The SOA tool pyramid

I've had a bit of a graphic spurt (as it were) and so here's another blog post based around a diagram.

I was talking to a journalist a couple of weeks back about the kinds of functionality that customers need to look for when looking for tooling for SOA initiatives, and which vendors provide which groups of functionality. It's not always easy to explain this kind of thing over the phone, so I thought I'd have a go at describing the main areas of functionality as a pyramid. Something like this:

In our assessments of SOA tool vendors' capabilities (see here for an example) we highlight nine separate areas of functionality, but this is a simpler picture that just focuses on four:

• Service enablement - this is functionality that helps you take existing IT assets (applications, databases, etc) and create service interfaces based on the capabilities they offer. A lot of vendors provide facilities in this area because in truth most of them started out as integration tools vendors.
• Orchestration and composition - this is functionality that helps you aggregate services and create "composite services" or "processes". Most vendors offer some capability along these lines, and most involve the ill-named "BPEL" in some way (but that's another story). The reason is the same as the reason above: many of the SOA tooling vendors had "pre-SOA" offerings which allowed you to aggregate and orchestrate resources from existing applications and systems.
• Lifecycle management - this is all about supporting development, integration and operations teams in linking their efforts to ensure that the consumer service experience is high-quality and consistent under potentially unpredictable circumstances. Typically the foundation of this capability is some kind of registry/repository, but ideally tools go further than this - firstly by helping to automate team workflows for implementing quality controls at design time; and secondly by helping to translate design intentions relating to operational SLAs into runtime policies which are tied into the infrastructure. Some vendors are starting to offer capabilities in this area, through acquisition (HP/Mercury/Systinet, webMethods/Infravio, BEA/Flashline (kind of)); OEM/resale agreements (Oracle/Systinet, BEA/Systinet) or in-house development (IBM, Sun).
• Service development - this is about the ability to design services "from scratch", or to design services where any existing applications/systems offer functionality which only partially fulfils a requirement. Ideally this starts "contract first" - first of all documenting what the service needs to do and the commitments the provider should make to service consumers; and only then refining that spec into a working service implementation and interface.

Most SOA tools vendors suck at this last bit, frankly. I think that TIBCO is starting to do provide some interesting supporting facilities for this broad area with ActiveMatrix, and as vendors start to implement SCA/SDO in their tools the situation might get better across the board. In the meantime if you've heard of a vendor targeting SOA specifically that really provides solid tools to help with this kind of contract first" development approach, I'd love to know.

Labels: BPEL, contracts, development, SCA, SOA, tools

posted by Neil Ward-Dutton @ 9:19 PM 0 comments permalink

Are you an architect?

At the beginning of March I attended Microsoft's Architect Insight event in Newport, Wales. The event is run by Microsoft but the idea is to try and stimulate a community of interest around IT architecture. The flavour is therefore not so much "listen to what Microsoft is doing" and more "let's talk about what architecture is, what's difficult, what's important, and how we can do things better". I certainly found it pretty interesting.

One feature of the event was a series of workshop sessions set up to explore a kind of "taxonomy of IT architecture". Participants were positioned on tables with peers with similar job titles/experience and asked to focus in on one or more roles, discussing what important features of those roles were and how the industry could potentially evaluate skills and experience. I could only attend one of the sessions, but at the session I managed to attend I was positioned on the "strategy architect" table.

Our small group was a bit non-plussed by this title, so instead we took things up a few levels and started with that perennial "what is an architect, anyway?".

Which is where I drew a version of this diagram:

The context of the drawing was this: we'd all come across people whose business cards said they were "architects", but who clearly weren't. Why not?

Well here's my hypothesis: if your role doesn't take you a fair way up at least two of the axes in the diagram, you're a re-branded systems analyst. In my view an architect:

• engages with multiple different stakeholders in doing their work - both from business and IT teams. They seek to engage those people to drive common understanding of the challenge, solution, costs and benefits and tradeoffs.


• plays some kind of role throughout the entire lifecycle of the IT investments they're involved in. Might not be hands-on all the way through, but they contribute.


• work across multiple systems, services or projects. In my mind the job of the architect is to try to optimise the value delivered across a portfolio of systems/projects. We're very good (mostly) at getting people to make local optimisations within system designs: we're not so good at balancing these with global optimisations that seek to pull IT activities closer to business strategy and direction.

The IASA is working to install more rigour into industry thinking and discussion of the "architect" role, and the Open Group has introduced an IT Architect Certification programme. Defining "architect" and "architecture" (in the context of IT) is a hot topic.

What do you think? Is this a valid distinction? Is anyone else out there seeing lots of re-branded analysts, or is it just me? posted by Neil Ward-Dutton @ 5:41 PM 4 comments permalink

CIO podcast

Over here is the first of what we hope will be a series of podcasts with CIOs who've instigated work to improve IT-business alignment in their organisations. The interview is with New Zealand-resident Peter Burggraaff, until recently the CIO of NZ retail chain Farmers Trading Company. It follows on from the work we did last year on our forthcoming book, which is due out in a couple of weeks.

