Transcript of a podcast with Allen Brown, president and CEO of The Open Group on TOGAF 9 and its effect on enterprise architecture and IT productivity.
Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: The Open Group.
Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions and you're listening to BriefingsDirect. Today, we welcome our listeners to a sponsored podcast discussion coming to you from The Open Group's 21st Enterprise Architecture Practitioners Conference in San Diego, the week of February 2, 2009.
Our topic for this podcast, part of a series on events and major topics at this conference, centers on The Open Group itself. We're going to be talking with Allen Brown, president and CEO of The Open Group, about the organization and the arrival of TOGAF 9, a major release of its enterprise architecture framework. (Download the TOGAF 9 whitepaper.)
We're going to be discussing how The Open Group operates, some of its goals, and what it does for its members. It's an open and neutral vendor and technology-neutral consortium. It's been around for over 20 years in several different forms. We're going to learn more about the history, but I'm particularly interested in the future.
So, allow me to welcome Allen Brown. Thanks, Allen.
Allen Brown: Thanks, Dana.
Gardner: The Open Group this week has delivered TOGAF 9, a major undertaking for you. I think you referred to it as like having a baby -- a long gestation period and then a tumultuous endpoint. Tell us why TOGAF 9 is such an important milestone for The Open Group?
Brown: TOGAF 9 really feeds into the vision of The Open Group. We've been working on TOGAF for about 15 years. Bear in mind, Dana, that everything that The Open Group does is driven by the members. The vision was driven by the members. All of the work that's gone into TOGAF 9 and all of the other standards are driven by the members, supported by the staff, of course.
Back in 2002 the members were looking for a solution to the problem of stovepipe applications. They all dealt with cross-functional teams, breaking down the boundaries within and between organizations. They found that the applications didn't work in that way, and they needed some way of getting what they called an "integrated information infrastructure."
We worked through that and came up with the guiding light, if you will, for the vision statement of boundaryless information flow. As we worked through, we found that TOGAF was taking off.
TOGAF 8 really took off, when we focused on that subject and we included the enterprise edition of TOGAF 8, coinciding with everyone's need to take a much broader view of their organization. No application lives in a silo anymore. Anything that's done has to integrate with everything else. You have to take a city-planner view to what you do.
So, at the same time as all organizations had this need to have a boundaryless organization with information flowing in a boundaryless way, TOGAF was an ideal method for how you would help that to happen. Whatever other framework you might use, none of them gave the actual guidance to get you there. TOGAF 8 really pushed us in that direction.
A need to move forward
Since then, over the last three or four years, the members have been working on what the next edition would be. TOGAF 8 was so good that it needed a move forward. I think someone described TOGAF 8 as 500 pages of common sense that you don't have to think of yourself. It's a common guide. It's also treated by those organizations that use TOGAF as a common language.
If you've trained everyone within your organization to use TOGAF, they're all speaking a common language and they're using a common approach. It's a common way of doing things. If you're bringing in systems integrators and contractors, and they are TOGAF certified also, they've got that same approach. If you're training people, you can train them more easily, because everyone speaks the same language. (More information on TOGAF certification.)
TOGAF 9 really needed to add some more to TOGAF 8. In March 2007, I did a survey by talking to our members -- really just asking them open-ended questions. What are the key priorities you want from the next version of TOGAF? They said, "We need better guidance on how to align with our business and be able to cascade from that business down to what the IT guys need to deliver. We need more guidance, we need it simpler to use."
Those were the two key driving forces behind where we were going, a more modular structure, and things like that. Trying to do those things, the members focused on how to bring that forward, and it's taken a lot of work.
If you can imagine a large consortium where you've got 300 member organizations -- which is a lot of people at the end of the day -- and everyone is contributing something and a smaller number is doing a real heavy lifting, you've got to get consensus around it. They have done a huge amount of work.
TOGAF 8 was very much focused on giving guidance on how to do enterprise architecture, and the key thing was the architecture development method. What they've done now is provide more guidance on how to do it, made it more modular, and made it easier to consume in bite-sized chunks.
Then they've added other things like a content framework. The content framework provides a meta model for how you can map from the architecture development method, but it also provides the foundation for tools vendors to construct tools that would be helpful for architects to work with TOGAF.
There is a capability framework, not a maturity model, but it's way of helping folks to set up their capability. There are a lot of things that now in TOGAF 9 that have built on the success of TOGAF 8, it has taken a huge amount of work by our members.
