C 55 Y 35 M 55 K 20

C 46 Y 25 M 58 K 10

C 9 Y 42 M58 K 2

C 53 Y 21 M 9 K 1

C 5 Y 11 M 22 K 0

C 30 Y 21 M 18 K 4

C 51 Y 38 M 36 K 2

C 65 Y 52 M 53 K 57

May

15 –

16 Executive Fo

ru

m

Breaking SOA Bottlenecks

InfoWorld’s special supplement focuses on the signature leading-edge presentations from the top experts at InfoWorld’s SOA Executive Forum held May 15-16, 2007. SOA experts Joe McKendrick and Beth Gold-Bernstein have produced this special collection of articles and podcasts by the Forum’s speakers. Find out how to right-size and govern your SOA services and how mashups and SaaS can speed progress rather than cause problems for SOA efforts.

You'll also hear experts from BEA, Oracle, Software AG and webMethods detail their practical strategies for over-coming SOA obstacles.

Breaking SOA Bottlenecks

Quick-to-deploy data mashups and SaaS are fast ways to add functionality to SOAs. But with more and more companies’ SOA efforts reaching maturity, are mashups and SaaS a shortcut or detour to effective SOAs? And how will SOA governance change in an increasingly Web 2.0-based world?

S p e c i a l R e p o r tSOA Executive Forum

BEA: The Benefits of Deconstruction,

Governance and MashupsAs companies move further along the

spectrum of SOA deployment, BEAEngineering Vice President Charles Stack sayscompanies are discovering to their delightand surprise that the changes SOA brings aremore fundamental than originally expected.

Deep organizational changes are requiredas a part of the implementation, but thesechanges present companies with new busi-ness opportunities � in part, as a result ofthe deconstruction of their former businesscapabilities.

�Businesses are finding that what theyintended the services to be used for onlyscratches the surface of what they actuallycould be used for,� Stack says.

Governance continues to be a big issue inmaking the most of that. Companies need totake standards and practices that they wantto enforce and make them visible to thepeople who care and ensure compliance.

�And as reuse factors into the equation,frankly most companies are doing SOA toget cost savings � and reuse is at core atthose cost savings,� Stack adds. �The moreyou can guarantee or ensure that reuseoccurs, the greater your return on invest-ment is going to be.�

Beside reuse, which also eliminatesredundancy, governance increases the abili-ty to prescribe services to projects, creatingsituations where you can ensure and enforceconsuming of services at the architectureand review level. Even smaller organizationscan benefit from governance in order toestablish a precedent and set the stage forefficient SOA initiatives from the ground up.

And emerging Web 2.0 technologies gohand in hand with SOA. Stack points outthat Web 2.0 and SOA alike are largelyabout deconstruction, taking monolithicfunctionality and deconstructing that intoconstituent parts, then reassembling thoseparts into new functionality in individualservices that might be delivered as entirelynew businesses.

�That's really the end game for an effec-tive SOA, a service-oriented architecturethat delivers the ability to decompose ini-tially and then recompose business capabili-ties in new and more productive ways,� hesays.■

2

To hear this entire 12:00 podcast, go tohttp://www.ebizq.net/to/podcast1

By Joe McKendrick

By its very nature, service-oriented architecture is an openinvitation to dissension and tension within the enterprise. WhileIT often takes a leading role in SOA efforts these days, the archi-tecture, like the Internet, is supposed to be highly distributedacross multiple owners without a single master. However, SOAproponents must still decide who should lead the SOA charge,and how they should go about it. Questions often linger, such as:Who should be enforcing the policy questions that arise withinan SOA? What constitutes a “service”? Who has access rights tothe service? Who manages the services? Who pays for theservices? How do you change these services? How do you definepolicy?

Many companies are just starting to build out their SOAs, andare also starting to learn that the services they develop anddeploy need to be vetted and processes put in place to ensurethey are developed in accordance with pre-determined policies.Numerous organizations are pinning their hopes for SOA successon service reuse, and as Charles Stack, vice president of engineer-ing with BEA Systems, puts it, it takes good governance to makethis a reality. “At this point, most companies are doing SOA to

get cost savings, and reuse is the way to achieve that,” he pointsout. “The more you can insure that reuse occurs, the greater yourreturn on investment is going to be.”

Governance is necessary because SOA is still unfamiliar territo-ry for most companies. For one, developers building servicesaren’t thinking about how the service can or will be reused byother business units. In addition, there’s still a tendency by devel-opers to throw services over the wall, without keeping track ofwhether the services get used or not. However, Stack observes,“when you add governance into the equation, you now have asituation where you can prescribe specific services that ought tobe used by project teams, and that insure or enforce those servic-es are actually consumed. Therefore, your return on investmentgoes up significantly with governance because you’re able to pre-scribe them.”

