Web Services Framework Administration Guide

Software Licensing Information:

The Web Services Framework, like any other product from the Infologica Fusion Suite, can be used for 30-days evaluation period. Before expiry you need to register your copy of the software to keep it active and functioning.
This can be done by opening the Infologica License Manager from the Start/Programs/Infologica Fusion menu. You will be presented with a list of Infologica Fusion products which have been installed, their serial number and their registration status.
By selecting which product you wish to register and entering the product-specific license key you can upgrade and fully activate the product without having to worry about the expiry of your evaluation copy. You can also obtain the Enterprise license for the entire Infologica Fusion Framework. This will enable all products from the Infologica Fusion product family suite.
Note: Both the License Manager and the Web Services Administration Console are shipped together with the Infologica Fusion SDK. You need to install the SDK before you can proceed to the next step.


Enterprise Services Administration:

Start the Enterprise Services Administration Console selecting the Start/Programs/Infologica Fusion/WebServices Administration menu.
The Enterprise Services Administration Console is a desktop client which communicates with the Infologica Fusion Administration Service using SOAP/Xml Protocol. By default the client is trying to locate the Administration service on the local machine. If the Infologica Fusion Administration Web Service URL is not found you will be prompted with the following dialog:
Specify the correct URL of the Fusion Administration Web Service which you have already installed by running Infologica WebServices Administration package. You should see the Infologica logon dialog screen if the connection with the server is established.
You can choose one of the web services environments (System, Development, UAT, Production, DMZ) to logon.
Logon to the system environment opens the user administration console where you can define the user membership policy incl. the role and access rights to the specific web service environment.
Logon to the Development, UAT or Production provides access to the environment-specific configuration settings for the web services, infrastructure services (adaptors) and client subscription policy.

Select the Development environment and login for the first time as admin without password. You will be prompted with the change password dialog. On successfull logon the Administration Web Service will send all meta information specific to the selected environment. The desktop client decrypts the envelope and renders the web service response:

Infologica Enterprise Services Management console divides all framework configuration settings into the 2 main groups:
  • Infrastructure services Bus (App)
  • Business Services Bus (Web)

Business Services Bus Administration:

The Business Services Bus settings are grouped into the services and clients sections .

The Services configuration section under the Administration/Web folder allows Framework Administrator to:
  • create, edit and publish discoverable end-points conformant to the Web Services standards
  • configure webservice access and schema validation rules
  • map webservices end-points to the internal business component services dynamically loading the operation definitions from the XSD schema
  • separatelly configure each operation processing mode (synchronous, queued, workflow-bound)
  • define the operation context role (initialiser, consumer, terminator, browser)
  • specify logging level (information, warning, error)
  • apply XSL transformation rule for the request and response message
The Enterprise Services Management Console allows to expose any business component implementing the Infologica Fusion IRequestHandler Interface as a Web Service. For example, in order to expose Infologica.App.MyBank component service as a web service, administrator creates a new web service end-point "MyBank" and enforces the authentication and schema validation policy:
Next, the framework administrator loads the service operation definition from the MyBank XML schema created with the Infologica Xsd Editor. Finally administrator maps each operation end-point to the corresponding business component method discovered with the Infologica Component Browser via the mechanism of reflection.

Using the next dialog the framework administrator separatelly configures each operation processing mode (synchronous, asynchronous, queued, workflow-bound), defines the operation context role (initialiser, consumer, terminator, browser) and specifies the XSL transformation rule for the request and response message (if any):

Note: If an operation is configured for queued or workflow processing, the framework returns the ticket and saves the request message for the background processing by the job scheduler or workflow engine. If an operation is configured for synchronous or asynchronous processing the framework executes request immediatelly and returns response to the client. From the client perspective both requests look synchronous. The difference is in the type of thread the framework is using for servicing the request:

In order to avoid the saturation of the CLR Thread Pool with the long-running non-CPU-bound operations, the framework provides the capability of the secondary thread pool. This allows to logically dispatch all requests through 2 independent thread pools, freeing up the original thread pool threads to service additional requests. To instruct framework for servicing request in the secondary thread pool administrator needs to change the operation processing mode from synchronous (default) to asynchronous. The best candidates for asynchronous operations could be the requests rerouted to another on-line internet services.

Using the Logging dialog administrator defines the service logging level(information, warning, error) and logging write mode (immediate or delayed). For performance reason framework uses the delayed mode (default option) to write to the log database after the invocation of the business component. If you need to debug your component you can select an immediate mode to output log information during the code execution.
Once the service end-point configuration is completed, we need to adjust the client subscription policy. The Clients configuration section under the Administration/Web allows Framework Administrator to:
  • create the new web services client identified by the alias name
  • configure the client authentication policy, choosing IP filtering or certificate authentication
  • define the client subscription policy which represents the mapping between the client identity and the list of selected web services
  • enforce the message encryption for message request and/or response.
Below is the example of the client authentication and subscription policy. Administrator creates the new client with the alias name TravelAgent identified by X.509 certificate. Administration console helps to resolve the certificate serial number from the public certificate file provided by client.
On the next step administrator just maps the TravelAgent client to the MyBank service created on the previous step. Finally administrator enforces the message encryption policy on request and response.


