Friday, March 26, 2010

Including startups in your SOA infrastructure: A guide for enterprise architects

This guest post comes courtesy of Ronald Schmelzer, senior analyst at Zapthink.

By Ronald Schmelzer

In a previous ZapFlash, ZapThink opined that Open Source Software could play an important role in your Service-Oriented Architecture (SOA) Infrastructure. Certainly, there were no architectural reasons why it couldn’t.

As we explained in that article, the primary biases against OSS (if there are any) are from the people in the organization who have fear, uncertainty, or doubt about the risks or benefits of OSS.

But of course, that article spoke at a fairly general level. Individual implementations or products might be better than others, or more suited for specific problems than others. This is where Enterprise Architects should spend their time focused – on the specific solutions to specific problems, rather than engaging in religious battles about the merits of entire classes of solutions.

Unfortunately, in addition to the biases against OSS, many companies have developed aversions to solutions from startup companies. Yet, in an environment where we are left with just a handful of incumbent companies remaining in the SOA infrastructure landscape, and these vendors have confusing collections of often conflicting and competitive infrastructure products, it might be a good time to revisit utilizing solutions from niche, best-of-breed, and often startup, solutions in your SOA environment.

However, how do you do so without incurring substantial real or perceived risk? After all, it is the nature of a startup company to change, be acquired, or die. In this environment, EAs need to become wholeheartedly selfish: meet the requirements of the business in an agile manner by reducing the penalty for failure. In such an environment, startup solutions are not only feasible, but very appropriate.

Best of breed in an increasingly suite world

Through a combination of consolidation, maturation, and the pressures of a tough economic environment, the landscape of enterprise IT software players has dwindled to a handful of companies that control the infrastructure for a vast majority of companies.

Just like the auto industry experienced a period of rapid growth and diversity in the early part of the 20thcentury, only to consolidate down to the “Big three” in the United States and a similar number in countries around the world, we are now faced with the reality of a “Big Five” set of vendors in the enterprise IT marketplace, especially in the area of SOA infrastructure.

Agility is a key benefit of SOA, which means that properly designed architectures should not only be implementation-neutral, they should be fairly immune to infrastructural change.



However, consolidation is not always a friend of innovation. Many have argued that the consolidation of the auto industry in the US by the late 1970s resulted in products that were unable to compete with offerings from overseas.

Indeed, it’s in the period after the consolidation that the US manufacturers saw its most precipitous decline in worldwide share of automobiles. Why is this? Is it because large companies can’t innovate? Or is it that the large portfolio or products and services are confusing not only to customers but even to internal managers?

When one company owns Pontiac, Buick, Oldsmobile, Chevrolet, and a myriad of other brands, how can anyone really tell when one product is best suited for a problem or another? These brands compete for dollars not only among customers, but among their own budgets. Much hay has been made of Microsoft’s internal competition and struggles that have hindered its own ability to compete. Why should it be any different for the enterprise IT software companies that have grown primarily through acquisition?

Innovation is incredibly important in an area of continued maturation such as SOA. More importantly, agility is a key benefit of SOA, which means that properly designed architectures should not only be implementation-neutral, they should be fairly immune to infrastructural change.

In this light, vendor selection is less a matter of making sure your infrastructure works and more a matter of picking the right vendor for the job while balancing risk and economic factors. In this light, startup and niche companies offer just as much opportunity, if not more, to advance your architectural efforts than those of large vendors. The only things that differentiate the startups from the large vendors are three core issues: the scope of their offerings, the potential risk of company failure, and the ability to negotiate price to your benefit.

Mitigating the startup risk:
Enterprise software and cloud/SaaS concerns


The biggest risk that many cite in working with startup companies is the risk that they might simply no longer exist. This fear is especially pronounced for companies that must spend a considerable amount of time and money implementing the solutions.

If an enterprise is involved in a multi-year effort to implement a large-scale, highly visible, and important solution for the company, then in many cases startup solutions are ruled out very early in the vendor evaluation process. This is even if the startup company offers a better, more appropriate, and more innovative solution. The real issue here is whether the risk of company failure, real or perceived, should outweigh the loss of solution appropriateness and innovation. Or in other words, does it make sense for companies to implement less-optimal solutions based on what they know today because they fear an unknown event in the future?

Rather than rule out startup solutions out of hand, companies should mitigate vendor failure by incorporating such contingencies in their enterprise architecture. We would argue such vendor mitigation plans should be made for well-established vendors as well, since internal political or budgetary battles might result in the disappearance of even decades-old products.

Companies should require an escrow provision similar to what is provided by licensed enterprise software vendors.



There are two major areas of mitigation for enterprise IT vendor products: products that companies install, manage, and own in their own infrastructure (traditional enterprise software products sold by the license), and those solutions that are run and managed on the vendor’s infrastructure (such as Cloud or Software-as-a-Service [SaaS] offerings).

In the case of licensed enterprise software, it has long been a practice of end-user companies to require that the vendor’s software code be held in escrow such that if the vendor goes out of business, it is transferred to the ownership of the end-user customer. While this is a far from optimal solution (after all, the company has no knowledge or ability to do much with the code), it provides some level of comfort to the buyers that the code at the very least won’t disappear.

