Monday, July 3, 2017

Fix for iOS host name verification failed issue.


If you get the following error when installing the certificates for iOS configurations to WSO2IOT server, please replace " localhost" with your <SERVER_IP> with <IoT_HOME>/repository/deployment/server/synapse-configs/default/api/


[2017-02-02 20:17:21,548] [IoT-Core] ERROR - TargetHandler I/O errorHost name verification failed for host : localhost
javax.net.ssl.SSLException: Host name verification failed for host : localhost
at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:171)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:308)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:745)
[2017-02-02 20:17:21,561] [IoT-Core]  WARN - EndpointContext Endpoint : admin--IOSDeviceManagement_APIproductionEndpoint_0 with address https://localhost:9443/ios-enrollment/profile will be marked SUSPENDED as it failed
[2017-02-02 20:17:21,562] [IoT-Core]  WARN - EndpointContext Suspending endpoint : admin--IOSDeviceManagement_APIproductionEndpoint_0 with address https://localhost:9443/ios-enrollment/profile - current suspend duration is : 30000ms - Next retry after : Thu Feb 02 20:17:51 IST 2017

Friday, June 30, 2017

Getting started with WSO2 Device Cloud APIs

Introduction
WSO2 Device Cloud is the latest addition to WSO2’s Cloud offering. It aims to provide device integration and management to rest of the WSO2 cloud. As of now, it allows integrating and managing Android & iOS powered devices. Device Cloud offers an UI to manage connected devices.

Screen Shot 2017-06-02 at 11.59.30 PM.png
Fig 1: Device Management Dashboard Page on Device Cloud

Screen Shot 2017-06-03 at 12.04.45 AM.png

Fig 2: Listing of all registered devices

But the functionality is not limited to a web application. All device management capabilities are offered as OAuth2 protected REST APIs as well.  

This tutorial explains how to make programmatic use of these APIs. In order to proceed with examples, you need to have a WSO2 Cloud account (https://cloud.wso2.com).  If you do not possess an account please use the following url to register one.


 API Store
All apis related to device management are available in the API Store part of WSO2 Cloud.

Screen Shot 2017-06-02 at 11.44.07 PM.png

These APIs fall under two categories.

  1. Device Management APIs
    The API on the IoT server which is used to manage the device such as “getDevices”, “getPolicies”. Device types related admin services such as executing an operation on a devices also include in this category. These are available for both device types supported (ios and android).
    Call direction; Mgt App -> API -> Device
  2. Device Agent APIs
    The API on the IoT server that the device agent calls. Android devices will invoke “Android Device Management” (getPendingOperations) and iOS devices communications happens without subscribing and different from android communication flow. And iOS uses different authorization mechanism than Android.
    Call direction; Device -> API -> Device plugin

 Device Management APIs

APIs related to administrative tasks are available under the tag “device_management”


Device Agent APIs



How to obtain an access token?

All the admin and device APIs (Except iOS device → server communication apis) are protected with OAuth, therefore to invoke any API, request should consist the oauth header.

Please follow the following steps to obtain the token.

Step 1:

First step is to create an oauth application to call admin apis. This will return you client_id and client_secret.

curl -k -X POST https://gateway.api.cloud.wso2.com/api-application-registration/register -H 'authorization: Basic [Base64encode(username@company_name:password)]' -H 'content-type: application/json' -d '{ "applicationName":"TestApplication", "isAllowedToAllDomains":false, "tags":["device_management"]}'

Please refer the following example. If your username is “example@wso2.com” and your company name is “wso2” and password is “123456”, curl request will be as follows.

Step 1  Example:
curl -k -X POST https://gateway.api.cloud.wso2.com/api-application-registration/register -H 'authorization: Basic ZXhhbXBsZUB3c28yLmNvbUB3c28yOjEyMzQ1Ng==' -H 'content-type: application/json' -d '{ "applicationName":"TestApplication", "isAllowedToAllDomains":false, "tags":["device_management"]}'

Response will be as follows

{"client_secret":"xxxxxxxxxxxxxxxxxxxx","client_id":"xxxxxxxxxxxxxxxxxxxx"}

Step 2 :

Second step is to get the access token in order to invoke APIS. Please use the following commands to retrieve the access token. Scopes used in this commands represents the permissions of the user to invoke the apis. If the invoking user does not have relevant permission, it will only return an oauth token with related permissions only. You can pick and choose the scopes you need to use.

curl -v -k -d "grant_type=password&username={username@company_name}&password={password}&scope=perm:sign-csr perm:admin:devices:view perm:roles:add perm:roles:add-users perm:roles:update perm:roles:permissions perm:roles:details perm:roles:view perm:roles:create-combined-role perm:roles:delete perm:dashboard:vulnerabilities ………………..." -H "Authorization: Basic [Base64encode(client_id:client_secret)]" -H "Content-Type: application/x-www-form-urlencoded" https://gateway.api.cloud.wso2.com/token

Please refer following example.

Step 2 Example:


curl -v -k -d "grant_type=password&username=example@wso2.com@wso2&password=123456&scope=perm:sign-csr perm:admin:devices:view perm:roles:add perm:roles:add-users perm:roles:update perm:roles:permissions perm:roles:details perm:roles:view perm:roles:create-combined-role perm:roles:delete perm:dashboard:vulnerabilities perm:dashboard:non-compliant-count perm:dashboard:non-compliant perm:dashboard:by-groups perm:dashboard:device-counts perm:dashboard:feature-non-compliant perm:dashboard:count-overview perm:dashboard:filtered-count perm:dashboard:details perm:get-activity perm:devices:delete perm:devices:applications perm:devices:effective-policy perm:devices:compliance-data perm:devices:features perm:devices:operations perm:devices:search perm:devices:details perm:devices:update perm:devices:view perm:view-configuration perm:manage-configuration perm:policies:remove perm:policies:priorities perm:policies:deactivate perm:policies:get-policy-details perm:policies:manage perm:policies:activate perm:policies:update perm:policies:changes perm:policies:get-details perm:users:add perm:users:details perm:users:count perm:users:delete perm:users:roles perm:users:user-details perm:users:credentials perm:users:search perm:users:is-exist perm:users:update perm:users:send-invitation perm:admin-users:view perm:groups:devices perm:groups:update perm:groups:add perm:groups:device perm:groups:devices-count perm:groups:remove perm:groups:groups perm:groups:groups-view perm:groups:share perm:groups:count perm:groups:roles perm:groups:devices-remove perm:groups:devices-add perm:groups:assign perm:device-types:features perm:device-types:types perm:applications:install perm:applications:uninstall perm:admin-groups:count perm:admin-groups:view perm:notifications:mark-checked perm:notifications:view perm:admin:certificates:delete perm:admin:certificates:details perm:admin:certificates:view perm:admin:certificates:add perm:admin:certificates:verify perm:ios:enroll perm:ios:view-device perm:ios:apn perm:ios:ldap perm:ios:enterprise-app perm:ios:store-application perm:ios:remove-application perm:ios:app-list perm:ios:profile-list perm:ios:lock perm:ios:enterprise-wipe perm:ios:device-info perm:ios:restriction perm:ios:email perm:ios:cellular perm:ios:applications perm:ios:wifi perm:ios:ring perm:ios:location perm:ios:notification perm:ios:airplay perm:ios:caldav perm:ios:cal-subscription perm:ios:passcode-policy perm:ios:webclip perm:ios:vpn perm:ios:per-app-vpn perm:ios:app-to-per-app-vpn perm:ios:app-lock perm:ios:clear-passcode perm:ios:remove-profile perm:ios:get-restrictions perm:ios:wipe-data perm:admin perm:android:enroll perm:android:wipe perm:android:ring perm:android:lock-devices perm:android:configure-vpn perm:android:configure-wifi perm:android:enroll perm:android:uninstall-application perm:android:manage-configuration perm:android:location perm:android:install-application perm:android:mute perm:android:change-lock-code perm:android:blacklist-applications perm:android:set-password-policy perm:android:encrypt-storage perm:android:clear-password perm:android:enterprise-wipe perm:android:info perm:android:view-configuration perm:android:upgrade-firmware perm:android:set-webclip perm:android:send-notification perm:android:disenroll perm:android:update-application perm:android:unlock-devices perm:android:control-camera perm:android:reboot perm:android:logcat" -H "Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -H "Content-Type: application/x-www-form-urlencoded" https://gateway.api.cloud.wso2.com/token

This returns response as following.

