10.5 Quality of Service capabilities

10.5 Quality of Service capabilities

In this section we discuss Quality of Service capabilities and considerations specific to the Web services Gateway. For further discussion on Quality of Services for Web services in general, see 8.6, "Quality of Service capabilities" on page 177. For document style Web services see 9.6, "Quality of Service capabilities" on page 209.

10.5.1 Autonomic

Log and trace facilities are important for fault monitoring and isolation. WebSphere Application Server provides a number of log files. JVM logs are located in the <WAS_HOME>/logs/<applicationServerName> directory, and by default are named SystemOut.log and SystemErr.log.

The Diagnostic Trace Service can be used to enable tracing of application server components. The following trace specification can be used when diagnosing Web Services Gateway problems:

    com.ibm.wsgw.*=all=enabled:    org.apache.wsif.*=all=enabled:    com.ibm.ws.webservices.*=all=enabled 

The following tools can also be helpful when analyzing problems:

• TCPMon

  The TCPMon tool described in 8.5.3, "Monitoring SOAP messages" on page 172 allows you to view the contents of the SOAP messages being generated by the interaction between the source application, gateway, and target application.

• Tivoli® Performance Viewer

  The Tivoli Performance Viewer packaged with IBM WebSphere Application Server V5.0 can monitor Web Services Gateway requests and responses. When the gateway is installed in WebSphere V5.0, counters are added automatically to the Performance Monitoring Service. Gateway monitoring can be enabled by simply starting performance monitoring. See the redbook for details on specific procedures for enabling monitoring:

  • IBM WebSphere Application Server V5.0 System Management and Configuration: WebSphere Handbook Series, SG24-6195

  Once monitoring is enabled on the WebSphere Application Server, open the Tivoli Performance Monitor and navigate to the Web Services Gateway. The Viewer monitors both synchronous and asynchronous requests and responses. The output can be viewed in either table or graph format. It can also be logged and played back when needed. Figure 10-9 shows the Tivoli Performance Viewer monitoring gateway requests and responses.

  
  Figure 10-9: Tivoli Performance Viewer

• Microsoft Network Monitor

  Microsoft Network Monitor captures network traffic on local area networks for real-time or post-capture analysis. The Network Monitor captures frames from the network that can be filtered to present only relevant material. It can also be configured to detect specific network conditions and generate events as needed. Figure 10-10 shows the Microsoft Network Monitor. Details concerning the configuration and use of the monitor can be found from Windows Help.

  
  Figure 10-10: Microsoft Network Monitor

  Of particular interest to the gateway is the Network Monitor's ability to monitor TCP/IP packets from a particular target and source. In this manner, traffic to and from the gateway can be traced from its origin to its destination.

10.5.2 Security

The Web Services Gateway provides a basic authentication and authorization mechanism based upon the security features of WebSphere Application Server. Security can be applied at two levels:

• Gateway-level authentication

• Operation-level authorization

Gateway-level authentication

For gateway-level authentication, you set up a role and realm for the gateway on WebSphere's Web server and servlet container, and define the user ID and password that is used by the gateway to access the role and realm. You also modify the gateway's channel applications so that they only give access to the gateway to service requestors that supply the correct user ID and password for that role and realm.

Operation-level authentication

For operation-level authorization, you apply security to individual methods in a Web service. To do this, create an enterprise bean with methods matching the Web service operations. These EJB methods perform no operation and are just dummy entities for applying security. Existing WebSphere Application Server authentication mechanisms can be applied to the enterprise bean. Before any Web service operation is invoked, a call is made to the EJB method. If authorization is granted, the Web service is invoked.