PowerCenter Real-Time Development

Brian Bunn, Project Manager Serco Jay Moles, Sr. Informatica Designer Serco Tom Bennett, Sr. Consultant Informatica
1

Agenda
Overview of PowerCenter Web Services Error Handling Performance Tuning Web Services Security Implementation Case Study
SERCO

Overview of Informatica PowerCenter Web Services

PowerCenter Web Services Hub

Application Service
Client application gateway to PowerCenter Domain

Batch Web Services

Integration Service Access Repository Metadata Access

Real-Time Web Services

Exposes Workflows as Web Services PowerCenter Web Services Provider

Informatica PowerCenter Web Services Provider

Architecture

Informatica PowerCenter Web Service Consumer

Allow Integration with Web Services
3rd Party Provider

Integration Sources
URL to Web Service WSDL File UDDI

Error Handling

SOAP Fault Messages

FaultCode FaultString
Describes the error

FaultFactor (Optional)
URI of the host generating the error

Detail (Optional)
Describes the cause of the error

Error Handling
No SOAP Faults: Capture Source

Performance Tuning/Scalability

10

Performance Tuning
Parameters to tune at the Workflow

11

Web Services Performance Tuning

Parameters to tune at the Session level

Idle Time

Message Count

Reader Time Limit

12

Web Services Scalability

Associate multiple repositories with a Web Services Hub Associate a repository with multiple Web Services Hubs Run multiple instances of a web service workflow

Load Balancer

Run web service sessions or workflows on a grid

13

Web Services Security

14

Security Use Cases

Protect a web service from unauthorized usage (by requiring username and password) Manage web services as part of overall security policies and integrating with LDAP Prevent a web service from DOS attacks or authentication attacks Allowing a secured web service to be load balanced across multiple WSHs for performance and scalability
15

Web Service Hub Security

Encryption
Encrypts repository information in the configuration file and in responses to Web service clients for login requests

Authentication
Authenticates Web service clients user name and password

Authorization
Checks Web service client has execute permission on a folder to run the service

16

Informatica WS-Security
Support for Standard
Oasis WS-Security UsernameToken Profile 1.1 Single pass authentication user specifies the appropriate security headers in the actual request to the service

Supports multiple WSHs load balancing scenario

Username Tokens are associated with a repository within a specific domain and should be applicable to all WSHs associated to that repository

Advanced support for encoded passwords

Hashed Passwords Digested Passwords

Prevent repeated DOS/login attack

Support for NONCE values

17

WS-Security Feature Details (Part 1)

UsernameToken Format:

18

WS-Security Feature Details (Part 2)

Password Format Supported
Clear Text Hashed Same as clear text, but the password is encoded into a base64 20 bit hash value. Two hash algorithms supported: SHA-1 or MD5 Digested A generated password that is of the following formula:
BASE64( SHA1_HASH (USERNAME + NONCE + CREATED) ) NONCE random generated value thats valid only once for that specific username token, its provided to allow someone to specify a one-time only authentication token CREATED timestamp of when the UsernameToken was made in UTC timezone format
Example: 2008/08/11T18:06:32.425Z (yyyy/MM/ddTHH:mm:ss.SSSZ)
19

WS-Security Feature Details (Part 3)

Custom Property for NONCE and CREATED
NonceExpirationTime custom property that can be set at the WSH to determine how long the hub should hold down to a specific NONCE value of a UsernameToken. By default this value is set to 300 seconds (5 minutes) If a request is made containing the same NONCE value outside of this timeframe, the request will fail. CreatedFreshnessPeriod custom property that determines how long a user has between the time the first request is made using the CREATED value and the next. By default this value is set to 300 seconds (5 minutes) If a request is made before this timestamp or after the expiration time following the timestamp, the request will fail. These two customer properties can be used independently of each other or together to ensure greater security.

20

Case Study : Implementation Architecture

21

Case Study: Architecture

22

Web Services Throughput (examples)

Production Environment (Multiple Servers)
RowsPerSecond Overall numbers range between 100 and 1000 rps If a request results in >10K rows, some customers have timed-out. RequestsPerMinute Overall numbers range between 10 and 100. If a request takes over 20 minutes, some customers have timed-out.

