SOA in Action

451 Group's Dennis Callaghan proved to be prescient when he recently predicted that the SOA acquisition wave would resume in earnest this year. Dennis, who I know from my Midrange Systems days, looked at the ripening market for consolidation, particularly SOA Software's acquisition of LogicLibrary earlier in May, observed in a recent bulletin that "we expect that the SOA Software-LogicLibrary deal won't be the last in this space this year." (Full report available here at ebizQ.)

And sure enough, Progress Software turned around and bought up two SOA-related companies -- IONA and Mindreef. (Dennis' report was published June 8, before the acquisition.)

Dennis said the time is ripe for new acquisitions due to the economy at large and the maturing state of SOA: "As SOA deployments go from proof of concept to production and economic uncertainty filters its way through the software industry, the time appears ripe for more deals to be made, either because small companies won't be able to stand on their own in trying economic times or because larger companies will look for new growth drivers as maturing SOA deployments require the licensing of more management software."

Dennis predicted that IONA would be one of the companies acquired. Future deals may include IBM buying WebLayers, and Fujitsu buying Managed Methods. AmberPoint is a potentially good target, and could be scoffed up by SAP, HP, or CA -- though it seems intent on remaining independent for now.

____________________________________________________________________

Posted by joemckendrick in SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

Over the years, many companies have turned to app servers -- both Java Enterprise Edition and Microsoft .NET framework -- to handle, under the covers, the "plumbing" of messaging, standards, and protocols. App servers were seen as the easiest on-ramp to SOA.

However, how much of a role will app servers play in the SOAs to come? Do companies even need app servers?

ebizQ is conducting a survey on application server usage, and the impact of SOA on app servers. This survey explores how enterprises plan to implement new types of applications such as SOA, Web 2.0, mashups, open source, etc. Will you continue to use application servers? Take our survey and you'll be entered to win $100!

Click here to access the survey.

___________________________________________________________________

Posted by joemckendrick in SOA • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

Forrester analyst Randy Heffner, who has made frequent appearances here for ebizQ events, has just released a report that describes the best way to "build a SOA." (Full report available here at ebizQ.)

Or actually, as Heffner points out, the multiple ways to build a SOA. "There is no one best sequence for building an SOA platform," he writes. "Even though most SOA platforms start with messaging technologies such as HTTP, SOAP, REST, and message queuing, there is no one dominant way or sequence in which to build an SOA platform. The wide diversity among various organizations’ existing software infrastructures, combined with each firm’s different priorities and drivers for SOA, lead to a wide diversity of investment streams for building SOA platforms."

Plus, Heffner adds, incrementally is the best way to go. Businesses keep changing, as do SOA products, so "the majority of firms evolve toward their SOA platform."

According to Heffner, Forrester recommends the following five steps for building an SOA platform:

1) Identify existing infrastructure’s SOA capabilities. In other words, know what you already have, Heffner says. This helps avoid duplication, especially when it comes to spending money on new products. "Identify which functions your existing products provide fully or partially."

2) Identify priorities for new SOA capabilities. Pull out or develop application roadmaps and estimate how SOA-based services will map against these plans, Heffner says. "identify the major types of service implementation styles that will be required for the high-priority services you must build over the near term. For example, service orchestration or legacy integration might be a high priority for your SOA platform, in which case, the first step is determining whether your existing infrastructure can fulfill these requirements. If there are gaps, you can then investigate SOA specialty product categories, such as ESBs or integration-centric business process management suites, to learn how they might close the gaps."

3) Identify your long-term needs for SOA capabilities. This determines what kinds of products a company buys down the road, Heffner says. "Identify your high-level long-term needs for your SOA platform. For example, you may be able to get by for now with lightweight SOA management capabilities (e.g., simple monitoring of service implementations) based on your existing IT management tools, but you will likely see a future need for the stronger SOA features and functions that an SOA management solution provides (e.g., managing service contracts for SOA-based services)."

4) Match your platform plans to your organization’s investment strategy. "Most organizations buy products in connection with specific projects," says Heffner. "However, we see an increasing number of firms that intentionally position such purchases as merely the first stage of a growing investment in the selected products, with each subsequent solution project expanding the investment to meet its needs."