Gardner: Over the past several years, and perhaps over a decade, the role of enterprise architecture itself has been elevated. This, I think, is largely a function of the maturity of how IT is done, but also because of the complexity in a number of different variables and the importance of IT to some of these large global enterprises.
As we've seen an elevation in the importance in the role of enterprise architecture, how has The Open Group changed over that same period to align itself with that growing importance of architecture?
Raising the level of professionalism
Brown: The architecture forum itself has grown. The membership numbers have grown, and we've had to deal with much larger numbers of members and contributors, but it's not just TOGAF. It's not just a case of having a framework, a method, or a way of helping organizations do enterprise architecture. We're also concerned with raising the level of professionalism.
There are a couple of other things that we've done. First, we've introduced the IT Architect Certification (ITAC) program. That provides a certification to say not only that this person knows how to do architecture, but can demonstrate it to their peers.
The ITAC certification is agnostic on method and framework. You don't have to know TOGAF to do that, but you have to be able to convince a board-level review that you do have experience and that you're worthy of being called an IT architect.
It requires a very substantial resume, and a very substantial review by peers to say that this person actually does know, and can demonstrate they've got the skills to do IT architecture.
Gardner: This would be someone at that city-planner level, rather than the actual application or even a subset of building architect, to continue the metaphor.
Brown: There are a lot of different areas where we can get confused with enterprise architects. They're not developing applications and they're not architecting applications. They're actually looking at how you can introduce solutions across an enterprise.
The other thing we've done to raise the level of professionalism is to introduce in San Diego two years ago The Association of Open Group Enterprise Architects. That was focused on individuals who could come along and raise the level of professionalism throughout. We launched it the end of January 2007 here.
We now have more than 9,000 members, which shows that the degree of urgency and importance of trying to raise this level of professionalism.
Gardner: Why do you think the very rapid uptake in certification has taken place? I suppose there's both a supply and demand element to it. The folks who are practitioners themselves want to hang their shingle out as best they can. I'm told that the income and career trajectory for those with certification is quite significant and improved over those without.
Also, for the organizations that are in the hiring mode it helps them find qualified people. But, is there something larger at work here, perhaps in regards to our economy right now where we have so much risk. We're dealing with so many dynamic variables. What is it about certification in a recession that makes it all the more important?
Hiring the right people
Brown: Well, in a recession -- and we're early into this period -- a couple of things happen. One is that jobs are scarcer. So, people are looking for qualifications in the people that they're hiring or retaining. Certification is a way of making sure that you're hiring or retaining the right people.
The other thing with certification in TOGAF is that you're making sure that everyone is consistent in their approach. With ITAC, you're making sure that people have got the skills and they're not just claiming to be enterprise architects or IT architects without having demonstrable skills.
So there is a demand pull for those qualifications. There is also more need on the side of individuals to be certified or credentialed in the market.
Gardner: You're also involved with commercial licensing. Can you tell us how that works and whether there is a counter-cyclical effect for that in a downturn as well?
Brown: The way that TOGAF works is that it's free to use for anyone to implement an enterprise architecture within their enterprise. But, if you're going to use TOGAF for commercial gain -- as trainers, consultants, integrators or whatever -- then it's important that you give back to the community. It's the basic open-source model.
We expect people to give back via participation in membership and we use the commercial license to make sure that we know who's doing this. We know that they're certified, but we also know that they get involved in the membership and actually do give back to the community.
Some of them could be dormant. They may just want the commercial license, which comes with the membership. They may want the commercial license to go off and sell TOGAF. Alternatively, they may want the commercial license and participate and contribute. Those that contribute are the ones that get the most back.
Gardner: Is there something about trying times? I suppose we're not just in a trying time, but also a very dynamic time. We have change management, modernization, productivity, and efficiency. Many organizations are looking to reduce their operating costs significantly. Are these accelerators to the role of The Open Group and TOGAF?
Brown: With regards to TOGAF, or enterprise architecture in general -- it doesn't have to be just TOGAF -- there's an underlying theme of using the right kind of processes. With architecture -- and we've had a lot of evidence back from organizations -- they've been able to retire applications leading to savings across their organization. If you can make those savings across the organization using enterprise architecture, then there's a positive ROI and that's good in any time.