Infrastructure Services Bus Administration:

The Infrastructure Services Bus settings allow administrator to:
  • register and configure infrastructure service adapters/connectors
  • register all computers running the Web Services Framework and organise them into the logical clusters
  • define the cluster's load balancing and failover behaviour
  • deploy web services and/or infrastructure services configuration settings to all Infologica clusters on the network

Infologica Fusion Framework allows developer with a single Visual Studio.NET installed on his machine to transparently communicate with the remote infrastructure services using the Infologica Service Manager. There is no need for the developer to install any client software while debugging his distributed application logic. Infologica Service Manager abstracts developer from the data access or connectivity issues providing the intuitive command-based interface implemented by the numerous Infologica Infrastructure Adaptors.

The Services configuration section under the Administration/App folder allows Framework Administrator to:
  • create the new infrastructure service adapter from the list of supported adapter types
  • configure adapter-specific connectivity settings. Framework supports any number of alternative connection strings assigned to the adapter and allows to rearrange their order in the adapter's address list.
  • define the probing scenario. If the probing scenario exists and is enabled, the framework will use the one as a failover algorithm.
The currently supported list of Infologica Fusion Adapters includes SQL Server, Oracle, OleDB, COM, COMTI, TCP, SMS, HTTP, SOAP.
The framework users registered with the Administration Console in the Developer role have a read-only access to the infrastructure adapters section and are required to contact the Framework Administrator in order to add/modify adapter settings.
In the current scenario administrator needs to register an adapter of type HTTP/SOAP in order to securely connect to the Mastercard Payment Web Service.

Administrator creates the new Http/Soap service with the alias name SampleSOAPProvider and registers 2 Web Services end-point URLs, provided by the MasterCard. Administrator chooses the primary and secondary (failover) URL and enables the ping functionality. The ping is used by the Infologica Fusion Service Manager to resolve the availability of the service on the network. If primary address is unavailable the service manager will try to ping the secondary address.
Administrator uses SOAP Adapter configuration dialog to specify the proxy server address and the private certificate required to digitally sign the outbound SOAP Envelope. The dialog also allows to select the third-party public certificate to encrypt the message:
In order to provide the more intelligent resolution of the web service availability administrator could choose to enable the probing scenario. Framework automatically generates the template of the simple SOAP request which could be modified and used to test the web service prior to the invocation of the real web method:

Once the adapter is registered, the adapter's alias name is sent to the developer. This is the only information developer requires in order to create the reusable and environment-agnostic business code invoking any infrastructure service adapter. The code does not need to be changed when the component is redeployed to another environment.

Next on our road map is the cluster section of the Infrastructure services bus . It provides administrator with the visual interface required to define the framework topology and organise all computers running the Infologica Fusion Services into the logical clusters.

The Enterprise Services Management Console allows administrator to save and remotely deploy the web services and/or infrastructure services configuration settings to all Infologica clusters on the network.

Navigate to the Administration/App/Clusters, right-click the My Fusion Cluster and select the Properties menu. The Cluster configuration dialog (General Tab) allows administrator to create the new cluster and, if required, modify the SOAP Listener port and virtual path settings.
In the next tab (computers) administrator updates the cluster membership by registering IP Addresses of computers running the Web Services Framework in the current environment.
In the last tab (services) administrator adjusts the cluster load balancing and failover behaviour for each infrastructure service. By rearranging the order of adapter's connection strings the framework administrator could nominate the different primary and secondary addresses for each registered cluster:
Finally the framework administrator deploys the web, infrastructure and system services configuration settings to the environment he/she is currently logged on. The modified configuration settings are being encrypted by the desktop client and sent to the Infologica Administration Web Service.
The Administration Web Service updates the settings metabase, generates the new configuration files and distributes them to all boxes registered with the current Infologica Fusion environment. If the Administration Web Service and the boxes running the Web Services Framework are located on the different sites of firewall and the firewall rules do not allow HTTP traffic between them, the administrator can save the settings into the configuration files and deploy them manually later.


Managing Framework System Settings:

The Enterprise Services Management Console provides administrator with the intuitive dialogs for editting the framework configuration on the system level.

