Sunday, October 30, 2005

SOA Boot Camp: Days 14, 15, 16 & 17

It's done. Thank God - boot camp is done.

17 days of training seemed like a lot and it was. My friends were joking that I wasn't trying to train the consultants - I was trying to brain wash them. Well - perhaps I was. But it was great for them to hear different views of the same story from so many different people. By the end of the boot camp we had almost 20 different instructors participate. I really need to thank Hjalmer, Melissa, Stephen and Alex for supporting the effort. They did everything from booking hotel, air, car to making sure we got fed - to validating content. I couldn't be happier with the team effort.

Well - the boot camp ended just as strong as it had begun. We were lucky enough to have Sam Boonin from Cisco present the AON vision. I must admit that Cisco has the unique ability to make a complex topic seem simple. Their proposition for relocating functionality from the application layer to the network layer is profound. Naturally, we pushed them a bit on the standards support which was less than what we'd hoped, but it was clear that it was in Cisco's best interest to move the standards forward and that they were on the right path.

And if the Cisco vision wasn't big enough - we followed it up with Microsoft. Our discussion started with a history lesson (COM, DCOM, remoting, WSE, Indigo, WCF) and quickly led into the next generation tools. We went over the new white boarding capabilities in Visual Studio (formerly White Horse) and then was briefed on BizTalk orchestration (and next-gen human workflow). It is clear the Microsoft will be an on-going leader in the SOA space.

We were also lucky to have Peter Yared and his crew from Active Grid talk to us about their next generation tools. His team has done an amazing job of enabling software developers to be productive in no time at all. Peter also made it clear that the 'service oriented' design center was core to his product road map.

The last vendor session was on the SAP ESA story. Our own Scott Campbell presented the SAP vision for service enabling EVERYTHING. SAP is breaking away from their past of being only a packaged application solutions provider. With NetWeaver they are pushing infrastructure (Java, Portals, etc.) and are doing it all with an SOA facade.

And naturally we went back and covered the basics - even managed to get a bit of BPEL coding in. Boot camps are a ton of effort - but at the end, you feel good about what you've accomplished - and you've made a bunch of friends. We passed out boot camp tee-shirts - and headed home to see if our wives still loved us. I declared it a success. We've opened up additional SOA consulting positions and have scheduled the next boot camp for the 2nd week of January.

SOA Soldiers Wanted - the weak need not apply.

Wednesday, October 26, 2005

SOA Boot Camp: Day 13

After two days of rest we returned to boot camp in Austin where Luc Clement and Chuck D'Antonio of Systinet arrived to update us on the status of Systinet's Blizzard Platform. Many boot camp participants have pointed to Systinet as playing a crucial role in SOA governance. Their Governance Interoperability Framework (GIF) has gained traction among several of our key partners so we were eager to hear more details from the source. Clearly the company has an aggressive set of capabilities they are looking to build out and we were able to drill down on their current and upcoming products.

Luc started out by building the case for SOA governance. We have been discussing this daily but Luc has been probing multiple customers and developing an excellent list of challenges being faced in the field and Systinet's roadmap to solving them. The focus this year is around policy management but provisioning challenges are going to be addressed soon.

There have been many controversies around the UDDI spec and it was excellent to hear Luc's point of view about how the spec developed (including Bill Gates' role) and what parts should be ignored. Systinet dominates the UDDI compliant registry space, but where the registry maintains references only, there is a need to manage the metadata that is an essential component of a contemporary SOA. Luc helped clarify what the Systinet repository product will and will not do and how they avoid creating overlap with other repositories.

Luc also gave us a look at Contract Manager. This product pushes SOA metadata to a necessary further step that involves tracking service consumers rather than just the producers. Solving many the lifecycle management challenges SOA presents is going to require this additional knowledge in the infrastructure.

Chuck led a drill down into the Registry product including the process Systinet is using with their customers to bring a registry up. While some people cringe when the subject of UDDI tModels comes up, obviously Systinet knows this stuff cold and Chuck helped the team get a solid grounding and understanding of some of the finer points. When deploying Registry, Systinet leads their clients through a workshop process and Chuck helped us see inside how Systinet is approaching the design decisions involved in creating initial taxonomies and how we could add value to the process.

As night fell Chuck took the team through a deep dive into Policy Manager. Policy permeates an SOA and we have had heated discussions about where it should be created, stored, and managed. We were pleased to hear the degree to which those designing the product are engaged with its earliest adopters. We'll be working with the product in our lab to help guide their efforts as well.

Sunday, October 23, 2005

SOA Boot Camp: Days 10, 11 & 12

Day 10 was the culmination of a lot of hard work; we took all that we had learned about clients, services, intermediaries, architecture, design and pulled it all together under the 'composite application' umbrella. Deborah Scharfetter, VP of Products from Above All Software walked us through the advanced features of their application composition suite.

Above All definitely understands the idea of rapid composition. Their suite in some ways looks like a 'service oriented powerbuilder'. They have some interesting design concepts in the product: 1. Leverage SOA whenever possible, but don't punish the user if SOA isn't possible 2. Make it easy to tap into packaged applications (SAP, Siebel, etc.) 3. Leverage WYSIWYG concepts to enable rapid development 4. Assume that there will be multiple delivery channels (thin client, portlet, rich client, mobile client, etc.) 5. Services will be combined with other services to create composite services, which in turn will be exposed to the service network.

For some reasons "SOA" doesn't seem to hit home until people see a user interface on it. Composite applications seems to create that 'aha' momentum for many.

Day 11 focused mostly on managing & monitoring services in an operational environment. Jason Hollander and Chris Bowlds from Actional went over their SOAPstation and Looking Glass products. Both products looked strong. It was also clear that Actional was taking a stronger interest in the security side of equation than many of the other vendors. SOAPstation has been carefully designed to do both fine grained and coarse grained access control. This is in addition to a real nice UI for quickly adding in ws-sec attributes (signature, encryption,etc.)

The Looking Glass product focuses on the monitoring of services. The product appears to be well designed and full-featured. However it is unclear to me how it will compete/complement with the Tivoli/BMC/HP trio. I really like what Actional has done I just see a potential crash course with the big three. For now, they'll have no trouble fending them off - their offering is advanced and buyers that need a solution today will find an easy answer.

Day 12 we split into teams and continued building out some of our reference architectures. We are close to finishing our SOA Security Reference Architecture - we just need to add a bit more around fine grained access and vulnerability detection. We also made progress in knocking out an XML Firewall Buyers Guide (we'll publish it soon). Lastly, we did a first draft on our 'SOA Operations Management Reference Architecture' and 'SOA Presentation and Channels Reference Architecture' (plenty more to do here!)

By the end of the day on Saturday - we all were starting to feel like this was really a 'boot camp'. We're tired - we all hopped on planes and headed home to see our families. We'll kick it back in gear on Tuesday...

Thursday, October 20, 2005

SOA Boot Camp: Days 8 & 9

Day 8 (Tuesday) was an interesting day. Oddly enough we were discussing service networking infrastructure (XML transformation devices, mediation and XML firewalls) - and the press release around IBM picking up DataPower came out. Well - that created a bit of discussion. Generally we agreed on a few things: 1. The deal was good for IBM and DataPower 2. The valuation of Reactivity just went up 3. Cisco needs help with AON. We also spent some time and knocked out a 'service networking buyers guide' which we will make available to our customers.

Day 9 (Wednesday) focused on 'service oriented business intelligence'. Eric Zerneke and y of Service Integrity taught us the essentials of using SIFT. This was a welcome change. We'd been spending a significant amount of time looking at the non-functional concerns of SOA that it was great to learn about a product that was much more focused on providing business value. From a geek perspective, SIFT focuses more on the information found in the SOAP body. So, many people talk about 'business services' - well, accompanying those services are 'business messages'. SIFT presents a solution for 'intercepting' business messages, applying cross-message analytics for the purpose of near-real time event resolution. Unlike traditional ETL/Cube/Analyze/Report solutions, SIFT presents information to a user when the information is still action-able (not post-mortem analysis). They also do a great job of aggregating the data and making it available to a variety of output devices (rich client, portal, etc.) One thing that I'd like to see is a closer integration into intermediaries.

Tuesday, October 18, 2005

SOA Boot Camp: Days 6 & 7

Day 6 (Saturday) focused on SOA security. We started off by reviewing the typical security concerns found in a distributed computing world: message authenticity, confidentiality, non-repudiation, distributed trust, etc. Part II reviewed the protocols available to remedy the issues: (WS-Security, XML-Signature, XML Encryption, WS-Trust, WS-Federation, SAML, TLS, etc.) Part III reviewed the actual architectural elements that implement the remedies (XML Firewalls, I&AM, Federated Identity, PKI, platform libraries (AES, etc.), intermediary based PEP's, etc. Part IV focused on the Momentum SOA reference architecture (usage of protocols, reference elements, architectural patterns & practices and use cases). At first glance, SOA security appears to be a real beast, but once you break it down it is actually not too bad.

Day 7 (Monday) was an in-depth review of 'decoupling in the network'. Frank Martinez of Blue Titan discussed the protocol resolution to the non-functional requirements of distributed computing (message formats, passed predicates, transports, reliability, security, transactional integrity, etc.) And how each of those issues can be viewed as potential coupling issues. He then addressed the use of intermediaries to mediate the differences between architectural participants. The outcome was an architectural approach that promotes consume-ability by making a service tolerant to the various requirements imposed by clients.

Friday, October 14, 2005

SOA Boot Camp: Days 4 & 5

I was way too tired to blog about the boot camp last night - so now I'm playing catch up...

Day 4 focused on service design: best practices in message creation, encoding types, scoping the port types, importing common types, etc. We all agreed that the current documentation around 'best practices in service design' is still pretty weak.

We also had the whole class do contract first design - and then bind it back to platform implementations, in our case Java. As a reference, we went through Axis, ActiveSOAP and XMLBeans just to give everyone a feel for the various components.

Day 5 moved into testing. Roland Lynn and Wayne Ariola from Parasoft gave us a serious lesson on SOA based testing. Their suite has extensive capabilities for generating test suites and executing the tests across just about any configuration (encodings, transports, attachments). We were also educated on static analysis techniques and scanning for malicious attacks. The session ended with an impressive view of their SOA based load testing capability.

SOA testing is going to have to enter mainstream. It was really kind of odd to see that the state of the art in testing is beyond just about all other aspects of SOA infrastructure. Who'd of thought?

Wednesday, October 12, 2005

SOA Boot Camp: Day 3

Another tough SOA Boot Camp Day!

Most large enterprises have a number of legacy systems in place - and many of them running on the mainframe. SOA and Web services provide a great way to access those business and data services.

Momentum has a number of clients that are choosing to use services as a stepping stone to migrating functionality off of the mainframe. In this way they are able to create a standard interface and have the clients plug into it. Later the implementation of the interface can be moved to whatever hardware software platform they choose.

We were fortunate to have Rob Morris and Wilson Rains of GT Software educate on 'service enabling' legacy software. First, it was great to see an organization that understands both the classic mainframe environment and the next generation service oriented enterprise. Most companies that we talk with that come from a mainframe environment really don't get SOA - this was a welcome change.

The other item that we quickly noted was the depth of their product suite. We've evaluated a number of similar packages and many of them have quasi-connectivity solutions. As an ex-IBM 390, MVS, VM guy, I know that there is a real big difference between those that understand this environment and those that don't.

Tuesday, October 11, 2005

SOA Boot Camp: Day 2

Day 2 - Today we covered more of the advanced WS-Specs and what it means to distribute a loosely coupled systems across a network. The focus was on 'creating a virtual application' by using "RST" (reliability, security and transactional integrity).

Most of knew this stuff already so we started the 'Requirements Analysis' workflow early. The first step focused on what has changed in capturing business stakeholder requirements (processes, collaborations, interactions, etc.) The second half focused on the changes in specifying a software system (candidate services, enterprise concerns, etc.) One thing that we all agreed on is that the requirements stage has significantly changed and that we need a specialized course. We landed on "SOA for Business Analysts" which will update the RUP concepts (Vision Document, Use Cases, etc.) with more up-to-date techniques.

Monday, October 10, 2005

SOA Boot Camp: Day 1

Today was the first day of our SOA Boot Camp. For those of you that haven't heard, MomentumSI has pulled our first batch of SOA consultants out of the field for 17 days of in-depth training.

We started out covering the basics - WSDL, SOAP, and a bunch of the WS-protocols. For us, it wasn't so much of an education on the basics, but rather a discussion of how to explain these concepts to newbies. As SOA consultants one of the biggest issues we face is getting the teams at our clients on the same page by using a common vocabulary.

Although we tried to focus on the basics - we found ourselves conversing on the more interesting aspects (business value, architectural patterns, governance, etc.) It was also interesting to hear the chitter-chatter between the consultants. It sounds like many clients are running into the same basic problems. It was better to hear that the consultants are agreeing on common solutions!

Sunday, October 02, 2005

Dear CIO, I Can See Your Underwear!

Not so long ago I predicted that CIO's would lose their job due to failed SOA implementations. A few people told me I was over reacting so I took some time to think it over. I'm done thinking it over. Here is where I landed:


Here is why:
1. Unlike many past I.T. initiatives, the SOA initiatives can EASILY be audited. Frank Martinez taught me the phrase, "Show me the WSDL!" I use it all the time. I say, "How's you SOA program going? ... Really, that's great - show me the WSDL'S!" And some poor architect squirms around giving excuses and tells me that he can't do it easily... at that point, I go for the jugular and drill him on why the service definitions aren't in his registry.

2. Most organizations have completed their 'enterprise application portfolio' - often with the total number of applications exceeding 1,000. This portfolio is often referred to as the 'functional footprint'. Corporations are attempting to service enable their entire footprint. Most companies are less than 1/10 of 1% of the way there. In addition, many of them will proudly brag that they've been working on service enablement for 2 years plus. Rarely do these geniuses do the math to determine that unless they pick up the pace they won't complete their task until the 22nd century.

I talk to so many companies about their SOA program - and they all say the same damn thing: "Well, we only have X services done but that's ok because we're doing it incrementally."

There is a HUGE difference between SLOW and INCREMENTAL. It won't take long before the I.T. auditors catch on to the math. In a service oriented world, your underwear shows - there is no hiding. Organizations must determine how to create service oriented enterprises FAST, CORRECT and INCREMENTAL.