More complicated is a mitigation plan for Cloud/SaaS offerings. If a SaaS vendor disappears, what happens to the code? If a Cloud vendor goes under, what happens to the infrastructure? More importantly, what happens to your data? It’s not enough to simply require that the vendor hand over the code for their SaaS implementation; in the event of their failure, you have to also implement all the infrastructure that makes the Cloud work or keeps the SaaS solutions running.

This is because the economic benefit of Cloud computing and SaaS solutions is that you’re not paying the full cost of owning and managing the solution. It is easy to mitigate the data component of the Cloud/SaaS default risk – simply make sure that you maintain a “local” copy of all relevant data.

However, in order to mitigate the loss of application functionality and infrastructure, a company needs to have a backup plan. Enterprise architects need to discover or implement comparable Services run internally or on another Cloud/SaaS service. Or, companies should require an escrow provision similar to what is provided by licensed enterprise software vendors – if the SaaS / Cloud vendor goes belly up, they have to hand over not only the code and data that makes the application work, but also configured infrastructure on which to run it. While the hope is that these escrow provisions will never have to be enacted, they provide the security blanket necessary to give one at least a psychological sense of security.

Negotiation leverage:
It’s on your side with startups


Mitigation and product functionality issues aside, there is another good reason to work with startup vendors: it’s much easier to get your way with smaller companies hungry for your business. Smaller vendors have less layers of corporate infrastructure, and many times you are in direct communication with the individuals responsible for the functionality of your implementation. In this way, it’s easier to get your voice heard on features or bug fixes. Don’t like the way something works or want a new feature? Pick up the phone and talk directly to the product or development managers, or even the CTO. Perhaps you’ll get a fix the same day or within a very short timeframe. Try that with one of the super-vendors.

Smaller companies are more eager to negotiate, especially if you are a large enterprise that could be a marquee name for them.



It’s also easier to negotiate on price. While large vendors might be able to discount or cut the price on one of their offerings so they can make another one sweeter, the realities of large sales forces and commission structures requires them to keep their products at a certain (increasingly higher) price point. Smaller companies are more eager to negotiate, especially if you are a large enterprise that could be a marquee name for them.

Finally, it’s easier to get help with your specific implementation from startup companies. Many enterprise software startup companies know that their products are not plug-and-play and require some additional effort and expense to set them up. As a result, many startups have professional services arms whose goals are not to drive revenue for the company, but rather to support the products in customer installations.

Unless the startup vendor charges for this additional service (and we regularly counsel them not to), you should consider this to be free consulting and professional services help. Use as much of this as possible, and even negotiate more into your contract. It is in yours and the startup’s best interests to make sure you get the value you require from your investment.

The ZapThink take

As you can see from the past few ZapFlashes, ZapThink is very concerned that the rapid consolidation and maturation of the enterprise IT landscape will have a negative outcome on innovation in the marketplace. We believe that the consolidation is resulting in mammoth conglomerates of vendors that will be harder, more confusing, and more expensive to work with. We believe that there is just as much uncertainty around the future of the large vendor’s offerings as there are with startup offerings. In this light, we don’t believe that there’s anything more inherently risky about a startup solution than an established, incumbent vendor solution.

The only thing that has us concerned about the startup landscape is the shortage of new startups. We’ve seen a significant drop-off in new enterprise software venture creation. We are not entirely sure why this is. Is there simply less demand for new enterprise software solutions? Is there less opportunity for new enterprise software startups?

Has the venture capital and finance community lost interest with enterprise software? Or has the area of innovation moved away from enterprise software? We hope none of these things are true. The enterprise still has leagues to go to get closer to the vision of loosely-coupled, agile, heterogeneous systems that can meet the ever-changing needs of business with high governance and low risk. There’s plenty of opportunity here. Startups: do your part innovating in this space. Enterprises: do your part and implement startup companies’ offerings so that innovation does not come screeching to a halt.

This guest post comes courtesy of Ronald Schmelzer, senior analyst at Zapthink.


SPECIAL PARTNER OFFER


SOA and EA Training, Certification,

and Networking Events

In need of vendor-neutral, architect-level SOA and EA training? ZapThink's Licensed ZapThink Architect (LZA) SOA Boot Camps provide four days of intense, hands-on architect-level SOA training and certification.

Advanced SOA architects might want to enroll in ZapThink's SOA Governance and Security training and certification courses. Or, are you just looking to network with your peers, interact with experts and pundits, and schmooze on SOA after hours? Join us at an upcoming ZapForum event. Find out more and register for these events at http://www.zapthink.com/eventreg.html.

You may also be interested in:

Sunday, March 21, 2010

Essential reading on impact of Web and media shift on thinking, socializing, publishing

From today's NYT:
Instead of reading an entire news article, watching an entire television show or listening to an entire speech, growing numbers of people are happy to jump to the summary, the video clip, the sound bite — never mind if context and nuance are lost in the process; never mind if it’s our emotions, more than our sense of reason, that are engaged; never mind if statements haven’t been properly vetted and sourced.
A lot more goodies where this came from. This may be one of the most important topics and issues of our era.

Tuesday, March 16, 2010

Pegasystems doubles-down on winning streak with Chordiant buy

This guest post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.

