Service Oriented Enterprise
http://schneider.blogspot.com
2006-11-11T16:05:01Zen-USWebLayers Executes Asset Governance
http://schneider.blogspot.com/archives/2006_11_05_schneider_archive.html#116326088788489596
<p>Last week I saw the latest demo from WebLayers on their 'Policy Based Governance Suite'. The demo hit home for one simple reason. They've done a great job of laying out the extended SDLC from a roles / assets perspective and determining 'what' needs to be governed at each stage.<br /><br />Most of the vendors in the space have approached the governance problem from a registry perspective which is an important aspect, but not exactly a holistic view. WebLayers takes a methodology / lifecycle perspective. Their tooling allows you to plug your own process with roles (Business Analysis, Application Architecture, Service Design, etc.) and identify 'what' needs to be governed in each area - then, define the policies for each asset or artifact. <br />Example: The Design Stage includes a "Service Designer"; this person creates a "WSDL"; and all WSDL's have a policy that "Namespaces must be used". <br /><br />They do this by using an interceptor model. In essence, they've created a 'governance bus'. WebLayers provides intermediaries that sit between the asset creation tool (schema designer, IDE, etc.) and the repository that will store the asset (version control, CMDB, etc.) This allows their tool to inspect the newly created assets just after they've been created, but before they've been sent to production. The policies are applied to the assets and results displayed (pass, fail, etc.) to the author.<br /><br />I've been calling this type of governance, "Asset Governance" because the emphasis in on looking at the final output that is created and determining if it complies with enterprise policies. IMHO, Asset Governance is an essential component of any SOA program that utilizes an offshore element ("WSDL is the Offshore Contract").<br /><br />The product was lighter on the other two type of Governance that I look for: Process Governance and Portfolio Governance. We sum it up like this:<br />- Portfolio Governance focuses on finding right problem (prioritization)<br />- Process Governance focuses on ensuring that all the right steps are taken<br />- Asset Governance focuses on ensuring that the output of the steps were performed in accordance with policy<br /><br />I talked with the WebLayers team about the other two types of governance and received feedback that traditional I.T. Governance & Project Management packages might solve the problem (see, <a href="http://www.niku.com/">http://www.niku.com/</a>). Most of these vendors built their products prior to the SOA era and have not gone back and revisited the functionality. They have not killed the "application as the unit of work" and moved to "the service as the unit of work" nor have they updated ROI formulas based on "shared services" (thus reducing investment, increasing ROI).<br /><br />IMHO, the SOA Governance space will eventually find a nice intersection that includes both classic I.T. Governance, and the more modern "asset & process governance". It will be interesting to see which of the vendors will have the courage to tackle the end-to-end governance problem.jeff2006-11-11T14:59:00ZLast week I saw the latest demo from WebLayers on their 'Policy Based Governance Suite'. The demo hit home for one simple reason. They've done a great job of laying out the extended SDLC from a roles / assets perspective and determining 'what' needs to be governed at each stage.
Most of the vendors in the space have approached the governance problem from a registry perspective which is an important aspect, but not exactly a holistic view. WebLayers takes a methodology / lifecycle perspective. Their tooling allows you to plug your own process with roles (Business Analysis, Application Architecture, Service Design, etc.) and identify 'what' needs to be governed in each area - then, define the policies for each asset or artifact. Example: The Design Stage includes a "Service Designer"; this person creates a "WSDL"; and all WSDL's have a policy that "Namespaces must be used".
They do this by using an interceptor model. In essence, they've created a 'governance bus'. WebLayers provides intermediaries that sit between the asset creation tool (schema designer, IDE, etc.) and the repository that will store the asset (version control, CMDB, etc.) This allows their tool to inspect the newly created assets just after they've been created, but before they've been sent to production. The policies are applied to the assets and results displayed (pass, fail, etc.) to the author.
I've been calling this type of governance, "Asset Governance" because the emphasis in on looking at the final output that is created and determining if it complies with enterprise policies. IMHO, Asset Governance is an essential component of any SOA program that utilizes an offshore element ("WSDL is the Offshore Contract").