{"access_token":"xxxxxxxxxxxxxxxxxxxxxxx","refresh_token":"xxxxxxxxxxxxxxxxxxxxxx","scope":"perm:admin-groups:count perm:admin-groups:view perm:admin-users:view perm:admin:certificates:add perm:admin:certificates:delete perm:admin:certificates:details perm:admin:certificates:verify perm:admin:certificates:view perm:admin:devices:view perm:android:blacklist-applications perm:android:change-lock-code perm:android:clear-password perm:android:configure-vpn perm:android:configure-wifi perm:android:control-camera perm:android:disenroll perm:android:encrypt-storage perm:android:enroll perm:android:enterprise-wipe perm:android:info perm:android:install-application perm:android:location perm:android:lock-devices perm:android:logcat perm:android:manage-configuration perm:android:mute perm:android:reboot perm:android:ring perm:android:send-notification perm:android:set-password-policy perm:android:set-webclip perm:android:uninstall-application perm:android:unlock-devices perm:android:update-application perm:android:upgrade-firmware perm:android:view-configuration perm:android:wipe perm:applications:install perm:applications:uninstall perm:device-types:features perm:device-types:types perm:devices:applications perm:devices:compliance-data perm:devices:delete perm:devices:details perm:devices:effective-policy perm:devices:features perm:devices:operations perm:devices:search perm:devices:update perm:devices:view perm:get-activity perm:groups:add perm:groups:assign perm:groups:count perm:groups:device perm:groups:devices perm:groups:devices-add perm:groups:devices-count perm:groups:devices-remove perm:groups:groups perm:groups:groups-view perm:groups:remove perm:groups:roles perm:groups:share perm:groups:update perm:ios:airplay perm:ios:apn perm:ios:app-list perm:ios:app-lock perm:ios:app-to-per-app-vpn perm:ios:applications perm:ios:cal-subscription perm:ios:caldav perm:ios:cellular perm:ios:clear-passcode perm:ios:device-info perm:ios:email perm:ios:enroll perm:ios:enterprise-app perm:ios:enterprise-wipe perm:ios:get-restrictions perm:ios:ldap perm:ios:location perm:ios:lock perm:ios:notification perm:ios:passcode-policy perm:ios:per-app-vpn perm:ios:profile-list perm:ios:remove-application perm:ios:remove-profile perm:ios:restriction perm:ios:ring perm:ios:store-application perm:ios:view-device perm:ios:vpn perm:ios:webclip perm:ios:wifi perm:ios:wipe-data perm:manage-configuration perm:notifications:mark-checked perm:notifications:view perm:policies:activate perm:policies:changes perm:policies:deactivate perm:policies:get-details perm:policies:get-policy-details perm:policies:manage perm:policies:priorities perm:policies:remove perm:policies:update perm:roles:add perm:roles:add-users perm:roles:create-combined-role perm:roles:delete perm:roles:details perm:roles:permissions perm:roles:update perm:roles:view perm:users:add perm:users:count perm:users:credentials perm:users:delete perm:users:details perm:users:is-exist perm:users:roles perm:users:search perm:users:send-invitation perm:users:update perm:users:user-details perm:view-configuration","token_type":"Bearer","expires_in":3600}

In this response, user will receive “access_token” and “refresh_token”. Access token is valid for one hour.

Please note : You can find steps to get these scopes from https://docs.wso2.com/display/DeviceCloud/Getting+the+Scope+Details+of+an+API

Step 3:

Access token will be expired in one hour. After expiration user can use refresh token to get new access token.

curl -k -d "grant_type=refresh_token&refresh_token=[refresh token received before]&scope=PRODUCTION" -H "Authorization: Basic [Base64encode(client_id:client_secret)]" -H "Content-Type: application/x-www-form-urlencoded" https://gateway.api.cloud.wso2.com/token

Please refer the following sample request.

Step 3 - Example :


curl -k -d "grant_type=refresh_token&refresh_token=77xxxxxxxxxxxxxxxxxxxxxxxxxxxx8b&scope=PRODUCTION" -H "Authorization: Basic Q2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBh" -H "Content-Type: application/x-www-form-urlencoded" https://gateway.api.cloud.wso2.com/token

This will return following response.