The need for governance grows as the SOA grows in size andscope, providing direction in “how you scale and retain speed,and what structures you need in order to establish SOA,” saysMiko Matsumura, vice president of product marketing SOA forwebMethods. “Right out of the box, people need to start archi-tecting and engineering for this future state. People who favor

“...there's still a tendency by developers tothrow services over the wall, without keepingtrack of whether the services get used or not.”

Is it Ever too Soon to Start Thinking

About SOA Governance?

© 2

007

BE

A S

yste

ms,

Inc.

All

Rig

hts

Res

erve

d.

While most IT departments arebusy putting out fires, you canstart being more liquid.

A Service-Oriented Architecture is the best wayto stay fluid in the constantly evolving world of business.BEA’s particular approach to SOAallows you to unlock frozen assets andalign business with IT. We call this Business LiquidITy™.

What makes our SOA solutions so liquid? Our software embraces heterogeneity, working equally wellwith diverse technologies and multiplevendors. We offer seamless innovation,so that you quickly realize tangiblebenefits, not just suffer empty promises.And our pragmatic, step-by-stepapproach allows your company toexperience a faster time to marketwhile mitigating costs and reducing risk.

To learn how you can achieve BusinessLiquidITy, visit bea.com.

BEA_SOA_ad_InfoWorld_color.qxd 5/2/07 5:02 PM Page 1

speed and scale before they start thinking of structure and gover-nance could be at risk of having their projects falling apart.”

Governance firmly plants SOA control on the business side,since the practice gives “business and IT management insight intoall the rules and policies around artifacts,” according to MighaelBotha, technology evangelist at Software AG. “Governance makessure that if business users request a service, there is a cleardefined path of accountability for the lifecycle of that service,from development through deployment.”

Why You Should Govern Right Out of the Gate Industry experts agree that it’s never too soon to start looking atgovernance strategies. The idea of SOA governance may be newto many IT managers and professionals, but the sooner gover-nance is put into place, the greater the chance of success for theSOA. Those organizations that launch robust governance initia-tives alongside their SOAs are likely to see far greater results interms of measurable return on investment and cost savings.

Many companies have gotten the governance message, andmost have undertaken rudimentary efforts to address the process.A survey of 313 companies conducted by ebizQ found that about50% of the companies interviewed have 10 or fewer servicesdeployed, and only 20% had services exceeding the 50 mark.However, at least 55% said that they had a “corporate mandate”to put governance policies in place, and another 31% expectedsuch a mandate soon.

“Governance enters the SOA picture when the first policy isset,” said Brenda Michelson, co-author of the ebizQ study.“Typically, this is during the technology proof of concept, and thefirst policies are on the design side, service interface design, andwhat technology protocols you’re going to use — Web services,REST, XML or HTTP. Depending on the business problem you’reworking on, an organization might need to introduce runtimegovernance in their first project. In general, the formalization ofSOA governance begins after the initial proof of concept, andbefore SOA expands beyond the early adopter team.”

BEA’s Stack agrees that “you need to put the gates in placeright away.” The number of standards or practices that areenforced may be modest, “but the gates to ensure that servicescomply with basic standards. Basic interoperability requirementsneed to be in place, even early on as you're only doing the firstcouple of services, because you want to establish the precedent.Then as your SOA initiative matures and builds and grows youcan, as necessary, add to the requirements for moving from onestep in the development lifecycle to another.”

4

Oracle Middleware Director: Stick to the

Point ProjectsOracle's Fusion Middleware Director

Ashish Mohindaroo believes most compa-nies are past the point of needing to beconvinced of the value of SOA.

Instead of needing more convincing, hesays, companies are investing in specificpoint projects for SOA and replacing olderpoint-to-point integration techniques. Butthe projects are still in their early phases.

Governance continues to be a big issue.Whereas in past enterprise projects a sin-gle department had complete control overa project, SOA breaks down departmentalbarriers � and that raises new questions.Who has access rights? Who manages serv-ices? Who pays? Without answers, notesMohindaroo, tension could emergebetween departments if companies aremade to play it by ear.

�The whole idea behind governance isto define a path of how a company canstart from a point project and then scaleit out,� he said. Another key factor is�putting in the organization structurealong with the technology structure that isrequired to be successful in these proj-ects.�

And governance is not just creating arepository of services within the enter-prise, but more about having a standard ofservice that has to pass certain parame-ters and has to meet service-level agree-ments, conforming to specificationsdefined by a governing body within theorganization.

Web 2.0 raises more possibilities forSOA also, bringing increased user produc-tivity and increased reuse of existingassets. The emerging Software-as-a-Service model works hand-in-hand withSOA to create services that can be exter-nally delivered by business partners andswitched on or off according to require-ments.

