advising on IT-business alignment
IT-business alignment about us blog our services articles & reports resources your profile exposure
blog
blog
Tuesday, May 29, 2007

Swimming against the tide

Nick Malik poses an interesting question here - are we making things difficult for ourselves by calling Enterprise Architecture Enterprise Architecture? His point is (if I've got it right) that architecture work is kind of crunchy, focusing on very well-bounded and defined outputs - whereas EA work is delivered within a different context. Enterprises morph over time, and enterprise activity can't be controlled or designed in the way that a specific project can. EA teams don't (or shouldn't) define things with hard boundaries: they should attempt to influence growth and change. In the context of our book, our take here would be that EA is much more like garden planning than it is like cathedral design. As any gardener will tell you, unlike cathedral design, gardening is not a one-shot activity.

Moreover Nick echoes many others in calling out that EA work is often compared to city planning - and that city planners (or other similar types of entities) don't describe their work as "architecture". He has a great point - ideally EA shouldn't be called EA. It is a kind of discovery, planning, policy-setting and policy-enforcement practice - I'm even tempted to talk about it as a governance-like thing.

However we're hampered in this (as in so much else in the world of IT and business) because the language in this area has already been claimed. It will take a big effort to change the conversation.

Before we can do that, we have to settle on a term that makes sense and reflects reality, and this I think is the biggest challenge. Inertia is a powerful thing (how often do we change our personal banking provider, even though we're frequently told how important it is to consider?).

So - if not EA, then what?

Labels: , ,

posted by Neil Ward-Dutton @ 10:38 AM 0 comments permalink
Monday, May 28, 2007

Realising the identity metasystem

It's perhaps unsurprising, given all the brouhaha surrounding Microsoft's claims that open source software infringes on 235 of its patents (which incidentally I take to be largely 'sabre rattling' from Redmond in the face of the implications of the GPLv3 for its deal with Novell, as discussed in the Risk Factors of the latter's recent 10-K filing), that some recent news regarding the Redmond company's very positive collaboration with the open source community has not received the attention it deserves.

The news in question concerns a series of announcements the company made at last week's Interop conference in Las Vegas. These announcements, as the title of the post suggest, all revolve around Microsoft's vision for an Internet-scale, interoperable identity metasystem and range from additions to the Open Specification Promise (OSP) through to support for OpenLDAP with Microsoft's Identity Lifecycle Manager.

So, what did they announce? First, Microsoft is

making the Identity Selector Interoperability Profile available under the OSP to enhance interoperability in the identity metasystem for client computers using any platform. An individual open source software developer or a commercial software developer can build its identity selector software and pay no licensing fees to Microsoft, nor will it need to worry about future patent concerns related to the covered specifications for that technology

In other words, third parties are free to build the equivalent of Microsoft's CardSpace, following the likes of the Higgins project, Ian Brown's Apple Safari Plug-In and Chuck Mortimore's Firefox Identity Selector. This is important not only because it extends the reach of CardSpace-like capabilities beyond Windows but also because it facilitates the consistent user experience (I know because I have used CardSpace, the Safari Plug-In and the Firefox Identity Selector) which helps to reduce errors and misunderstanding by users.

Second, Microsoft

is starting four open source projects that will help Web developers support information cards, the primary mechanism for representing user identities in the identity metasystem. These projects will implement software for specifying the Web site’s security policy and accepting information cards in Java for Sun Java System Web Servers or Apache Tomcat or IBM’s WebSphere Application Server, Ruby on Rails, and PHP for the Apache Web server. An additional project will implement a C Library that may be used generically for any Web site or service. These implementations will complement the existing ability to support information cards on the Microsoft® Windows® platform using the Microsoft Visual Studio® development environment.

Or, to put it another way, doing for back end servers what the first announcement is doing for the front-end: enabling web sites and enterprises running a wide variety of web server infrastructure to support authentication using CardSpace and the other identity selectors.

The cyncical amongst you might be forgiven for thinking that these two announcements are just Microsoft paying lip service to interoperability. This post should help to allay your concerns: at the Internet Identity Workshop earlier in May the Open Source Identity Selector (OSIS) group demonstrated interoperability amongst 5 identity selectors, 11 relying parties (the party relying on authentication to prove an identity), 7 identity providers (the party asserting the identity), 4 types of identity token (the mechanism for conveying the identity assertion), and 2 authentication mechanisms. Also, on the same day as the Microsoft press release, Internet2 announced plans to extend Shibboleth, a federated web single sign-on solution based on SAML that is widely used amongst educational institutions, to support CardSpace and compatible identity selectors.