To modify the system settings of the Business Services Bus right-click on the Administration/Web/ node and select the Properties menu:

The short description for each setting follows below:
System Settings Description
Context Timeout The number of seconds before expiry of the fusion operation context
Thread Count The number of threads (min and max) allocated for the framework secondary thread pool
Remote Address Header The name of the custom Request Header containing the client's IP Address. By default the framework uses the value of the HOST_ADDR header to provide IP Filtetring of the inbound calls.
If the framework cluster is installed in the network with the switch responsible for NAT translation and load-balancing, the HOST_ADDR header could return the IP address of the switch rather than address of the call originator.
Usually the switches e.g. Big IP can be configured to write the call originator address to the custom header. In this case the custom header name should be provided in this field.
Request Queue Name The fully qualified path to the Infologica.Web.Services Message Queue to store Infologica Queued Operation requests, processed on the background by the Job Scheduler. This should be the same queue name the Infologica Fusion Job Scheduler is configured to monitor.
If the Infologica.Web.Services Message Queue is installed on the remote server, the path should be in the format: FormatName:DIRECT=OS:[computerName]\private$\Infologica.Web.Services. If the queue is local, the path could be in the format .\private$\Infologica.Web.Services.
Workflow Agent Data The fully qualified path to the Infologica.Workflow.Messages Message Queue to store Infologica Workflow- bound Operation requests, processed on the background by the Workflow engine. This should be the same queue name the Infologica Workflow Engine is configured to process.
If the Infologica.Workflow.Messages Message Queue is installed on the remote server, the path should be in the format: FormatName:DIRECT=OS:[computerName]\private$\Infologica.Workflow.Messages. If the queue is local, the path could be in the format .\private$\Infologica.Workflow.Messages
Proxy Server Address Default Proxy Server address for the Web Service routing operations
Sender's Certificate Default X.509 Server Certificate to digitally sign Web Service requests routed by the Web Services security gateway
Namespace URI Modify this value to make it consistent with your company's namespace URI.
Important! Make sure that you adhere to the following framework naming convention where target-namespace = [namespaceURI].[serviceName].
For example, the Infologica.Web.Services is Company Namespace URI, Sample is a service name, and Infologica.Web.Services.Sample is a target-namespace. You should follow this naming convention while designing your XML schemas!
If the target-namespace does not have a correct Namespace URI the framework will reject the call and won't show correct WSDL.
Namespace Prefix This is required by namespace manager for namespace lookup and can be assigned to your company name.
Log Output Queue Name The fully qualified path to the Infologica.App.Logging Message Queue to store logging information, processed by the Infologica Log Storage Manager. The queue Infologica.App.Logging is created during installation of theInfologica Log Viewe MSI Package.
All computers running the Web Services Framework should write their log information to the same message queue.
If the queue is installed on the remote server, the path should be in the format: FormatName:DIRECT=OS:[computerName]\private$\Infologica.App.LogViewer. If the queue is local, the path could be in the format .\private$\Infologica.App.LogViewer.

The Infologica.App.Logging Message Queue has preconfigured triggers with the special Rules attached: Once the message arrives into the Message Queue, it is processed by the Infologica.App.LogStorageManager Component Service running under the COM+.
The LogStorageManager saves the logging information in the Infologica Log Database using the LogStorageProvider. Infologica Log Viewer is currently distributed with the SQL Server log storage provider. The Oracle log storage provider is also available on request.
All transaction logging and performance monitoring information can be searched and analysed over the Web using Infologica Fusion LogViewer:



Managing Client Identity:


By default all web service requests are processed under identity of ASPNET or IIS_WPG accounts in the low-trust sandbox environment. This means that the business component invoked by the framework has no security permissions to access and retrieve any sensitive data located in System registry, Global Assembly Cache, COM+, SQL Server, Active Directory, Network Folders, etc.

When developer writes his code he is completely abstracted from the data access logic by the Infologica Application Service Manager. Whenever business component needs to access the data layer, it instantiates the application service manager.

Developer can define programmatically the service manager's invocation mode which could be a Service(default) or Library.

If the Service mode is chosen, the Service Manager is invoked as an out-of-process component service under the COM+. The Component Services Management Console allows to preconfigure the COM+ package identity using the privileged account with the rights to access infrastructure services and data on your network:


The out-of-process data access under the privileged identity has a lot of advantages and should be the preffered approach.
In some cases, however, the business logic requires the special processing within the transactional scope ( e.g. execution of multiple SQL Statements) which can be only completed for the in-process execution.

If developer declares the transactional scope in his code he has to use the Library as a service manager invocation mode. Developer also needs to ask the framework administrator to enable the service manager's dynamic impersonation capability.

The framework administrator right-clicks the Administration/App node and selects the Properties menu.

Clicking the Advanced button on the Application Settings form opens the service manager identity dialog where you can select the privileged account for the in-process activation. In this case the service manager will impersonate the context for the time of data access and switch it back right after the execution.

Back to demos and tutorials