{"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","refresh_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","scope":"perm:admin-groups:count perm:admin-groups:view perm:admin-users:view perm:admin:certificates:add perm:admin:certificates:delete perm:admin:certificates:details perm:admin:certificates:verify perm:admin:certificates:view perm:admin:devices:view perm:android:blacklist-applications perm:android:change-lock-code perm:android:clear-password perm:android:configure-vpn perm:android:configure-wifi perm:android:control-camera perm:android:disenroll perm:android:encrypt-storage perm:android:enroll perm:android:enterprise-wipe perm:android:info perm:android:install-application perm:android:location perm:android:lock-devices perm:android:logcat perm:android:manage-configuration perm:android:mute perm:android:reboot perm:android:ring perm:android:send-notification perm:android:set-password-policy perm:android:set-webclip perm:android:uninstall-application perm:android:unlock-devices perm:android:update-application perm:android:upgrade-firmware perm:android:view-configuration perm:android:wipe perm:applications:install perm:applications:uninstall perm:device-types:features perm:device-types:types perm:devices:applications perm:devices:compliance-data perm:devices:delete perm:devices:details perm:devices:effective-policy perm:devices:features perm:devices:operations perm:devices:search perm:devices:update perm:devices:view perm:get-activity perm:groups:add perm:groups:assign perm:groups:count perm:groups:device perm:groups:devices perm:groups:devices-add perm:groups:devices-count perm:groups:devices-remove perm:groups:groups perm:groups:groups-view perm:groups:remove perm:groups:roles perm:groups:share perm:groups:update perm:ios:airplay perm:ios:apn perm:ios:app-list perm:ios:app-lock perm:ios:app-to-per-app-vpn perm:ios:applications perm:ios:cal-subscription perm:ios:caldav perm:ios:cellular perm:ios:clear-passcode perm:ios:device-info perm:ios:email perm:ios:enroll perm:ios:enterprise-app perm:ios:enterprise-wipe perm:ios:get-restrictions perm:ios:ldap perm:ios:location perm:ios:lock perm:ios:notification perm:ios:passcode-policy perm:ios:per-app-vpn perm:ios:profile-list perm:ios:remove-application perm:ios:remove-profile perm:ios:restriction perm:ios:ring perm:ios:store-application perm:ios:view-device perm:ios:vpn perm:ios:webclip perm:ios:wifi perm:ios:wipe-data perm:manage-configuration perm:notifications:mark-checked perm:notifications:view perm:policies:activate perm:policies:changes perm:policies:deactivate perm:policies:get-details perm:policies:get-policy-details perm:policies:manage perm:policies:priorities perm:policies:remove perm:policies:update perm:roles:add perm:roles:add-users perm:roles:create-combined-role perm:roles:delete perm:roles:details perm:roles:permissions perm:roles:update perm:roles:view perm:users:add perm:users:count perm:users:credentials perm:users:delete perm:users:details perm:users:is-exist perm:users:roles perm:users:search perm:users:send-invitation perm:users:update perm:users:user-details perm:view-configuration","token_type":"Bearer","expires_in":3600}


One refresh token can used once. User cannot use the same refresh token twice to generate the access token. If that calls breaks due to any reason, user has to use 2 method (password grant type) to generate the access token.



How to invoke APIs?

Invoking APIs will be straightforward after getting the access token from above methods. Please refer following sample api calls. You can find more informations of the available APIs as swagger contracts.

Retrieving device list


curl -v -k -X GET -H 'authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxx' ‘https://gateway.api.cloud.wso2.com/api/device-mgt/v1.0/devices/1.0.0

Send Message To Android Devices


curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxx' -d '{  "deviceIDs": ["799427f59da282b8","33333"], "operation": {"messageText": "Test Message","messageTitle": "Test Title"}}' 'https://gateway.api.cloud.wso2.com/api/device-mgt/android/v1.0/admin/devices/send-notification'

Ring the devices

curl -v -k -X POST -H 'Authorization: Bearer 2c3e41a8-db85-3d67-a7b6-63517448af8c' -d '["799427f59da282b8", "5312k14212l12" ]' 'https://gateway.api.cloud.wso2.com/api/device-mgt/android/v1.0/admin/devices/ring' -H 'Content-Type: application/json'

Summary

This blog walks you through how to use Device Cloud APIs from WSO2’s Cloud. These APIs can be used to build your own dashboard or agent for devices.

Friday, July 1, 2016

COMPLETE GOVERNANCE WITH GREG, APIM & BAM


Introduction


Service oriented architecture (SOA) is best way to develop softwares (services) to achieve any business use case. But SOA requires higher level of coordination and collaboration between lot of teams within the particular enterprise, from business teams to IT (information technology) teams and as well as among other teams and departments.This coordination and collaboration can be achieved by implementing a proper SOA governance model which deals with task, processes and people for defining and managing how services are created, supported and managed.


Governance is somewhat a political issue than a technical issue. While technology focuses on the interfaces, protocols and specifications, the business worry about method of serving customer. But both the technical and business emphasis on requirements to satisfy customers. Governance involves in all those aspects even those are separate efforts and processes. Governance conforms that everyone involved in those aspects are working together which are not contradicting with each other to ensure the financial side of the business is achieved as well as customer is satisfied.