Gardner: It also appears, given the complexity, the rapid change, modernization, and maturity, that the role of architecture and the architectural perspective over IT is more important than ever. Do you agree with that, and if so, why?
A need for integration
Brown: The role of architecture is more important right now because of the complexity, because of the need to integrate across organizations and with business partners. You've got a situation where some of the member companies are integrated with more than a thousand other business partners. So, it's difficult to know where the parameters and boundaries of the organization are.
One member I was talking to said that they've got something like 500,000 individuals inside their infrastructure that are not their own staff. So this is a concern that's becoming top of mind for CIOs: Who's in my infrastructure and what are they doing.
We've got, on one hand, the need for enterprise architecture to actually understand what's going on, to be able to map it, to be able to improve the processes, to retire the applications, and to drive forward on different processes. We've also got the rising need for security and security standards. Because you're integrated with other organizations, they need to be common standards.
Gardner: These issues about boundarylessness and security are reflected in some expansion here at the conference. You've introduced the Enterprise Cloud Computing Conference as well as the first Security Practitioners Conference. Why these new conferences? I suppose that we answered that in the first question, but let's hear a little bit more about why cloud and security are enterprise architecture issues. Some may have perhaps not seen it that way?
Brown: The Open Group is broader than just enterprise architecture. The architecture forum is one of a number of forums including Security/Identity Management, the Platform, the UNIX standards, Real-Time and Embedded Systems, Enterprise Management Standards, and so forth. A lot of attention has been focused on enterprise architecture, because of the way that TOGAF has contributed, and some of the professional standards have raised.
We're now looking at other areas. We always look at new areas and see whether there is something unique that The Open Group could contribute where we can collaborate with other organizations and where we can actually help move things forward.
We're looking at cloud. We don't know if it's something that we can contribute to at this point, but we're examining it and we will continue to examine it. There are a number of areas that look as though there is some relevance to what The Open Group does.
One of those, of course, is security. As you said, we've got our first Security Practitioner Conference here at San Diego, and the reason is that security is now becoming top of mind for many CIOs. Many of them have the integration stuff sorted out. They've got processes in place for that, and they know how they're going to move forward with enterprise architecture. They're looking for more guidance and better standards -- and that's why TOGAF 9 is there.
Now that they've got that sorted out, the big issue for them is security: Who is in my infrastructure and what are they taking? So, we're raising the level of security practitioners, and that's coming to the fore. That's why we've got the first conference here.
Coincidentally, a lot of the interest from the members in looking at security is also converging with looking at cloud. Some of the sessions here are on secure cloud and the issues of security with cloud, but also we're looking at Web 2.0 security, and some of the other standards. There's a security assertion markup language (SAML) standard that we're looking at.
We've got a lot of movement forward in those areas. With the enterprise architecture practitioner conferences here, the agenda is led by members. What it has done is to expose enterprise architecture to a lot of people. It's brought people into The Open Group to share their experiences.
A lot of the value, of course, is in the networking and sharing experiences with people that are at the same level and in the same situation as you are. We want to do the same with security, and that's where our security forum members want to take it.
Gardner: I suppose it is bit premature, seeing as you've just introduced TOGAF 9 to the market, but these things never stop. They're always in motion. There's a next generation TOGAF in the works. Do you have any sense of what emphasis, or least trajectory, we could extrapolate from where TOGAF 8 and 9 have taken us to what we might expect in several years in the next revision.
Brown: That's something that the architecture forum will be working on. It's not something that I am up on right now. The great thing about TOGAF 9 is that we've had such a great reception from the analysts, bloggers, and so on. Many of them are giving us recommendations, and they say, "This is great, and here are my recommendations for where you go."
We've got to gather a lot of that together, and the architecture forum, the members, will take a look at that and then figure out where the plan goes. I know that they're going to be working on things more general, as well as TOGAF in the architecture space.
Gardner: Very good. We've learned a bit more about The Open Group upon the arrival of its milestone TOGAF 9 release and have clearly seen that there are many moving variables within organizations that they need to embrace and understand and put in the context of their operation. We want to thank Allen Brown, president and CEO of The Open Group for joining us.
Brown: Thank you very much, Dana.
Gardner: Our conversation today comes to you through the support of The Open Group from their 21st Enterprise Architecture Practitioner Conference in San Diego.
I'm Dana Gardner principal analyst at Interarbor Solutions, thanks for listening and come back next time.
Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: The Open Group.
Transcript of a podcast with Allen Brown, president and CEO of The Open Group on TOGAF 9 and its effect on enterprise architecture and IT productivity. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.
View more podcasts and resources from The Open Group's recent conferences and TOGAF 9 launch:
Live panel discussion on enterprise architecture trends
Deep dive into TOGAF 9 use benefits
Reporting on the TOGAF 9 launch
Panel discussion on security trends and needs
Panel discussion on cloud computing and enterprise architecture
Access the conference proceedings
General TOGAF 9 information
Introduction to TOGAF 9 whitepaper
Whitepaper on migrating from TOGAF 8.1.1 to version 9
TOGAF 9 certification information
TOGAF 9 Commercial Licensing program information
Monday, February 09, 2009
Wednesday, January 28, 2009
Visibility and Control Over API Use and Volume is Crucial as Enterprises Ramp to SaaS and Cloud
Transcript of a BriefingsDirect podcast on how visibility and control lead to better governance and security in cloud and SaaS operations.
Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: Sonoa Systems.
Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today, we present a sponsored podcast discussion on bringing enterprise IT expectations on visibility, control, and security to software as a service (SaaS), and cloud-based applications delivery.
As established enterprise IT expectations meet up with cutting-edge cloud delivery models, there's a clear need for additional trust and maturity in order for enterprises to further adopt cloud-based services.
We're going to examine how one SaaS provider, Innotas, has developed a more matured view into services operations and application programming interfaces (APIs) and how they can extend the benefits from that visibility to their customers.
We'll hear how Innotas has used solutions from Sonoa Systems to provide better managed services based on service level agreements (SLAs). We'll also hear how they derive more analytics from network activity and thereby provide mounting confidence in how services are performing.
At the same time, they can add more attributes and benefits to the services they deliver. The goal here is to make online and on-demand applications and services delivery come across with the same sense of maturity, control, reliability, and scale that enterprises and medium-sized business are accustomed to.
Here to help provide an in-depth look at how SaaS and cloud delivery management can be improved is Chet Kapoor, CEO of Sonoa Systems. We're also joined by Tim Madewell, vice president of operations at Innotas, an on-demand project portfolio management (PPM) service. Welcome, Tim.
Tim Madewell: Thank you, Dana.
Gardner: Let’s first get into the whole cloud topic. The world is changing around us. SaaS, of course, has been around for some time and many elements of cloud have been around, but we're starting to see more interest in bringing the enterprise on-premises model in some alignment with what goes on with cloud and SaaS. There's an interest in finding a common sense of security and trust.
Let’s start with you, Tim. Give us a rundown of what Innotas does and a little more information about what your customers' expectations are, now that we’re a bit deeper into this whole cloud mentality?
Madewell: Sure, I’d be happy too. Innotas is an on-demand PPM solution. We focus on IT organizations and provide software access via a standard Web browser for managing projects, as well as non-project work within an IT department.
Our goal, or value proposition, and the problem we're trying to solve with Innotas, is more of a top-down enterprise problem -- how best to utilize the resources that you have within your IT department. That's from a cost standpoint and budgets, as well as capacity and actual resources. Innotas is providing an IT governance solution on-demand, and providing it as a service.
Gardner: So, you're actually at two levels of opportunity and benefits here. You offer visibility, based on the requirements of the application, but also delivering it as SaaS. Has it always been an on-demand application, or did you have this as an on-premises product at one time?
On-Demand and Multi-Tenant
Madewell: Innotas has always been on-demand. We've been on-demand and multi-tenant from day one. That’s been one of our differentiators. Certainly, PPM is not a new category, but something that Gartner has tracked for some time, and there are plenty of competitors out there on the on-premises world.
One of our differentiators was that being on-demand and multi-tenant from day one enabled us to be one of the early adopters in the SaaS world and in subscription-based software.
Gardner: Interestingly enough, you've taken this to the IT department folks, and they've had a chance to examine how SaaS and on-demand works for them. I suppose that’s sort of greasing the skids for their acceptance of these services that they can deliver to either their employee constituents or to online customers and partners.
Madewell: That’s exactly right. Our target audience is IT, and that’s just where we have really chosen to focus.