As compared to a traditional monolithicarchitecture, said Mohindaroo, �with SOAas your basic infrastructure principle, itbecomes a lot easier for you to now plugand play different services to meet yourbusiness requirements in a much morecost-effective manner.� ■

To hear this entire 10:00 podcast, go tohttp://www.ebizq.net/to/podcast2

Is it Ever too Soon to Start Thinking About SOAGovernance? continued from page 2

“Basic interoperability requirements need to bein place, even early on as you're only doing thefirst couple of services, because you want toestablish the precedent.

— Charles Stack, vice president of engineering with BEA Systems

Copyright © 2007. Oracle ia a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

oracle.com/soaor call 1.800.633.0641

“Excellent”For Service-Oriented Architecture

Oracle Fusion MiddlewareHot-Pluggable. Comprehensive.

“The most comprehensive and easy to use product on the market today.”

– InfoWorld Review, January 22, 2007

MdW_SOA-leader_InfoWrld_1799

Governance should not be limited to SOA, but to the types offunctionality the services are exposing, webMethod’s Matsumurasays. “I think that the thing to be the absolute most sensitive to iswhether there are functionalities that straddle ownerships comingin. You need to consider how those functionalities are governed.”For example, Matsumura observes, developers themselves tend tosplit functions such as QA testing, operations, and business func-tions into separate domains. “They behave as if they are a separateownership domain. Each of these domains behaves as if they areseparate from the other domains.”

Botha said governance is also key for keeping rogue services atbay. “In a lot of cases, I've seen developers go off and they wouldcreate services. The guy working in cube 1A would create fiveservices on Monday, and the guy sitting in cube 2A would createanother 15 services because they perceive that they've got thestamp of approval from management for full-fledged SOA. At theend of three or four months, the company ends up with 200 or300 services. These things can get out of hand pretty quickly.”

Shared OwnershipGovernance takes on added importance in SOA efforts because, atleast in theory, SOA is an enterprise-wide project that is notowned by a particular department. “If you look at the way compa-nies have approached enterprise architecture projects in the past,they were very much siloed and departmental-centric,” saysAshish Mohindaroo, senior director of Oracle Fusion Middleware.“SOA is about breaking down these silos and departmental barri-ers, and having a uniform architectural approach across the enter-prise. That means giving up control.”

Again, this is uncharted territory for many enterprises. “You'reorganizing capabilities that may be under the control of differentownership domains,” says Matsumura. “But, obviously that raisesquestions about how to appropriately allocate resources, how toshare resources, and how to get these interactions and interdepen-dencies in some kind of meaningful state.”

Such decentralized control over SOA resources often results in“a lot of tension that could emerge between different departmentsif it's not handled correctly upfront,” Mohindaroo says. “Thewhole idea behind governance is to really define a path of how acompany can start from a point project and then scale it out bybreaking down the departmental barriers across the enterprise,putting in the organization structure along with the technologystructure that is required to be successful in these projects.”

The most successful governance efforts involve the empoweringor creation of a governance committee, comprised of representa-tives from across the business. Eric Newcomer, Chief Technology

6

IONA CTO: Decomposeand Improve Interfaces

It�s an exciting time for SOA, says IONACTO Eric Newcomer, and as companiesbegin to turn more and more toward thetechnology, they face some interestingchallenges and possibilities.

�We see emerging technology such asSCA, as we use it in our registry/reposito-ry, providing the capability to composemultiple services together, and orchestra-tion engines such as BPEL where you cantake the very large-grained interface thatmeets the needs of the business anddecompose it or assemble the smallergrained services that the developers mightbe working on," Newcomer explains.

Also, thanks to Web 2.0, interactiveconsumer sites like Google Maps are rais-ing challenges for enterprise applications.

�One of them is to get the level ofinteractivity improved in the user inter-faces on your enterprise applicationsbased on adoption of some newer tech-nologies such as AJAX and maybe Flash,and some of these nice presentation tech-nologies that are coming out," Newcomernotes.

Software-as-a-Service (SaaS) is poisedto take an important role in SOA also, ascompanies begin to create applicationswith reusable services and think abouthosting those services outside the compa-ny. Newcomer expects commodity andgeneral purpose functions like accountingand billing to deliver the primary value. ■

“The most successful governance efforts involvethe empowering or creation of a governancecommittee, comprised of representatives fromacross the business.”

