service content to be provided: registra - tion, billing, security, authentication, tracking/reporting, customer care, net - work care, etc. • Without the ability to leverage a commonly available, easily accessible, and reus - able administrative service infrastructure, each content provider has had to develop its own proprietary set of core administrative functions. Content provid - ers often reinvent their administrative infrastructure for each new application • The client endpoint provides the user interface to access the service content; in most cases, the user interface is different from any other content provider’s user interface • The non - intelligent network simply transports messages to and from the servers and clients Even if content providers could somehow overcome the above limitations, in the future these network - enabled and online content providers will face additional market requirements. • First, the explosion in classes of services – data, video, fax, voice, bandwidth on demand, etc.– dramatically increases the technical complexity of reliably deliver - ing network - enabled and online services to millions of consumers • Second, the speed of market entry on a globally competitive basis will necessar - ily mean constant demands on lowering prices and increasing features • Third, the growing base of experienced consumers will increase the sophistica - tion of their expectations; consumers will be demanding capabilities that have not, as yet, been thought of TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. I SSUES WITH THE D EVELOPMENT AND D ELIVERY OF N ETWORK- E NABLED AND O NLINE S ERVICES 83 For content providers, the implications of these problems are also substantial. First, content providers who want to deliver new network - enabled and online services are finding that to build, install, and maintain a new service is expensive, time - consuming, and laborious: • There is no available, off - the - shelf core infrastructure (registration, consolidated billing, security, authentication, tracking/reporting, customer care, network care, etc.) on which to build a new service and then make the service universally available • These new services lack voice and data integration, worldwide availability, and integration with other services. Second, with the number of subscribers growing quickly, “successful” new network - enabled and online services must quickly scale to increase coverage. Lacking the ability to scale automatically, the systems are manifest with technical problems such as: per - formance degradation, unpredictable response, and increased unreliability. Today’s solution to scaling problems means adding more server machines: more people are needed to tend the machines. This erodes the profit margin. 3.2.3 The Opportunity for Network Carriers For network carriers, against the economic backdrop of increased competition, dereg - ulation, commoditized pricing, and the emergence of new forms of communications (packet - voice, satellite, cable, cellular), the implications of these problems are signifi - cant. In many cases, network - enabled and online services are being delivered to consumers completely outside of the network carriers physical network. Increasing volumes of data traffic are residing outside the network carrier’s domain; in the future, long - dis - tance voice communication, through packet voice, will be achieved outside the net - work carrier as well. When the network carrier’s physical network is used, the client - server architecture reduces the network carrier to being a non value - added transport only. The network carrier’s underlying physical network assets provide strategic advantage when inte - grating voice, data, and other sophisticated capabilities (as shown in Figure 3 - 3). This advantage should be leveraged to reduce the cost of Internetworking. • First, since network carriers enjoy a “trusted service provider” relationship with businesses and consumers, network carriers are ideal partners for content pro - viders • Second, network carriers can provide voice, data, and other related sophisticated capabilities for content providers in a well understood, commonly accepted, standardized architecture TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 84 M IDDLEWARE N ETWORKS: C ONCEPT, D ESIGN AND D EPLOYMENT Figure 3 - 3: Merging the Internet and International Telephone Systems • Third, network carriers have the capability to work with other global network carriers – around the world – to enable new services to be delivered globally. (This is analogous to network carriers originally pioneering integration and interoperability with other voice networks [such as US and Germany] through the development of the common signaling network) • Lastly, network carriers have the engineering skill sets and talent pools, and understand the problems and complexities of global networking 3.3 A Solution: IP Service Platform A solution we offer in this book is to take a complete approach of Smart nodes coupled with smart networking. The complete approach positions the network as performing necessary computational support for distributed and online applications. It should provide for multilateral secu - rity, scalable performance, and routine manageability. This requires a reengineered network that supports an IP service platform both in the network and at its edges (see Figure 3 - 4). To distinguish existing networks that do not use this approach with those that are based on it, we will refer to networks with our approach as a cloud. From now on, when we refer to a cloud we are referring to TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. A S OLUTION: IP S ERVICE P LATFORM 85 Figure 3 - 4: Reengineering of the Network - Computing Architecture A network operating system and a network architecture that supports our pro - posed principles. The next chapter outlines the requirements that the IP Service Platform must satisfy, and the principles we use for the design and implementation of our proposed architec - ture. A cloud, as a concept, is the enabling software that provides a reusable, sharable intelli - gent “service” platform for network - enabled, online service applications. As software, its role is that of network middleware; it lives between the physical network topology and the associated online applications. In effect, it creates a “logical” network of ser - vices and capabilities living between the applications and the actual transport mecha - nisms (see Figure 3 - 5). A cloud provides off - the - shelf, open components that make it is easy for a network car - rier, as well as ISPs and ASPs, to build and operate a value - added digital network. The resulting network is based on standard protocols; is compatible with existing Internet application products; and is able to interoperate with other standard networks, includ - ing the International Telephone Network! Clouds can be linked together to handle any combination of network sizes and possible configurations, as we describe later. Intelligent networks should offer a set of services which the online applications utilize as components. For example, a cloud should provide a commonly available, easily accessible, and reusable service infrastructure for all core administrative functions such as registration, consolidated billing, security, authentication, tracking/reporting, TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... with the network middleware Some traffic between them does not have to go through the middleware It may route through the untrusted connection that rides on the Internet This bypasses the security, and it also bypasses all other functions of the new network middleware Jane now understands why all traffic must pass through the middleware network in order receive the full benefits of the middleware She... Wine What if they become members of the middleware network? Stirring her tea, she decides they may buy her wine as long as they pay for it Since the Coalition cannot forge someone else’s identity (or even repudiate their own), they can be held strictly accountable for all orders they place The middleware net- TEAM LinG - Live, Informative, Non-cost and Genuine! 94 MIDDLEWARE NETWORKS: CONCEPT, DESIGN... dandelions, so she’s not eager to move it) She thinks of an inexpensive private line into the middleware, but would prefer a software solution that doesn’t TEAM LinG - Live, Informative, Non-cost and Genuine! 96 MIDDLEWARE NETWORKS: CONCEPT, DESIGN AND DEPLOYMENT increase her costs She also wonders why the middleware network keeps talking about protocol mediation as a service enhancement She adds a... as Stores on the Middleware Network A general server can run either on the Internet (as a server) or on the middleware network (as a store-based service, as shown in Figure3-11) Clients on the Internet authenticate to the network, and their traffic passes through the Internet The storebased services have a physically protected network connection and hardware-based routing through the middleware network... exclude people who have not yetjoined the middleware network She also realizes that presence on the public Internet will remain an important aspect of her sales What can she do about this? At first, it seems nearly enough to send her back to risky, unmanaged world of thepublic Internet Jane now understands why there are three kinds of services supported by the middleware: full-public, cloud-public, and... unsecured data The traffic mixture occurs because IP does not require any specific kind of routing Jane receives reliable services from the network middleware, but the traffic is still vulnerable Jane’s membership does not completely shield her from non -middleware traffic, and she continues to receive threatening digital packages from the Coalition Jane’s site is on the Internet, the Coalition is on... weaknesses through specialized mangling and forgery, as well as more sophisticated traffic hijackings Jane has heard about the new middleware network, especially how easy it is to implement So, she takes the plunge, installs a certified peer, and connects her system with the middleware network Things seem much better Jane settles down for a cup of dandelion tea (the new wine is not readyyet) Her system... like the illustration in Figure 3-9 While sipping her tea, Jane leafs through the catalog of services available to the middleware users Value-added services include billing, credit transactions, and even suppliers of fermentation equipment Each user belongs to the polite society of the middleware network Simple graphical interfaces let her publish her subscriptions to services Jane reads about a special... batch of wine and hopes for a vintage year One example is protocol mediation, where the middleware enhances the data traffic, for example by providing a service to the data stream Jane and her cohorts immediately purchase a secure IPSec “tunnel router” on their systems, and their traffic goes directly into the middleware network We have ruggedized the sites with a protected data tunnel, and provided... but the server is still physically connected to the Internet Full-public traffic continues over the basic Internet Protocol (IP), and cannot be compelled to route through the middleware network Their traffic does not enter the middleware network, and cannot take advantage of it The safest solution places the server in a physically protected location, with routing on a private network This network could . capabilities offered by that system. Middleware Middleware here refers to a network operating system that supports appli - cations. Middleware is seen as both the. network middleware. Jane now understands why all traffic must pass through the middleware net - work in order receive the full benefits of the middleware.