The third piece of news from Redmond last week, concerned the new Identity Lifecycle Manager product and is thus primarily focussed behind the firewall. Microsoft is going to be working with KERNEL Networks and Oxford Computer Group to enable bi-directional synchronisation of identity data between OpenLDAP, an open source implementation of the ubiquitous directory standard, and Microsoft's Active Directory. Identity Lifecycle Manager already supports a wide range of the commonly-deployed identity data repositories so I think this move is primarily in the "playing well with open source" category - but valuable nonetheless.

These announcements are further evidence that the likes of Kim Cameron, Microsoft's chief identity architect, and Mike Jones, the company's Director of Identity Partnerships, have been working hard to foster the relationships and commitment (both from Microsoft and third parties) required to help make the identity metasystem a reality. That reality is too important for the results of those efforts to be diluted by political shenanigans around patents and GPLv3.

Labels: , , , , ,

posted by Neil Macehiter @ 2:59 PM 1 comments permalink
Friday, May 18, 2007

Microsoft server and tools is now part of the business division

The ever-vigilant Redmond watcher Mary Jo Foley over at ZDNet reports that Microsoft's Server and Tools unit (but not the P&L - Microsoft will still report server and tools financials), which is responsible for Microsoft Windows Server, SQL Server, Visual Studio, System Center management products and Forefront security products, is now part of the Business Division, the home of Office and Dynamics.

Mary Jo finds this move 'curious' but I can see the logic. It's hinted at (if you get past the marketing speak) in the company's official statement that it made the move to:

sharpen leadership focus on the company’s top priorities and align its organization for innovation, ultimately enabling it to deliver even more value to its customers.

I think this is all about making it easier for Microsoft to articulate propositions which resonate with the key concerns of senior business and IT people. The reality is that key strategic business and IT initiatives - SOA, BPM, compliance ... - increasingly depend on multiple technologies and associated competencies, which cross traditional stovepipes. Big SOA, for example, is about managing IT work across the entire service lifecycle and so touches project and portfolio management, software development and integration, IT service management. BPM, as the other Neil pointed out, is about Office as much as it is BizTalk and Workflow Foundation.

In the past, the way that Microsoft has been organised has worked against the articulation of such joined-up propositions (that's in part why it took the company so long to talk about SOA). Customers would get different answers to the same cross-cutting requirement depending on which Microsoft stovepipe they were talking to: you need BizTalk and SQL Server; you need OBA and SharePoint. [As an aside, I said much of this in an interview with Microsoft PR earlier in the week].

Obviously, shifting branches of the org chart is comparatively easy (even it is very big). The hard part is going to be changing behaviour, joining up the marketing etc. The creation of the Connected Systems Division back in 2005 shows that the company can pull this sort of thing off (albeit on a smaller scale in the Server and Tools Business as was) and Jeff Raikes, who now owns the combined entity, has the influence and power to drive things through at this larger scale.

I am off to a Server and Tools Business analyst event in just over a week so I will hopefully learn more then.

Labels: , , , ,

posted by Neil Macehiter @ 5:19 PM permalink
Tuesday, May 15, 2007

Real-world Enterprise Architecture part II: conversation, federation, road trips and tools

In my previous post I explained how in order to get real value out of Enterprise Architecture (EA) work, it's critical to focus not only on the outputs of EA work, but also on the process/practice of EA - and moreover that the process/practice has to focus on *conversations*.

What does this mean for tools, technologies and methodologies which purport to aid architecture work of different flavours? To get to the bottom of this, it's important to add another thought into the mix, which concerns the nature of IT work in large organisations.

What we found in our research for our book is that in large organisations (which are of course the organisations most likely to be pursuing EA activities) IT work is only very rarely truly centralised. Even where there is "officially" one central IT department, the reality is most often that there are other pockets of IT activity that happen elsewhere - perhaps in subsidiaries, remote offices, or within particular business departments. What we also found is that it's pointless trying to centralise IT work and force all IT activity to happen in one place. A top-down, centrally enforced IT mode of production might work for a short while, but soon enough entropy will work its slippery spell and projects will start springing up elsewhere (this is just one reason why the book is called the Technology Garden).

In reality, then, there's little point in planning and executing high-level architecture work in a highly centralised fashion, when IT work is actually federated. At least part of successful and value-adding architecture practice is going to be conducted on corporate road trips, not in bunkers or ivory towers.

So I'm starting to realise that a lot of architecture theory and method is not always very helpful.

At best the focus of the theory and method work can only be one part of a much wider picture, and it needs to be hidden from that main piece of the action - the business-IT conversations. We need new techniques, technologies and new skills to drive the conversations. We need tools and approaches that promote lightweight, collaborative and iterative work - tools and approaches which we can use to share ideas and edge towards agreements as we make those road trips.

There are lots of tools and approaches on the market that help people "do things right" in bunkers or ivory towers. But let's not forget that there's something that's at least as important as "doing things right", and that's "doing the right thing". Figuring out *that* part of the equation is where road trips come in. Where are the tools?

I really hesitate to use the terms "Web 2.0" or "Enterprise 2.0", but what's needed is an approach which builds off the kinds of capabilities you'll be familiar with if you're a student of those two-dot-oh-isms. Hosted platforms with universal remote access; and collaborative editing and sharing of information.

Embarcadero is planning on supporting this kind of scenario in future releases of its EA/Studio modelling tools, and Lombardi is already testing the market, from a process architecture perspective, with Blueprint.

Labels: , , , ,

posted by Neil Ward-Dutton @ 5:48 PM permalink

Real-world Enterprise Architecture part I: journey vs destination

I was talking to Donna Burbank, Director of Enterprise Modelling and Architecture Solutions at Embarcadero a few days ago - she was briefing me about the company's new EA/Studio product. We digressed a fair bit along the way, particularly sharing notes regarding our experiences of how Enterprise Architecture (EA) *actually* works in the real world. A key point we discussed was the importance of focusing on EA as a journey, rather than as a destination.

It's all too easy to focus on the technical nature of EA outputs - which bits of the Zachman Framework should we complete? Should we mandate that all our models use UML? ... and so on. Now don't get me wrong, it's important to get a handle on the scope of your efforts, and try and create some consistency in what gets done - but these things are means to an end, not the end in itself.

Where I see organisations spending a lot of time worrying about the format and scope of EA outputs and artefacts, often, perversely, it comes about because there's a lack of organisational ambition regarding the role and contribution of EA as a practice. The hole left by a lack of ambition here is often filled by huge technical ambition - "let's model the world". We all know what happens if you follow that road too far.

For EA practice to have a valuable contribution, it has to be prepared to prioritise conversations with business people (and less so with other IT people) over conversations with other architects. Although that's not within the comfort zone of every architect, it's critical. Real architecture has to involve real stakeholder engagement - otherwise architecture is just design with a corner office.

Why is it so important to prioritise "external" conversations over noodling? Because more and more, business agendas dictate integration, harmonisation/rationalisation and collaboration efforts which have unprecedented scopes. Business teams and IT teams have to work together like never before to make these initiatives succeed, and a key plank is to create a competency that can understand and drive the kind of global (as opposed to local) IT optimisations that will enable businesses to drive their agendas forward in the 21st Century.

In summary: in the context of 21st Century business, the critical EA competency is the ability to drive shared language and multiparty understanding - and *conversations*.

Labels: , ,

posted by Neil Ward-Dutton @ 11:18 AM 1 comments permalink
Monday, May 14, 2007

SAP plugs a significant gap - acquires MaXware

Well, better late than never. SAP today announced the acquisition of privately-held MaXware, a supplier of identity management infrastructure. Back in June 2005, I discussed SAP Venture's (its VC arm) investment in another identity management specialist: Ping Identity and at the beginning of 2006 predicted that SAP would enter the identity management acquisition fray. My timing was off but SAP has finally done it. In light of the investment in Ping Identity I was somewhat surprised by the choice of MaXware rather than Ping Identity but I think geography may have had a part to play. It is going to be easier for SAP to integrate a Norwegian company than one based in the US.

MaXware is hardly a new entrant in the market: the company has been around for over 15 years, initially providing virtual directory solutions. The company has subsequently built on that foundation to add identity lifecycle management, provisioning and federated web single sign-on. As a result MaXware provides SAP with a pretty comprehensive set of capabilities to bulk up its NetWeaver and broader application proposition, particularly when it comes to competing with arch-rival Oracle which has done a good job with acquiring and subsequently integrating identity management capabilities as part of Fusion Middleware.

SAP still has some way to go, obviously, when it comes to actually delivering an integrated proposition. The fact that both companies are European should help. However, I note that SAP does not appear on the list of MaXware partners and the press release doesn't mention "building on the existing strong partnership" or "exploiting existing integration between the companies' solutions" (or other such press release-ese) so its difficult to gauge the extent of the technology integration work ahead. Customers and potential customers should look for detailed integration roadmaps.

Labels: , , , ,

posted by Neil Macehiter @ 5:45 PM permalink
Friday, May 11, 2007

Microsoft drops virtualisation features

Yesterday, the General Manager of Microsoft's virtualization strategy Mike Neil used his blog to announce that a number of features would be missing from the initial release of Windows Server Virtualization (aka Viridian):
  • Live migration of virtual machines between physical servers
  • Online addition of storage, network, memory and processor resources
  • Support for more than 16 processor cores
No doubt Microsoft's competitors will see this announcement as an opportunity to raise FUD regarding Microsoft's virtualisation credentials ("We already do live migration and Microsoft's years behind").

It's certainly true that this does weaken Microsoft's credibility. However, it's important not to lose sight of the fact that these capabilities are not required for mainstream use cases such as server consolidation - and it's the mainstream that Microsoft is targeting.

Labels: ,

posted by Neil Macehiter @ 4:54 PM 0 comments permalink
Tuesday, May 08, 2007

Sun's OpenID programme: definitely something to watch

Sun yesterday announced:

a new initiative around support for OpenID, a decentralized, web-friendly single sign-on mechanism that allows consumers to reuse a single login across different websites, tackling the "login explosion" problem. OpenID is currently limited to facilitating low-risk transactions such as blog comments. Through its new initiative, Sun is exploring what changes and practices are needed to make OpenID applicable to a broader spectrum of business and IT challenges. The company will actively encourage participation from customers and technology partners through a series of activities and real-life implementations that are initially driven by Sun's Chief Technologist's Office.

It would be all too easy to focus on vendor sports and discuss this announcement in the context of Microsoft's embracing of OpenID at the RSA Conference in February. But I will avoid the temptation (not least because I think the sport wouldn't be much of a spectacle).

I also don't want to join the ongoing debate (at least over at the Identity Gang) sparked by this statement in the press release:

People using Sun- based OpenID identifiers at an OpenID-accepting website can convey in this simple and secure manner that they are indeed Sun employees, a piece of information that can enable access to employee discounts and unlock other special services all across the web.

which confuses authentication with authorisation - contractors may be given OpenID identifiers to access particular services but they are not Sun employees; what happens in the future if Sun provides OpenID identifiers to partners in the future but a service provider is working on the assumption that OpenID identifiers have only been issued to employees?

No. It's this statement which captures my particular interest:

As enterprises increasingly open up access to data and services to wider audiences and improve usability, the use of a decentralized technology like OpenID will be an appealing way to manage account proliferation. Integration with existing deployments, which often involve enterprise-ready technologies like SAML and the Liberty Alliance's Identity Web Services Framework will become an essential consideration. Sun is working with customers and partners to combine and converge these technologies to maximize effectiveness.

I discussed the importance of convergence of user-centric and enterprise-centric approaches to identity in our report on identity management. Although there have been some very valuable discussions in the identity community, this has not resulted in much pragmatic guidance for enterprises assessing the implications of OpenID and other user-centric identity technologies behind the firewall. Sun's experiment should hopefully provide some valuable insight. I for one look forward to hearing more.

Labels: , , ,

posted by Neil Macehiter @ 9:39 AM 0 comments permalink
Thursday, May 03, 2007

New online SOA strategy planning tool - we need beta testers!

Over the past six months we've been busy working behind the scenes with a partner, JEMM Research, on a pretty nifty online SOA strategy planning tool. We're getting near to the point of launch, and we'd really like to find some people out there who would be interested in participating in a two-week beta test phase. Are you interested?

The heart of the tool is a self-assessment model that looks at six dimensions of competence/readiness: concepts, strategy, architecture, organisation & people, governance, and technology infrastructure. You can see a small screen-shot of the (pre-beta) tool below.



Now we know there are a number of vendor-specific SOA assessment/readiness tools out there, but this one is a little different, for a couple of reasons:
  1. It's vendor-neutral - it's not designed to steer you towards buying a vendor's product. It's not sponsored in any way.

  2. It's more detailed - the assessment at the heart of the tool has around 150 questions, and is designed to really make you think about how well you're implementing (or able to implement) a SOA initiative that has real business value.

  3. It provides some pretty cool feedback. The self-assessment, which is free of charge to use, provides you with overall scores in the six dimensions. You can go back to the tool as often as you like, and rerun the calculations to see how you've improved.

  4. If you want, you can pay a modest fee to gain "premium access" to the tool. With premium access the tool will generate, based on your self-assessment answers, a detailed and personalised SOA strategy action plan report. The report benchmarks your organisation against others of the same size, in the same geography and in the same industry as you. And most importantly, the report also contains a detailed set of actions you can take to improve your critical SOA related competencies. With premium access you can run the report as often as you like, whenever you like - so you can track your progress as you make your SOA journey.
If you're interested in being a beta tester, please drop us a line. We're currently planning on running the beta from May 14th to May 25th.

Labels: , ,

posted by Neil Ward-Dutton @ 12:48 PM permalink

Policy interoperability - a step in the right direction

At the end of last week a webMethods' press release popped into my inbox highlighting a recent demonstration of interoperability between the company's UDDI-based registry (acquired with Infravio), HP's Systinet registry and one of Layer 7 Technologies' SecureSpan XML appliances.  In a nutshell, the three companies showed how policies attached to services in a UDDI registry (using the Web Services Policy 1.5 Framework and Attachment candidate standard specification) can be exchanged with Layer 7's appliance for policy enforcement.

Prasad Yendluri of the Office of the CTO at webMethods had this to say:

greatly enhance[s] the interoperability of all of the components used to achieve policy-based governance

a point which was reinforced by Toufic Boubez, CTO of Layer 7 who claimed such interoperability provides:

a powerful standards-based solution for overall SOA management and governance

Here at MWD we certainly agree that a policy-based approach is essential for effective management of the service lifecycle. Policies should capture and enforce the obligations and expectations of service providers and consumers represented in service contracts to maximise the quality of the service experience. Interoperability of policies is also essential, given the variety of service infrastructure technologies required to support any significant SOA initiative. However, as I pointed out over a year ago:

WS-Policy does not deal with semantics: it provides a framework within which those semantics can be defined. Support for WS-Policy provides no guarantee that the way one vendor defines a particular policy can be interpreted and enforced effectively by another. That will require agreement on semantics.

For these reasons, I doubt that the three participants simply installed the products, created some services and policies and then demonstrated policy enforcement: they first had to agree how the policies would be represented in WS-Policy.

Don't get me wrong: I think this is a positive step in the right direction. However, it's important for those involved in SOA initiatives to recognise, as I pointed out last year, that a number of significant steps still have to be taken to reach the semantic interoperability goal that's required:

It's not going to be easy! It will require the participation and cooperation of vendors of all shapes and sizes. Vendors, moreover, who are going to have to relinquish the control that ownership of policy definition can provide.

Labels: , , , , , ,

posted by Neil Macehiter @ 8:47 AM 0 comments permalink
Wednesday, May 02, 2007

MWD FM SOA interview: TIBCO

We're nearing the end (for now - we have more planned, but not for a little while) of a series of SOA vendor interview podcasts with this one, which we conducted recently with Rob Myer of TIBCO. Rob works in Product Management at TIBCO with responsibility for SOA.

We ask the usual four questions, and along the way swing by some interesting conversation points:
  • What you need from infrastructure in order to move towards enterprise-wide SOA, and what TIBCO learned from telecoms companies' service platform requirements

  • The challenges associated with the WS-Policy, WS-Management and WSDM standards

  • The application of CEP (complex event processing) technology to managed service delivery in the context of SLAs.
This podcast episode is 34'28" long. The podcast episode lasts 25'34". You can download the audio here or you can subscribe to the feed.

Labels: , , ,

posted by Neil Ward-Dutton @ 9:24 AM 0 comments permalink
contact us ¦ feedback ¦ terms of use ¦ privacy policy ¦ site by CWL

Read our articles and reports covering the key aspects of IT-business alignment
See who has influenced our thinking

Burn this feed
Burn this feed!

Creative Commons License
This work is licensed under a Creative Commons License.

Blog home

Previous posts

Normal service will be resumed shortly
Links for 2009-07-02 [del.icio.us]
Seven elements of Cloud value: public vs private
The seven elements of Cloud computing's value
Links for 2009-06-09 [del.icio.us]
Links for 2009-06-02 [del.icio.us]
Links for 2009-05-27 [del.icio.us]
Links for 2009-05-20 [del.icio.us]
Micro Focus gobbles Borland, Compuware assets
Links for 2009-05-05 [del.icio.us]

Blog archive

March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
July 2008
August 2008
September 2008
October 2008
November 2008
December 2008
January 2009
February 2009
March 2009
April 2009
May 2009
June 2009
July 2009

Blogroll

Andrew McAfee
Andy Updegrove
Bob Sutor
Dare Obasanjo
Dave Orchard
Digital Identity
Don Box
Fred Chong's WebBlog
Inside Architecture
Irving Wladawsky-Berger
James Governor
Jon Udell
Kim Cameron
Nicholas Carr
Planet Identity
Radovan Janecek
Sandy Kemsley
Service Architecture - SOA
Todd Biske: Outside the Box

Powered by Blogger

Weblog Commenting and Trackback by HaloScan.com

Enter your email address to subscribe to updates:

Delivered by FeedBurner