The product was lighter on the other two type of Governance that I look for: Process Governance and Portfolio Governance. We sum it up like this: - Portfolio Governance focuses on finding right problem (prioritization) - Process Governance focuses on ensuring that all the right steps are taken - Asset Governance focuses on ensuring that the output of the steps were performed in accordance with policy
I talked with the WebLayers team about the other two types of governance and received feedback that traditional I.T. Governance & Project Management packages might solve the problem (see, http://www.niku.com/). Most of these vendors built their products prior to the SOA era and have not gone back and revisited the functionality. They have not killed the "application as the unit of work" and moved to "the service as the unit of work" nor have they updated ROI formulas based on "shared services" (thus reducing investment, increasing ROI).
IMHO, the SOA Governance space will eventually find a nice intersection that includes both classic I.T. Governance, and the more modern "asset & process governance". It will be interesting to see which of the vendors will have the courage to tackle the end-to-end governance problem.]]>Rejected Four Years Ago...
http://schneider.blogspot.com/archives/2006_11_05_schneider_archive.html#116310376186607902
I was at the Infoworld SOA event this week and and someone asked by about the use of ontologies in SOA. I haven't been asked about SOA ontologies in a LONG time... I had an immediate flashback to getting rejected by Web Services Journal to write an article on the subject... <br /><br /><br />------------------<br />Hi Jeff,<br />I sent your proposal to Sean Rhody for his review. At this time, we regret that we will be unable to accept this article for the magazine.<br />Gail<br /><br /><br /><br />Gail, here is the abstract:<br />=====================================<br /><blockquote>“Semantic Web Services”<br />The desire for computers to easily communicate has long been a goal of both computer scientists and businessmen, the latter recognizing the financial gain of seamless systems integration. Over time, this goal has been recognized through network standards like Ethernet, TCP/IP and HTTP. More recently the standardization has moved up the protocol stack. Now, XML is being used to add structure through tagging, which facilitates concept delineation and enumeration. Web Services build on this foundation and enhance the communication through additional features including object serialization/deserialization (SOAP), service registries (UDDI) and standardized service interfaces (WSDL).<br /><br />Yet even with these advances computers still aren’t aware of the meaning of the text that is being sent, nor are they able to make any reasonable inferences about the data. Tim Berner Lee and the W3C have been tackling this problem through an initiative dubbed the “Semantic Web”. This initiative uncovers the semantic meanings of transactions allowing companies to use a common dictionary and also enabling like terms to be disambiguated (“Automobile == Car”).<br /><br />The use of the Semantic Web for concept delineation and Web Services for interoperability is enabling a new bread of applications known collectively as, “Semantic Web Services”. This article will explore the state of semantic ontologies, business grammars and emerging commercial products.</blockquote><br /><br />=====================================<br />Ok, the year was 2002, and I did refer to SOAP as an object serilization mechanism - perhaps it was appropriate for them to reject the article ;-) Now that we're approaching 2007 I believe that we'll start to hear more and more on this subject - who knows, maybe I'll resubmit the abstract!jeff2006-11-09T20:08:00Z
------------------ Hi Jeff, I sent your proposal to Sean Rhody for his review. At this time, we regret that we will be unable to accept this article for the magazine. Gail
Gail, here is the abstract: =====================================
“Semantic Web Services” The desire for computers to easily communicate has long been a goal of both computer scientists and businessmen, the latter recognizing the financial gain of seamless systems integration. Over time, this goal has been recognized through network standards like Ethernet, TCP/IP and HTTP. More recently the standardization has moved up the protocol stack. Now, XML is being used to add structure through tagging, which facilitates concept delineation and enumeration. Web Services build on this foundation and enhance the communication through additional features including object serialization/deserialization (SOAP), service registries (UDDI) and standardized service interfaces (WSDL).
Yet even with these advances computers still aren’t aware of the meaning of the text that is being sent, nor are they able to make any reasonable inferences about the data. Tim Berner Lee and the W3C have been tackling this problem through an initiative dubbed the “Semantic Web”. This initiative uncovers the semantic meanings of transactions allowing companies to use a common dictionary and also enabling like terms to be disambiguated (“Automobile == Car”).
The use of the Semantic Web for concept delineation and Web Services for interoperability is enabling a new bread of applications known collectively as, “Semantic Web Services”. This article will explore the state of semantic ontologies, business grammars and emerging commercial products.
