August 31st, 2009

Wal-Mart to compete against Amazon; are Wal-Mart Web Services next?

Posted by Joe McKendrick @ 7:51 am

Categories: Vendor Watch, Web Services, business process management

Tags: Wal-Mart Stores Inc., Web Service, Amazon.com Inc., Cloud Computing, Web Services, Web Technology, Strategy, Enterprise Software, Software, Management

Wal-Mart, the gigantic discount retail which is able to offer discounts via a well-orchestrated systems-based supply chain, announced it is launching an online marketplace featuring close to a million items from various sources.

Speculation is that this is Wal-Mart’s move to capture some of the success Amazon has seen in the online space. While the retail sector suffered through the recent economic downturn, Amazon blazed along with barely a hiccup.

Now, if Wal-Mart really wants to take on Amazon across the board, they should consider an entree into the cloud space, such as that dominated by Amazon Web Services. Amazon essentially took its vast array of IT assets built for its e-commerce operation and turned it into a shared offering for the business IT sector.

Will we eventually see Wal-Mart do the same with its massively expanding IT infrastructure? Wal-Mart Web Services, anyone? (This is a tongue-in-cheek speculation, sort of…)

August 27th, 2009

Cloud: the SOA we always wanted, but never had?

Posted by Joe McKendrick @ 1:19 pm

Categories: Business ROI, Links, Management, SOA Events, SOA Surveys and Research, Vendor Watch, Web 2.0-Enterprise 2.0, business process management, cloud computing

Tags: SOA, IT Costs Cloud, Service-Oriented Architecture (SOA), Web Services, Middleware, Enterprise Software, Software, Joe McKendrick

Is cloud computing — in which services are produced and consumed across entities — paving the way for a massive wave of service oriented architecture adoption across businesses?

‘Cloud is SOA done right’

I recently had the opportunity to join a lively panel discussion led by Phil Wainewright to ruminate over this question, and we came to a general conclusion that cloud, indeed, is making SOA an easier sell to businesses. The consensus seemed to be that cloud is helping to boost the advantages promised by service orientation to a firmer business footing.

Phil and I were joined by David Bressler, principal architect with Progress Software, and Ed Horst, vice president of product strategy for AmberPoint. (Listen to the 45-minute interactive panel discussion here, read the full transcript here.)

I know many of you will correctly point out that cloud and SOA are different entities, with SOA focusing on the architecture and cloud on delivery of services. But consider the ways cloud is turbo-charging SOA. In some cases, SOA proponents have been struggling for years to get things moving in the right direction, and cloud is providing some new oomph and vitality to the effort:

• Cloud (as SOA should be) is well understand, and often demanded, by the business
• Cloud (as SOA should be) is platform, language, and technology agnostic
• Cloud (as SOA should) provides greater visibility and transparency to actual IT costs
• Cloud (as SOA should) necessitates binding contracts between service providers and consumers
• Cloud (as SOA should be) is based on trust between service providers and consumers
• Cloud (as SOA should) originates from business requirements

As Phil — who has been tracking developments in this space since launching LooselyCoupled.com almost a decade ago — put it, “Cloud is SOA done right.”

The panel kicked off with a discussion of the advantages cloud brings to the table, including service functionality across firewalls, more rapid delivery of information technology, and greater opportunities for integration. However, Phil pondered whether these are all the benefits that SOA was supposed to deliver.

Dave observed that cloud enables these advantages “through a way that allows you to use external providers to jump start that. “By doing that, it becomes much more component driven.”  Plus, actual costs of business and IT services are more visible. Often, he added, a lot of infrastructure inside the enterprise “is discounted because there’s no clear or immediate benefit.”

Both SOA and cloud “have the same benefits because they both are essentially — fundamentally, architecturally, the same thing,” Dave continued.  “But that’s where SOA leaves it — as an architecture. Cloud is about external providers providing services and wrapping those things — including the contract, the SLA — and then delivering that to different constituents.”

I pointed out that the ramp-up to SOA provided some foundation for the cloud experience, since “one of the big issues that many companies had to come to terms with in SOA is the establishing service level agreements, because they necessarily didn’t know where the service was originating — from another part of the enterprise, or crossing the firewall.” reliability and scalability also needed to be guaranteed.

Ed noted, however, that whether its SOA or cloud, enterprise service consumers do typically have a handle on who is providing the service. “In a lot of the customer examples that we have — telco, healthcare, those kinds of things — they’re still interacting with a well-known group of users,” he pointed out. “It’s not random, you-don’t-know-who-you’re-interacting-with kind of situation.”

There are also lessons to be drawn from the SOA experience that can be applied to cloud computing as well, Ed said. For one, “start with a specific project that has some kind of reasonable boundaries to it, that’s going to have daily business impact when it’s done.  You want something that has regular use.” Also, Ed advised, “avoid the “boil-the-ocean architecture approach where we’re going to get everything to be cloud before we really do anything in cloud — we’ve seen that in SOA.” He recounted how one company developed a 72-page book of specifications,  looking at every possible policy consideration, before they even started working with an SOA methodology. “Those boil-the-ocean approaches probably fail more often than they succeed,” he said.