5. Evolve your SOA platform in line with the business value of solution delivery projects. "Find the investment that, within the current project’s bounds of affordability, meets near-term SOA requirements fully," Heffner advised. This is "the approach that best keeps an SOA evolution on track and that has the most palatable investment model."

____________________________________________________________________

Posted by joemckendrick in Management • SOA • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

In today's news, ebizQ reports on a new bulletin issued by Butler Group which made the case that any and all SOA depends on governance. However, as Butler Group states, governance is more than putting a bunch of technologies in place, be they registries or repositories. The real issue is on an organizational level -- often, services are put into production long before governance comes along, and then everything has to be retrofitted.

As we have found in surveys conducted here at ebizQ, most early SOA efforts do not have governance of any kind in place -- typically, organizations hold off until they have some type of critical mass of services before they consider it worth investing in governance. As Butler's Rob Hailstone put it: "Most organizations deploying SOA leave it too late to implement effective governance. The longer you leave it, the more difficult it becomes to 'retrofit' governance to an operational SOA environment. However, the effort must be made if the SOA initiative is not to descend into chaos."

The recent ebizQ survey, conducted in partnership with SAP, finds that even companies with the most advanced SOA deployments – in terms of enterprise reach and number of reusable services – have yet to formulate governance strategies or methods to measure the value of their SOA to the business. The survey finds that only one out of seven companies currently have active governance efforts underway.

The low level of governance is perhaps not that surprising, since many organizations are just starting their SOA implementations. What was eye-opening about the survey, however, was that even among the most advanced sites surveyed, two out of three companies do not yet have comprehensive governance programs in place. In addition, many respondents see their current or planned governance programs as being ineffective, the survey finds. Even among the most advanced SOA efforts, governance is not delivering its full value.

I recently joined SAP's Christian Hastedt Marckwardt in a Webcast discussing the survey results, and the evolving role of SOA governance. (Click here to access the full Webcast.)

_____________________________________________________________________

Posted by joemckendrick in Management • SOA • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

Fellow ebizQ community activist Brenda Michelson provides a glimpse of panels the SOA Consortium will be hosting at the impending Gartner AADI and EA (Application Architecture, Development, and Integration and Enterprise Architecture) Summits, to be held in O-Town, FLA.

Todd Biske will be involved with both panels, so you know it will be good -- extremely reasoned and informative.

On Wednesday, June 11 at AADI, Todd, along with Melvin Greer and Mike Tavis, will be talking about measuring the value of SOA. The panel, to be moderated by Gartner's Daniel Sholler and SOA Consortium's Richard Soley, will explore companies' experiences in justifying and measuring the value of their SOA activities, including developing initial business cases and continuously demonstrating the benefits.

On Friday, 13 June at EA, John Williams, Maja Tibbling and Marty Colburn will join Todd to discuss SOA & EA lessons learned from the trenches. This panel will be moderated by Gartner's Bruce Robertson and Richard Soley. Panelists will look at the links, synergies and dependencies between SOA and EA. They will address the big question of the moment: How does SOA fit into the EA picture?

_____________________________________________________________________

Posted by joemckendrick in Management • SOA • SOA Events • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

There are two types of events that fit into enterprise event processing scenarios -- those that matter to IT, and those that matter to the business. While many organizations seem to have a good grasp on managing IT events -- such as a server crashing -- few are ready to handle business events. But this is changing.

In his keynote presentation at ebizQ's recent Event Processing conference, Forrester's Charles Brett described how business event processing is the next great horizon for business, but is fraught with many challenges. (Replay and transcript of Brett's talk here.) The important challenge for organizations is to "understand which events matter," he said, adding that "some people think that all events matter." Those businesses that can successfully leverage event processing are those that can identify the events that have the greatest impact.

This ability rests with the business, not IT, he adds:

"IT doesn't necessarily know which events exist in the business and which ones could be used, or which are more relevant, or which are less relevant. Indeed, one the big dangers in event processing is one could have too many events many of which may not actually have a great deal of relevance."

Brett outlined some scenarios where business event processing can make a difference. For example, if a customer didn't buy something its stops halfway through a transaction, it pays to understand why this happened.