23

The ETL Behind-the-Scene

Production Web-Service Broadcasting Data
Filtered Data SOAP request has parameters for result set SQL Transformation the data source can be dynamic [access/name] Sequence Generator Transformation XML output has multiple rows!

24

Web Services Latency (examples)

Single Server Web-Service
Initialization it takes the WSH from 3 to 11 seconds to prepare the ETL. Processing it then takes the WSH about 1 second to start processing the ETL. At this point, the response time depends on the processing.

Multiple Server Web-Service

Initialization it takes the WSH from 3 to 11 seconds to prepare the ETL Invocation it takes the WSH about 3 seconds to prepare the SOAP Request and invoke the internal web-service. Processing it then takes the internal WSH from 3 to 11 seconds to prepare the ETL, then the response time will depend on the internal processing.

25

Timeout/Fault Handling (examples)

Input Web-Services Source
Validation ETL tests/verifies content of the request

Output Web-Services Target

Response ETL always sends same formatted output, either a status message or a pre-determined value

Processing depends on WSConsumer

Application Connection Timeout property set for internal WSH call Will wait for a connection to internal WSH indefinitely. Will wait for a response from internal WSH indefinitely. These two properties prevent a forced timeout from the WSH.

26

Example Our Hello!

Simple Web-Service
No input fields in SOAP Request, static text in SOAP response Validates customers connection via SSL Hello!

27

Example Our Addition

Two-Step Web-Service
Two input fields in SOAP Request, sum returned in SOAP response Validates customers request will invoke internal web-service(s)

28

SSL Configuration

29

SSL Configuration Setting Up SSL

Keystore for Web Services Hub
Use the keytool utility. You generate a keystore, generate a signature request from it, have it signed by an authority, then install the signed file into your keystore. Default keystore generated by the PowerCenter installation process can be used for WSH, but be aware it is self-signed.

Truststore for Web Services Hub

Add customers certificates to the ca-bundle.crt files. Use openssl utilities to convert format if necessary. PEM format is required to add certificate to the ca-bundle.crt files.

30

SSL Configuration (examples)

Creating the Keystore for Web Services Hub
Example of the keytool utility. Prompts in black text, inputs in red.

31

SSL Configuration (examples)

Creating the Signature Request File
Example of the keytool utility using the created keystore.

Have request signed by your Authority

Independent firms: VeriSign.

Install the Signed Response File

Example of the keytool utility for the keystore and response.

32

SSL Configuration (examples)

Installing the Customer Certificate
Customer certificates need to be in PEM format.

If certificate is not PEM, convert it using openssl utility. If customers certificate file is in a binary format, DER for example, convert it. Add customer certificate text to the end of the ca-bundle.crt files. Add PEM Data: line before certificate text. Entry will look like this:

File in PowerCenter Installation Directory, sub-folders server/bin and services/shared/bin both!

33

SSL Configuration (examples)

Using the Keystore in the Web Services Hub
Define the WSH service to use your signed-keystore. URLScheme must be set to either HTTPS or HTTPandHTTPS for the Web Services Hub to utilize SSL and access the keystore. Enter the keystore name and password used to create your keystore.

34

Tips, Best-Practices, etc.

SOAP Request/Response: WSDL or Manual?
Inputs XML of the in-bound request: one or multiple rows? Outputs XML of the out-bound response: one or multiple rows? Processing Initially, set up a pass-thru with an exp transformation and just the fields coming in and going out of the web-service. Basic static test version. Then, add bits and pieces.

TESTING your Web-Services

WSH and TryIt! ability to run web-service, but limited. soapUI open-source tool (FREE!) that expands testing capabilities. Basically a SOAP Client GUI.

35

Informatica Velocity Methodology

Velocity is the blueprint for delivering efficient and successful Informatica solutions that solve business problems. New Website
New search capability Filtering/viewing content by project type project phase or other tags New accelerator tools Hot links between the articles

Access at: mysupport.informatica.com Visit the Informatica Pavilion at the Technology and Solutions Fair for more details.

Check out more than 100 new articles!

36

Questions?

37

Stay In Touch!
LinkedIn
Informatica Power Center Real-Time

38

Thank You

39