SOA in Action

At last, it's here -- the "SOA in Action" virtual conference kicks off this week, Tuesday and Wednesday, October 30 and 31st! The folks at ebizQ have assembled an incredible schedule of top-flight speakers and compelling topics:

Gartner's Roy Schulte -- who shaped much of today's enterprise SOA thinking -- will kick off the event with a discussion of the progress (or lack thereof) with SOA and Web services standards; the rise of Event Driven Architecture, and the latest developments around Business Activity Monitoring.

Following Roy Schulte's keynote, Dave Chappell, chief SOA technologist for Oracle, will be describing new thinking and developments around service-level grid enablement -- which promises to bring extraordinary power to enterprise SOA deployments. Dave literally and figuratively wrote the book on the rise of enterprise service bus as a force multiplier in SOA.

Dennis Byron, our resident open source guru, will then lead a session that connects the dots between open source software and SOA. The session will present new ebizQ research into the various ways that open source software (OSS) enables SOA.

Anyone with a legacy system at their site will want to tune into the next session. Thomas O'Connell, VP at Blue Phoenix will explain how mainframe and midrange-class systems can be service-oriented, without breaking your budget.

Then, yours truly will wrap up Tuesday's sessions with a panel discussion on the convergence (or lack thereof) between SOA and Web 2.0 approaches. Fellow ZDNet blogging community activitists Dana Gardner and Phil Wainewright will be there, with some more to be announced.

Forrester's Randy Heffner keynotes Day Two of the conference, with a discussion of the major categories of SOA infrastructure products, as well as providing guidance on how to construct a workable plan for evolving into a strategic SOA platform.

My ebizQ colleague and partner-in-crime Gian Trotta recently chatted with Randy Heffner of Forrester Research to talk about some of the misconceptions around service-oriented architecture these days.

Dave Linthicum -- a very informative and engaging speaker and writer who practices what he preaches -- follows up with an overview of SOA security strategies -- something we need more of.

Brenda Michelson and ebizQ's own Beth Gold-Bernstein -- two of the top thinkers in SOA today -- collaborate on a joint presentation on business driven design, which is a method for creating right-sized business services that can be traced back to business requirements. This is sorely needed in today's enterprises, many of which are struggling to strengthen the link between technology and business value using SOA.

Then to wrap it all up, Beth will return to moderate a panel that will look at the converging trends of BI, BPM, and EDA as they tie into SOA.

A full SOA in Action Conference agenda can be found here.

Posted by joemckendrick in SOA Events  |  Permalink  | Comments (0)  | TrackBacks (0)

Is Web 2.0 a 'distraction' from SOA? That's the possibility raised by Gartner analysts in a new podcast released by the consultancy.

As analyst Jeff Comport put it, he has seen many clients "start out with grandiose plans… full architecture, high reuse, repositories and so forth," he said. "Somewhere along the line they get distracted by things like Web 2.0.. AJAX.. and the user interface. And it tends to derail the grand plan to things that are more tactical."

Gartner's Yefim Natis, joining Comport, said that IT has long been a struggle between the forces of opportunistic and systematic implementations, and SOA represents the latest phase of this bipolarity. "The back end part of IT is a lot more conservative, and is in fact is resisting frequent change. It will only accept change only on a regular planned basis."

Natis observes that in order to support innovative Web 2.0 approaches, and organization needs the reliability and innovation that back-end IT -- and SOA -- provides. "In order to be able to innovate, you’re going to have to take care of your core system responsibilities, then add to that your layer of innovation. You can’t convert entire enterprise to a fly-by-night kind of enterprise."

Gartner has been talking up SOA a lot lately, and noted Gartner analyst Roy Schulte will be providing a progress report on SOA in his upcoming keynote at ebizQ's SOA in Action conference, Tuesday, October 30, at 11:00 am. Eastern.

Posted by joemckendrick in Management  |  Permalink  | Comments (0)  | TrackBacks (0)

So far, in ebizQ's groundbreaking SOA pronunciation poll, it appears more people prefer to sound out each letter of SOA as an acronym, Es-Oh-Aye, versus using it as a word, Soah, by a 50% to 30% margin.

Frankly, I'm surprised. It seemed that the word Soah has been rolling off just about everybody's tongue, and roll nicely it does. I have a feeling people see the word as vendor market-speak more than an impartial entry into the lexicon.

But, if vendors really had control of our lexicon, we would have been locking ourselves into Crum and Erp installations a long time ago, right?

Anyway, the SOA pronunciation poll is still open here at ebizQ, so be sure to make your voice heard. Enter the pollsite here. If you think life would be easier if SOA were a word, this is your chance to get in there and shift the results a bit.

And, one reader made what I think is the best case yet for using SOA as a word. Consider this scenario:

"If you're in the elevator with the CEO and you start saying 'Es Oh Aye' you will get nothing else done and put him off with something hard to remember that is all geek to senior management. Be smart and use the KISS approach."

SOA is tough enough to explain in the elevator. Why bog down the poor CEO's diminishing brain cells with another acronym?

Yes, the KISS approach -- and notice that's pronounced Kiss, and not K-I-S-S.

Posted by joemckendrick in SOA  |  Permalink  | Comments (0)  | TrackBacks (0)

Are Web services too slow for financial exchanges, which must operate at real-time, breakneck speeds?

The New York Mercantile Exchange (NYMEX), the world's largest physical commodities future exchange, has implemented service-oriented architecture to handle a massive messaging increase resulting from the transition from floor trading to side-by-side electronic trading and the launch of the Dubai Mercantile Exchange. As reported by Rich Seeley in SearchWebServices, the exchange's new implementation will support "massive volumes of orders, price prints and trades including up to 1.2 million contracts per day, a 38% increase in volume, and process more than 50,000 messages per second, a tenfold increase over the former implementation."

The project was built without Web services. Rather, it was deployed using Java Messaging Service (JMS) standards.

Hub Vandervoort, CTO of the Enterprise Infrastructure Division at Progress Software, which helped NYMEX implement the SOA, explains: "It most definitely is an SOA. Web services are not used at all. With most financial services firms, especially in the front office trading environment and especially as it relates to exchanges, you simply can't meet their performance objectives with the WS-standards today. HTTP SOAP just isn't reliable enough nor does it have the performance for the kind of traffic we're talking about here."

More proof positive that SOA is about services of all kinds, not necessarily just Web services. While Web services are clearly the least path of resistance to SOA -- and most SOA projects are built on Web services -- SOA does not depend on Web services alone. Many organizations have a hodgepodge of formats and infrastructure types that date back years, and for SOA to succeed, it needs to be standards-agnostic.

After all, isn't that what SOA is all about?

Posted by joemckendrick in SOA  |  Permalink  | Comments (0)  | TrackBacks (0)

All too often, SOA security is left to individual developers, who may try to do everything they can to build in security features, but cannot address the complexities of internal and externalized security.

I just had the opportunity to moderate a Webcast featuring Anne Thomas Manes of Burton Group and Andrew Brown of AmberPoint, dealing with one of the most pressing issues of SOA: security.

Security is "really hard stuff, and you can’t expect a business developer to understand it all," Anne pointed out. "Even if you have really highly trained business developers who understand security more than the average business developer does, I still wouldn't want to rely on them to make sure they’re implementing the proper security according to corporate policy, and actually writing all this security directly into their application code."

Since SOA introduces a lot of new connections to an infrastructure, security becomes a multi-faceted challenge, Anne said. "If you’ve had any experience with SOA, you realize that it adds a new dimension to the security landscape, and that’s mostly because you’ve got a set of loosely coupled connections which contain a lot of dependencies," she said. "Security threats and the requirements are very complex, and you have to assume that the average developer is not fully cognizant of all these threats and challenges that exist out there. And it’s really not appropriate to assume that the developer is going to capable of managing security all on his own."

The key to instilling security is through effective governance, Anne related. "In order to consistently implement this kind of security requirements, and be able to externalize your security requirements, it’s really important that you have good governance processes in place that ensure that proper security can be applied to each of your services."

Centralization of security functions is the key. Organizations need to "adopt a policy-driven enforcement model which allows the security office to actually make decisions about what needs to be secured, and how things need to be secured, and allows them to externalize security as much as possible," Anne said.

"The core security stuff is pretty hard, but when it comes to actually managing security enforcement, that’s even harder. And that’s because the threats and the requirements change on a regular basis. There are new types of attacks that have been identified. There are new regulations. You have new corporate policies. Or because perhaps you have gone out and deployed some new infrastructure, and you want to make sure that it’s using this new source of identify information."

Listen to the entire Webcast featuring Anne Thomas Manes and Andrew Brown.

Posted by joemckendrick in Management  |  Permalink  | Comments (2)  | TrackBacks (0)

Forrester's Ken Vollmer, who has been a guest here for ebizQ events, is a firm believer in SOA-business process management convergence.

He recently told SearchWebServices' Rich Seeley that enterprise architects should be adopting the latest integration-centric business process management suites (IC-BPMS) in their SOA development efforts.

(I know, IC-BPMS sounds more like a long-range missile than a software tool, but that's what they're calling them...)

Such tools can help organizations implement combined BPM and integration capabilities based on an SOA foundation, Vollmer said.

As Vollmer put it at last year's SOA in Action conference: "Business process management could be implemented without SOA, because both capabilities have been available for some time. But implementations of BPM without the SOA foundation take longer. There's more ongoing maintenance and support costs are higher, and therefore ROI is delayed. An analogy of doing BPM without an SOA foundation would be like a juggler with one hand tied behind his back. He can still do some juggling, but not as effectively and not as fast as it could be."

However, many companies are taking a wait-and-see approach regarding the use of these tools.

Vollmer said organizations implementing these tools are already seeing results. For example, one leading international provider of paper products was used to automate its cash receivable business process using BPM over SOA tools.

"The old process required manual intervention to interpret payment reconciliation transactions received from its bank prior to allocating the cash to the correct enterprise resource planning (ERP) system accounts," Vollmer said. "The new process feeds the reconciliation statements to an integration-centric business process management suite (IC-BPMS) that automatically allocates receivables directly into the correct ERP accounts by electronic interpretation of simple business rules stored in the BPM tool. This change completely eliminated manual efforts while shortening processing times by two days."

Posted by joemckendrick in Business Process Management  |  Permalink  | Comments (1)  | TrackBacks (0)

Friday, October 12th was a pretty exciting day in the SOA vendor world, with Oracle declaring it was willing to pony up close to $7 billion for middleware company BEA Systems. "Not good enough," BEA responded. (Maybe they'll accept my counter-offer -- I'll keep you posted...)

Rumors have been swirling around for months about someone picking up BEA, and Carl Icahn's snatching up a quarter of the stock meant something big was about to go down.

As Tony Baer points out here at ebizQ, BEA has been in a tough spot for some time.

Middleware has always been a tough business. It gets even tougher when your competitors start giving away similar products at low or no cost. BEA's bread-and-butter product, WebLogic, is rapidly rapidly being commoditized by the open-source Java Enterprise Edition application servers (JBoss, Glassfish, et al). It's former flagship product, Tuxedo, is a mainframe play.

Still, to its credit, BEA has remained viable in this tough business, offering integration solutions for companies in the midst of wrestling with SOA. And it has been very successful at staying in the vanguard of service-orientation. BEA has long equated itself as the "Switzerland" of technology.

What would Oracle do with BEA? Would BEA products be folded under Oracle's Fusion middleware? Tony believes the prime products will end up there.

What advantages would this bring to Oracle, which already has a wide array of SOA middleware, not too mention all the other acquisitions it has brought under its umbrella? And most importantly, what will be the impact on users?

Oracle rightly recognizes that SOA is their future. In fact, SOA could put them out of business someday. Companies are learning to use SOA layers as workarounds to proprietary ERP systems and databases. Oracle, like SAP, needs to own the middleware space that threatens to subsume its bread-and-butter products.

Oracle's PeopleSoft and Siebel acquisitions have left a lot of unfinished business; namely customer bases that are resigned to the fact that they will be forced to eventually upgrade into more Oracle-centric environments. Oracle is maintaining these products in a semi-autonomous state, and promises to keep supporting them. However, it's hard to imagine BEA's products and brand not being absorbed into Oracle Fusion. Will BEA customers stay with the new regime, if the acquisition were to go through?

Posted by joemckendrick in SOA Vendors  |  Permalink  | Comments (0)  | TrackBacks (0)

Word has it that 'Es-oh-Ay' leads 'SO-Ah’ as the correct way to pronounce SOA in ebizQ's latest poll on the matter. However, SO-AH has been gaining as of late, up six percentage points over the past few days.

The latest tally is:

Es-oh-ay: 51.8%
SO-Ah: 31.6%

By election standards, that's a landslide. However, the votes are not all in, and not because of hanging chads, butterfly ballots, or Palm Beach County tying things up. We need YOUR input, readers! (Take the poll here.)

There's a nice reward for taking the time to enter your opinion on this important matter – the best comment will win its author an Apple iPhone.

Consider Dan D's comment: “SOA falls in as a single word acronym because it can be,” notes member Dan D who adds that, “we say I-B-M because “ib-em” is nonsensical...there is no rule but we are lazy speakers who love acronyms because they save us time (LOL). If we can save even more time by creating one utterance instead of three - we will."

There are other acronyms that really would have played well as words. For example, it would have been instructive to have called CRM "Cream," since the purpose of such systems is to help companies skim the "cream of the customer crop" off the top, leaving the rest for competitors to fight over.

And, as mentioned in my last post, it would have been interesting to call BPM "Beep-em," since its purpose to to nudge the traffic of workflow forward.

Then there's ASP. We can look upon application service providers as snaking their way into our infrastructures, or attempting to swallow something much bigger than themselves, or something like that...

If we sounded out BI as "Buy," there's plenty of loaded implications. Either a subliminal suggestion to lay out your money, or suggestion that such systems lead two lives.

Then there's good old J2EE. Wouldn't it sound funky if we called it "Jatooey" versus having to annunciate "Jay-too-double-ee"?

Posted by joemckendrick in SOA  |  Permalink  | Comments (0)  | TrackBacks (0)

S-O-A or Soah? You can help decide, once and for all...

ebizQ is running a new poll on how SOA should be pronounced, and so far, the results are roughly 50-50 -- half say "Es-oh-ay," and half say "Soah."

Readers, do you feel SOA is worthy of status as a word? Other tech terms have eventually, or sometimes quickly, gained word status.

Typically, it's either a word or it's not. No two ways about it. You don't hear anyone talking about deploying on the U-N-I-X operating system, and no one attached S-O-A-P headers on their Web services. And if they're not using S-O-A-P, they're certainly not using R-E-S-T either. GUI, of course, is Gooey. G-U-I sounds like something you could get locked up for.

BPEL gets word status, as "Beeple," but BPM remains "B-P-M." (Perhaps it could be called Beep 'em? Not just for auto traffic flow, but business workflow?)

Should we all just settle on Soah? Take the poll, please -- and yes, that’s my voice on the accompanying audio file.

Posted by joemckendrick in SOA  |  Permalink  | Comments (2)  | TrackBacks (0)

It was a year ago that ebizQ's Beth Gold-Bernstein and contributor Brenda Michelsen teamed up to deliver what I thought was one of the most definitive studies on SOA to date. (My links to the study and accompanying Webcast can be found here and here.)

ebizQ's survey of 313 companies found that only 17% of enterprises were happy with their governance efforts. Yet, those with runtime governance automation in place where much more likely to be satisfied with their governance is achieving. Satisfaction and results with governance were closely tied to the automation of governance.

Now, a new survey out of the SOA Forum finds that only 12% of companies are happy with where their SOA governance is going. Not only are nine out of ten companies are not satisfied with their SOA governance, but most still rely on manual checks and procedures to make sure proposed services meet their standards. In addition, most feel there are undocumented services slipping through into production mode.

In the survey of 500+ corporations and government agencies, 85% said that they rely on manual reviews to achieve governance in the design-time phase of services, and 45% rely on manual policy enforcement checks before adding services to their registries. The SOA Forum survey also reveals that 56% of the respondents admit that at least half of the code or artifacts developed under their roofs are not reviewed for compliance before moving into production.

This percentage changes, of course, when automated governance approaches are put into place. Among those companies leveraging automated policy enforcement solutions, 88% say more than half of their services are vetted, and 50% say all potential services are vetted.

Posted by joemckendrick in Management  |  Permalink  | Comments (3)  | TrackBacks (0)

Many products -- especially software -- can sit on shelves for years without raising a stink. Not so in the sour cream business -- if today's product doesn't ship, things can get really, well, sour.

That was the challenge facing Daisy Brand, a leading domestic sour cream manufacturer headquartered in Dallas, TX. Like most companies these days, the company had a variety of systems and formats that tended to throw monkey wrenches into its distribution processes.

Order changes, for example, span manual (fax, email, spreadsheets, etc.) and system functions (EDI, ERP, third party freight, home-grown logistics and shipping applications), causing the process to slow and increasing spoilage costs. There were yawning gaps between systems, business processes and employee roles coupled with inevitable customer-driven changes were causing those processes to breakdown and impact the business.

SOA and new process technologies saved the day, according to Kevin Brown, Daisy Brand's director of IS, who spoke at the recent Gartner BPM Summit. Interestingly, the company went with a Microsoft-intensive platform on which to build its SOA.

Daisy Brand's first priority was to automate as many processes as possible, yet preserve the flexibility of the manual system to adapt to customer demands. The company sought to convert "order change" and many other business functions could become services in process-based applications.

The company went with Ascentn's AgilePoint Business Process Management Suite (BPMS), integrated with Microsoft Office SharePoint Server, Microsoft BizTalk Server and the .NET Framework. The company's order change process now incorporates everything from a faxed order to customer EDI shipping acknowledgements to RFID product information flowing across an Enterprise Service Bus.

Brown states that Daisy Brand generated a positive return on investment within six months and provided shared visibility into the order change process across groups and roles. This enabled employees to examine the actual state of an order to proactively address issues. Now "order change" is an easily used business service within an Microsoft SharePoint Server-based employee portal as a part of Daisy Brands' growing SOA library of process-based services.

Posted by joemckendrick in Business Process Management  |  Permalink  | Comments (0)  | TrackBacks (0)