The best approach for SOA — and now for cloud — is more of a hybrid strategy that focuses on specific projects, but employs a broad-brush architectural approach. “One of the more successful strategies I’ve seen is kind of a hybrid of kind of broad strokes as to where the overall architecture is going, where we really want to end up in two, or three, or four, or five years even — but with some real practical realities around that initial project.” Also, another lesson from SOA: “Govern early and often. You don’t usually regret having done that early on — but you oftentimes regret not having done it if you don’t.”

I added this thought to the conversation: if one was to be attending a conference ten years from now, “you will see that cloud did change the way we look at SOA and for a couple of reasons.” First, through cloud computing, the business gained a better understanding of service orientation. “If you want to sell SOA to the  business, pitch it as cloud.”

Dave also raised the issue of cost structure, and how cloud — for better or worse — provides greater visibility into hidden costs that SOA does not address.

He illustrated the point this way:

“You and I are working in the same company.  You have a service, I’m using that, we shake hands. ‘Phil, throw an extra server in there because I’m going to add some capacity. How much capacity?  I don’t know yet. Okay, let’s go play golf.’  But now, I’m paying you to do the same thing as a cloud provider and I’m going to look at the bill. ‘Ooh, how come there are two servers on the bill?’  You might then go to your team say, ‘find another service somewhere and put it in.’”

The cloud providers will  provide their services at a specific cost, that’s the actual cost plus whatever the margin may be. Whereas, internal IT has always been kind of subsidized.  If you need a  project, you get internal IT to put it together for you, and delivered for you, and a lot of those costs  either were hidden, and were dispersed across the enterprise. Cloud is forcing organizations to look at the actual cost of service delivery and perhaps the alignment more with what the market will  be.

August 26th, 2009

SOA security: isn't SOA itself a security solution?

Posted by Joe McKendrick @ 9:09 am

Categories: Links, Management, Standards Watch, Web Services, business process management

Tags: Security, SOA, Service-Oriented Architecture (SOA), Web Services, Middleware, Enterprise Software, Software, Joe McKendrick

Mark O’Neill picked up on my recent post on SOA security and asks a very logical question: Why aren’t we looking at SOA as an enabler of security, versus worrying about the security of SOA approaches?

We’re asking the wrong question about SOA security

A very good question indeed. Mark calls this the “neglected flipside of SOA security,” observing that “SOA Security” is two separate things, solving two separate problems — securing SOA-based infrastructures, and applying SOA principles to security. “I think that too many SOA Security articles focus only on the first meaning of SOA Security (making SOA more secure) than on the second (applying SOA principles to security to make it more easy to deploy and manage),” Mark says.

He explains:

“‘SOA-flavored Security’ means making security more management and easy to deploy by isolating re-usable components of security and providing them as managed services. For example, the OASIS DSS standard explains how digital signature services can be used in order to provide signing and signature validation services over the network, accessed using a Web Services interface. This solves a knotty problem, and provides a good framework for key management. Similarly, specifications such as XKMS, XACML, and WS-Trust are really all about applying SOA to security, to solve interoperability problems, not about ‘making SOA secure.’”

A few weeks back, I quoted Open Group’s Dr. Chris Harding, who also pondered whether we’ve been looking at the SOA security problem “the wrong way around.” Chris suggests SOA and the use of shared services may actually solve more security problems than it creates.

The beauty of a service-oriented approach is that it provides for common mechanisms — security services — that can be developed and tested and applied against many types of applications or scenarios. Individual domain or application owners no longer need to reinvent the wheel, rely on jury-rigged approaches, or cross their fingers if common SOA-based security is available within the enterprise to secure their application and data assets.

Again, SOA may solve more security issues than it creates.

August 25th, 2009

Study: unified communications doesn't deliver -- yet

Posted by Joe McKendrick @ 10:02 am

Categories: Business ROI, Case Studies, General, Links, Management, Web Services, business process management

Tags: Unified Communications, Collaboration, Joe McKendrick

It would seem that converting technology that has existed as proprietary, embedded-code hardware-driven solutions to service-oriented software would be very productive.

Needed: baselines to measure UC gains

However, unified communications (UC) approaches still have yet to prove their ROI mettle, a new Forrester Research study claims. As reported by Tim Greene in Network World, half the world is not convinced of the efficacy of UC. Forrester’s Henry Dewing is quoted as observing that half the companies he spoke with don’t yet see the business value in UC. “When you talk to end users, they want a 12-month return and a triple-digit ROI,” he says.

For many businesses, the challenge is determining a baseline of costs before UC is implemented, Dewing says. UC brings various communications methods — including IP telephony, instant messaging, email, and voice mail — into more integrated settings running on standard IT systems.  Benefits include measurable, quantifiable metrics such as cutting down on business travel (in favor of teleconferencing) and enabling the decentralization of call centers.

However, there are many soft benefits such as cutting down wait times and increased end user productivity. Good stuff, but notoriously difficult to measure. Perhaps we will start seeing more cloud-based UC services that will add incremental pricing into the equation.

August 25th, 2009

Will vendors finally force SOA and BPM to mingle?