Peter talks to us in this 31'34" podcast episode about his initiative at Farmers and the outcomes he achieved.

In the podcast Peter explains that Farmers was in a situation where IT cost was way too high, and although the IT organisation was doing some things well (particularly managing operational services) it wasn't seen as a real contributor of business value as Farmers looked to put some big business changes in place. He goes on to explain how he started to turn this situation around and built a solid and trusted relationship with Farmers business management.

We're very excited to present this podcast, and we very much hope to be doing more of these over the coming weeks and months. Thanks Peter!

If you'd like to get involved in this programme of podcasts don't hesitate to let us know.

Labels: book, CIO, podcast

posted by Neil Ward-Dutton @ 3:43 PM 0 comments permalink

Liberty is serious about clients

The Liberty Alliance today announced its Advanced Client specifications which are

designed to allow enterprise users and consumers to manage identity information on devices such as cameras, handhelds, laptops, printers and televisions

For those of you that are so inclined, you can read the specifications here but, in a nutshell, the Advanced Client relies on ID-WSF 2.0 (which I discussed here) to provide the following capabilities:

• Trusted Module - protocols which allow a client (be it hardware, software or a combination of the two) that is sufficiently secure to be trusted by third-parties to participate in identity-based transactions e.g. to make identity assertions on behalf of an identity provider event if the client is disconnected from the identity provider
• Provisioning - over-the-air provisioning of data and/or functionality to the client
• Service Hosting/Proxying (SHPS) - facilities which allow an identity web service service hosted on the client, such as an individual's e-commerce profile, to be accessed under the control of the individual (whether or not the client is connected)

These capabilities allow identity data to be provisioned to and stored on a client device, such as smart card or a mobile phone SIM and subsequently used in a variety of scenarios, including single sign-on and identity federation. In SSO scenarios, the client can either perform the role of an identity provider (self-asserted) or take responsibility for certain aspects of the SSO process, essentially acting as an extension of a third-party identity provider.

The Advanced Client is the third phase of Liberty's four-phase roadmap for delivering client capabilities, following on from the Liberty Enabled Client/Proxy (which I discussed at some length here and here) and the Active Client, which provides client-based identity web services and SSO capabilities in an untrusted environment. The final phase is the Robust Client, which will add support for multi-factor authentication and mobility of Trusted Modules.

This is not just about dry specifications though. Earlier in the year at the RSA Conference BT, together with HP and Intel, demonstrated an Advanced Client proof of concept (you can download the presentation here - it's a 10MB ZIP file!), with HP doing the provisioning and Intel providing the trusted client environment, based on its Identity Capable Platforms (ICP) technology. The proof-of-concept is based on a Wi-Fi provisioning scenario where an individual subscribes to Wi-Fi on the web and completes the BT-initiated provisioning process using credentials which have been pushed down to the ICP-based trusted Active Client.

As I have said before (and I was as guilty of this as anyone) the work of the Liberty Alliance can be perceived as focusing on server-to-server protocols for enterprise-centric federation. Its work on client-enablement, however, provides compelling evidence that this is not the case. With major telco players such as BT, Ericsson, NTT, Nokia, T-Com, Telefonica, Telenor and Vodafone on its membership roster its highly likely that its client specifications are going to see significant deployment. Their participation also explains the emphasis on over-the-air provisioning and active, trusted participation of the user which are essential for telecom services. With an increasingly mobile and disconnected workforce, this is not just a consumer play and organisations should be monitoring these developments closely.

Labels: BT, HP, identity, Intel, Liberty

posted by Neil Macehiter @ 12:48 PM 0 comments permalink

BEA announces strategic partnerhsip with CA: but where does that leave AquaLogic Enterprise Security?

BEA today announced a stategic partnership with CA, which will see the latter's access and identity management solutions (SiteMinder and Identity Manager) integrated with the former's WebLogic and AquaLogic application and service infrastructure platforms.

I agree completely with Wai Wong's (BEA's executive vice president of products) statement in the press release that

Identity and Access Management is critical within SOA

not least because we have said as much in our service infrastructure assessment model and our report on identity management.

Despite this agreement, I am still left a tad confused by this partnership as it is far from clear what this means for AquaLogic Enterprise Security (ALES), which BEA describes as

a fine-grained entitlement management solution that combines centralized policy management with distributed policy decision-making and enforcement. This combination provides management and control of your critical applications

How will SiteMinder integrate with ALES? Will ALES continue to integrate with other identity and access management solutions? Does BEA plan to provide a common policy definition and enforcement framework across ALES and SiteMinder?

We point out in our assessment of BEA's service infrastructure offerings that there are some important gaps when it comes to security and identity management, which explains why BEA felt the need to establish this partnership. However, as well as answering a number of questions from potential adopters, this partnership is going to raise a few more for existing customers with an investment in ALES. I for one look forward to learning more about the two companies' plans to

validate and further extend integration between CA SiteMinder and BEA WebLogic and AquaLogic technologies

Labels: BEA, CA, identity, SOA

posted by Neil Macehiter @ 5:30 PM 3 comments permalink

Our first identity management assessment

Excuse the use of the blog to highlight our own research but I wanted to let any of you out there who are interested in identity management know that the first of our identity management infrastructure assessments - Novell - has just been published. Here's the summary to whet your appetites:

Novell has exploited its heritage in identity management, based around its proven directory product, to provide a comprehensive portfolio of identity management offerings which address a broad range of identity management requirements, although it is lacking in some important areas. The company, to its credit, has recognised that it has reached this position without a strong architectural foundation and has articulated a clear vision to address this. Novell’s heritage has also enabled it to develop a portfolio of services coupled with best practice advice and guidance that address a broad range of requirements focussed on the deployment of its products, with partners addressing the non-technology aspects of identity management initiatives. Its offerings are a sensible choice for organisations with an existing investment in eDirectory or who are focussing on identity lifecycle management or user-mediated single sign-on.

Labels: identity, MWD, Novell

posted by Neil Macehiter @ 12:11 PM 0 comments permalink

Five things you don't know about Neil WD

So I got blog-tagged by Ashesh. Hmmm! Thanks, I think...this has been going around for at least two months now, so I was kind of expecting to have escaped. Perhaps it says about where I stand in the blogerarchy...

At this point, it's customary for the taggee to tell 5 things that people don't necessarily know. So here goes:
1. I released an album and made a rock video. I was in a band and taking it really seriously for about nine years, and the high point was releasing an album through Universal - which was largely funded through our fan club. The best part was a fan in Japan emailing us a photo of the album on a shop rack in Tokyo. Ultimately it sank without trace ;-)... we kind of lost momentum after that, then I started MWD, my wife became pregnant and life got very different very quickly. Just a few weeks ago I finally got some time to start playing the guitar again.
2. I had and recovered from cancer. When I was 20 and studying as an undergrad I got Hodgkin's Disease, which is a form of thyroid cancer. The lucky break was that if you're going to get a cancer, this is probably the best one to get. These days the cure rate is pretty high if it's caught fairly early, and the other lucky break was that it was caught early. A few days before my 21st birthday, after a few rounds of chemotherapy and a month of radiotherapy I got the all-clear, and I've never looked back. I actually feel pretty lucky to have been through that experience, which probably sounds strange.
3. The strange surname goes back 4 or 5 generations. Despite that there's only a large handful of W-Ds around, as a lot of the kids along the way have been girls. The bizarre thing is that neither Ward nor Dutton was from a wealthy background so they had no obvious need to both preserve their surnames: AFAIK they were both domestic servants.
4. I spent 7 years at a boarding school and loved it. My Dad was in the RAF, and so we moved around a lot when I was a kid. The first year was hell - the headmaster was awful and had no control, so the prefects ran the place and were pretty sadistic. After that things got much much better and by the time I was 18 it had become one of the happiest times of my life. My big sister also went to a boarding school, but unfortunately her experience was nowhere near as good.
5. One of my most treasured possessions is a BBC postcard from astronomer Patrick Moore. For those of you not from the UK, Moore was pretty much a national institution in the 70s and 80s - doing lots of TV stuff on space and astronomy. I was completely nuts about space and was desperate to be an astronaut. Aged 7 I wrote to him to ask him if he believed in aliens. He wrote me back a few type-written words on a plain white BBC-postmarked postcard saying yes, he certainly hoped they existed. I couldn't have been happier.

This has been going around for a while, so it's not that easy to find 5 blogger acquaintances who haven't already been tagged... so I'll choose Dale Vile, Sandy Kemsley, Sandy Carter, Matt Deacon, and Jon Collins. Over to you, people!

Labels: MWD

posted by Neil Ward-Dutton @ 9:47 AM 1 comments permalink

Has Microsoft got BPM?

In October Microsoft finally got SOA (kind of)... now has it got BPM?

I've not had a briefing on Microsoft's BPM initiative, but I did see the announcement of the Business Process Alliance partner initiative. And I also read Sandy on Microsoft's BPM presentation at the Gartner BPM event - and I for one pretty much always go with what Sandy thinks around BPM.

It's interesting that on Microsoft's website both BPM and SOA topics live within the BizTalk product pages. That might tell you all you need to know. Knowing what I know about Microsoft's software infrastructure market approaches generally, I'm not at all surprised that the meat of its BPM story seems to be "Sharepoint + BizTalk".

Of course Microsoft isn't the only big software platform player giving themselves a BPM makeover - IBM is at it too. Like Microsoft, it's reacting to customer demand for help with BPM initiatives. Revitalised offerings are pledged to arrive soon.

It looks like Microsoft is cooking plans to create a more compelling "proper" BPM proposition over time as the Windows Workflow Foundation gets inserted as a common process automation engine into future BizTalk and Sharepoint releases, but we'll have to wait and see. Just the other day MS announced BPEL 1.1 support on Workflow Foundation, implemented as a Domain Specific Language (DSL), but there are currently no plans to support BPMN. Public commitments for delivering Biztalk on Workflow Foundation are currently vague - beyond saying "in the Longhorn Server timeframe".

If I learn any more I will share!

Labels: BPM, Microsoft

posted by Neil Ward-Dutton @ 9:49 PM 0 comments permalink