By Tony Baer

We’d be the first to admit our surprise that Pegasystems has thrived as well as it has. Our initial impression of the company about four to five years ago was of an interesting, rather eccentric bunch whose absent-minded professors had great ideas but little business savvy. At the time, the company was marginally profitable

Maybe their professors weren’t that absent-minded and their approach not so pedantic after all, as the company has been on a winning streak for the past 10 quarters, scoring 25 percent growth last year as the rest of the economy (and software industry) tanked.

Tilting against windmills, the company scored big gains among established clients across financial services industries, who used Pega’s process “solution frameworks” covering areas such as loan origination and underwriting, wholesale banking, and retail bank account opening

Pegasystems is on the right side of history, having embraced vertical frameworks. That’s an approach that you also find IBM taking. In business for roughly 25 years, Pega’s sales didn’t take off until it began rolling out a series of templates or frameworks that provided a 60 percent solution, eliminating the need to model commodity processes from scratch.

Either way, Pega’s success belies our observation that vertical templates are the future of enterprise applications — using the framework as a raw template, they will be composed from existing applications and data sources rather than written or implemented as a packaged application from scratch.

Growth last year added $35 million to the company’s cash cushion, leaving it with a nice healthy $200 million in the bank. But cash in a consolidating industry is trash when your rivals are either acquiring or getting acquired left and right. As so the question was, What would Pega do with its cash?

We have the answer


W
e now have the answer: Pega announced yesterday its intent to acquire Chordiant, whose specialty is dissecting, analyzing, and optimizing a company’s experiences with its customers. The deal, at $167 million in cash, actually nets out to about $116 million when you factor Cordiant’s $51 million cash position.

Pega’s solicited offer trumped an abortive unsolicited $105 million offer back in January from CDC, an aspiring Hong Kong-based enterprise applications provider. Chordiant has come down a few notches over time, with business flattening to $75 million last year, down from $115 million a couple years ago. Pega’s $5 per share bid is about 10 percent of the company’s 2000 dot com peak, but a 30 percent premium over its current valuation.

Pega got a good deal, and Wall St. agreed, as shares of both companies rose on the heels of the announcement. It reflects the fact that Chordiant provides Pega two opportunities: 1) Deepen its presence in financial services accounts by going into the front office, and 2) gain a new beachhead in telecom where it currently has bit a single critical mass client. Although telco could broaden Pega’s addressable market the deal wouldn’t work if the solutions weren’t complementary.

Pegasystems offers a highly sophisticated, rules-driven approach to defining, modeling, and executing business processes. It offers roughly 30 industry specific templates, and well over a dozen cross-industry frameworks such as customer process management, control and compliance, procurement and so on.

On paper, it looks like yin and yan. But there are basic architectural differences between the products.

By contrast Chordiant covers what it calls “customer experience management,” which tracks customer interactions and offers predictive analytics for optimizing cross-selling, upselling, or customer retention strategies, or for predicting risk or churn. It also offers vertical templates for financial services, healthcare, and telecom. Chordiant’s predictive analytics have adaptive capabilities where the rules can change based on trends in customer response; if a promotion offer proves not as attractive as initially forecast, the rules can adjust the algorithm to reflect reality

The potential synergy is where Chordiant optimizes customer-facing front office processes while Pega’s BPM frameworks optimize the corresponding back office processes such as loan origination.

On paper, it looks like yin and yan. But there are basic architectural differences between the products, as decision management consultant and author James Taylor has pointed out. Keep in mind that Taylor has traditionally been skeptical of Pega’s approach to embedding rules inside its process engine, rather than loosely coupling the two.

But he makes valid points that Chordiant handles rules differently from Pega, that the potential synergy between the two is great, but that the company need to take care that technical differences do not “derail the technical integration or cause the merged company to merge its operations without merging its products.”

So on paper, Pega has made a sound deal. As the company is not yet experienced in digesting acquisitions of this size, its success in consummating the Chordiant acquisition will become a predictive indicator of the company’s ability to survive and grow in a consolidating market where it will be expected to make more such deals.
This guest post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.
You may also be interested in:

Friday, March 12, 2010

Virtual conference speakers focus on cloud, value to enterprises, how to get started

One of the biggest questions facing companies today is what to make of cloud computing. Does it signal a major shift in how we approach IT -- and the business -- or is it just another ride on the hype wave that will disappear if we just wait it out?

HP tackled this question this month with a series of virtual conferences, "Cloud: Practical Advice for Taking the Next Steps," whose aim was to cut through the fog and to try and point business leaders and IT executives in the value-oriented direction.

A panel of industry analysts, practitioners, and HP experts outlined the value proposition of moving to the cloud, the danger of inaction, and how companies can get started on their cloud journey. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

The only choice that’s a really bad choice is to do nothing with cloud computing at this point. Having a strategy and moving forward is very important.



For those who didn't catch the virtual conference live, HP has made the replays available.

Tom Kolopolous, president and founder, of The Delphi Group, opened the series as keynote speaker by stressing the opportunities cloud model provide for innovation, especially during an economic downturn.

Cloud, Kolopoulos said, is a key enabler of innovation. For those who might question the ability to innovate during an economic crisis, Kolopolous had some sage advice: "When you tighten the belt, innovation becomes more of an issue . . . you can’t innovate if your stomach is full. You only innovate when you’re hungry."

Tom Bittman, vice president and distinguished analyst of Gartner echoed similar themes in his closing keynote, in which he stressed that the risk of inaction was the greatest risk enterprises face today: "The only choice that’s a really bad choice is to do nothing with cloud computing at this point. Having a strategy and moving forward is very important."

Other speakers included Ken Hamilton, director of Data Center Synergy and Cloud Computing for HP; Tim van Ash, HP director of Products for SaaS; Archie Reed, who is HP’s Chief Technologist for Cloud Security and the author of several publications, including The Definitive Guide to Identity Management; Jim Reavis, Executive Director of the Cloud Security Alliance and president and founder of the Reavis Consulting Group, Chris Whitener, HP Chief Security Strategist; Duncan Campbell, VP Worldwide Marketing, HP; Chris Rence, a CIO from FICO, and Alan Wain, VP Solutions Infrastructure Practice, HP.

Some highlights:
Koulopoulos: My advice is that number one, don’t look at the cloud simply by looking at what’s available today. Think of it as a long-term trend that you will have to adapt to, and you have to begin that adaptation now. You can’t wait until it’s fully evolved.

Begin moving down that road with non-core applications, applications and services that maybe aren’t as critical to the regulatory aspects of your business, to those aspects that would involve more security concerns, and in that way, you acclimate yourself to the cloud. You begin to understand what it means to work, to live, to run a business in the cloud, and the rest of these issues will resolve themselves, and they’ll resolve themselves for the same reason that they always do -- because of pure economics.

When the cloud becomes important enough that we rest enough our economic value on it, we will invest enough to make sure that the security issues have been addressed, but it’s an evolution. So don’t look at the cloud and say, “Well, it’ll never work because today, here’s what exists.” Look at the cloud and say, “I have to evolve with it.”

Bittman: There really are three major benefits. One is cost, the idea of sharing, the idea of economies of scale definitely can reduce cost. But this one, I think, is often overstated and companies that are looking at cloud computing primarily as a cost benefit are probably missing some of the bigger benefits. Another benefit that is very important is quality of service.

In other words, it's the ability to specify explicitly what your service requirements are through a services-oriented interface to set your service levels high or low, to set your performance requirements high or low, depending on what you need, and base your price based on the service levels you need. That quality of service is something that might be very valuable to a business to adjust over time based on changing business dynamic cloud services.

Another part of that that’s important is the ability to change quickly. That gets to the third benefit which I think is the most important, and that’s agility -- the ability to spin up a new business, to spin up a start-up requirement in an enterprise, the ability to change your service level requirements or to change your scale very quickly.

This not only helps the bottom line in a typical company but it helps the top line. It can help a business grow. It can provide a competitive advantage to be able to react to a business change very, very quickly at the speed of business instead of at the speed of IT.

Reed: Security, just like cloud, is hard to define. It’s a very broad term when we think about. It can be many different things for different people. When you get to cloud security, first off, you’ve got to define which part of the cloud you’re talking about -- which cloud service, which cloud computing model you’re talking about. Then we can talk about which specific security aspects apply to that part of the model.

What we do is look to standards, taxonomies; ways of talking about this that make sense both to the business people as well as the technology people . . . Cloud computing represents phase 2 of the internet where we’re actually leveraging the internet connectivity to create this utility of computing. It changes everything.

Van Ash: HP’s approach with Cloud Assure is really about enabling business confidence in the cloud. It’s about mitigating risk and you talked about risk management earlier. We’re really attacking four key categories. We’re attacking security, performance, availability and service levels, and controlling the ongoing cost. Now, why do we go after those four elements? Well, they’re consistently the top four elements that we see from both analysts and customers alike and they map pretty well to the seven deadly sins that Jim talked about right upfront.

Reavis: Don’t read the research in and of itself and assume you’re going to get all the answers. Use it with partners and consultants that you trust, that you know you can work with. Use it in conjunction with our broader guidance of best practices. Use good risk management practices and with that, you can be pretty confident that you’ll come up with a good strategy for how you should adopt cloud.

Campbell: Number one is to make your services shareable. So yes, that makes sense. It’s very intuitive and a first step in that, of course, is really, to think about it from the point of view of the audience. The audience being your application guys, your testers. Having your services available to them in a shared service environment is really the first step and to be able to provision that in a much more rapid fashion.

Second is to make your services more consumable . . . You want to be able to consume that service very importantly and intuitively like in a monthly type of fashion. You’re paying for what you use. What’s also very important is that not only are you presenting it in a consumable fashion, but then also that resource is then returned to the pool.

Third point is to make those services more valuable. It’s really tied to a very critical and relevant business outcome and also very importantly then how we can improve upon that. These three points really speak to a pragmatic evolutionary approach. It’s not a rip in replace. It’s not like you’re going to turn the switch and jump to a private cloud, but I think these are three great suggestions in terms of how to really make that evolution in a very pragmatic way.

Rence: VMs and the cloud are kind of like candy. They’re easily consumed but that doesn’t mean they’re all being used. That’s where the management tools really come in handy, to make sure that a group that’s leveraging the cloud, what you’ve basically taken and given to them to use – are they truly using it or is it something that they needed but they’re not sure when they’re going to get to it.
For those who didn't catch the virtual conference live, HP is making the replays available.
BriefingsDirect contributor Carlton Vogt provided editorial assistance and research on this post.
You may also be interested in:

Tuesday, March 9, 2010

TIBCO rolls out Spotfire 3.1 with spotlight on predictive analytics

In a move to mainstream predictive analytics, TIBCO Software today rolled out the latest version of its Spotfire platform.

Dubbed Spotfire 3.1, the latest iteration promises a natural language statistical experience. Spotfire 3.1 aims to help anyone in an organization get fact-based answers to questions that help drive revenue.

The company says its software is not just for analytics gurus but also marketing professionals, business development managers and others who need forward-looking business intelligence in a hurry. [TIBCO Software is a sponsor of BriefingsDirect podcasts.]

"Unlike traditional business intelligence tools, which for the most part aggregate historical trends only, Spotfire 3.1 projects them forward with what-if scenarios," says Mark Lorion, vice president of marketing for TIBCO Spotfire. "Anyone in the company can ask questions on demand and our analytics will provide future predictions based on behind-the-scenes data-driven methods. Users don't have to understand the methods. They just have to ask the questions – and they get answers instantly rather than waiting days like you would with today's business intelligence (BI) tools."

Spotfire 3.1 in action

Let’s say you’re trying to promote a new product in the consumer goods market. Spotfire 3.1 lets you choose input variables based on what you suspect might be driving the advertisement response, such as price, discounts, packaged offers, age of the respondent or length of time as a customer. You would then press a button that asks, "Are these related?"

After you push that button, Spotfire 3.1 works behind the scenes to run predictive models, using analytics and statistics to compile sensitivity analysis and correlations, then return a colorful graph that shows the response rate and which factors are most closely correlated to people clicking on your advertisement.

The software's multiple scale bar charts and combination bar and line plots offer analysis of unstructured, ‘free-dimensional’ data to identify key outliers and trends amongst the data.



While BI gives you historical data, the predictive analytics aspect of Spotfire 3.1 offers insights into what could happen next time you run a similar promotion. It can also help you fine-tune your promotions by targeting the customers that clicked on your ad, or offering different promotions to different audiences – and it does it almost instantly.

Unlike traditional BI or static spreadsheets, Lorion says Spotfire 3.1 also includes conditional coloring and lasso and axis marking that allow for better data analysis of patterns, clusters and correlations among sets of variables. The software's multiple scale bar charts and combination bar and line plots offer analysis of unstructured, "free-dimensional" data to identify key outliers and trends amongst the data.

“IT organization and statistician groups aren’t able to respond quickly enough to the many questions that arise from business users, so they go to their gut,” Lorion says. “Spotfire lets you make fact-based decisions rather than gut-based decisions.”

Predictive analytics challenges

Of course, predictive analytics software is not a new concept, and Lorion admits that the predictions are only as good as the quality and breadth of the available data. But predictive analytics is gaining momentum in the enterprise marketplace.

The economic downturn has been good for the analytics space because customers need to make reductions and predictions – but they need to be smart about it



IBM bought predictive analytics firm SPSS last July for $1.2 billion. And IDC predicts the $1.4 billion market for advanced analytics, of which predictive analytics is a subset, will grow 10 percent annually through 2011. Despite tight IT budgets, Lorion is optimistic about the space and the company’s offering.

“The economic downturn has been good for the analytics space because customers need to make reductions and predictions – but they need to be smart about it,” Lorion says. “Companies don’t want to hire PhDs to make sense of their statistics. But we need to drive awareness of our product and educate the market that the power of predictive analytics isn’t in the hands of only a couple of statisticians.”

Spotfire 3.1 works in tandem with Spotfire Application Data Services to let companies analyze data from various sources, including SAP NetWeaver BI, SAP ERP, Salesforce.com, Siebel eBusiness Applications, and the Oracle E-Business Suite.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.
You may also be interested in:

Cast Iron launches integration platform to help pull hybrid cloud models together

In a move to tackle a persistent cloud computing challenge, Cast Iron Systems just rolled out a new platform that aims to help companies large and small securely integrate public clouds, private clouds and on-premise applications.

Dubbed OmniConnect, the cloud integration solution offers a single platform rather than multiple products or on-premise tools to accomplish cloud integrations.

Five pillars undergird OmniConnect: complete integrations, a complete cloud experience, reusability of connectivity and processes, and portable, embeddable, and brandable environments, and centralized cloud management.

"Cloud application use is exploding, but just because you like Salesforce.com doesn't mean you are going to throw out SAP, Oracle or other applications you have on-premise. It's a hybrid world where companies have a combination of cloud and on-premise locations," says Chandar Pattabhiram, vice president of Channel and Product Marketing for Cast Iron Systems. "You don't maximize the value of your cloud applications unless you get all the data into it – so you need integration."

Complete integrations

Integration can get complex in a hurry with a growing number of applications in the enterprise, such as Salesforce, Google Apps, WebEx and ADP. Companies could take a do-it-yourself approach but it won't scale over time. Companies could also use an on-demand vendor for cloud-to-cloud scenarios, or hire an on-premise integration firm. Cast Iron Systems, though, is pushing OmniConnect as a better solution.

