Grid Computing: Global SOA and Global Grid

I’ve been doing a lot of thinking lately about SOA. Primarily because I think that some SOA services should be built on a grid infrastructure. I’ve read articles and posts that indicate that I’m not the only person who thinks this. But the architect in me has to answer the questions, “Why?”, “What is the compelling business reason for SOA on grid?”, “Where in the architecture stack does grid belong?” And those thoughts have led me to question the reliability of global SOA and global grid solutions. At least for the short-term.

As I’ve thought about this area I can’t get away from the impression that the idea of global grid and publicly available services is dangerous. One thing I’ve learned over the last 19 years building software applications is that the software I build is directly affected by the platform I build it on. I’m not just talking about operating systems; I’m also talking about the firmware underneath.

In 1994, Intel shipped a Pentium chip that had a floating point error in it. If you had been a software developer building an application on one of those boxes you might have wasted some time looking through your code trying to figure out what you did wrong. Or worse you may have been trying to figure out how your customer got some unexpected result. The hardware is the bottom of the pile and has APIs that the OS calls into. Your application is probably using 3rd party libraries and makes calls to the OS. As a developer you inherently trust that all the stuff below you on the stack has been tested and works correctly. It usually does.

The idea of global grid and global SOA requires that the application stack be solid. And I don’t think it is. I watched Dr. Tom Leighton’s presentation
"The Challenges of Delivering Content and Applications on the Internet" last night and quite frankly it scared the crap out of me. I’m very concerned that the Internet is not ready to be a reliable application infrastructure. One comment that Dr. Leighton made really hit home for me (this is how I remember it), “The Internet was built on a platform of trust.” Security was not the first thing on people’s minds. But security is vital for any Internet based application. It’s one thing to read a webpage for information; it’s another to interact with a web application that passes around privileged and proprietary information. Dr. Leighton’s description of how the backbone companies work and how easy it is for phishers to grab a DNS address is frightening.

One of the problems with the Internet that Dr. Leighton described is how network companies’ play with the BGP Best Path algorithm’s input so that they can save money. So you might want to send an email from Oakland, CA to Boston, MA and instead of it going straight across the country, it might pass though some routers in Israel. Huh? This is going to slow down your applications which isn’t as much a problem for SOA as it is for grid. One of the major reasons to use grid computing methodologies is to improve performance.

But what is even a larger concern I think is that phishers can redirect a DNS address to themselves. Basically giving them a technique for capturing all the data one business may be sending to another. The businesses may never even know that a leak occurred and there is no way for them to do anything to prevent it. The attack point is outside of their firewalls.

Now there is A LOT of data that flows over the Internet everyday that gets there safely. I know that. But it only takes one bad apple to spoil the barrel, so to speak. And the doors are wide open. What’s going to happen if the next war we fight isn’t a ground-based shoot people type of war, but a cyber war? The more applications that are added to the Internet infrastructure, the more reliant our economy is on that infrastructure, and the more susceptible to outside attack we are.

I don’t think the sky is falling. But I think that if we want to build Internet applications for businesses we need to take a closer look at how solid the Internet platform is. For the time being, I am a proponent of building SOA on grid inside your firewalls. Figure out the details and requirements there...within your protected sandbox. Meanwhile, look for products and services that can help you build safe, reliable, and secure Internet applications.

Reading list for grid and SOA:

"IBM’s Take on Grid, Virtualization and SOA"
"Distributed Parallel Computing with Web Services”
"The 451 Group: Financial Sector Grid Adoption Growing Beyond Mere Compute"

Or just do a search on: “grid computing” SOA - Google produces over 5 million pages hits.

Internet Infrastructure Links:

"The Challenges of Delivering Content and Applications on the Internet"
"Experimental Study of Internet Stability and Wide-Area Backbone Failures"
"What’s the next security threat?"
"Effects of Worms on Internet Routing Stability"
"Phishers Hack Bank Sites, Redirect Customers"
ICANN

Technorati tags: SOA, Grid Computing, security, phishing, DDOS