To hear this entire 7:00 podcast, go tohttp://www.ebizq.net/to/podcast3

Is it Ever too Soon to Start Thinking About SOAGovernance? continued from page 4

Officer at IONA Technologies, says the best examplesof governance structures he has seen typically have“a very complete set of governance policies and pro-cedures inside the company, with an architecturaloversight function that keeps those things in line,and keeps projects going in the right direction.”However, he observes, “there's always kind of thispush-and-pull between the developers who want todo their own thing and the oversight committee thatwants to make sure that they build reusable servicesthat fit the design goals of the SOA.”

LifecyclesGovernance typically addresses three elements ofSOA: policy management, service-level agreements

The reign of traditional middleware vendors is ending. IONA Technologies accelerates the adoption of service-oriented architecture (SOA) by commoditizing middleware stacks and transforming existing IT assets into reusable services.

To receive a complimentary Starbucks coffee card and learn how IONA helps organizations incrementally adopt SOA, please visit: www.iona.com/infoworld

The End

of Middleware

No More Centralized Hubs • No More Proprietary Middleware SolutionsNo More Big Upfront Investments

f

8

Software AG: MashupsAre the Real Face of SOA

In any SOA deployment, governance is away to make sure that high-quality SOA servic-es are being delivered, says Software AG tech-nology evangelist Mighael Botha.

But even with governance, businesses strug-gle with right-sizing in SOA initiatives.Services may not fit enterprise needs the waythey are originally implemented.

Right-sizing goes through constant measure-ment and optimization after implementation,says Botha. �After a third or fourth iterationof the release of a service or a software pack-age, you typically get into a situation whereeverything has been optimized and that pieceof software is right-sized.�

Web and Enterprise 2.0 technologies maysimplify both governance and right-sizing, aswell as boost overall SOA adoption, saysBotha.

Although typical business users may notrelate to IT terms like �enterprise servicebus� and �governance tools,� even if usersdon't understand what a mashup is, they canbe presented with a single view showing allkinds of biographical data about customers orproducts through a Web 2.0 or AJAX front end.

�The mashup is the real face of SOA, bring-ing business closer to maybe a portal or event-driven architecture to show them that theycan really get useful information from the newtechnology that is being implemented,� Bothaconcludes. ■

To hear this entire 7:00 podcast, go tohttp://www.ebizq.net/to/podcast4

Is it Ever too Soon to Start Thinking About SOA Governance? continued from page 6

“It turns out that the biggest differentiatorbetween those that feel their governance solution issufficient, and those who believe their governancesolution is not sufficient, is the degree of runtimeautomation,” says Beth Gold-Bernstein, director ofthe ebizQ Training Center, who co-authored thestudy with Michelson. “Those that have runtimeautomation have an automated solution that ismanaging governance policies whenever theseservices are being accessed and run have far higherlevels of confidence. They know their policies arebeing enforced in their environment.” ■

and lifecycle management. In fact, governance typically is empha-sized — and often handled differently — during the two phases ofdevelopment time and runtime. At the core of any SOA gover-nance initiative are policies, which establish guidelines around theproper definition, development and deployment of services. Suchpolicies extend through the lifetime of a service, from initial fund-ing, standards, interfacing, testing protocols, and security.

For that reason, Newcomer believes, “I think it's important thatgovernance always starts with design, and then it gets into tech-nology. Once SOA is defined as collection of reusable services,companies are going to need some help managing, maintaining,updating, renewing and changing the policy settings and configu-ration settings on their services. That's where governance tools canreally help.”

Increasingly, such tools offer automation capabilities — andexperts advise automating as much of SOA governance as possible.As Anne Thomas Manes, an analyst with Burton Group, explainedin a recent ebizQ Webinar, SOA governance “should be as helpfuland as automatic as possible. If it is a hurdle, if people have to dostuff they’ve never had to do before, it typically produces a bunchof resentment, and people figure out ways to avoid it.”

While policies are typically manually administered, there’s beengrowing impetus toward the automation of policy enforcement andgovernance in general. The ebizQ survey found, for example, thatmanual processes that companies rely on include design reviews,which was the most common method of enforcement, manualaudits, and after-the-fact reporting. The survey also found thatonly about six percent of companies have automated runtimemonitoring of policies, and less than five percent automaticallycheck services for policy enforcement before the services arechecked into a repository.

Overall, most companies that have functioning SOAs in placeare pretty sour on the state of their governance solutions. Whileabout 17% say their governance is sufficient, another 40% say it isnot sufficient. The rest aren't quite sure yet.

However, in cases where automation is introduced to facilitategovernance, the picture changes. Those sites that have runtime anddesign-time automation are far more likely to report high levels ofcomfort with their governance solution than those who rely onmanual enforcement. A third of the respondents with runtimeautomation, 33%, say their governance is sufficient, compared to18% with no automation. Likewise, 26% of those with runtimeautomation expressed confidence in their governance approach,versus seven percent with no automation.

SOA governance “should be as helpful and asautomatic as possible. If it is a hurdle, if peoplehave to do stuff they've never had to dobefore, it typically produces a bunch of resent-ment, and people figure out ways to avoid it.”

–Anne Thomas Manes, analyst, Burton Group

By Joe McKendrick

Mashup applications have taken the world by storm, and areseeping into the enterprise. Industry experts agree that mashupscan provide a new look to service-oriented architecture. But can,and should, the mashups trend be tamed, without restricting theinnovation that this new style of application brings to enterprises?

Mashups are a form of composite application that draws fromother applications or data from across the network. Mashupsemploy Web 2.0 approaches — typically employing the AJAXstandard as well as drawing upon resources in the cloud — tooffer fast and easy ways to address simple front-end integrationproblems. Classic examples of mashup applications are combineddata and mapping services on the Web. Zillow.com, for example,mashes current real estate data with Microsoft Virtual Earth toprovide a visual locator service. Within enterprises, a transporta-tion company can mash up delivery route data with maps to helplogistics managers determine the fastest routes for current ship-ments. Or, customer addresses can be mashed up with an address-checking service.

Prominent companies are discovering the potential opportuni-ties mashups can provide. Sabre, for example, now enables itspartners to mash-up its travel services in new ways. As CharlesStack, vice president of engineering with BEA Systems explains,“Sabre recognized that they can't know what the entire universeis going to do with its services. In fact, users have come up withapplications that Sabre could never have imagined.”

A recent survey of 2,847 executives worldwide by McKinsey &Company finds that at least 21% of companies are investing intools or technologies that will enable the development of mashupapplications.

Mashup applications can actually be considered a variation ofthe composite applications that have been part of the SOA scenefor years now. In many ways, Web 2.0 mashups and SOA arecomplementary. “I see mashups as being the face of SOA,” saysMighael Botha, technology evangelist at Software AG. “Mashups

10

webMethods: Web 2.0, SOA the

Foundation for SaaSAccording to Miko Matsumura, vice pres-

ident of product marketing, SOA forwebMethods, Web 2.0 and SOA togetherprovide a foundation for Software-as-a-Service, and SaaS means that companiesare beginning to offer their business serv-ices on a network-deployed model.

�This takes it beyond Software-as-a-service and starts to get into businessservices on the Internet,� Matsumura says.�What's the difference? Well, if you sellsoftware, then you can sell your softwareas a service on the Internet.�

And if you sell something like telecom-munications, SaaS means that when peo-ple interact with your interfaces, it's notjust bits but repair technicians and trucksand all of your offerings being triggeredthrough an Internet-accessible standardbusiness platform.

�We're seeing an entire transition in theindustry towards business services residingon the Internet,� Matsumura says.

Matsumura also pointed out that gover-nance and planning was important rightfrom the beginning when deploying SOA.

�Out of the box, people need to startarchitecting and engineering for thisfuture state,� Matsumura explains.�People who favor speed and scale beforethey start thinking of structure and gover-nance could be at risk of having theirprojects falling apart.�

are something that I can take to a user, and say,‘Okay, this is a mash-up that shows a single viewof a customer within your organization.’ The usermight not understand what a mashup is, butwhen they see that they can get all kinds of dataabout their customers or products from five or sixor seven different systems in the back end.”

Web 2.0 resources and methodologies can evenhelp accelerate SOA projects. “Web 2.0 is allabout increased user productivity, and SOA isincreased reuse of existing assets,” says AshishMohindaroo, senior director of Oracle FusionMiddleware. “If I'm able to mix and mash differ-ent Web site content, to deliver a new page or anew service to my end user, that's a great thing,”

“When you deliver a series of services, postthem in a repository and let people within yourenterprise see what's there, they’re going tocome up with new creative ways of deliveringbusiness value. Whether or not they’re called‘mashups,’ that's really the end game for aneffective SOA…”

— Charles Stack, vice president of engineering with BEA SystemsTo hear this entire 7:00 podcast, go to

http://www.ebizq.net/to/podcast5

Mashups Bring New Energy to SOA

THE WORLD IS TURNING TO SOA

In a survey of top Chief Information Officers

(CIOs), global investment firm Goldman Sachs

determined that 87 percent of them had

deployed web services and were getting involved

in Service Oriented Architecture (SOA). This led

Goldman Sachs to conclude that momentum

for this style of computing is strong and that

“service oriented architecture is the next big

thing to drive an upgrade to a new platform

of infrastructure and applications, providing a

growth catalyst for the software industry.”

SOA is nothing short of re-architecting the billion dollar information

systems that run the world economy. The process of adopting SOA is

evolutionary, but requires the establishment of a set of SOA Governance

policies, processes and practices that ensure the integrity of the SOA

federation as a whole.

WHAT IS SOA?

SOA has been defined as a paradigm for organizing and utilizing

distributed capabilities that may be under the control of different

ownership domains. It provides a uniform means to offer, discover,

interact with and use capabilities to produce desired effects consistent with

measurable preconditions and expectations.

SOA has the potential to provide many benefits which are related to

controlling cost and complexity as well as enabling an organization to

evolve and compete with increased agility. As an SOA grows to

enterprise-scale, both the risks and opportunities also expand. At

enterprise scale, breaking down the barriers between traditional IT “silos,”

SOA architects can create benefits for central IT, business units, and the

organization as a whole.

WHY CONSIDER SOA?

There are several key reasons organizations should turn to SOA.

SOA is Inevitable - Every major software vendor has expressed

their commitment to delivering SOA enabled software infrastructure

components. So your software will be “service enabled” out of the box

moving forward. With 87 percent of CIOs surveyed by Goldman Sachs

reporting the use of web services standards, these standards will form the

basis for integrating software not just within, but across organizations.

SOA Accelerates IT - By creating “coarsely-grained” business services,

SOA creates an IT landscape of components that can be assembled and

recombined into business processes or new services. These components

resemble LEGO™ toy blocks in that they can be combined to quickly build

new shapes and capabilities.

SOA Aligns IT with the Business - By creating a common language and

set of expectations around services, SOA can ensure that the IT function

interoperates smoothly with the business function. Older IT systems have

a tendency to be obfuscated, mystified and otherwise too technical for

business users to understand. By shifting the conversation to business

services, business people can easily understand what they can expect from

IT and how IT brings value to the business.

SOA Saves Money - SOA does not ask organizations to “rip-and-replace”

their existing investment in technology. SOA uses a “leave-and-layer”

approach that leverages all of the existing systems, whether they are

mainframe, client-server or Internet-ready applications. In addition, by

creating a common set of building blocks across an organization, the

organization can consolidate redundant pieces of infrastructure and a set

of commonly shared services enterprise-wide.

Adopting SOA: The New Structure of Business“SOA will become the dominant framework for creating and delivering software, shifting value from packaged software to subscription services and from monolithic suites to composite applications”David Cearley, Jackie Fenn, Daryl Plummer in Gartner’s Positions on the Five Hottest IT Topics & Trends

Manage

Run

Time

Plan

Des

ign

ChangeTime

Tim

e

SOAData

Use

Developer

Architect

Admin

ServiceConsumers

Business Users

IT Operations

Des

ign

View

Operational Vi ew

Business View

Rules and ProcessesAccess Control

Security

End-to-End Service Lifecycle Governance

Stop by the webMethods booth to get a full SOA assessment.

Avoid common SOA challenges andcompare your company to your peers.

For more information, please visit www.webmethods.com/soa

Expert Commentary

Miko MatsumuraVP of SOA Product Marketing & Technology Standards, webMethods

he explains. “I can assemble new services which in thepast would have taken me a longer time because every-thing had to be built from scratch.”

The same is true with SOA, Mohindaroo continues.“Because SOA is about reuse. You have existing assetsyou have already invested heavily into, such as legacysystems, mainframes, and packaged applications. Youdon't want to rip everything out and throw it away.What you really want to do is bring those existingassets into modern infrastructure, a modern architecture.Combining Web 2.0 mashups with SOA is the entireframework of building next-generation applications.”

The parallels between Web 2.0 and SOA “are verystriking,” Stack agrees. “Conceptually, both SOA andWeb 2.0 are largely about deconstruction, where youtake monolithic functionality, deconstruct it into itsconstituent parts, then enable people to reassemble thatinto new functionality.” He observes that within theideal SOA inside an enterprise, “when you deliver aseries of services, post them in a repository and let peo-ple within your enterprise see what's there, they’regoing to come up with new creative ways of deliveringbusiness value. Whether or not they’re called ‘mashups,’that's really the end game for an effective SOA, a serv-ice-oriented architecture that delivers the ability todecompose initially and then recompose business capa-bilities in new and more productive ways.”

However, many mashups are occurring under theradar of IT governance.“The mashup seems to be verymuch like a Wild West, almost like rapid applicationdevelopment was 15 years ago,” says David Linthicum,an industry consultant and author of InfoWorld’s RealWorld SOA blog. “As people are mashing these thingsup, the SOA and enterprise architecture people withinthese organizations are coming behind them and tryingto figure out how to control it.”

Experts agree that instilling governance over mashupactivities may be a daunting challenge. Governanceinvolves a lifecycle approach to service developmentand deployment, as well as support of a registry/reposi-tory to aid in discovery of available services. Bringingmashups into this fold, and assigning policies to theseservices, may put a damper on their development.

Miko Matsumura, vice president of product market-ing SOA for webMethods, cautions against lettingmashups run too far amok without governance, as“there is almost a tyranny to structurelessness,” he says.“That kind of model is inherently less agile, flexible,and more expensive, than a model that actually consistsof logical constraints.”

Matsumura adds that “a constraint should be thoughtof more as a ‘pivot’ than as a ‘straightjacket.’ If youconstrain something along one dimension, it doesn’tmean that it’s not free to move across the other dimen-sion. That’s the balance that SOA represents, which isthe IT-business alignment. One side wants to go wild,while the other side wants to buckle down everything.”

Eric Newcomer, Chief Technology Officer at IONATechnology, feels some mashup governance isinevitable. “Up until now, we've been thinking of serv-ices as a server-side phenomenon. But as these tech-nologies mature, and as mashups get used more andmore for enterprise applications, the services and thecomponents that they represent will need to be gov-erned as well. Because they'll be reused although, in asomewhat different way than SOA-based services. Forthe moment, I don't see the current flock of governancetools really providing much in that area.”

Many industry observers see mashups and SOA asinextricably linked. They enhance the value of SOA tothe organization and are an easy way to build applica-tions that can quickly access enterprise data and appli-cations. Ultimately, both mashed-up and traditionalcomposite application approaches can be brought tobear on various business problems. “There's a lot ofthings going on in the business side that aren't gettingthe IT stamp of approval,” Stack relates. “Because busi-ness is trying to get stuff done, and those IT organiza-tions that you think are more effective are enabling

that at the same time they are trying to put a manage-ment wrap up around it. The right approach from an ITstandpoint strikes me as one where you enable thebusiness to be as productive and flexible as possiblewith all the technologies that come around.”

Ultimately, the two approaches have much to offerone another. “I see mashups and SOA really comingtogether in a very tight manner, in which SOA dividesthe framework and gives you the structure,”Mohindaroo said. “And mashups give you the flexibilityand productivity that you are looking for in terms ofassembling some of these new applications in a muchfaster way than you could do it in the past.” ■

12

“Ultimately, both mashed-up and traditionalcomposite application approaches can bebrought to bear on various business problems.”

Mashups Bring New Energy to SOA continued from page 6

“As people are mashing these things up,the SOA and enterprise architecturepeople within these organizations arecoming behind them and trying to figureout how to control it.”

— David Linthicum, InfoWorld's Real World SOA blogger

13

by Beth Gold-Bernstein

While most organizations are still in the earlystages of SOA adoption, according to numerous audi-ence polls ebizQ has conducted, very few enterprisesare sitting this trend out. It is becoming increasinglyclear that SOA is slated to become the dominant ITarchitecture of the future.

The potential business benefits of increasing busi-ness and IT agility, enabling reuse of IT assets,decreasing implementation times and lowering costsare clearly compelling. Additionally, the nearly univer-sal acceptance of Web services by all vendors has low-ered the risk of adopting a SOA approach to deliveringbusiness solutions.

However, while the evolving standards define howto implement services for interoperability, they do nothelp developers design services with the right level ofgranularity in order to optimize reuse, agility andmanageability. While right-sizing services is essentialfor achieving the promised land of SOA benefits,unfortunately, there is nothing akin to the rules ofdata normalization for determining the correctness ofa SOA design.

To deliver business value and mitigate risk, design-ers and developers need methods that provide moreconsistent and reliable results. A good design methodshould be:

1. business-driven, meaning that business processesand requirements drive all parts of the process

2. derivable, meaning that the design can bederived directly from the requirements in a step-wise manner

3. auditable, to provide traceability in the designgoing from requirements to implementation

4. proveable, meaning that there is a way to provethe correctness of the design

Additionally, the method should provide a reliableand repeatable process that delivers predictable results,templates to guide and speed the process, and bestpractices to help avoid costly mistakes and enhancesuccess factors.

These are the drivers and requirements behind aservice design method I have been working on withBrenda Michelson of Elemental Links(http://www.ebizq.net/to/elinksiw). Brenda and I firststarted discussing a service-based architecture in 1997,when I was consulting at L.L. Bean on a distributedenterprise architecture initiative that Brenda was lead-ing. Over the past decade we have had extensiveexperience with architecture, design, and SOA, andbelieve we have come up with a method that is driven,

derivable and traceable. Frankly, the provable partremains to be proven.

Business-Driven Design The design begins with a business-level BPMN processmodel which includes both human and systemprocesses. BPMN diagrams include events, interac-tions, and flows. This relates directly to the differentstyles of SOA:

1. A process-driven SOA solution design starts withthe business process itself represented by theBPMN diagram.

2. An event-driven SOA solution starts with dis-crete business events which then may kick offprocesses or human interactions.