Or, if "a financial exchange came to a halt because they didn't know that something wasn't happening. They thought they knew what was happening; all systems showed green but an event screen wasn't coming through and the exchange grind to halt." Employing event processing to walk them through the chain of events can help prevent this disruption from happening again.

Predictive analysis run against an event engine can help schedule field service calls to improve the uptime of critical services to customers.

Such "non-IT events" businesses need to process and digest may come from sensors, signaling, production lines, and other sources inside the company, as well as outside sources such as radio, television, news channels, weather channels, Websites, and GPS, Brett says. Such events are "the ones that haven't been processed in the past but will be in the future."

The best way to capture business events and direct them to business managers is through Business Activity Monitoring (BAM), Brett says. "BAM is really about taking events and raising them to a level that decision-makers or people who have responsibility for taking actions can do something."

BAM is used for real-time analytics, "not only for processing and analyzing of event data, but also to feed visual dashboards and the like in order that people can see what is going on within the business -- very much intended for business users," he continued. BAM is still relatively new on the scene, and will take time to fully integrate into the business. The challenge with BAM is to avoid overwhelming business users with information, or alternately, reducing information about events to "such simplistic levels that it's just ignored."

While some analysts say event processing is a natural extension of SOA, Brett feels that Integrating event processing capabilities into some earlier SOA implementations may prove difficult. SOA-based services "can be picked up by event processing and similarly when an event processing engine emits events out of on the downstream side, there's no reason why services shouldn't pick it up. So there's no architectural reason why they shouldn't fit together. The question really is going to be how the services were originally designed, architected, and delivered."

A replay and transcript of Brett's talk is available here.

______________________________________________________________________

Posted by joemckendrick in Event Processing • SOA Events • SOA Research and Analyst Reports  |  Permalink  | Comments (1)  | TrackBacks (0)

Behold the zebra in the wild savanna -- when a it senses the presence of a lion, it knows to run away, as fast as it can. When it senses food supplies, it knows to act.

Do today's companies have this much situational awareness, and an ability to act quickly to survive and thrive? Not yet, but thanks to new approaches such as complex event processing, they're getting there, according to Gartner VP Roy Schulte. "We can teach computers to do what a zebra does," Roy said. "To collect and process event data to respond quickly and effectively."

In his keynote kicking off ebizQ's recent Event Processing virtual conference, Schulte broke down the essential pieces of complex event processing, and describing how businesses can leverage CEP, or being able to act, in real time, on multiple streams of event data flowing in from different parts of the enterprise. "The value of complex event processing, overall, can be summarized as improving situation awareness. Simply put, that is just knowing what is going on, so you can figure out what to do." The benefits of complex event processing, Schulte said, include better decision quality, faster response times, reduced information glut, and reduced costs.

Schulte defined a business event as a "meaningful change in a state that is something that is relevant to the business. Examples include depositing or withdrawing money from a bank, submitting a purchase order, or hiring an employee." There is also a second term, "event object," that describes how the event is packaged for processing, typically as an XML document these days. "We have to record events using event objects so computers can receive them and do computations on those events," Schulte said.

However, while all companies have always been event driven -- with millions, if not billions, of events in a single day, most events are still handled manually, by people, not computers. "At any one second, a large company has on its network anywhere from 10,000 to 10 billion business events," Schulte explained. "At the low end, that's almost a billion events per day -- at the high end, that’s almost a trillion events per day."

The challenge is that most of the stovepiped and legacy applications that power enterprises are not yet event driven, Schulte observes.

But there's great practicality in automating the ability to capture and make decisions on multiple event streams coming into the core business systems, Schulte says. "For example, you can have a complex event that says, ‘this mornings sales were 30% above our daily average.' That of course is much easier to digest and act on than sending a person 500 detailed sales records, and making the person compute what happened that day manually."

The growing array of sensors, such as RFID tags, combined with front-end systems such as business activity monitoring (BAM) dashboards make complex event processing a reality with today's technology, Schulte points out.

"In many cases, the complex event processing system Is just a front end being used for decision support. The output of the CEP engine is sent to a person through a BAM dashboard, or through an alert such as email or SMA or an Atom or RSS feed. in this case, we have a two-stage computation. In the first stage we’re using a computer to narrow down the data. And in the second stage, we still have a person involved to do the final analysis.

"An application system, or some other device or some other system, detects the event, and generates a message or a notification that is sent to a person. That notification is the event object or event report sent in the form of a message through message-oriented middleware, RSS, a Web service, or an email, or some other communication mechanism. The response to an event may be a manual activity, done by a person or it may be a SOA service or business process or some other application."

However, things could get interesting as CEP systems develop, Schulte added. Namely, the need for human processing could be taken out of the equation all together. "We can bypass that person entirely; we can build enough smarts into the complex event processing engine to determine the specific response that is needed."

Schulte provided a working example of complex event processing in action within the airline industry:

"In large airlines, there is an event oriented middleware that... acts as an enterprise nervous system. Information from hundreds of sources, including sensors on board the aircraft, information coming in from the FAA, and information coming in from standard systems is sent to the enterprise nervous system, and is temporarily stored in event databases. It helps to create the data, the outgoing alerts and notifications that is sent to hundreds of applications on the consuming side to respond to threat and opportunity situations as they emerge. By having information quickly, each of these systems in their respective departments can respond faster. ...Information helps the fueling and maintenance management applications to change their schedules and so forth. By using an event based system, the turnaround time of each plane can be shortened… Fewer airplanes are needed to handle the same schedule."

______________________________________________________________________

Posted by joemckendrick in Business Process Management • Data Management • Event Processing • Management • SOA • SOA Events • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

Does your SOA initiative remind you more of the gunslinging, saloon-brawling days of the Wild West than of the intrepid pioneers?

Don't feel bad -- most companies are still struggling to tame their Wild West SOA frontiers. The right approaches and solutions can help keep rogue services at bay, while delivering greater value from reusable assets.

I will be joining Christian Hastedt Marckwardt, solution marketing director with SAP, on Tuesday, April 29, at Noon Eastern Time in a special Webinar to discuss the results of a new ebizQ-SAP survey on SOA governance trends and practices.

The survey explored the depth of SOA and SOA governance at organizations. Be sure to join us for a compelling hour, as well as receive a complimentary copy of the complete survey results!

______________________________________________________________________

Posted by joemckendrick in Management • SOA • SOA Events • SOA Research and Analyst Reports • SOA Vendors  |  Permalink  | Comments (0)  | TrackBacks (0)

I recently had the opportunity to host an ebizQ Webinar on managing SOA performance with Forrester's Randy Heffner and AmberPoint's Ed Horst.

SOA has a lot of moving parts, and digging down to spot the root cause of a service problem is not always easy. SOAs are multilayered creatures. Is it the service itself that's creating an issue? Is it the database? Is it one of the servers?

As Randy put it:

"We’re talking about managing complex SOA services. So we’re diving into an advanced topic that comes up as you realize how deep your service implementations can go, and as you realize some of the dependencies that happen between the various components behind the implementation of your service. Your SOA management solution however you construct it and buy it must handle SOA-based service requests that have complex service implementations."

Randy says when troubles arise with services in SOA, it's often a challenge to pinpoint the source of the troubles, and a number of teams may get involved in the process of identifying issues -- and not have the big picture. Now, Heffner says, "great, we’ve identified there’s a problem with a service, who we going to call?" With complex SOA implementation, and multiple teams, the only answer that will be coming from everyone within their respective teams saying, "it's not me -- my stuff is working fine." That's because everyone has a view limited to their piece of the infrastructure, Randy says.

SOA management tools need to address "deep service" management, Randy pointed out. SOA management tools all do a fairly good job of altering administrators to problems with a service. Even in a complex service implementation -- it could be Java, .NET, messaging middleware, or legacy connectors -- when trouble is afoot, a good management tool will do a good job of sending an alert out.

Randy urges configuring SOA management strategies and solutions to conduct "deep service management." Typically, SOA management solutions employ solutions that don't look beyond the SOAP interface. A new generation of tools that are emerging, however, that can look beyond the service interface to the databases, services, and messaging layers beneath.

SOA management should be able to handle a variety of SOA deployments, ranging from services that invoke Java Message Service, MSMQ, Java RMKI, or CORBA, to ESBs or app servers. Many deep service SOA management approaches can start with agents that many SOA management solutions provides, Heffner said. Then, there are also an increasing number of management solutions that run natively on various platforms.

They key is to employ these solutions -- with or without agents -- to gain better visibility into the systems behind the services, he said. "SOA management solutions may have various ways to construct or correlate a picture, such as dropping tags into a message... or, you might have to do a little work in the configuration..." As services arise, problems will be better isolated, and administrators will know which team to call for assistance. Such deep service management also delivers benefits beyond root cause analysis, such as capacity management.

Randy makes the following recommendations for achieving deep service management:

"Formulate your SOA management strategies; how you’re going to do successful SOA management before you start thinking about products to do SOA management.... You have to deeply know the technologies, know how complex your implementations are. Will your SOA solutions will be able to help you manage your services across the technologies? Will your SOA management solution be able to tie together the complexity and correlate the complexity?

"...Build deep SOA monitoring and management into your whole overall SOA management. It has to do with the design of your architecture, and all the elements that are part of the implementation of your services, and everything that's behind your service interfaces. Build deep service monitoring criteria into your product selection criteria as you are selecting SOA management solutions. ...Think in terms of orchestration engines, integration products, application servers, SOA applications, repository, and SOA management. Think of them and SOA management as one cohesive SOA management platform.

"So you need to understand the relationships and connections. The bottom line is to think about deep service management as you’re pursing your solution."

_____________________________________________________________________

Posted by joemckendrick in Management • SOA • SOA Events • SOA Podcasts • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

SOA is hot and getting hotter. And if the economy cooled, SOA will get even hotter.

That's the latest prognosis from Forrester Research, found in its recent SOA adoption survey, the third since 2005. (Reported here by SearchSOA's Rich Seeley.) Randy Heffner, vice president at Forrester, notes that whole SOA was plodding along in 2006, the approach took off dramatically in 2007:

"In 2005, the survey found 53 percent of enterprises were 'using or planning to use SOA.' By 2006, that number had grown to 62 percent, and in 2007 it reached 66 percent. More importantly for the theme of the latest survey, enterprises with an 'enterprise level strategy and commitment to SOA' went from 18 percent in 2005, to 22 percent in 2006, and 26 percent in 2007."

Will this support and interest in SOA continue through 2008, even if the economy turns more sluggish? Heffner says not only will SOA survive, but it will thrive. It's possible that tighter IT budgets may actually spur further SOA adoption, he said. "There are conditions under budget stress that actually encourage the use of SOA," he said. "For example, one benefit of SOA is that it extends the life of legacy applications. Say we were going to rewrite this application and spend $X millions, but we figured out we didn't have to because with a fourth of the money we could get where we needed to by SOA-enabling a legacy application."

Above and beyond cost cutting, organizations have been embracing SOA for business reasons, Forrester concludes. "The major theme is the growing recognition of SOA as an important enabler for strategic business transformation," Heffner said in an interview with SearchSOA.com.

____________________________________________________________________

Posted by joemckendrick in SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

There's no such thing as a single enterprise SOA. At least not yet.

I just had the opportunity to co-present a Webinar with IBM's Leif Davidson on the topic of "Identifying and Federating Today's SOA Power Centers," in which we explored the results of a recent ebizQ survey of 244 companies.

The survey finds that there's no question that enterprises are firmly committed to service oriented architecture as a strategy going forward - and they're willing to put budget dollars into the endeavor.

But the survey also shows that there's no such thing as a single, all-encompassing SOA effort that covers every service initiative from every corner of the enterprise. Rather, most SOA or enterprise service efforts are "islands" of integration that arise within individual business units, designed to address specific problems.

The challenge is that these separate SOA efforts have different formats and technology foundations under development or implemented within their walls. Many use application servers to support enterprise services, others leverage composite applications on middleware, and others rely on enterprise service buses. In fact, the survey showed that enterprises are taking multiple approaches to building and supporting SOA, including application servers, composite middleware, and enterprise service buses.

The survey also found that most of these service deployments aren't yet interfacing with mission-critical systems. But this is changing rapidly, as the number of services designed for reuse proliferate. The survey finds steady, unrelenting growth in organizations maintaining large volumes of SOA-based services - the number with more than 100 services in production is expected to double.

The bottom line is that there is no single approach to SOA. SOA requires a mix of solutions but the eventual result should be a more reliable, simple and flexible infrastructure and business.

There are two interconnected levels to addressing the problem. First, on a technology level, is federation. One out of four companies have already moved to a federated infrastructure to support multiple instances of ESBs or intermediaries. The survey also shows that those with federated infrastructures are more likely to be able to move from siloed SOA to enterprise-scale SOA.

Then, on a business level, there's governance. Effective governance will make the difference between ending up with a tangle of services -- JBOWS -- or a functioning SOA that truly supports business endeavors at any endpoint across the enterprise. The survey finds that organizations recognize the urgency of governance, but a surprisingly large percentage leave this up to the IT department.

The Webinar in which Leif and I discuss the implications of the survey results can be found here at the ebizQ site. (Registration required.)

____________________________________________________________________

Posted by joemckendrick in Management • SOA • SOA Events • SOA Research and Analyst Reports • SOA Vendors  |  Permalink  | Comments (0)  | TrackBacks (0)

One of the interesting findings to come out of our recent survey on Enterprise SOA is the mixed state of governance that still exists out there. While a third do have a board or committee to oversee governance, another 16% rely on a "center of excellence" to manage the process and gain business buy-in.

What advantage does governance provide to SOA, besides acting as a central clearinghouse for vetting services? For one, governance boards or centers of excellence assure that projects are put into motion based on their merit to the organization, versus individual political agendas. This helps keep SOA decisions above the political fray.

As reported in Application Development Trends, Ian Koenig, senior vice president and chief architect at Thomson Financial, recently spoke on the importance of SOA governance. Koenig provided these key lessons learned about SOA governance:

Lesson Learned: Choose Policies That Matter, or Risk 'Death by Governance': "Having too many policies is just as bad as having none at all," Koenig said. He said his team looked at 5,000 really good ideas and then distilled them down to 170 policies that really mattered.

Lesson Learned: People Don't Communicate: Often, people don;t even see eye to eye on what problems they're trying to solve. "When two or more smart people disagree on a solution, it's almost always true that they don't agree on the problem they are trying to solve," Koenig said. His team employed the UML 2.0 specification to diagram how data should flow.

Make Governance Easy and Do It Early: Here's how people react to complexity, Koenig said: "Sixty percent will do the easy thing, regardless of whether it's right; 40 percent will do the right thing, regardless of whether it's the easy thing to do." The key is to make governance as simple as automatic as possible -- and automation is the best route.

Lesson Learned: Reusability Is Not Cheap: Koenig said reuse is expensive: "Our rough calculation is it's about 2.5 times more expensive to make something reusable as not." Therefore, it's going to take some customer education to sell the idea of putting more funds in up front for an integration project.

Identify an Owner for Each Service: "It's important to identify who defines the value proposition for the service," Koenig said. You need to know "who gets called at 3:00 in the morning if it's not meeting its SLAs."

Fair enough.

____________________________________________________________________

Posted by joemckendrick in SOA • SOA Events • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

Everyone is talking about "SOA governance" these days, but what does it all really mean?

At what stage are most SOA governance programs at? What are organizations trying to accomplish with these efforts? How are policies enforced? Are companies tracking reuse? Are companies employing automated enforcement, or is this still a pipe dream?

ebizQ is conducting a new survey to answer these questions and more, to better gauge where companies are at with efforts to better manage and govern their SOA deployments.

Forty iPod Shuffles will be given away to survey respondents in a drawing, to thank you for your input into the brief questionnaire. In addition, you will also receive a copy of the survey results, which will help you assess where your company stands in relation to others in managing and governing SOA.

The survey, which only takes a few minutes to complete, is posted here at ebizQ. Hurry, the deadline for responses is this Friday, March 14.

_____________________________________________________________________

Posted by joemckendrick in Management • SOA • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

This Wednesday the 12th, IBM's Leif Davidsen and I will be delivering the results of and commentary around ebizQ's latest survey results on SOA and trends toward ESB federation. (To sign up for the Webinar, click here.)

To help build the conversation that will be taking place within the Webinar, we invite you to join in with any questions or observations you may have.

One inquiry focused on the viability of Web Services Description Language, or WSDL,in a federated environment. Would exposing ESBs as a WSDL be sufficient to link different vendors' ESBs together?

Leif responds that while WSDL can help make the connection, but more is required for a robust SOA infrastructure across business units. "To make the most out of an SOA infrastructure, resources should be used and reused across the business. This will drive the connection of these ESBs to provide end-to-end seamless connectivity," he said.

"From a purely functional point-of-view a service provider and consumer can connect using a WSDL interface. But when looking at the business perspective, important issues such as Governance, Security, Transactionality and Systems Management come into view. In order to invoke the services through a WSDL interface, the service needs to be located. If it exists in a remote system, the security credentials need to be passed along. Updates to transactions add to the complexity and criticality. And of course not every asset is exposed as a Web Service."

"So while WSDL maybe a part of the solution for connecting web services through different ESBs, there are many other aspects to consider other than simple web services connectivity that will be important to businesses when considering the implications of actual deployment."

Join us Wednesday an Noon Eastern Time for the latest data and solutions in managing multiple SOA implementations in our Webinar, Identifying and Federating Today's SOA Power Centers Through Enterprise Service Buses.

_____________________________________________________________________

Posted by joemckendrick in Management • SOA • SOA Events • SOA Research and Analyst Reports • SOA Vendors  |  Permalink  | Comments (0)  | TrackBacks (0)

How secure is SOA? Security has long been considered the Achilles Heel of both Web services and SOA, since both mission-critical applications and data are being opened up to the cloud.

Surveys I have worked on for Evans Data over the past several years find Web services and SOA developers overwhelmingly rely on Secure Sockets Layer (SSL) for their security needs. This is not enough, of course -- a holistic approach is required, that not only encompasses service and application security, but also a layered approach involving network security, OS security, and physical security of the facilities where apps are run and data is stored.

In a couple of weeks, Mike Rothman, President and Principal Analyst, Security Incite will be joining Gunnar Peterson, Managing Principal, Arctec Group for a discussion on the state of security in SOA. The session promises to be an eye-opener, with a frank discussion on new attack vectors introduced by SOA, the best places to implement SOA security, and identity and access management options.

In the meantime, ebizQ's Peter Schooff provides some good pointers for better securing SOA in his latest post.

Don't assume that your vendor "is taking care of" security. It's up to you to protect you're own company's assets -- your vendor's not going to care.

Security is not one-dimensional. Don't assume that "because your firewall is up and functioning doesn't mean your secure," Peter cautions. "With SOA, security is much more than just perimeter and means working security in during the design and implementation phase."

Don't rely on a cursory risk assessment. Resources are limited, and a company is likely to let some things lapse while attending to more "pressing" issues. Peter gives the example of a company that rationalizes that an unpatched router is a greater threat than flaws in its SOA framework.

Don't rely too much on security standards or security features. Standards such as SSL, S/MIME, and WS-Security are helpful, but don't fully secure the system, Peter cautions.

Posted by joemckendrick in Management • SOA • SOA Events • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)

Almost half of respondents that have responded so far to a new ebizQ survey report they have SOA solutions already in place somewhere within their enterprises, but these efforts are scattered.

One out of four at this time report having more than five SOA projects going on across their organizations, and most say these are separate, unconnected efforts. For the most part, few touch mission-critical enterprise applications, though a majority of respondents expect to be interfacing with at least a few of such apps within the coming year.

These are preliminary, top-line results from ebizQ's current survey of SOA best practices, which is still open and awaiting your participation. Click here to complete the survey, if you have not already done so. All participants will be entered into a drawing for a $300 American Express Gift Card.

Posted by joemckendrick in Business Process Management • Case Study • Management • SOA • SOA Research and Analyst Reports  |  Permalink  | Comments (0)  | TrackBacks (0)