What is governance



Exercising governance in SOA (Service oriented architecture) means implementing a process to ensure that everything is done according to protocols, defined guidelines, best practises, controls, management, rules, responsibilities and other related factors. Effective SOA governance must consider people, processes, technologies, deliverables, QOS (quality of services) in the entire lifecycle from identifying the business use case of a service to implementing, testing, delivering and up to reuse and until service is retired or no longer usable.


SOA governance consists two phases.
  1. Design time governance
    This includes the process from identifying a business use case to developing and implementing it as service.
  2. Run time governance
    This includes the process from delivering the service to end users to consume and enforcing policies to manage and control who can access the service and what they can do with it.


Reason for having two phases in governance is enforcing policies and SLAs from the service itself is expensive and unmanageable. This will be discussed more in runtime governance section.

Why Governance



There are many reasons why proper governance is needed not only for SOA but also everything we do. If there is not proper planning involved with the project, there is a higher chance that project end up in chaos.


Let’s imagine of a situations where there is no SOA governance involved with service development. Suppose X is working in ABC financial institute. And he is in loan branch and he has implemented a service where customers can view their current loan balance. Someone (Let’s say Y) in the saving branch implements another service which can be used to view customer’s current account balance. Account balance should show the loan balance too. And Y does not know that there is an existing service which he can use to get the loan balance. So Y too implements a new service which shows loan balance without using the existing service that X created.


Someone (Lets say Z) in another department in ABC company start using X loan balance service in his application. That applications start sending heavy traffic to the X’s loan service and crashes the server. Now X starts getting calls from people he does not know of, and complains that loan balance service is not working. Now X finds out that there are a lot of people other than Z in ABC company who use his loan balance service in their applications. Now X is in big trouble because his service is not working. This causes ABC company to lose their revenue and also it’s credibility to sustain their business.


This is a very simple scenario which could happen in any company or enterprise in the world right now. When there is a lack of effective SOA governance, repetition of services, unknown people using services, over usage of resource and services can happen. This could lead to major financial losses to a company.


But when there is proper SOA governance process is involved in the service lifecycle, it increases the possibility of achieving business goals and objectives.


Some reasons for having proper SOA governance in place


  1. Shows well structured responsibility management to empower people
  2. Can easily measure the effectiveness
  3. Well defined rules, protocols and policies to meet the business goals
  4. Avoid the repetitions  and reuse of existing service.
  5. Mechanism to ensure specifications are followed to the details.

Design Time Governance

What is Design Time Governance



SOA design time governance is the process of enforcing rules and protocols from identifying the business and implementing it as service. This is related the design time service cycle. As you can see in the following diagram illustrate the design time life cycle.





SOA governance starts with identifying the business use case. Most probably this is done by business analyst or somebody who has domain knowledge in business. They analyze the modern business trends and find out business opportunities. They bridge the business problems to technology solutions.


Next stage of SOA governance lifecycle implementing the business requirement as services. This is typically done by the software developers. They should follow SOA architecture and specifications to develop those services. They must ensure that defined protocols, guidelines and rules are followed to the point.


Then implemented service(s) should tested by developers, they should create unit test, functional test and etc… to complete the testing.


Next phase of design time life cycle is QA testing. This is the stage which services are tested for validations (whether developed services fulfill the business requirement), performance test (checks how the load is handled by the service, maximum load before it crashes)


Next stage of the service is sending on production for consume. This is a critical moment where runtime governance starts come in to picture and there some decisions has to be taken such as


  • who can invoke the service ?
  • what they can do with it ?
  • How long the service will be available for consumption ?
  • How many request will be served in a given moment ?


Once the service(s) is in production, it belongs to runtime governance which will be discussed it the runtime governance section.


Final state of service lifecycle is retiring service(s) where it has come to a point that current implementation of the service is no longer valid  for current business requirements. Retirement can happen due to new versions of same service is implemented.

