Blog Home  Home RSS 2.0    
Arnon Rotem-Gal-Oz's Cirrus Minor - SOA and Cross-Service Transactions
Archive
 
Contact Arnon

          

Send mail to the author(s) Email Me
Navigation
Cirrus Minor Blog
Papers, Articles & Presentations
SPAMMED Architecture Framework
SOA Patterns
About Me
My Dr. Dobb's Journal Blog
Order my SOA Patterns Book
Top posts
SAF Milestone 1
What's Software Architecture
SAF - Introduction
Stakeholders Everywhere
Architect Soft Skills
Utility Trees - Hatching quality attributes
Architectural Modeling - Choosing your Viewpoints
Realities of distributed systems
Presentations/Papers
CMMI (& Agility) (ppt)
Fallacies of Distributed Computing Explained (pdf)
Introduction to SAF (ppt)
OO Primer (ppt)
Use Case Methodology for large systems (pdf)
Use Cases Methodology for large systems (ppt)
Software Architecture (ppt)
Service Oriented Architecture - Intro (ppt)
Architecture Tradeoff Analysis Method (ppt)
Affiliations
Categories
 .NET
 A&D2007
 Agile
 BI
 Design
 Everything
 General
 ruby
 SOA
 SOA Patterns
 Software Architecture
 SPAMMED Process
Blogroll
Software Architecture
 Architect Corner
 Architecture Content Strategy
 Arvindra Sehmi
 Barry Gervin's Software Architecture Perspectives
 CBDI Newswire
 Clemens Vasters: Enterprise Development & Alien Abductions
 David Chappell :: Weblog
 DevHawk
 From 9 till 2
 FTPOnline Architecture Channel
 George Cerbone's Weblog
 Hal 9000
 Handbook of Software Architecture
 jdevados's blog
 jeromyc's WebLog
 Jimmy Nilsson's weblog
 Joel From Canada
 John Crupi's Weblog
 Kevin W. Hammond
 Loosely Coupled Thinking
 Message for you, sir!
 Michael Platt's WebLog
 Microsoft Architecture Resource Center
 MSDN: Microsoft Architecture Center
 Natty Gur
 oo yea
 PatHelland's WebLog
 Rockford Lhotka
 The IASA Blog
 Thoughts from Andrew Johnston
 Udi Dahan - The Software Simplist
Archive
<February 2010>
SunMonTueWedThuFriSat
31123456
78910111213
14151617181920
21222324252627
28123456
78910111213

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

Sign In
 Friday, July 13, 2007
SOA and Cross-Service Transactions
Evan H asked a question about distributed transactions and services in the MSDN architecture forum:

Are distributed transactions (ie.. WS-Transaction) a violation of the "Autonomous" tenant of service orientation?   Yes or No and Why?  Kudos if you can address concurrency and scalability (in an enterprise with multiple interacting services).

I answerd this questions back in april when I wrote a couple of posts that explained why cross-service transactions are a bad idea:cross service transactions and some more thoughts on cross service transactions.
Roger Sessions also agrees with this view (well, it seems actually, he wrote about it well before I did :) ):
When the WS-Transaction specification was first proposed, back in 2002, I wrote an article explaining why I thought the idea of allowing true transactions to span services was a bad idea. I published the article in The ObjectWatch Newsletter, #41: http://www.objectwatch.com/newsletters/issue_41.htm. Nothing since then has changed my mind. Atomic transactions require holding locks, and spanning transactions across services requires allowing a foreign, untrusted service to determine how long you will hold your very precious database locks. Bad idea. Just because IBM and Microsoft agreed on something doesn't make it good!

The reason I am bringing this issue back is that Juval Lowy (who wrote the article that triggered my first post on the subject) has recorded an Arcast with Ron Jabobs. Where he re-iterated the idea that "Transactions is categoricaly the only viable programming model" and you should strive to use it whenever you can. It seems Juval admits you sometimes need to use Sagas (which he called "long running transactions" - you can see in my link why I think that's a wrong name). He also agrees that you can also use a transactionable transport and then only do internal transactions from each service to the transport (a pattern I call "Transactional Service"). However, at the end of the day, he still thinks you should use WS-AtomicTransactions whenever you can.

I agree that transactional programming is important. I think it is the simplest programming model (from the developers side). I would probably never write an interaction with a database that is not transactional; I look very favorably at initiatives for in-memory ACI (no Durability) transactions such as the one Ralf talks about.  Until we get to Distributed Transactions...

First, we should note that transactions are not "the only viable" option.As Martin Fowler notes Ebay seems to be doing fine without distributed transactions. Not only that, they abandoned distributed transaction and went "transactionless"because they needed one simple thing... Scalable performance .

In most COM+ scenarios you have a single server or a few internal servers where the distributed transaction happen - and even there you should plan your transactions carefully if you want to get any kind of decent performance. In SOA scenarios the situation is more complicated as the distribution level is expected to be higher (even if you don't involve services from other companies). More distribution means longer times to complete transactions (especially if a participant can flow the transaction and extend it). It also means increasing the chances of failure (see Steve Jones series of posts on five nines for SOA). In my opinion, the more distributed components you have the more you want their interaction to be decoupled in time - i.e. the opposite of transactions.

Juval also said he doesn't buy the denial of service problem I mentioned (supporting a transaction means you allow locks - if an external party doesn't commit you retain the lock..). Juval said he assumes that a solutions has both authentication and authorization so this shouldn't be an issue. For one, I have seen too many projects where security was something that was neglected or quickly patched in at the latest moment - so I would hardly assume security. Even with security on - you increase your attack surface.
But that's just the half of it. Even if all your service consumers have good intentions - you still don't know anything about their code. SOA is not like the "good old days" where you owned the whole application  - this means you cannot trust their security to be ample. Also you don't know anything about their code quality. Services are likely (in the general case) to be deployed on different machines, even if they start co-located. I think that a Service boundary should be treated as a trust boundary just like a tier boundary. I strongly believe you should have reduced assumptions on what's on the other side of the service's boundary - transactions are not reduced assumptions

SOA and distributed transactions do not go hand in hand - it isn't just autonomy at stake here. It is a problem for performance and scalability and even security period.

To finish this post - I would also highly recommend looking at Pat Helland's paper "Life Beyond Distributed Transactions: an Apostate's Opinion" and a post he recently made called  "SOA and Newton's Universe", where he explains more eloquently than I ever could why SOA is not a good fit for distributed transactions.


7/13/2007 10:47:03 PM (Jerusalem Standard Time, UTC+02:00)  #    Comments [3]   .NET | Everything | SOA | SOA Patterns | Software Architecture  | 
Copyright © 2010 Arnon Rotem-Gal-Oz. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme: