Thursday, October 4, 2007

Analysts debate role of governance and 'total management' in the dawning era of SOA

Listen to the podcast. Read a full transcript of the discussion. Sponsor: Tidal Software.

I recently had the pleasure of participating in a live discussion (now a podcast) at the Harvard Club of Boston with Jason Bloomberg, managing partner at analyst firm ZapThink, on the current state and future outlook for governance and management in SOA environments.

Moderating the discussion was Martin Milani, chief technology officer at Tidal Software, which sponsored the luncheon event. We had dozens of enterprise IT executives from the Boston area in attendance, and they joined us in a questions and answer session after the presentations.

During the hour-long "debate" Jason and I explored how IT management will evolve in the world of service-based applications. The discussion delved into issues of new standards, how SOA demands that performance management and change management should augment and elevate the role of systems management, and on how the integrity of services delivery requires a deep and wide approach to "management in total" across a service's lifecycle.

A recent survey supports some of our conclusions: That more needs to be done to provide governance and management, and that the very definition of "management" requires re-evaluation in the era of SOA.

Here are some excerpts from the event:
The key thing to keep in mind about SOA in this context is that services are an abstraction. That is, they help to provide flexibility to the business, but they don’t actually simplify the underlying technology. Many architects are a bit surprised by this, that SOA doesn't make their jobs easier or make the job of IT any easier. If anything, it’s more complex.

There's more of a challenge for IT to meet the business requirements for flexible, agile, composable, and loosely coupled services. As a result, you have this need for the IT organization to rise to the challenge of services. This is especially true in the management area because the services essentially have to behave as advertised.

The implications for those dealing with applications is that you are going to service-enable those applications, decouple, and decompose them into essential core services, and then repurpose them by cross-compositing processes. What is that going to do to you, if you think you are going to go to firefighting mode when you have performance issues? It’s simply not going to work.

You need to rethink management and support, and you need to try to get proactive in how systems will be supported to head off performance issues and create insurance policies against blackouts, brownouts or other snafus. SOA is really a catalyst toward a different approach to the management and support of the services.

[SOA management] needs to be looked at not just as management of discrete parts, not just trees within the forest that each stand on their own -- but the forest itself. I'd like to see that get to the point where it becomes something that can be assimilated further than just the systems -- with the business objectives as well.

... You are going to want to tune how your applications and services are delivered, perhaps to live up to service level agreements, or perhaps so that you can give priority to certain data, application, or services streams over others. ... That’s going to require a different level of management. It’s really about leveraging the old, finding ways to assimilate and then put a more operator- or policy-driven -- perhaps even automated -- approach on top of it.

With SOA you need to gather information about your systems both deeply and broadly: deep and wide. You can already get a fire-hose of data from your systems, log files, and agent- and agentless-based approaches already on the market. You get a ton of data. It’s working with that data in the context of a horizontal business process that’s the hard part. ... If one aspect of a process goes down, that’s the weak link in that chain, the whole chain could be at disadvantage.

In the past, you might have one application down, but people could go off and do another task, because that mainframe would be back up at two o’clock. If your entire supply chain is disabled for a period of time, that’s a higher price to be paid. So, we're looking at a different level, and I don’t think we’ve seen the solution yet.

The value of IT here can be much greater. It can be an enabler, not a cost center. It can be the way in which not only is information relayed about what’s going on, but can determine what we want to happen. We want to change that supply chain. We want to change that distribution, recall these products, get a list of every single product and every serial number, and we want to relay that to our sales force.

That sounds straightforward, but if you try to do that with a lot of IT systems today, you’re going to find yourself up there with the equivalent of mimeograph and crayons, doing it by hand -- and that’s just not acceptable. So in the future, a company’s very existence could be at stake if they don’t have agility in these processes.

SOA is really not optional. Companies that don’t get this right will suffer the consequences. They will suffer lawsuits and suffer a competitive disadvantage. They are going to go out of business. This is an important thing to keep in mind. IT is not playing around here. You can't say, "Maybe we will do SOA, if we can figure it out, or maybe we won’t. We’ll just do things the old way, where we are siloed and we keep on going."

Instead of just running around and not being able to use technology, we want to have a governance plan in place, saying “This is how we’re dealing with problems. Here is how the technology will rise to these challenges." And, we make it a matter of policy. So now, instead of just having to wing it when you have some sort of issue, there is an infrastructure in place for helping you deal with issues as they come about.

A key to this is the management challenge. As management technology improves, it is less and less about just monitoring stuff, and more and more about being able to deal with issues as a matter of policy, where your policy is in place for dealing with problems that you can’t predict -- and those are the most challenging ones. That’s what we see happening over time.

What’s happening in the management standards world is a pissing match between the big vendors. You have the Java guys wanting to this and then Microsoft guys wanting to do that, and nobody listens to them, because they can't agree with each other. So, they'll realize, "Hey, all of our customers are ignoring us. We'd better get our act together." It’s become this big political thing that’s just slowing whole thing down.

From the enterprise perspective, you don’t have to wait around for the vendors to grow up. You can get stuff done today. This isn’t going to stop you from being successful with SOA initiatives today. It might mean that two products you buy off the shelf might not interoperate as well you like. That has to be part of your plan. It might mean you have to come up with your own internal standards for the time being.

As companies move closer to SOA, it forces them to grow up. It forces them to think across boundaries. In the past, complexity has forced companies to divvy up issues into small compartments, put a box around them, and assign people to that item of complexity.

But that has stifled the ability of interoperability and of addressing things holistically, of being fleet and agile. It’s made them brittle, has made them slower, and has made things expensive. SOA forces companies to start binding what happens in pre-production to post-production, what happens in an application with what happens in an infrastructure, and what happens on a service level from an outside provider to what happens as a shared service internally.

There are great risks if you try to do SOA without growing up, but there are super opportunities if it’s done properly. It can elevate IT as a function within the organization from being an inhibitor to the absolute enablement for new business and growth and opportunity.
Listen to the podcast. Read a full transcript of the discussion. Sponsor: Tidal Software.

Wednesday, October 3, 2007

Microsoft opens kimono to show athletic supporter with iron-clad cup

The "if you can't beat 'em, join 'em" mood at Microsoft has gotten more of an open source flavor. Soon, developers (and other interested parties) will see more source code under the .NET and Visual Studio 2008 covers. This is interesting.

But by pulling back the kimono, Microsoft has only shown an iron-clad cup over the family jewels. Look but don't touch. No chance of legally changing the code, or redistributing it, only learn and learn well. Sorta open source.

It's a pretty big deal, I guess. I shows that even Microsoft recognizes that certain elements of the open source credo make sense, if not enough cents. The mantra of open source is killing software and has no role in the real world -- well, I doubt we'll seeing much more of that.

It's like George Bush saying he's no longer against raising taxes, but has no intention of actually doing it. It's the thought that counts!

Is this a slippery slope beyond the FUD factor, however? Will such code exposure lead to outright dancing in the moonlight someday? How many products will they give the peak-a-boo treatment too? When will such openness become a security ... err, legal, risk?

Well hackers and competitors already get a lot of gropes at the code, anyway. This just gives the honest people a thrill. Or maybe there's more to the gesture. Could this be a set-up that anyone who looks at the code and comes up with way to skirt using the Windows runtime when they enjoy the splendors of the development environment?

I expect that with such access to the goodies that more folks will want to develop around the framework and tools. And while that inevitably leads to more sales of the runtime, the decoupling of the pre-production and the post-production continues. This can only hasten the trend.

One has to wonder how Microsoft's lawyers will interpret the code "advances" over time.

IBM 'continuum' helps companies crawl-walk-run along the SOA path

IBM today unleashed a barrage of announcements that cover services and software to enable a crawl-walk-run strategy for enterprises, as they move into the services-oriented architecture (SOA) world.


The new offerings range from a "SOA Sandbox," which will allow developers to "play" with SOA before using it in a production environment, to WebSphere enhancements, and finally, to an unveiling of the new IBM Optim, a data governance application from recently acquired Princeton Softech.

Key to the crawl-walk-run approach is what IBM calls their SOA Continuum, which takes companies from the very basic -- involving only focused, high-ROI projects -- to the most advanced, in which technology becomes invisible and more than 80 percent of business functions are delivered as services -- and more than 50 percent of those are re-used.

I sort of remember the logic from an earlier blog. Glad they agree.

Recognizing the need for what they've dubbed the Globally Integrated Enterprise, IBM has also introduced assessment tools, including a Benchmark Wizard, which is based on key agility indicators and is loaded with 1,100 qualitative business indicators and uses best practices derived from 1,600 case studies. This will allow an enterprise to determine how it stacks up against the industry in general.

The new offerings also address several key stumbling blocks along the path to SOA-based agility. One such sticking point is how systems respond when services from various sources may be unavailable. IBM says its updates WebSphere Process Server has extensive compensation support, allowing process to recover reliably when target applications are unavailable.

Another key concern is exposing sensitive or personal data when services access databases. The newly acquired Optim product is designed to identify and protect private data in complex application environments.

IBM also announced enhancement for process integrity to several products, including:

  • Message Broker and MQ
  • Tivoli Composite Application Manager for SOA
  • WebSphere DataPower XML Security Gateway
  • IBM Information Server

IBM is taking an "all things to all people" approach and offering new SOA configurations, designed to help enterprises use legacy and packaged applications in a SOA environment. These include best practices and step-by-step implementation guides.

To help developers get started -- before even starting to crawl along the SOA path -- IBM has set up a SOA Sandbox, a free test bed on the developerWorks site. The sandbox, where potential users can download trial software or can "play" online in a hosted environment, includes software, tutorials, quick-start guides, and best-practices guidance.

As another aid to companies, IBM is offering "SOA Healthchecks," workshops to assess and diagnose applications, services and infrastructure to determine application reuse, security, and infrastructure flexibility.

Look for this opening salvo to increase in crescendo over the next few months, as IBM rolls out these and more SOA offerings at 500 events, including a customer Webcast on Oct. 9, and a series of announcements to create a drumbeat about the latest SOA end-to-end initiative.

Engagement on SOA has to take place in countless ways. IBM seems to be up to the task, or least is ready to try.

Monday, October 1, 2007

Adobe pushes foward on enabling RIA ecosystem with Flex 3, Adobe AIR betas

The world of rich Internet applications (RIA) got a little richer on Monday when Adobe Systems released the beta versions of Flex 3 and the Flex SDK with enhanced features for evelopers.

The beta versions are in place of the alpha release, which was scheduled for this month, but which has been pushed out to the first quarter of 2008 to coincide with the release of Adobe AIR 1.0. The AIR beta is also available.

Enhanced capabilities of the Flex beta include support for ASP.NET, including new data wizards that allow developers to look at data tables and create a new Flex application from a SQL database. Developers who consume Web services can view the WSDL files and automatically generate code for invoking operations.

Adobe AIR now supports background applications and system tray notifications, allowing the app to run in the background. Among its other features are:

  • Synchronous APIs for embedded local database
  • Greater control of windows and menus
  • Content protection for video, HTML improvements
  • Application and runtime enhancements such as improved install process and automatic updates for the runtime.

Check out Matt Chotin's blog at Adobe for a complete rundown on the latest enhancements and updates.

Also, keep an eye out for Adobe to announce a new Adobe Developer Connection, where the Adobe community can get newsletters, form a professional network, participate in forums, and get special offers.

The Adobe AIR and the Flex betas can be downloaded from the Adobe Labs site, which also has a pre-release version of Adobe Media Player, which will be free to end users and will allow companies to distribute Web 2.0 content in video format. Major television broadcasters and other content producers have already agreed to support the Adobe format.

Adobe made the announcements at Adobe Max 2007. Among other news from the event:

Adobe has signed a definitive agreement to acquire Virtual Ubiquity and its online word processor, Buzzword, built with Adobe Flex and leveraging Flash Player. It's soon to be available on Adobe AIR. Buzzword has integral collaboration capabilities that allows multiple authors to edit and comment on documents from anywhere at anytime. Because it will run on Adobe AIR, the application will offer users a hybrid online/offline experience for working with documents.

Adobe and Business Objects have agreed to jointly undertake multiple initiatives to drive product interoperability and optimization, technology adoption, and product distribution.

One of the key initiatives is the development of a Business Objects Xcelsius Connector to Adobe LiveCycle Data Services ES.

Adobe is posing a strong alternative to other platform approaches to RIA and Enterprise 2.0 interfaces, most notably against Microsoft. It's just one of the thousands of daggers pointed at Redmond nowadays, but its cuts could go deep.

I'd like to see Adobe make more partnerships with those vendors supporting SOA activities. More ease and integration of RIAs and SOA infrastructure could be powerful. Microsoft obviously thinks so. I wonder why IBM and Adobe are not closer, at least in their more blatant go-to-marker campaigns.

I'd also like to see Adobe move more quickly on the completeness of the platform approach. These RIAs are catching on fast.

Software AG consolidates governance products for SOA

Software AG took the "big picture" view of governance for service-oriented architecture (SOA) with the announcement today of the CentraSite Governance Edition.

The approach aims to enable governance more broadly across the enterprise, with policy enforcement capabilities building on the webMethods Infravio X-Registry (acquired by SAG with Infravio earlier this year). Enforcement features are built directly into the platform, which offers a richer and more extensible metadata repository, a more intuitive Web2.0 interface, and wizard-driven templates.

While SOAs can help companies achieve much-needed business agility -- by flexibly arranging and repurposing existing and new IT assets, both from within and outside the enterprise -- that agility comes at the price of greater complexity.

One stumbling block has been the governance of SOA assets and processes, along with the ability to set, adjust and enforce policies. SOAs will require finer management of assets as they access and expose ever more enterprise data and interactions.

Encompassing both a UDDI (Universal Description, Discovery and Integration protocol), v. 3.0 compliant registry and a fully extensible, JAXR complaint (Java API for XML Registries) repository for maintaining associated metadata and policies, CentraSite Governance Edition can be implemented as the design-time, run-time and change-time governance platform for any heterogeneous environment.

It also acts as a policy hub for run-time enforcement with an integrated run-time policy enforcement point, webMethods X-Broker, and standards-based support for additional third-party applications used to mediate transactions betweens service providers and consumers.

A new feature in CentraSite Governance Edition, available now, is Active Policy, which automates SOA processes and simplifies end-user adoption. It is also pre-loaded with more than 80 pre-defined best practices that help streamline end-user adoption.

Other features include:

  • Unified lifecycle governance
  • Enhanced repository
  • Open metadata model
  • Enhanced change-time governance
  • Customized views
  • SOA federation
  • Standards support

Tony Baer at CBR Online sees Software AGs move along its webMethods roadmap as being "right paced" and even takes a look into the future:

"Software AG is moving very deliberately to execute on the roadmap for converging products from the acquired webMethods. With announcements right paced at about every four weeks, this is the second such announcement to come out of Software AG since it unveiled the roadmap back in August.

"The company is also being upfront, in that, while it is making the products look cosmetically the same at the UI level and in branding, it admits that the real convergence will happen next year. At this point, both have, or will have, common Ajax-based rich user interfaces. Both rely also on the JAR (Java API for XML Registries), so access in also via a common method."