"Fifty-six percent of CIOs in a Gartner survey said they are transitioning away from the cloud because too many choices make it too difficult," Pattabhiram says. "Our new platform is meant to solve this problem by bridging the on-premise and cloud worlds. We offer complete integrations that include data migration, process integration, and UI mashup capabilities."

Fifty-six percent of CIOs in a Gartner survey said they are transitioning away from the cloud because too many choices make it too difficult.



OmniConnect, for example, lets SaaS applications access, cleanse, and synchronize data stored in legacy systems in real-time and completes processes such as quote-to-order, purchase-to-pay, and order-to-cash without leaving the Cast Iron OmniConnect environment. The platform can also mash up the data from disparate sources and display them in a single view without taking the data out of one application and putting it into another.

Users can configure their integration processes in the cloud, run them in a multi-tenant cloud-based environment, and monitor all integrations from a single cloud-based console. And the Cast Iron Secure Connector aims to overcome data security issues by offering a secure channel that exchanges encrypted or firewalled data between enterprise applications and Cast Iron’s multi-tenant cloud service.

Reusability, portability and management

C
ast Iron also announced a new Connector Development Kit that works to streamline building connections to new applications and data sources. The kit allows IT gurus to re-use connectivity created in OmniConnect to snap in connections to public clouds, private clouds, and on-premise applications. OmniConnect also offers reusable templates of the most common processes.

Portability is another feature that Cast Iron is boasting about. The software lets users make integrations or the entire OmniConnect portable into any public cloud, private cloud or on-premise data center environment. Infrastructure providers can also embed and brand the platform as their own integration-as-a-service offering. ADP, Dell and Cisco are already reselling the service.

There is significant value in having one platform rather than multiple solutions to bridge private cloud, public cloud and on-premise applications.



Finally, a cloud-based management console makes it possible for users to monitor multiple integrations across customer deployments in a single location. Management APIs are available for IT and SaaS providers to view the monitoring data within their private or public clouds. Cast Iron also announced support for Amazon Web Services customers through integration-as-a-service.

"Security and integration are the two biggest concerns cited in Gartner's study," says Pattabhiram. "That's why you see mega-brands partnering with us. They want to have an enterprise grade solution to help their customers adopt their cloud applications. There is significant value in having one platform rather than multiple solutions to bridge private cloud, public cloud and on-premise applications."
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.
You may also be interested in:

Tuesday, March 2, 2010

Cloud Security Alliance research defines top threats and best paths to secure cloud computing

Security. It's one of the major issues that keeps cloud computing from working its way deeper and more quickly into the enterprise IT mainstream.

But what are the potential threats around using cloud services? How can companies make sure business processes and data remain secured in the cloud? And how can CIOs accurately assess the risks and benefits of cloud adoption strategies?

Hewlett-Packard (HP) and the Cloud Security Alliance (CSA) answer these and other questions in a new research report entitled, "Top Threats to Cloud Computing Report."

The report, which was highlighted during the Cloud Security Summit at the RSA conference this week, taps the knowledge of information security experts at 29 enterprises, solutions providers and consulting firms that deal with demanding and complex cloud environments. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Mastering next-gen IT

As Cloud Security Alliance Founder Jim Reavis sees it, cloud services are the next generation of IT that enterprises must master – and it's imperative that companies understand and mitigate security threats that accompany the cloud.

"The objective of this report was to not only identify those threats which are most germane to IT organizations but also help organizations understand how to proactively protect themselves," Reavis said. "This is the first deliverable in our cloud threat research initiative, which will feature regular updates to reflect participation from a greater number of experts and to keep pace with the dynamic nature of new threats."

Cloud computing abuse

T
he Top Threats to Cloud Computing Report shines a light on vulnerabilities that threaten to hinder cloud service offerings from reaching their full potential. HP and the Cloud Security Alliance warn companies to be aware of the abuse and nefarious use of cloud computing. The report specifically points to the Zeus botnet and InfoStealing Trojan horses as a prime examples of malicious software that has compromised sensitive private resources in cloud environments.

Cloud services are the next generation of IT that enterprises must master – and it's imperative that companies understand and mitigate security threats that accompany the cloud.



Beyond malicious software, the report pegs sites that rely on multiple application programming interfaces (APIs) as typically representing the weakest security link. That's because one insecure API can impact a larger set of members using the evolving social Web, which presents data from disparate sources.

Rounding out the list of common cloud threats covered in the report are malicious insiders, shared technology vulnerabilities, data loss and leakage and account/service and traffic hijacking.

I'll be moderating a panel in San Francisco in conjunction with RSA later this week on the very subject of cloud security with Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security; Chris Hoff, Director of Cloud & Virtualization Solutions at Cisco Systems and a Founding Member of the CSA, and Andy Ellis, Chief Security Architect at Akamai Technologies. [Disclosure Akamai is a sponsor of BriefingsDirect podcasts.]

We'll be rebroadcasting the panel "live" with call-in for questions and answer at noon ET on March 31. More details to come.