Posted by Joe McKendrick @ 9:43 am

Categories: SOA Surveys and Research, Standards Watch, business process management

Tags: BPM, SOA, Service-Oriented Architecture (SOA), Business Process Automation, Operational Planning, Enterprise Software, Web Services, Strategy, Middleware, Software

In the wake of Software AG’s acquisition of IDS-Scheer, Dana Gardner raised this question at a recent BriefingsDirect podcast: “Is the SOA landscape is being driven by folks trying to do it all?” As he put it: “I thought the whole notion of SOA was being able to include more players and more components to interact and interoperate. What’s going on?”

SOA-BPM merger is inevitable, but is not being rushed

There’s been a trend toward consolidations and acquisitions in which vendors are scooping up or adding capabilities in hopes of being able to offer end-to-end SOA suites. Of course, Dana is right, in that the whole idea of SOA is independence from these catch-all solutions, and being able to pick and choose, swap in and swap out interchangeable solutions as needed.

What caught the panel’s attention with the Software AG-IDS Scheer acquisition was the possibility that vendors may start forcing business process management solutions into that end-to-end SOA mix as well. However, in this case, it’s likely that Software AG may keep BPM focused on the BPM side of its product line.

For example, Jason Bloomberg, who joined the panel, pointed out that the acquisition itself actually had little to do with SOA. “With the IDS Scheer acquisition, if you read through what Software AG is saying about this, they’re not connecting it with their SOA story. This is part of their BPM story. This is a way for them to build their vertical BPM expertise. That’s the missing piece.”

It may take time for the SOA and BPM worlds to come together anyway. It’s like the separate Francophone and Anglophone cultures that exist in Canada; the Scotts, Welsh, English, and Irish in the UK; the Flemish and Francophones in Belgium; or the residents of North and South New Jersey. They’ll all agree to exist under one roof, but that’s about it — they still want their own ways of doing things.

But as Tony Baer put it, there’s a new emerging element that may force the BPMers and SOAphones to talk, at least a bit: “There has always been a huge cultural divide between the business folks, who felt that they own BPM, versus the IT folks, who own the architecture or the technology architecture, which would be SOA. What’s really interesting and what’s going to stir up the pot some more — and this is still on the horizon — is BPMN 2.0, which is supposed to support direct execution.”

Until then, we can conclude that it’s not likely we’ll be seeing a lot of BPM stuff being shoe-horned into SOA suites. But, it is inevitable that SOA will rely more on BPM; and BPM will rely more on SOA. It’s inevitable.

August 20th, 2009

Debate: Is SOA still too immature to secure?

Posted by Joe McKendrick @ 3:19 pm

Categories: Data managemetnt, General, Links, Management, SOA Surveys and Research, Standards Watch, cloud computing

Tags: SOA, Service-Oriented Architecture (SOA), Web Services, Middleware, Enterprise Software, Software, Joe McKendrick

Two recent posts by leading SOA thinkers have different takes on the state of SOA security. Is it a monstrosity that is almost impossible to secure end to end, or is it something that can be started relatively simply and grown with proper attention and management?

Will SOA outgrow its insecurity?

Forrester’s Randy Heffner says we have reached a point where SOA is secure enough for prime time. However, he cautions, while WS-Security has helped standard Web services using SOAP, some careful navigation is required for full-blown SOA. But it’s doable. “Advanced SOA security - involving federation among partners, nonrepudiation, and propagation of user identities across multiple layers of service implementations - is in its early days,” Randy points out. Still, the need for robust SOA security will be inevitable. “Many user organizations will find that advanced SOA security becomes mandatory - especially with increasing data privacy and other regulations.”

JP Morgenthal takes a dimmer view on SOA security, pointing out the world really hasn’t agreed on a consistent definition of SOA, and, therefore, there may be issues with attempting to provide security. As he points out: “If you can’t define it, you cannot secure it!”

JP adds that while there is plenty of research and literature on the topic of cybersecurity, there’s very little that connects SOA and cybersecurity. The problem is that SOA touches so many parts of the technology stack, and each has its own security solutions and protocols.

“If you’re tasked with focusing on cybersecurity for your SOA, you could focus on locking down access to your Web services, stopping SQL injection attacks, addressing DDoS attacks against the service, etc. Each of these areas requires considerable knowledge of the entire computing stack from telecom through the hardware through the operating system and into the application. Holy rotten fish Batman! That’s a tall order for even the most adept team, but it’s made even more difficult by the fact that there aren’t that many cybersecurity experts available that understands this entire domain.”

Still, Randy Heffner takes a stab at designing SOA security, starting with virtual private networks and two-way Secure Sockets Layer (SSL) at the simplest level. “Hackers cannot even connect to an SOA-based service unless they steal a certificate and key from a service consumer,” he says. Move up a step or two, and the next option is to leverage “existing SOA security features in Java or .NET application platforms and concentrating SOA security within an SOA specialty product such as an enterprise service bus, SOA and Web services management solution, SOA security server, or SOA appliance,” Randy says.

Ultimately, even when starting with a simple SOA security such as VPNs or SSL, SOA proponents need to recognize that the process will develop into something more intricate. The key is “to anticipate the need for and leave paths open to build additional, deeper security functionality as business requirements demand and SOA security maturity allows,” Randy says.  We’ll grow and learn as we go along, he believes:

“Typically not all applications need all of your security requirements; initial applications may be able to do with a lighter-weight pass on building your SOA security solution, while later applications require you to fill in your solution with additional features….  Each time you make a pass through, you will learn more about how to build the most effective SOA security solution with the pieces that you have.”

Still, JP says the current crop of tools and protocols are too immature for top-to-bottom SOA. Things will only get more complicated as SOA-enabled services become part of cloud offerings. “What I have experience in with regard to the WS-* security mechanisms, security tools and technologies for securing Web-based and non-Web-based applications, still do not begin to address the real hard issues regarding cybersecurity in an SOA; especially as we expand the notion of service.”

SOA raises issues that never arose in the days of siloed applications and point-to-point Web services. Both Randy and JP recognize that securing a complex network that touches many parts of the stack is going to take work. Where they disagree is whether current approaches are at least a place to get started. JP adds that SOA is too much of an amorphous, changing entity on which to base solid security decisions.

August 18th, 2009

WebSphere versus .NET: battle royale!

Posted by Joe McKendrick @ 8:32 pm

Categories: General

Tags: IBM WebSphere, Microsoft Corp., Application Servers, Middleware, .Net, Enterprise Software, Software, Software Development, Software/Web Development, Joe McKendrick

Lots of benchmarketing action on the application server/middleware front:

“After carrying out a number of benchmarks, Microsoft concluded that .NET offers better performance and cost-performance ratio than WebSphere.”  (Shock! Surprise!)

“IBM rebutted Microsoft’s findings and carried out other tests proving that WebSphere is superior to .NET.” (Shock! Surprise!)

“Microsoft responded by rejecting some of IBM’s claims as false and repeating the tests on different hardware with different results.”

And it goes on and on. All the gory details here.

August 18th, 2009

Microsoft Oslo shifting to the data side

Posted by Joe McKendrick @ 8:07 pm

Categories: General

Tags: Oslo, Microsoft Corp., Modeling, Darryl Taft, Research & Development, Business Operations, Joe McKendrick

Last year, I heard Brian Loesgen compared Oslo, Microsoft’s modeling strategy, to an onion, with many layers of features. Lately, it appears there is another layer to Oslo forming, which ties the platform closer to Microsoft’s data programmability stack.

Darryl Taft reveals that Microsoft has been shifting Oslo, originally intended to support SOA development, toward the database. He quotes Microsoft engineer Doug Purdy, who admits that the reference to Oslo as a new version of BizTalk “really confused customers.” He adds that “We started using the term ‘Oslo’ for only the modeling platform pieces of the overall vision.”

At its core, Oslo supports a modeling language and a repository, which are surrounded by layers of tools and other functionality.  Oslo refers to the modeling platform, and other pieces of the overall vision have migrated into the next version of the .NET framework, Visual Studio and the capabilities that Microsoft “Dublin” will add to the Windows Server application server.

Purdy notes that over the past year, “it has become increasing clear to us that the modeling platform is aligned in a deep and fundamental way with the data programmability stack (ADO.NET, EF/EDM, [Entity Framework/Entity Data Model] Astoria, etc.).” As a result, the focus of Oslo has shifted to the database, emphasizing its role of supporting metadata stored within the database. For this reason Microsoft has decided to merge Oslo with its Data Programmability team, which includes EDM, EDM, EF, Astoria, XML, ADO.NET, and tools and designers. The Oslo group will work on Quadrant, the repository and M, according to Taft’s report.

August 17th, 2009

Another view: SOA is like a mosquito, spreading viral data

Posted by Joe McKendrick @ 8:31 am

Categories: Business ROI, Data managemetnt, Enterprise Architecture, Links, Management, SOA Surveys and Research

Tags: SOA, Mosquito, Service-Oriented Architecture (SOA), Web Services, Middleware, Enterprise Software, Software, Joe McKendrick

Just as the Internet has shown itself to be a speed-of-light carrier of rumors, gossip, and misinformation, so can service oriented architecture within an organization.

I just came across new book titled “Viral Data in SOA: An Enterprise Pandemic,” written by Neal Fishman, program director for information forensics within IBM’s Information Management group, which highlights the risks that emerge as more and more applications are interconnected across and between enterprises.

On the cover of the book is a mosquito.  A mosquito’s claim to fame is that it can pick up viruses and bacteria from any type of organism, and deliver the payload to any other type of organism on the planet. A human and a deer and a bird may not have much in common, but they can all share the same diseases.

Is SOA, then, a mosquito that can deliver payloads of bad data (what Fishman calls “viral data”) all across the enterprise — pandemic style — before it can be stopped?

Fishman points out that misinformation and bad data have been haunting and hobbling organizations — not to mention entire societies — since the dawn of time. Nowadays, of course, information travels at the speed of light, and SOA — enabling interoperability between all types of applications — becomes the “host” carrier. As he puts it:

“Overall, viral data in SOA has the capacity to become an enterprise pandemic and disable a company. Service-oriented solutions that incorporate interoperability, reusability, layering of abstractions, and loose coupling serve as perfect hosts to propogate misinformation. That is the knife’s edge of SOA.”

As often discussed at this site, data is often a last considering in SOA planning, but SOA really won’t function properly if it’s delivering bad data.

What can organizations do to control the proliferation of viral data across SOA-enabled infrastructures? Fishman makes these recommendations for a multi-pronged approach to taking the “viruses” out of data before it infects the entire business.

• A reference model for moving data
• Methods by which to assess data
• Capture of data provenance
• Use of meta-driven coding techniques
• Use of abstract model
• Use of contextual views
• Continuous monitoring
• An appropriate data architecture
• Data governance

The last item on Fishman’s list, data governance, fits very neatly into SOA discussions, because SOA governance ensures that the enterprise is behind the effort. Likewise, data governance helps ensure that the correct version of data is being deployed within the architecture.

August 14th, 2009

Gartner: SOA out of 'trough of disillusionment,' cloud on hype peak

Posted by Joe McKendrick @ 7:38 am

Categories: General, SOA Surveys and Research, Web 2.0-Enterprise 2.0, cloud computing

Tags: Trough, Gartner Inc., SOA, Service-Oriented Architecture (SOA), Web 2.0, Web Services, Middleware, Enterprise Software, Software, Internet

Gartner recently released its latest “hype cycle” diagram for 2009, which shows service-oriented architecture to be well past the “trough of disillusionment” and climbing the vaunted “slope of enlightenment.”

Cloud computing, however, is now at the pinnacle of hype (no surprise there, right?), and ready to plunge into the trough. Interestingly, Web 2.0 now seems to be emerging from the disillusionment trough.

Being on the slope of enlightenment is typically the stage where vendors, analysts, and pundits are no longer gushing about how wonderful and world-shattering the technology/methodology is. Nor are they ranting on about what a flop the thing is. Instead, it’s the roll-up-your-sleeves stage, when companies and their technology professionals are getting down and making the stuff actually work.

Next stop: The “plateau of productivity!”

Source: Gartner (August 2009)

August 13th, 2009

Private cloud formations rising, but remember SOA lessons

Posted by Joe McKendrick @ 7:52 pm

Categories: Business ROI, Management, SOA Events

Tags: SOA, Cloud, Service-Oriented Architecture (SOA), Web Services, Middleware, Enterprise Software, Software, Joe McKendrick

We’ve been tracking developments in the private cloud space for the past couple of years. As noted in my last post, there’s plenty of concern about the security and reliability of cloud computing.

Perhaps one way to address these concerns is through private clouds that remain in the confines of the enterprise.

A survey just released by Evans Data shows that there’s lots of interest in “private” cloud” development among software developers. In fact half of the 500 developers questioned said they expect to deploy apps in a private cloud environment sometime over the coming year. About 30% are currently working on applications destined for a private cloud environment, while an additional 19% expect to enter development within the next 12 months.

In addition, Java appears to be the language of choice for cloud formations. The largest group of developers (48%) think that Java is the best language for developing in the cloud - followed by C#.

There’s plenty of concern about security and reliability, however. Three-quarters of developers think that data for applications deployed in the cloud should be backed up outside the public cloud - either in traditional onsite storage or in a private cloud. (Disclosure: I have authored a number of survey reports for Evans Data, but not this one.)

But are we rushing too quickly into private clouds? Gartner analyst Tom Bittman warns that IT professionals building private clouds may be making the same mistakes as with SOA — that is, putting technology ahead of business requirements. He advised against building a cloud “and hoping they wil come.” As he puts it in a new post: “We’ve got to get our IT people to stop thinking about products and technologies and even architectures first, and instead to focus on understanding their service requirements first.”

“Start by understanding your service catalog (most organizations don’t have one), understand the SLAs and costs for each service (most don’t know that, either), build strategic plans for each of those services (does anyone have this?), determine which ones might go to the cloud in the future and when that cloud service will be “ready” (OK, this takes some work), make your ROI decision about building a private cloud service, and then you can start looking at architectures and products and technologies.”

Sound familiar? Anyone who has worked to introduce SOA methodologies into their organization will recognize the challenges Tom outlines.

ZDNet colleague Dana Gardner also just posted a panel discussion on cloud security issues, held at the recent Open Group conference.

August 12th, 2009

Pushback on cloud computing: next year, 'Intelligent Fog'?

Posted by Joe McKendrick @ 8:29 am

Categories: Business ROI, Management, cloud computing

Tags: Downtime, Cloud Computing, Virtualization, Hardware, Joe McKendrick

Is cloud computing a fad, destined to evaporate like a summer rain?

Regular readers of this blogsite may notice I tend to be favorable toward the cloud model. As with SOA, cloud offers great opportunities to access services, both from external and internal provider, versus building and maintaining these services your own domain.

However, many IT executives and professionals are leery of moving to cloud-based computing. Data security is a huge concern. Also, the viability of the cloud provider is always in question. There’s the matter of unexpected downtime. Some readers recently voiced their concerns in recent talkback posts about cloud.

For example, in response to my recent post titled “Panel: too much to lose by moving to generic services and cloud?“, one reader, Blackfalconsoftware, called cloud “another ridiculous ‘Fad’ in the IT Industry. As the reader put it:

“I have been in the IT field for over 35 years. And I have seen more fads, whims, and ideas come and go at the same rate that rain falls in a summer storm…”

Blackfalconsoftware compares cloud computing to “open economies,” noting that “it has been documented and proven that closed economies fare better than open ones liable to the globalization of capital flows. Money can move into an open economy as fast as it can move out. Cloud Computing is very much an open economy except it deals in data instead of money. What CEO or CIO in their right mind would hand their data over to a third-party for storage and access thus giving up critical control over who is managing such data?”

Another reader, Pauliusp, picked up on the faddish aspect, saying that cloud computing is “the method of getting money from lemmings,” adding that “next year we will be talking about something else — ‘Intelligent Fog’ maybe?”

By the way, I really like that term, ‘Intelligent Fog’…

Another reader, CobraA1, also castigates the current hype-ishness and faddishness of cloud computing, but puts the whole thing in long-term perspective:

“It’s basically the same pattern I’ve seen all the time: New technology comes around, people clamor over it and predict it will replace the “old” tech, the old tech ends up being better than the new tech in some ways, and they end up side by side rather than as a complete replacement.”

Cloud based computing will always be good at some things and bad at others, Jack adds. He lists some of the downsides of cloud computing. For example, cloud downtime is unpredictable. “I’d rather have five hours of downtime while the employees are asleep at night than 10 minutes of downtime while they are at work,” he says. “It’s debatable whether more downtime is really better if it’s happening while people are work.”

And, CobraA1 continues, “for real time stuff, local is always better than cloud based. There’s always latency, even with a lot of bandwidth.”

Still, the concern keeps coming around to data security. As Jack, owner of an architecture firm, puts it,”there is no way I am going place our data files in the cloud where we can’t control access 24/7 and ensure its always available long term. How many tech companies have come and gone in the last 30 years?”

And reader Brutallyfrank adds some brutally direct questions, in response to my recent post about the federal government exploring cloud computing services, “What cloud is my data in? Who is maintaining it? Are they trustworthy? What happens to my data when the cloud vaporizes …the company vaporizes? What happens if the cloud gets purchased by ‘evildoers,’ or worse, your competition? How fast can i retrieve my data from the cloud? How do I know my data is being backed up and stored securely by competent staff? Is my data being stored on a machine overseas in india somewhere where the access time to retrieve my data will be extremely slow?”

These issues are the same problems faced with SOA, the reader adds. “Right now, SOA sucks because it doesn’t scale and the dependencies on other servers and the distance between your machine and all the dependent servers can be ‘around the world.’”

August 12th, 2009

SOA services: build now, worry about reuse later?

Posted by Joe McKendrick @ 7:52 am

Categories: Business ROI, Links, Management, Web Services

Tags: SOA, Service, Dan Woods, Service Reusability, Service-Oriented Architecture (SOA), Web Services, Middleware, Enterprise Software, Software, Joe McKendrick

Is the emphasis on reuse bogging down SOA efforts?

That’s the question Dan Woods put forth as he weighed in on the debate about the success of service-oriented architecture, speculating that perhaps the path to SOA is “overly engineered and the services were prematurely declared reusable.”

‘No service for you!!’

In the latest issue of Forbes, Woods argues that companies are focusing on building SOA-based services that will be available for reuse as soon as they are tested and released to the registry/repository. Perhaps, he says, we should worry less about reusability at the beginning phase of service development.

Service reusability is “overrated,” Woods says. He instead proposes looking at service creation and deployment in two phases. “First, you just use or build whatever services you need to support a new application. You don’t worry about governance or reusability. You just get the users what they need.”

In the second phase, identify which services are potential candidates for reuse across other parts of the enterprise.

Woods points out that REST-based services or mashups are popular because they can be quickly built and used, without the rigmarole of vetting, validation, testing and so forth.

Woods makes plenty of sense, but his argument brings us back full circle to the whole challenge of SOA in the first place. Namely, the issue with SOA all along has been many implementations have lacked governance, and have mainly been Just a Bunch of Web Services. Everybody just creates the services they need; never mind that the same thing has been done 20 times before and there are 20 similar services scattered across the enterprise.

Proper governance — or service lifecycle management if you want to call it that — is a systematic way of assuring that the services not only conform to organizational rules and policies, but also helps bind the service work to the business. And it should not be over-engineered, restrictive governance. (“No service for you!”)

Rather, governance should more of an automated, non-intrusive mechanism that enables both end-users and tech staff to innovate and adapt quickly to change. And REST, AJAX, and mashups can also be covered within this environment.

August 10th, 2009

Federal government validates cloud computing

Posted by Joe McKendrick @ 7:29 pm

Categories: General

Tags: U.S. General Services Administration, Government, Cloud Computing, Virtualization, Hardware, Joe McKendrick

Last week, we surfaced the views of Michael Daconta, writing in Government Computer News, who cautioned government agencies from diving in too deep into new approaches to managing technology, such as cloud computing, SOA, and Agile development.

It looks like the folks over at the General Services Administration — the purchasing arm of the federal government — missed Daconta’s article. As reported by Dave Linthicum in his latest blog post, the GSA has issued a request for quotation for cloud storage, Web hosting, and virtual machine services. (Dave cites an InformationWeek article.)

As Dave observes, the GSA RFQ shows “that the U.S. government is clearly getting behind cloud computing and, thus, is looking to provide a mechanism for validating and procuring cloud computing services for government agencies.”

August 10th, 2009

Panel: too much to lose by moving to generic services and cloud?

Posted by Joe McKendrick @ 2:15 pm

Categories: Business ROI, Enterprise Architecture, Links, Management, SOA Surveys and Research, Web 2.0-Enterprise 2.0, Web Services, cloud computing

Tags: Data Warehouse, Information Technology, SOA, Cloud, Jim, BBrad, Business Intelligence, Service-Oriented Architecture (SOA), Mainframes, Strategy

Do we put competitive advantage at risk when moving to generic services? Or perhaps the whole scenario of enterprise IT being edged out by the cloud is overblown? Consider the the mainframe, as Dana Gardner recently put it:

“In the early 1990s, IT pundits, and my former boss Stewart Alsop, glibly predicted at InfoWorld that the plug would be pulled on the last mainframe in 1996. It didn’t happen. Stewart apologized, sort of, and the mainframe continues to support many significant portions of corporate IT functions.”

Do we put competitive advantage at risk when moving to generic services?

Why is the mainframe still alive and well? Because it has embedded within it competitive advantage — applications and processes no one else has. In the same spirit as the mainframe’s never-ending demise, many pundits now talk about the imminent demise — or greatly diminished footprint — of the information technology department or function, as organizations turn to cloud providers.

However, do companies risk giving up too much when moving to the cloud? As my fellow analysts put it, don’t be too quick to write off enterprise IT. As Sandy Rogers, who has been closely following the SOA and services space for a number of years, first with IDC and now as an independent analyst, put it, says organizations know they need to replace legacy technology, but fear they will lose too much value-add process and code in the process.

In a newly released podcast with Dana Gardner’s Analyst Insights group (transcript available here), Sandy points out that “many organizations have avoided legacy modernization projects due to the cost of change. It’s not just about the technology replacement. It’s a loss of capabilities,” she says. “It’s the change in human workflow and knowledge base.” The risk with cloud is that companies may end up replacing specialized technologies with generic solutions.

Data warehousing is another area not ready for the cloud, as explained by Jim Koblieus. Jim says there’s some talk of moving data warehousing to the clouds, but it’s still mainly talk. Maybe in a couple of years we’ll see something, probably in the form of some sort of cloud-based staging layer. “There aren’t a substantial number of enterprises that have outsourced their data warehouse or their marts,” he says. “Probably there aren’t that many commercial options yet that are fit to do so. Only a handful of data warehousing vendors offer a hosted solution, a SaaS, or cloud solution. I’ve been telling people that 2009 is not the year of the cloud in data warehousing, nor is 2010. I think 2011 will see a substantial number of data warehouses deployed into the cloud.”

What about applications? Tony Baer sees a mixed bag as far as application development or hosting from the cloud. “There is a degree of control that you like, but there are some tactical reasons,” he says. “When you’re developing code, you don’t want to have to deal with any type of network latencies that are going to come up when you deal with cloud. No matter how good the bandwidth, there are always going to be times when there are going to be some speed bumps. But, the other part was also related to IP, which is source code before it’s compiled in the binaries. It’s basically pretty naked and it’s pretty ripe for stealing. This is your intellectual property. Today, if you’re doing development, it’s because there aren’t packages that are available to supply a generic need. It’s something that’s a process that’s unique to your organization.”

Ron Schmelzer, on the other hand, says the economy has turned this era into a major inflection point, which we will someday look back upon and recognize as the beginning of the cloud era. “If you look at when most of the major IT shifts happen, it’s almost always during period of economic recession,” he points out. “The last time was in 2000-2001, when we first started really talking about service-oriented architecture. In the mid- ’90s was when we really started pushing out the Web. In the early part of the ’80s, when recession was kind of bad, that’s when personal computers started coming about.”

A lousy economy, with tight budgets, always spurs new ways of addressing technology challenges. And I agree, and pointed out many times in this blogsite, that the economic downturn of the early 2000s — which gutted many IT departments — gave rise to interest in Web services and SOA. But note that everyone didn;t stampede to SOA all at once — it’s been a long-term, incremental evolution that continues to this day.

Given this, nobody on the Insights panel was ready to write off IT anytime soon. As Brad Shimmin put it, IT may shrink a bit in some areas, but it’s not going to diminish in value. BBrad predicts that over the coming years, IT “is going to be very much alive, but the value is going to be more of a managerial role working with partners. The role is changing to be more of business analysts, working with their end users too. Those end users are both customers and developers, in some ways, rather than these guys just running around, rebooting Exchange servers to keep the green lights blinking.”

August 10th, 2009

SOA services: stop worrying about protocols, worry about the business

Posted by Joe McKendrick @ 6:00 am

Categories: Business ROI, Enterprise Architecture, General, Links, Standards Watch

Tags: Watson Co., SOA, Service, Service Modeling, Service-Oriented Architecture (SOA), Research & Development, Web Services, Middleware, Enterprise Software, Software

Richard Watson says there is too much hand wringing over service protocols and standards (REST, WS-*, etc.), and not enough thought given to why a service may be needed by the business in the first place. In a new post, he states that while “debates about whether to use REST or WS-* interface styles are seductive. But, these are the wrong questions to ask first.”

Instead, Watson urges the creation of services using a service model that will provide the business context to projects.

This is the essence of service oriented architecture, he says. “If context is not driving you to create the right services, then they are most likely not adding value to your applications architecture, they are making it worse.”

Build services that add value, he says. Forget about the protocol issues:

“Should I use WS-* or REST? Should a service provide access over HTTP, MOM, or XMPP? These are the wrong questions for architects to ask when first conceiving a service. By concentrating on how to build, we lose focus on what to build.”

Watson points out that when he talks about service modeling, he isn’t talking about things such as formalism, notation, and tools.

Service modeling is a smart idea for SOA environments because it encourages that services be mapped to business requirements, and not take on a life of their own as technology for technology’s sake.

August 7th, 2009

More SOA tools emerge in the cloud

Posted by Joe McKendrick @ 2:28 pm

Categories: General

Tags: Performance, SOA, Simple Object Access Protocol, Tool, Service-Oriented Architecture (SOA), SOAP, Web Services, Productivity, Middleware, Enterprise Software

It seemed just like yesterday that Dave Linthicum issued his challenge to the SOA industry: “Move to service-based pricing, I dare you!” (Actually it was a couple of weeks back, in one of his final posts at Real World SOA. Dave now makes his home ar a new InfoWorld site called “Cloud Computing.”

Well, it seems cloud providers are taking more of an interest in the SOA market. I just came across an announcement from Monitis that they are now providing a cloud-based SOAP testing service. The company announced that the online SOAP testing tool “is the latest update for Monitis’ WebLoadTester testing suite, and is specifically intended for applications of Service Oriented Architecture. The suite offers SOAP load testing with simulated heavy traffic in real time, allowing Webmasters to determine how performance can be optimized.”

The vendor observes that “automated load testing usually requires a performance engineer to find the hardware to test, set up load agents on multiple computers, configure the load agents, run the tests, and compile the performance reports.” Their tool, they say, doesn’t require all this up-front work and expertise. Monitis pricing starts at $4.18 per test for use of the tool.

August 5th, 2009

SOA, cloud not good enough for government work?

Posted by Joe McKendrick @ 7:49 pm

Categories: Business ROI, General, Management, cloud computing

Tags: SOA, Service-Oriented Architecture (SOA), Government, Web Services, Middleware, Vertical Industries, Enterprise Software, Software, Joe McKendrick

There are plenty of examples of government agencies demanding service-oriented approaches to programs and projects, including the recent revelation that the Department of Defense and Veteran’s Administration plan to spend more than $1 billion to bring their systems together in an SOA way.

However, Michael Daconta, writing in Government Computer News, says that government agencies should think twice before diving into SOA, along with other new initiatives such as cloud and agile development.

He observes that while SOA is “absolutely the right approach” to new application development, “has not yet convincingly addressed older applications.” Cloud computing is even more suspect, and it’s too early to move in this direction, he points out. Adopting the “fad now, before standards are in place and security concerns are dealt with, is a complete waste of time,” he writes.

Agile development? Don’t even think about it for government work, he adds. “In my more than 20 years of software development experience, I have never met a government program manager who is available on a daily or even weekly basis to help design an application on the fly…. Please don’t build the next space shuttle that way.”

August 5th, 2009

Another sign that SOA and cloud keep drawing closer

Posted by Joe McKendrick @ 1:21 pm

Categories: General

Tags: Joe McKendrick

More signs that “SOA” and “cloud” are becoming more synonymous: The 2nd International SOA Symposium, to be held in Rotterdam, Netherlands this October also includes a co-located “International Cloud Symposium.”

As Thomas Erl, event organizer, explains it, the symposium’s theme of ‘The Future of Cloud Computing’ “highlights many of the modern technology innovations that are being developed in support of Cloud-based services and the ever-widening convergence between SOA and Cloud-based services.” Thomas also mentions that he and some colleagues will soon be starting on a new book titled “SOA and Cloud Computing.”

August 5th, 2009

Open-source XML-enabled application risk identified

Posted by Joe McKendrick @ 12:36 pm

Categories: General

Tags: Vulnerability, SOA, Service-Oriented Architecture (SOA), XML, Open Source, Security, Web Services, Enterprise Software, Software, Software/Web Development

Since XML is the foundation of all things SOA, any perceived security vulnerabilities need to be looked at very seriously.

At issue appear to be XML-enabled applications built in Python, the open source language. Network World’s Ellen Messmer surfaced an advisory, issued by Codenomicon, working in conjunction with the Computer Emergency Response Team in Finland (CERT-FI): “Vulnerabilities discovered in XML libraries from Sun, Apache Software Foundation, Python Software Foundation and the GNOME Project could result in successful denial-of-service attacks on applications built with them.”  Dave Chartier, CEO of Codenomicon, is quoted as saying “that application would be vulnerable and there are probably millions of these applications.”

“The vulnerabilities could be exploited by enticing a user to open a specifically-crafted XML file, or by submitting malicious requests to Web services that handle XML content, according to Codenomicon. Chartier says it should be anticipated that attackers will explore XML-related attacks, and he advises organizations to follow the suggested recommendations, such as patching.”

Codenomicon’s press release on the security patch can be found here at their Website.

SOA opens up many vulnerabilities, since code is being shared across organizational boundaries. At the same time, SOA provides for enterprise security services that can help remedy the spotty and uneven approaches seen across many environments. But the bottom line is corporate culture and security awareness at many level. It always helps to be vigilant.