In many ways, IT has very few projects that they perform that are internal for IT. You end up being your own customer in this type of implementation. We have seen how the attitude around SaaS has matured and evolved here. SaaS has become more standard and available, and as the technology has matured, especially around security, the acceptance level for SaaS has improved. One of the things that benefit us is in focusing on IT. Typically this type of change in acceptance for software starts within the IT organization itself.
Gardner: This is fairly sensitive information, right? What’s going on with the projects? IT could have a great bearing on where a strategy is headed for an organization. So, security, governance, and risk-compliance concerns need to be addressed at this level
Madewell: Absolutely. That’s where differentiation comes into play. To be a business application in a SaaS model today means that you have to step up and be enterprise class.
We look at ourselves as an extension of all of our customers' internal IT and operations groups and we need to live up to those same standards. That’s not unique to us. Any SaaS provider that’s out there that is going to provide a business solution and is going to have to adhere and live up to the same type of standards.
Gardner: As you’ve sought out solutions that can bring those elements of maturity and trust back into your service and therefore to your customers, what sort of problems did you encounter and how did you move forward from them?
Madewell: The problems where we would initially see a push-back was along those lines of acceptance and confidence -- how could we communicate and establish the confidence with our customers that this is secure and reliable. Once we get past the initial security challenges, folks are very interested and concerned about reliability and performance.
When it was traditionally inside your four walls, there was a greater sense of control. As soon as you step into the cloud or with any SaaS provider, some of the benefits and the value prop is that they control it, they manage it for you, but you're giving up some control. Building that confidence and acceptance into the solution is important, and ties back to being enterprise class. What I’ve got to establish and manage within my operations is operations as a service.
I need to be very much like a data center, providing a level of service that’s transparent to customers and with some predictability, and wrap that all up with the SaaS model. I need to do that at a reasonable cost, so that I can keep subscription rates reasonable, and where customers feel like they're getting a reasonable cost-to-value ratio.
Gardner: Let’s go over to Chet. You’ve heard some of the concerns that Tim has had in the way that he is trying to bring more maturity and confidence into his product. I'm sure there are many other providers, and there will be more as this cloud opportunity develops. What does Sonoa look at when it tries to help organizations like Innotas?
Maturity of Services
Chet Kapoor: Thanks, Dana. The approach that Sonoa has taken with a SaaS company like Innotas or an enterprise that wants to take its services and make them available to the cloud is to ask what is the maturity or the evolution of the services. Tim would tell you, using a quote that he has done for us: You always start by wanting to see the needle, because you can’t move the needle, if you don’t see it.
So the first thing is visibility. I want to know who is using my service, what are they using it for, how long are they using it, things like that. You have to have visibility into the services you provide. You always start there.
The next thing you say is, "Okay, now that I have visibility, I want to start putting in some security access control." You may choose to do that at the same time. They could be parallel approaches, and you want to start by saying, "I want to give priority access to priority customers."
Then, the third step that most customers take is to scale it. They have something working across 50 API calls or 100 API calls, and they say, "You know what, we are going to make this available throughout our application, make all our functionality available." And, they want it to be available at a scale where all their customers are getting it.
We've been working with companies like Innotas to get them through this evolution. Some customers choose to get our technology in the form of appliances. Some of them do it in the form of software, as Tim has. And, some of our customers are choosing to get our technology right in the cloud itself where they do not have any data-center whatsoever.
Gardner: Now, these days, being in a tough economic climate, providing visibility and efficiency needs to often be accompanied by a strict return on investment (ROI). Are there elements of what you are providing to organizations like Tim’s that fall into that business case and solution at a high economic value?
Kapoor: We believe so. I'd like Tim to take a stab at this also either now or sometime later to get his perspective. At the end of the day, when somebody is providing a cloud service or consuming a cloud service, it has an element of the client-server model. You are saving cost, especially if you are getting something on demand and you are a consumer of something like Innotas inside the enterprise.
So, there is definitely cost saving there from that point of view. The easier we can make it for enterprises to access the information for their composite applications through APIs, the more successful companies like Innotas are, and there is more adoption. IT enterprises end up saving money.
The second aspect of this is that it's probably a new revenue stream for Web 2.0 and SaaS companies, as well as enterprises. They've maximized or have worked very hard on their channels, whether user access or a browser-based channel. Now, they have an opportunity to go after a different set of folks who are trying to not just go off and use Innotas through a browser or Salesforce.com through a browser.