===================================== Ok, the year was 2002, and I did refer to SOAP as an object serilization mechanism - perhaps it was appropriate for them to reject the article ;-) Now that we're approaching 2007 I believe that we'll start to hear more and more on this subject - who knows, maybe I'll resubmit the abstract!]]>CIO Paul Coby is Waiting for VHS
http://schneider.blogspot.com/archives/2006_10_15_schneider_archive.html#116134613868917254
British Airways CIO Paul Coby <a href="http://software.silicon.com/webservices/0,39024657,39163367,00.htm">is quoted</a> as saying, "We don't want to invest in Betamax when VHS becomes the standard. There's no point in BA trying to go its own way on that. We will wait and see what standards emerge." (referring to SOA)<br /><br />ROTFL.<br /><br />Uh, Paul - the VHS version of SOA came out 5 years ago. And SOA isn't about the stupid standards - it's a way of integrating business and I.T.jeff2006-10-20T11:59:00Zis quoted as saying, "We don't want to invest in Betamax when VHS becomes the standard. There's no point in BA trying to go its own way on that. We will wait and see what standards emerge." (referring to SOA)
ROTFL.
Uh, Paul - the VHS version of SOA came out 5 years ago. And SOA isn't about the stupid standards - it's a way of integrating business and I.T.]]>OASIS SOA-RM Passes
http://schneider.blogspot.com/archives/2006_10_01_schneider_archive.html#115974749033229094
The news is out:<br /><blockquote>The ballots for approval of Reference Model for Service Oriented Architecture v1.0 as an OASIS Standard (announced at [1]) has closed. There were sufficient affirmative votes to approve the specification. However, because there was a negative vote, the SOA Reference Model Technical Committee must decide how to proceed, as provided in the OASIS TC Process, at http://www.oasis-open.org/committees/process.php#3.4. A further announcement will be made to this list regarding their disposition of the vote.</blockquote><br /><br />IMHO, the real value of this passing is that people can quit working on it. The RM is an abstract document that is used by professional conceptual RA developers (of which there are about 10 in the world). This particular standard was... very popular by the people who wrote it... and not so popular by everyone else. <br /><br />Initially, MomentumSI was the sole No Vote, but we pulled the vote so that the committee could just put it to bed and move on. Unfortunately, someone else voted no saying that the RM was so generic that it served no purpose. Well, they do have an interesting point... here's an interesting test, see if Client/Server architecture passes the SOA litmus test as defined by OASIS... Hmmm.... <br /><br />Again - 'architecture by committee' is a hard thing to do. I don't envy these guys. The next test that these guys have is to make up their mind on the RA. Will it be a Conceptual RA or a Profile Based RA?jeff2006-10-01T23:48:00Z
The ballots for approval of Reference Model for Service Oriented Architecture v1.0 as an OASIS Standard (announced at [1]) has closed. There were sufficient affirmative votes to approve the specification. However, because there was a negative vote, the SOA Reference Model Technical Committee must decide how to proceed, as provided in the OASIS TC Process, at http://www.oasis-open.org/committees/process.php#3.4. A further announcement will be made to this list regarding their disposition of the vote.
IMHO, the real value of this passing is that people can quit working on it. The RM is an abstract document that is used by professional conceptual RA developers (of which there are about 10 in the world). This particular standard was... very popular by the people who wrote it... and not so popular by everyone else.
Initially, MomentumSI was the sole No Vote, but we pulled the vote so that the committee could just put it to bed and move on. Unfortunately, someone else voted no saying that the RM was so generic that it served no purpose. Well, they do have an interesting point... here's an interesting test, see if Client/Server architecture passes the SOA litmus test as defined by OASIS... Hmmm....