Use of tools in Design time Governance



To enforce proper design time governance we must use tools designed for that purpose. WSO2 GREG is a specially designed tool to cater these requirement. We capture the meta data of the service as everything we discussed so far. Such as

Runtime Governance



Why do we have a run time governance phase in the SOA governance. Answer is simple. It is very inefficient and ineffective to build runtime governance capabilities to service implementation itself. Let’s us examine what are the requirement in runtime governance phase. So we may better understand why it requires to separate runtime and design time governance


  1. Access control
    1. Authentication  - (Who can use the service)
    2. Authorization  - (What they can do with it)
  2. Logging
  3. Enforcing policies
  4. Versioning
  5. Statistics and Monitoring
    1. Response time
    2. Success and failure rates
    3. Per user usage
    4. Per service usage
    5. etc..
  6. etc… (This list is open ended)



As show in the above image service implementation must be separated from policy enforcement (runtime governance). If not runtime governance requirements have to be implemented with service itself. Then it becomes a nightmare to manage both service and runtime governance requirements. So separation of service and policy enforcement is the most suitable way to achieve runtime governance.

Monitoring and Statistic



This is the one of the most critical requirement in SOA runtime governance. This gives the service provider ability to measure the effectiveness of the services provided.

Designtime and Runtime Governance Together



Please consider the following image.



As you can see I have aggregated both the design time governance and run time governance together in a single image. A strangest thing to notice here is that runtime governance is used in four stages of design time governance.


The reason for this is runtime governance should not be implemented when the service is in production. It should be tested and verified in from the service implementation state to production state. So the policy enforcing should be done as soon as implementation of the service started. If it is not done in those states of the design time life cycle, there will be a lot of complication when applying them on the production state. And ramifications will bring a nightmare to devOps to correct the issues in SLA policies. Even those policies must go through the testing and validating criterias.

Use case



Let’s imagine a use case where a company needs a complete governance process. Company X is financial company, who are mainly focused on giving it’s customers, a full financial solution from saving, loans, managing funds and brokering. This company has hundreds of employees from business analyst to software engineers to devops. They do various tasks in service life cycle. Business analysts are responsible for analysing business and proposing solutions. Software engineers are responsible for implementing the proposed business solutions as services. Devops are responsible for delivering the services in efficient and reliable way.


So let’s imagine a case where there is a need of a service to view the current account balance. Following activities will be done and questions will be answered to provide this view account balance functionality as a service.


  1. Identify the use case -
    1. Why it is needed ?
    2. What is the gap this service will be filling ?
    3. How this will benefit the company revenue ?
    4. Is this a urgent requirement ?
    5. Is there any other services identical to this which fulfils the requirement ?
  2. Implement the requirement as a service -
    1. What is the language used to implement the service ?
    2. Is there a web service documentation ?
    3. Who is responsible for developing the service ?
    4. What is the service name and the version ?
  3. Developer test -
    1. Does the service works without breaking anything ?
    2. Has checked with a code compatibility tool ?
    3. Is error handling properly done ?
  4. QA Testing -
    1. Does the implemented service fulfil the business requirement ?  (acceptance test)
    2. Does the service works smoothly ? (functional testing)
    3. Is seamless integration with other services possible ? (integration test)
    4. How does the service reacts to a high load ? (Load test)
  5. Deploy on public server for public usage
    1. Enforcing of rules and policies. This will be discussed later .
  6. Retiring the service
    1. Is there anyone using this service or has everyone migrated to new version ?


Now we have an idea what are the details we need to capture in every state of the service life cycle. So we need some kind tool to record all of this data. This is the place for WSO2 product stack to play a role in this situation.


GREG is for design-time governance and APIM for run-time governance.
Let’s see how we can use both WSO2 GREG and WSO2 APIM for the above use case.

GREG



WSO2 GREG is product specially designed to provide the right level of governance for SOA. You can find more information about this in following url.
You can download  and try WSO2 GREG from this location


APIM



WSO2 APIM is a complete solution for managing apis, routing traffic, specially for managing the runtime governance.
The documentation about the recent release is available here
Latest WSO2 APIM product can be downloaded from this url

Integrated Solution



Please look at the following diagram. The deployment of both GREG and APIM will be as follows according to what we discussed in the article.




As shown in left side of the image there is a GREG cluster which is responsible for Design time governance. And there is a clusters of API Managers which are responsible for runtime governance.


Let me explain what is rationale behind the image.
GREG cluster used as the tool for managing meta data related to design time governance. It will store meta data related schemas, wsdls, apis, owners, urls, policies etc… and will be responsible for migrating the metadata between different design time life cycle status.
As seen in the image there are separate clusters of APIM in each environment. Those are acting as the runtime governance enforcers. Those will help the enforce SLAs to service consumers.
BAM (DAS) will be used as the monitoring tool which will keep track of usage related data.

As middleware company, WSO2 has full stack of products to support both design and runtime governance effectively.