For now, the RSA-debuted full report is available on the CSA Web site: http://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.
You may also be interested in:

Monday, March 1, 2010

Open source solutions for SOA: Check your bias at the door

This guest post comes courtesy of Ronald Schmelzer, senior analyst at Zapthink.

By Ronald Schmelzer

Most experienced practitioners in Service-Oriented Architecture (SOA) and Enterprise Architecture (EA), including ourselves, would assert that architecture and implementation are not interdependent. That is to say that architecture expresses means for describing ways of doing things whereas implementations are specific ways of doing those things.

Doing any particular architecture doesn’t require using any particular implementation, and vice versa, implementing something a particular way doesn’t imply or require any specific architecture. As such, any good architect should know that the best solutions are always context specific – give the business, users, whomever the constituency is, the best solution based upon their needs rather than any particular assumption ahead of time.

Getting this truism out of the way, why is it then that so many IT organizations prematurely discard Open Source Software (OSS) from their SOA implementations? While OSS may not be suitable for all implementations all the time, they are increasingly becoming suitable and feasible for an increasing number of SOA implementations.

For more information on virtualization and how it provides a foundation for Private Cloud, plan to attend the HP Cloud Virtual Conference taking place in March. To register for this event, go to:
Asia, Pacific, Japan - March 2
Europe Middle East and Africa - March 3
Americas - March 4

To make it absolutely clear, ZapThink is not advocating dumping all your vendor solutions in favor of an OSS stack; however, we believe that the current economic and technology environment are making OSS solutions more credible, feasible, cost-effective, and potent as the industry matures. In this ZapFlash, we’ll look at the current state of OSS for SOA and why this might be the right time to reevaluate your biases and assumptions about the “readiness” of OSS for SOA.

Open source, free software, and community development

F
irst, it is important to get our definitions straight. As is very aptly defined in Wikipedia, open source software is “computer software for which the source code and certain other rights normally reserved for copyright holders are provided under a software license that meets the Open Source Definition or that is in the public domain. OSS licenses permit users to use, change, and improve the software, and to redistribute it in modified or unmodified forms.” OSS differs from commercial software in that the ownership, maintenance, and rights to change the software are not owned by a specific company or group of companies.

The FSF defines Free and open source software (F/OSS or FOSS) as the freedom to copy and re-use the software, or in other words, “free as in free speech, not as in free beer”.



The term open source is frequently, although not always, used in conjunction with the idea of free software. In this terminology, free sometimes means that it costs nothing to acquire the license, but that’s not exactly how it’s defined by the Free Software Foundation (FSF). The FSF defines Free and open source software (F/OSS or FOSS) as the freedom to copy and re-use the software, or in other words, “free as in free speech, not as in free beer”. This means that FOSS licenses gives users the rights to copy, modify, share, redistribute, and otherwise contribute to the advancement of the technology, but doesn’t necessarily imply anything about total cost.

Muddying the waters is the idea of Commercial Open Source Software (COSS). In COSS, the community has rights to certain aspects of modifying, sharing, and enhancing the software whereas others are reserved for the company. We’ve seen many instances of COSS in the SOA landscape in particular, from firms who wish to have a “freemium” model or “Community Edition” products which are offered for free as an entry point, and commercially licensed and maintained products offered as a premium. So what’s the problem with OSS? Simply put, three big issues: Fear, Uncertainty, and Doubt (FUD).

OSS SOA FUD

Let’s start with uncertainty. From a SOA perspective, the big uncertainty on OSS rests on two main issues: Are there a sufficient number of OSS offerings to cover the scope of things we need for our SOA implementations, and are those OSS projects of sufficient quality to meet our needs? If only companies did indeed start with this question, they would quickly find that there are an increasing number of widely implemented, tested OSS solutions for a wide range of SOA development, infrastructure, and management needs.

For certain, if you are looking for products that offer so-called Enterprise Service Bus (ESB) functionality, then there are a plethora of Open Source solutions. Companies have successfully implemented Mule ESB, Apache Axis2, Apache Synapse and Apache ServiceMix.

You can’t make the blanket statement that implementations based on OSS are less robust than vendor solutions.



For SOA development, there are a wide variety of OSS options, most notably the Eclipse project. Not only has IBM’s OSS contribution of Eclipse made major inroads throughout IT development, it has spawned many associated development frameworks, such as the Swordfish SOA framework and the Equinox OSGi bundling framework.

Many open source projects are integrated or built on top of the Eclipse platform. There are now even open source SOA registry and management solutions including Mule Galaxy, SOPERA, WSO2’s open source registry offering, and the Membrane SOA Management tool. There are a wide range of OSS Business Process Management (BPM) and BPEL runtime engines including ActiveBPEL, Apache ODE, Orchestra, and a plethora of others.

As a sum total, these tools have had tens of million downloads and hundreds of thousands of implementations. Furthermore, individuals and companies have poured tens of thousands of hours of development time and maintenance into these tools.

Are these of the same quality as tools from vendors with decades of product development history? You can’t make the blanket statement that implementations based on OSS are less robust than vendor solutions.

Many open source tools build upon the experience of users who have previously used commercial offerings and thus aim to mimic or improve the functionality and performance of those solutions.