Again - 'architecture by committee' is a hard thing to do. I don't envy these guys. The next test that these guys have is to make up their mind on the RA. Will it be a Conceptual RA or a Profile Based RA?]]>Reference Architecture Models
http://schneider.blogspot.com/archives/2006_09_17_schneider_archive.html#115902380985885884
<a href="http://schneider.blogspot.com/uploaded_images/Reference Architecture Models-781628.bmp"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="http://schneider.blogspot.com/uploaded_images/Reference Architecture Models-774720.bmp" border="0" alt="" /></a><br />With the OASIS RM 1.0 up for vote, I've found myself discussing RM/RA vocabulary again... I found a Momentum view of how we differentiate between views and their usage.<br /><br />I've heard people tell me that the OASIS Reference Model has not been helpful in creating their Customer Specific Reference Architecture. Well, that doesn't surprise me - it wasn't meant to be used in that way. A reference model establishes a scope, goals and a vocabulary of abstract concepts. It is used by professional Conceptual RA developers. <br /><br />In RA land there is a process of moving from very abstract to somewhat concrete. It is an evolutionary process. However, if you skip layers you'll probably find yourself confused. Professionals from OASIS have informed me that they've lost some contributors in the process of creating their specification. It doesn't surprise me - RM's are theoretical work and not for everyone. I have also been told that they intend to publish a users guide which hopefully will set the stage for its use patterns and anti-patterns.jeff2006-09-23T14:45:00Z With the OASIS RM 1.0 up for vote, I've found myself discussing RM/RA vocabulary again... I found a Momentum view of how we differentiate between views and their usage.
I've heard people tell me that the OASIS Reference Model has not been helpful in creating their Customer Specific Reference Architecture. Well, that doesn't surprise me - it wasn't meant to be used in that way. A reference model establishes a scope, goals and a vocabulary of abstract concepts. It is used by professional Conceptual RA developers.
In RA land there is a process of moving from very abstract to somewhat concrete. It is an evolutionary process. However, if you skip layers you'll probably find yourself confused. Professionals from OASIS have informed me that they've lost some contributors in the process of creating their specification. It doesn't surprise me - RM's are theoretical work and not for everyone. I have also been told that they intend to publish a users guide which hopefully will set the stage for its use patterns and anti-patterns.]]>Inside-out or Outside-in
http://schneider.blogspot.com/archives/2006_09_17_schneider_archive.html#115850644364416730
Just a snippet from a recent email:<br /><br /><blockquote><em>Sun created a platform when they wrote an aggregated set of specifications. They made their specifications API centric. It was an inside-out view. The next generation platform must be an outside-in view centered on protocols, formats, identifiers and service descriptions. It MUST be written using RFC 2119 format. </em></blockquote><br /><br />SOA, BPM, AJAX, etc. require a new integrated outside-in standardized platform. Until then, expect limited adoption or alternatively, enterprise rework.jeff2006-09-17T15:15:00Z
Sun created a platform when they wrote an aggregated set of specifications. They made their specifications API centric. It was an inside-out view. The next generation platform must be an outside-in view centered on protocols, formats, identifiers and service descriptions. It MUST be written using RFC 2119 format.
SOA, BPM, AJAX, etc. require a new integrated outside-in standardized platform. Until then, expect limited adoption or alternatively, enterprise rework.]]>SOA Acquisitions (revised list)
http://schneider.blogspot.com/archives/2006_09_17_schneider_archive.html#115849740013390804
I've updated the list of acquisitions in the SOA space:<br /><a href="http://www.momentumsi.com/SOA_Acquisitions.html">http://www.momentumsi.com/SOA_Acquisitions.html</a><br /><br />A few interesting notes:<br />1. I couldn't be more disappointed in Cisco and their lack of acquisitions. AON failed (past tense). This could go down as one of the biggest blunders in software / hardware history. IMHO, Cisco should have revisited their executive leadership around AON a long time ago.<br /><br />2. I've taken Service Integrity off the list. It appears as though they've shut down and didn't move the IP. This is disappointing as well - from what I've heard, many of the SOA ISV's were never even notified that the IP was up for sale. <br /><br />3. WebMethods acquired Infravio. HP/Mercury/Systinet couldn't be happier. WEBM stock has been in the gutter for a long time. Infravio has a great product and a great team. It will be interesting to see if WEBM realizes that they need to move aside and let the Infravio team run their SOA direction.<br /><br />4. I'm keeping SOA Software on both 'buy side' and 'sell side'. These guys have put together a pretty interesting package that keeps them in the pure play SOA infrastructure space. It's too clean. Someone one will grab them.<br /><br />5. I added a couple 'client-side' guys to the list yet: ActiveGrid and AboveAll Software. <br /><br />6. I added RogueWave (strong SCA/SDO story), I will proabably add some more SDO / data service providers in the near future.<br /><br />7. I added testing specialists iTKO and Parasoft (although I don't know who will buy them). <br /><br />8. I added Logic Library. With the Flashline acquisition, these guys become an obvious target.jeff2006-09-17T12:17:00Zhttp://www.momentumsi.com/SOA_Acquisitions.html
A few interesting notes: 1. I couldn't be more disappointed in Cisco and their lack of acquisitions. AON failed (past tense). This could go down as one of the biggest blunders in software / hardware history. IMHO, Cisco should have revisited their executive leadership around AON a long time ago.
