It starts simply enough. First someone builds a SOAP interface for an internal system; then the next upgrade to your financial package sports a web services API. At some point you wake up and realise that all these services need to be managed.

Web services management includes not just monitoring but also critical activities such as controlling access, logging transactions, and performing version control. CoreSV 4.0 from Oracle is a web services management platform that provides all these capabilities in an easy to install and understand package.

As do most enterprise products, CoreSV has a complicated pricing schedule that results in a hefty price tag. Just as this review has being completed, Oracle acquired Oblix , so the pricing - not to mention the name - are likely to change.

CoreSV has three primary components: gateways, which typically sit at the edge of the enterprise network and mediate interaction with outside services; agents, which sit in front of the web service; and a central management system used to configure and monitor the system.

We were immediately struck by CoreSV’s easy setup and use. During the past 18 months, CoreSV has been conceptually streamlined, and consequently the user interface has been refined. For example, the new management interface now combines what were three separate components in Version 3.0.

After you’ve installed the software, setting it up to manage a web service takes just three steps. First, you configure the gateways and agents and identify them to the management console. Simple installations get away with just a gateway because the gateway’s functionality subsumes that of the agent.

Second, you register existing web services with a gateway or agent. This is as easy as entering the URL for the service’s WSDL into the management console. CoreSV can also query and import web service descriptions from one or more UDDI registries.

Finally, you use the management console to configure policies and alarms for each web service. You can create alarms for specific conditions such as latency, availability, failure, and unauthorised access attempts. An alarm can trigger an e-mail alert or a simple posting on the system console. Alarms can also trigger actions to reroute SOAP messages to other services.

The management console also monitors each web service’s performance. The graphical dashboard shows overall statistics, including security data such as unauthorised access attempts, and service figures, including average service failure rate and average registered-service latency. You can drill down into the graphs for any service to see statistics about individual operations. You can also individually define and monitor service levels.

Most organisations try to ensure that externally facing web services are secure. To that end, CoreSV consistently applies a set of policies to each web service it proxies. In CoreSV, policies are enforced at either the gateway or the agent and are managed using the policy manager built into the management console.

A complete policy is made up of multiple policy steps. CoreSV ships with a number of predefined steps, but users can also create their own. The built-in policy steps include encryption, decryption, message signing, signature validation, authentication, access control, logging, XML transformation, and protocol conversions.

Policy steps are assembled into policy pipelines. Any given service can have as many as four pipelines that correspond to the pre-request, request, response, and post-response stages of a SOAP message transaction. System administrators can create a set of standard pipeline templates and then apply the same set of policies to every service, ensuring that policies are consistent across the organisation.

The architecture of CoreSV lends itself to scalability. You can deploy agents and gateways as necessary to meet performance demands without having to give up central policy management and system monitoring. CoreSV supports transport mechanisms beyond HTTP and HTTPS, including JMS (Java Message Service), IBM MQSeries, and Tibco BusinessWorks.

As easy as CoreSV is to set up and use, the web-based UI could do with some upgrading to improve the user experience. Some of the clumsiness could be easily fixed. For example, when you press Cancel, you’re annoyingly taken to an intermediary screen that reads, “The operation has been cancelled.” Also, when building an alarm-processing rule, you must cut and paste the alarm variables into the e-mail body. It would be much easier to add the variables to the e-mail with a single click.

Six months ago, we would have expected a web-based UI to be clunky, but now I’m expecting something smoother. We don’t want to disparage CoreSV unfairly in this regard; its UI is typical of the genre and perfectly functional. But Google and others have shown us that thin client and rich UI aren’t mutually exclusive terms. We're hoping that CoreSV does better in this area next time.

But these issues are small. A bigger issue is the price. Enterprise products such as CoreSV are priced as if the only organisations needing web services management were large companies. The lack of affordable management products is probably hampering the use of web services in the very places where innovation is most likely to happen: small companies.

Even so, CoreSV is a mature, production-ready product. If you’re bringing web services online and looking for a way to secure and manage them in a consistent, scalable way, you’ll find that CoreSV readily meets your needs.


CoreSV provides a no-nonsense system for managing web services. The platform is conceptually straightforward and easy to install and use. Its policy pipelines provide an easy way to create and apply consistent policies to all the web services in your organisation.