3. Interactive SOA solutions are generally compos-ite solutions with rich user interfaces, and thedesign begins by identifying and modeling thoseinteractions.

Each style of SOA has a different modeling entrypoint but it all ends up in one model. As long as youcan identify what style of SOA you are doing, thenyou can use the appropriate approach to guide model-ing effort to make it easier.

Derivable Service DesignThe activities defined in the BPMN model are thenused to derive business services. An activity may rep-resent one or more services. The business activitiesgenerally align with the different types of services(service patterns). There are process-oriented services,function-oriented services, and data-oriented services,and there is also an implication of granularitybetween the different services types.

Process-oriented services may call other processesand may also include function and or data-orientedservices. Function-oriented services may be com-prised of one or more functional services and mayalso include data oriented services. Data-orientedservices may also be aggregate services, combiningmultiple data services. The activity models helpdesigners understand the different types of servicesrequired.

While the service types imply different levels ofgranularity, we further define granularity by classify-ing services as business services, intermediary services,and provider services. Business services may be com-prised of one or more services which may be com-bined to perform a business function. It is at the busi-ness-service level that business metrics, services-levelagreements, and other business policies are defined.Next are intermediary services. These services provide

Right-Sizing Services

InfoWorld thanks the sponsors of the SOA Executive Forum in New York City. Please plan to attend our next SOA Executive Forum event which will be held

November 7–8, 2007 in New York City at the Millennium Hotel.

Written by: ebizQ Custom Publishing, www.ebizQ.net/custompub/Writers: Joe McKendrick, Beth Gold-Bernstein

Editor: Krissi DanielssonLead Designer: Ricki Pappo

Coordinating Producer: Gian Trotta

For information about InfoWorld event sponsorships,please email Hal Mentlik,VP Integrated Media Sales at

hal_mentlik@infoworld.com or call 631-696-4498.

Cornerstone

Diamond

Gold

Silver Associate

Right-Sizing Services continued

location, semantic and technology transparency. Inbusiness terms, intermediary services provide agility inthe SOA.

At the most granular level are provider services.These are the services which perform discrete units ofwork. They may be application-level interfaces, orgranular Web services. Activities are decomposed intothese different layers of services as required.

Templates to Guide Right-sizing Service-design templates help guide reduce complexityas well as design and development time by providinga good portion of the service design. Service templatescan be defined by characterizing the behavior of dif-ferent types of services. For example, process-orientedservices are long-lived, stateful, asynchronous andinteract with other services most often throughorchestration. Function-oriented services can be fur-ther categorized as workers, monitors or agents.Worker functions are stateless, short-lived, synchro-nous or asynchronous, and may have any type ofinteraction. Monitor functions are stateful or stateless,

long-lived, asynchronous, and usually interact throughpublish/subscribe. Agents can be a combination ofmonitors and workers. Over time, we expect to devel-op a rich set of service templates to enable developersto identify the type of service and general behavior,and then customize the template to deliver therequired business functionality.

ConclusionSOA is being looked to as the promised land ofincreasing business agility and decreasing IT costs. Asthe saying goes, if it sounds too good to be true, itprobably is. The truth about SOA is that it is an archi-tectural best practice, not a piece of software. Reapingthe rewards of SOA requires getting the design rightso services can be reused and solutions can easily andquickly adapt to changing business requirements.None of the Web services standards solve or addressthis problem, and that is not the role of standards.Companies embarking on enterprise SOA initiativesneed to teach developers more than how to programin WSDL if they want derive real benefits. ■

Don’t Miss the ActionJune 20 - 21

www.biinaction.comA two-day virtual conference

ebizQ is following up its groundbreaking SOA in Action and BPM in Action virtual conferences with a new Business Intelligence in Action virtual conference that will offer pragmatic, how-to webinars, podcasts, white papers and more on planning, building and managing business intelligence solutions.

Don’t miss these exciting keynote speakers:

Keynote Webinar:

Business Intelligence:Driving Business Performance

Featured Speaker:Bill Gassman, Research Director, Gartner

Keynote Webinar:

The Current State of the Business Intelligence Market

Featured Speaker:Boris Evelson, Principal Analyst, Forrester

For more information go to www.ebizq.net/to/bia

InfoWorld thanks the sponsors of the SOA Executive Forum in New York City. Please plan to attend our next SOA Executive Forum event which will be held

November 7– 8, 2007 in New York City at the Millennium Hotel.

InfoWorld thanks the sponsors of the SOA Executive Forum in New York City. Please plan to attend our next SOA Executive Forum event which will be held

November 7– 8, 2007 in New York City at the Millennium Hotel.