2. I've taken Service Integrity off the list. It appears as though they've shut down and didn't move the IP. This is disappointing as well - from what I've heard, many of the SOA ISV's were never even notified that the IP was up for sale.
3. WebMethods acquired Infravio. HP/Mercury/Systinet couldn't be happier. WEBM stock has been in the gutter for a long time. Infravio has a great product and a great team. It will be interesting to see if WEBM realizes that they need to move aside and let the Infravio team run their SOA direction.
4. I'm keeping SOA Software on both 'buy side' and 'sell side'. These guys have put together a pretty interesting package that keeps them in the pure play SOA infrastructure space. It's too clean. Someone one will grab them.
5. I added a couple 'client-side' guys to the list yet: ActiveGrid and AboveAll Software.
6. I added RogueWave (strong SCA/SDO story), I will proabably add some more SDO / data service providers in the near future.
7. I added testing specialists iTKO and Parasoft (although I don't know who will buy them).
8. I added Logic Library. With the Flashline acquisition, these guys become an obvious target.]]>Shai on Enterprise SOA
http://schneider.blogspot.com/archives/2006_09_17_schneider_archive.html#115849154820495257
An excellent article identifies Shai's take on what the enterprise needs to do to prepare for enterprise SOA and the next generation SAP platform:<br /><br /><a href="http://www.sda-asia.com/sda/features/psecom,id,595,srn,2,nodeid,4,_language,Singapore.html">http://www.sda-asia.com/sda/features/psecom,id,595,srn,2,nodeid,4,_language,Singapore.html</a>jeff2006-09-17T11:10:00Z http://www.sda-asia.com/sda/features/psecom,id,595,srn,2,nodeid,4,_language,Singapore.html]]>BPM 2.1.4.7.3.5.7.43.2.6.8.9.4.3.5.8.4.1
http://schneider.blogspot.com/archives/2006_09_10_schneider_archive.html#115844049615704240
I noticed some guys blogging about BPM 2.0. It reminds me of some thought I authored on the subject a few years ago.<br /><br /><a href="http://www.looselycoupled.com/opinion/2003/schnei-bp0929.html">http://www.looselycoupled.com/opinion/2003/schnei-bp0929.html</a><br /><br />So - I hate the tag line BPM 2.0; it's so 2003. Ok, shame on me. <br /><br />Here's why...it isn't about the driving the software solution from a single angle. It isn't about the PROCESS. It isn't about the USER INTERFACE. It isn't about the SERVICES. It isn't about MODEL DRIVEN. It's about integrating all of these concepts without your head exploding. <br /><br />BPM 2.0 places too much emphasis on the process.<br />Web 2.0 places too much emphasis on the UI and social aspects.<br />UML 2.0 ;-) places too much emphasis on making models.<br />SOA 2.0 places too much emphasis on the services.<br />Entperise 2.0 places too much emphasis on... hell, being a marketing term.<br />Did I forget any?jeff2006-09-16T20:46:00Z http://www.looselycoupled.com/opinion/2003/schnei-bp0929.html
So - I hate the tag line BPM 2.0; it's so 2003. Ok, shame on me.
Here's why...it isn't about the driving the software solution from a single angle. It isn't about the PROCESS. It isn't about the USER INTERFACE. It isn't about the SERVICES. It isn't about MODEL DRIVEN. It's about integrating all of these concepts without your head exploding.
BPM 2.0 places too much emphasis on the process. Web 2.0 places too much emphasis on the UI and social aspects. UML 2.0 ;-) places too much emphasis on making models. SOA 2.0 places too much emphasis on the services. Entperise 2.0 places too much emphasis on... hell, being a marketing term. Did I forget any?]]>Design Time Agility over Runtime Performance Cost
http://schneider.blogspot.com/archives/2006_09_10_schneider_archive.html#115841283660756566
Last week we were working with a client to define their core architectural principles. We had listed, "Agility over Performance" and this created substantial debate. The first question was, "why were services going to perform slower?" - and, couldn't we have "Agility and Performance"?<br /><br />On occasion architects will get lucky and find new technologies and approaches that are not conflicting. It has been my experience that this is the exception not the norm. More common is the need to resolve competing interests such as 'agility' or 'performance'. And when they do compete, it is the job of the architect to give guidance.<br /><br />The services found in your environment will likely be victim to two primary performance degrading elements:<br />1. They will be remote and will fall victim to all of the performance issues associated with distributed computing<br />2. They will likely use a fat stack to describe the services, like the WS-I Basic Profile.<br /><br />Now that we've described the performance issues we have to ask ourselves, "will the system perform worse?" And the answer is, "not necessarily". You see, for the last few decades we've been making our software systems more agile from a design/develop perspective. When we went from C to C++ we took a performance/cost hit. When we went to virtual machines we took a hit. When we moved to fully managed containers we took a hit. And when we move to distributed web services we will take another hit. This is intentional. <br /><br />A fundamental notion that I.T. embraces is that we must increase developer productivity to enable "development at the speed of business". The new abstraction layers that enable us to increase developer agility have a cost - and that cost is system performance. However, There is no need to say that it is an "agility over performance" issue; rather, it is a "system agility over performance cost" issue. By this I mean we can continue to see the same levels of runtime performance, but it will cost us more in terms of hardware (and other performance increasing techniques). Warning: This principle isn't a license to go write fat-bloated code. Balancing design time agility and runtime performance cost is a delicate matter. Many I.T. shops have implicitly embraced the opposite view (Runtime Performance Cost over Design Time Agility). These shops must rethink their core architectural value system.<br /><br /><strong>Summary</strong>: The principle is, "Design Time Agility over Runtime Performance Cost". This means that with SOA,<br />1. You should expect your time-to-deliver index to get better <br />2. You should not expect runtime performance to get worse. Instead, you should plan on resolving the performance issues.<br />3. You should expect (performance/cost) to go downjeff2006-09-16T12:25:00Z On occasion architects will get lucky and find new technologies and approaches that are not conflicting. It has been my experience that this is the exception not the norm. More common is the need to resolve competing interests such as 'agility' or 'performance'. And when they do compete, it is the job of the architect to give guidance.
The services found in your environment will likely be victim to two primary performance degrading elements: 1. They will be remote and will fall victim to all of the performance issues associated with distributed computing 2. They will likely use a fat stack to describe the services, like the WS-I Basic Profile.
Now that we've described the performance issues we have to ask ourselves, "will the system perform worse?" And the answer is, "not necessarily". You see, for the last few decades we've been making our software systems more agile from a design/develop perspective. When we went from C to C++ we took a performance/cost hit. When we went to virtual machines we took a hit. When we moved to fully managed containers we took a hit. And when we move to distributed web services we will take another hit. This is intentional.
A fundamental notion that I.T. embraces is that we must increase developer productivity to enable "development at the speed of business". The new abstraction layers that enable us to increase developer agility have a cost - and that cost is system performance. However, There is no need to say that it is an "agility over performance" issue; rather, it is a "system agility over performance cost" issue. By this I mean we can continue to see the same levels of runtime performance, but it will cost us more in terms of hardware (and other performance increasing techniques). Warning: This principle isn't a license to go write fat-bloated code. Balancing design time agility and runtime performance cost is a delicate matter. Many I.T. shops have implicitly embraced the opposite view (Runtime Performance Cost over Design Time Agility). These shops must rethink their core architectural value system.
Summary: The principle is, "Design Time Agility over Runtime Performance Cost". This means that with SOA, 1. You should expect your time-to-deliver index to get better 2. You should not expect runtime performance to get worse. Instead, you should plan on resolving the performance issues. 3. You should expect (performance/cost) to go down]]>