Furthermore, just how stable are those vendor tools anyways? After a decade implementing one vendor’s infrastructure suite, you find that that vendor got acquired not once, but two or even three times as their acquirers in turn got acquired, with the final product set “mish-moshed” amongst a dozen other acquisitions with no firm roadmap, an ill-defined integration plan from the vendor, and license and maintenance fees that make little sense.

In many ways, the simplicity and lack of confusion of the OSS suite is making more sense given the chaos of the product portfolios in the rapidly consolidating vendor marketplace right now.

Early vendor death and consolidation chaos

This brings us to the other two issues raised on OSS solutions: fear and doubt. Brenda Michelson from Elemental Links did a very good job outlining some of the considerations for open source in the enterprise IT environment.

Many architects refuse to even consider OSS solutions out of the often unfounded fear that they are unsupported. While it is true that many good OSS solutions require paid support to achieve the response time and care necessary, we would argue that money is well spent.

With commercial companies providing support for OSS offerings you get the best of both worlds: community development, testing, and enhancement at low or no cost, and professional support whose time and value are known quantities.

Even if you chose a commercial vendor, you’re going to be paying for support anyways. In what respect are OSS solutions any worse off in this case? It is ludicrous to assert that a vendor’s solutions are of such a high quality that the need for support is less than that of OSS solutions.

In fact, we find the contrary. When you purchase commercial vendor offerings, you pay for the licenses, maintenance, and support, in addition to your integration costs, and you don’t even get the benefit of getting others’ contributions.

When you purchase commercial vendor offerings, you pay for the licenses, maintenance, and support, in addition to your integration costs, and you don’t even get the benefit of getting others’ contributions.



Much of the doubt on OSS is placed by vendors who have vested interests in making sure you continue to feed them millions of dollars of license and maintenance revenue. But given that many enterprise IT vendors are folding, getting acquired, or abandoning their product lines, we see a greater risk in towing a strictly commercial vendor line.

Without the source code and enhancements in the community, when a vendor gives up the ghost, stops developing their product, or gets “mish-moshed”, the code simply disappears. No one is there to support a dead company’s products or a dying product line.

In this regard, OSS presents less of a risk because the code is out there in the community, available for anyone to pick up. From a SOA perspective, you want to have as few dependencies as possible on your infrastructure or a single vendor’s solutions. As such, for many, OSS makes a whole lot of sense.

An OSS and SOA case study (courtesy of the SOA-C)

Recently, the SOA Consortium (SOA-C) had a case study contest to elicit the best SOA implementations and architecture design. One of the winners was BlueStar Energy, which implemented a relatively sizable SOA implementation entirely on OSS solutions.

Some of the lessons they learned were some of the things we often espouse: incremental delivery, standards-based interface, consumer heterogeneity, loose coupling, and, composability. If you read the case study, you can see that the design principles had a decidedly non-vendor bias. They wanted control over their environment, and this meant creating a specification that required implementation neutrality.

The consequence of the way that BlueStar designed their architecture is that they found that OSS solutions best fit the bill for their needs. Their Business Integration Suite consists of open source distributed, scalable and reliable components such as enterprise service bus, business process management system and messaging fabric.

The end result is that between the adoption of SOA, open source and offshore development, the company estimates saving $24 million over the course of five years. For many of our readers, the BlueStar case study probably describes your environment as well. The case study is worthy of a close read!

ZapThink take

We at ZapThink have no vested interest in espousing a particular position that OSS or commercial vendor offerings are inherently better than the other. As mentioned, all good architects need to consider the context for their implementations.

For some companies, a vendor approach is best (especially in mainframe-based legacy environments where OSS simply doesn’t exist). But for others, we believe that biases dominate the discussion. Enterprise architecture does not demand vendor solutions. You can choose to implement aspects of your EA entirely on your own. Or you can buy technology from a handful of vendors. Or you can grab open source solutions online. There’s no bias in the architecture – why do you have bias and why is there bias in the marketplace?

The best place to start is where BlueStar Energy started: focus on the goals and needs of the architecture first. Define your architecture in a vendor-neutral, implementation agnostic way. Then, when it does come time to consider your implementation, start with a gap analysis.

Which tools do you already have that suit the need that you don’t need to buy again? Which infrastructure and tools do you need to acquire to fill the gaps? For those gap fillers, consider OSS and vendor solutions equally and evaluate them on an equal footing. You might be surprised to find what truly fits the bill for your SOA implementation needs.

Check your FUD at the door. Make sure you aren’t losing an advantage by prematurely eliminating OSS from your SOA infrastructure mix.

This guest post comes courtesy of Ronald Schmelzer, senior analyst at Zapthink.



SPECIAL PARTNER OFFER


SOA and EA Training, Certification,

and Networking Events

In need of vendor-neutral, architect-level SOA and EA training? ZapThink's Licensed ZapThink Architect (LZA) SOA Boot Camps provide four days of intense, hands-on architect-level SOA training and certification.

Advanced SOA architects might want to enroll in ZapThink's SOA Governance and Security training and certification courses. Or, are you just looking to network with your peers, interact with experts and pundits, and schmooze on SOA after hours? Join us at an upcoming ZapForum event. Find out more and register for these events at http://www.zapthink.com/eventreg.html.

You may also be interested in: