|Oracle® Communications Services Gatekeeper Concepts Guide
Part Number E16613-02
Services Gatekeeper helps operators meet the challenges that arise in the continued convergence of the worlds of TCP/IP applications and of telephony networks.
Subscribers continue to require services that provide them with functionality and flexibility that cross the traditional boundaries between the world of the Internet and the world of their phones. Operators want to be responsive to the desires of their subscribers, and to provide services that will satisfy subscriber demands, promote subscriber loyalty, increase average revenue per user (ARPU), and drive traffic to their networks.
Services Gatekeeper enables operators to:
Offer simplified access to their network's capabilities, for both internal developers and external partners
Provide tooling and support for application service development and testing
Manage external partners efficiently
Protect the security and stability of the underlying network
Integrate new services with their existing operations and management facilities
Protect subscriber privacy and control
Support flexibility of access as networks change and grow
Do all this in a way that scales and meets the performance needs subscribers have come to expect
With the help of Services Gatekeeper, operations can effectively reduce the overhead of creating the applications that provide required services and enable a wider ranging development community to contribute to a better subscriber experience.
Services Gatekeeper offers a host of benefits for both application service developers and operators. It is built using a version of Oracle WebLogic Server 11g (
http://download.oracle.com/docs/cd/E15523_01/wls.htm) that has been hardened and extended to support the specialized needs of telecom networks.
The protocols required by underlying telecom network capabilities are often complex, and the learning curve associated with using them is steep. To make it easier for application service developers, Services Gatekeeper includes standard network capabilities such as Short Message Service (SMS), Multimedia Messaging Service (MMS) or Call Control through a set of easy-to-use interfaces (called facades in Services Gatekeeper).
Services Gatekeeper offers SOAP-style facades based on well-known standards such as Parlay X 2.1 and 3.0, RESTful, and some native protocol interfaces.
The Oracle Service Bus environment also contains SOAP-style interfaces that pre-integrated, offering application developers SOAP-based functionality and the flexibility of SOA.
Oracle's Extended Web Services supports protocols which have not yet been incorporated into standardized forms (WAP Push, Binary SMS, and Subscriber Profile). These extended Web Services interfaces are published as standard Web Services Definition Language (WSDL) files, so application service developers can use their choice of toolsets.
RESTful Web Services interfaces are designed for ease of use in pure HTTP environments
Developers can focus on creating compelling and innovative services, leaving the Communication Services components of Services Gatekeeper to handle the mechanics of interacting with the various underlying network elements.
In addition to providing access to traditional telecom network functionality, Services Gatekeeper can also connect application services to SIP-based functionality, using Converged Application Server. Calls set up using the Parlay X 2.1 or RESTful Third Party Call communication services can be routed through SIP. Parlay X 2.1 or RESTful Call Notifications can be established using SIP and Parlay X 2.1 or RESTful Presence watchers (consumers of presence information) and presentities (providers of presence information) can be set up.
Services Gatekeeper provides:
Web Services WSDL files
Application Developer's Guide
RESTful Application Developer's Guide
To further assist application service developers, Services Gatekeeper can optionally provide the Services Gatekeeper SDK, which supports early application development without requiring the developer to run an installed Services Gatekeeper.
Managing a large number of services, particularly when the providers are third-party partners, can be time and effort intensive. As the market expands, Services Gatekeeper can supply its Partner Relationship Management interfaces to assist operators in handling processes such as partner registration, service activation and provisioning. These Web Services interfaces support the automating of a wide range of partner-related tasks and provide partners with easily available access to information about their accounts. The interfaces also allow operators to create groups of partners sharing sets of data, which can be used for tiering or segmentation of partners. Operators can then focus their administrative and partner management resources on their most rewarding partners.
Services Gatekeeper can function as a single point of contact for access to the functionality of the underlying network, providing common authentication, authorization, and access control procedures for all applications, both internal and third-party based. For SOAP-based interfaces, Services Gatekeeper leverages the flexible security framework of Oracle Web Logic Server to provide robust system protection. Applications can be authenticated using plaintext or digest passwords, X.509 certificates, or SAML 1.0/1.1 tokens. Service requests can use XML encryption, based on the W3C standard, for either the whole request message or specific parts of it. And, to ensure message integrity, requests can be digitally signed, using the W3C XML digital signature standard. For RESTful interfaces, Services Gatekeeper uses HTTP basic authentication of username/password and SSL.
Services Gatekeeper's powerful and responsive policy enforcement mechanism uses service level agreements (SLAs) to regulate service provider and application access to particular communication service functionality down to the level of supported operations and parameters. It also supports a range of quality-of-service guarantees that can be modulated by Time of Day/Day of Week, Rates, and Quotas. If desired, further rules covering access can also be added. SLA management and maintenance can be simplified by organizing service provider and application accounts into groups. Custom SLA versions can also be created to enhance the set of broadly comprehensive SLAs provided by Services Gatekeeper.
In addition, subscriber permissions and preferences can be reflected in a separate Subscriber SLA, created by the operator or an integrator using tools available in the Platform Development Studio. Subscribers can indicate, for example, that they wish to allow Service Provider X to query for the location of their mobile terminals, but not Service Provider Y.
In addition to the service level agreements that cover access to functionality within Services Gatekeeper itself, other SLAs explicitly define service provider access to underlying network nodes. In conditions of heavy load, Services Gatekeeper employs throttling and shaping to protect the underlying network, prioritizing traffic based on these Node SLAs.
Services Gatekeeper provides an internal system for the routing of service requests directly to appropriate network nodes, based on a variety of parameters, including sending application, destination address, or any arbitrary request parameter. Services Gatekeeper supports in-production deployment of multiple instances of most network protocol plug-ins (the module that interacts most directly with the underlying nodes) on an as needed basis.
As a result, routing can be managed in a very fine-grained and powerful way.
Based on Oracle WebLogic Server 11g's rock solid performance and superior clustering support, Services Gatekeeper's architecture is designed to support the rigorous demands of telecom operators:
Services Gatekeeper is deployed in two tiers, which can be separated by a firewall for increased security. State is held only in the network-facing tier, and each tier can be built out independently of the other.
High availability and failover
Services Gatekeeper is designed throughout to ensure multi-level protection against single points of failure.
To protect the system in the face of catastrophic failure, geographically distant sites can be set up as site pairs. Service Provider and Application Group SLA enforcement is synchronized across geographic sites and SLAs are enforced between the site pairs. Any changes in account configuration information are also replicated across sites.
All traffic that passes through Services Gatekeeper is transactionally wrapped. Maintaining state consistently and durably in clustered and high performance environments is traditionally difficult, but Services Gatekeeper's Storage Service uses a sophisticated strategy of optimizing storage based on state access patterns. An in-memory store distributed among all the nodes serves as the entrance to data access. Reading from disk, and its attendant overhead, is reduced because the disk-based database functions as an archive rather than as a system of first use. This has two important benefits:
Speed: Because the data is available in memory, access is extremely rapid.
Scalability: As a system scales out, relying exclusively on disk-based database access often becomes a performance bottleneck. Because the data in Services Gatekeeper is distributed among the network tier nodes, adding additional servers to the network tier actually increases data availability.
In addition, the Storage Service optimizes access to exactly the kinds of data that matter most in telecom traffic processing. Designed as a POJO java.util.Map-based API, client access is simplified for both storing data and making retrieval queries.
Coherence is used as the storage provider for configuration, core services, and a set of communication services.
All or selected parts of the Services Gatekeeper management mechanism can be integrated with an operator's external Operation Support Systems through JMX/JMS or SNMP interfaces. The tasks associated with administering current service providers and adding new ones can be simply folded into existing systems.
Services Gatekeeper's internal charging mechanisms can also be integrated with an operator's existing billing systems. Offline and online (using the Parlay X 3.0 Payment API) Diameter-based charging is supported.
Using Services Gatekeeper, applications can customize their offerings by accessing subscriber profile information stored on network LDAP servers. At the same time, operators can protect subscriber privacy by using filters based on those same profiles to regulate the access that applications have, limiting the information that applications can acquire to what the subscriber wants to make available.
In addition, if they choose, operators can define a Subscriber SLA, which creates service provider groupings called service classes that can be associated with individual subscriber URIs. The mechanism to do this is created by the operator or integrator using the Profile Provider SPI provided as part of the Platform Development Studio. The use of a Subscriber SLA allows subscribers to customize their interactions with application service providers while keeping all their subscriber data within the confines of the operator's domain.
A flexible architecture using the robust capabilities of Oracle WebLogic Server means that operators can extend existing communication services to support new network interfaces, for example, Unstructured Supplementary Service Data. They can also create entirely new communication services to allow application service developers access to their network's unique features, using Services Gatekeeper's Platform Development Studio.