Somebody else wants to write custom applications and that’s not necessarily the project manager or the sales person, but the CFO wanting to do something. They want the access to information from something in the cloud. So, we’ve found that the ROI model comes in two flavors -- not only cost savings, but also new revenue-generation opportunities with a completely new set of customers.
Gardner: Let’s take that over to Innotas. Tim, when it comes to gaining benefits through this visibility, how you are able to justify that from a cost perspective?
Looking at Immediate Needs
Madewell: I would just second Chet’s comments. Those are right in line with how I looked at this when I was going through the early stages of evaluating Sonoa and just looking at what my immediate needs were within my operations department.
Here's how I justify it. The first one was very selfishly from an SLA. I have an SLA I've got to maintain and deliver against. As the sales team is selling this, my services team is implementing it.
At the end of the day, I've got to have the availability and the performance that was up to what we're selling. That ties directly back to the visibility point Chet made. That was absolutely my biggest value target day one to get up and running -- to give me the visibility and how that translates into my SLA.
I can’t address the problem until I can see it. Sonoa helped me identify problems or potential problems earlier. When I turned up the ServiceNet product it decoupled the traffic from my Web users, my end-users, the traditional users from my back end, and from my API.
Then, I was able to take a look at to see what kind of activity was occurring on the back end. That visibility gave me some input into when my servers were getting hot or heating up. I was seeing a lot of activity and started to differentiate if this activity was generated through the front end or through the back end.
So, my immediate return was to give my operations team a solution and a tool that gives them better visibility and then to control some of that traffic on the back-end.
My ROI on that is A) certainly living up to an SLA. I have penalties if I don’t hit it. So there is a dollar amount that could be tied to that. And B) it’s about serving up an experience of the customers. Certainly a tolerance for response times on an API is a lot greater than an end-user clicking on the screen.
So I have to have this healthy balance, if you will, between making sure I'm still serving up a reasonable end-user experience to the Web browser, and then serving the request on the back-end.
That ROI is really about the experience, and that means renewals for me. In a subscription-based model like Innotas' the customer is absolutely paramount, and the service that we provide is paramount to keep the renewals coming.
Gardner: Of course, when it comes to efficiency in the current economic downturn, a dollar saved is important. You have to meet your SLAs first. Does this give you an opportunity to tweak and customize in such a way that you're getting more utilization?
Aiming for Efficiency
Madewell: I'm serving a lot of customers in this multi-tenant architecture and I need to make sure that I can’t just throw hardware at the problems. I need to be very efficient, and the multi-tenancy gives me efficiency. I also need to make sure that I'm managing the utilization and managing those systems very efficiently.
It gives me that capability that I needed as a multi-tenant application. To your question of this economic environment, with this visibility I'm able to put in some controls that will give me the ability to look at how I make more and better use of the capacity that I have today.
A good analogy here is in my commute over the Bay Bridge -- sitting there in queue, waiting for the metering lights to turn on, and wishing there was another lane or two lanes. I certainly hit some point, where I guess it’s probably a good queuing-theory model where it does make sense to add another lane or two. I'm always looking at that from an operations and capacity standpoint.
But, I don’t want to just throw hardware or lanes at the problem. If I can still move traffic through in an efficient manner, much like the metering lights. I can make the best use of the lanes I have. That’s exactly what I'm looking at, especially in this environment: Where is my capacity, where is my unused capacity, and how do I deploy or redeploy that as efficiently as possible?
Gardner: So, the visibility and control offer you apparently a fairly significant ROI that you are comfortable with. But, then there is that additional benefit that Chet discussed, in terms of richness and additional benefits that you can apply for your services as they’re perceived, delivered, and even built against for your customers.
Madewell: That’s right. Now, from a front-end and from a user model, we're very familiar with the different user types in an application. You may have view-only users, standard users, or power users. We can take the same view on the back end with Web-services. There are certainly different levels of users or different levels of service you could provide for users, depending on their needs.
If I've got real-time integration I'm looking to deploy, my requirements are a lot different and a lot more stringent than somebody on a monthly or weekly basis, which is like an extract and much more tolerant. Now, I've got the ability to take a look at offering some tiered services or tailoring my back-end user type and then tying that to my revenue model.
Gardner: That provides a level of maturity -- not one size fits all, but more customization. Your receiving organizations, if you will, start to view this as closer to what they've been accustomed to with the client-server or distributed computing. Do you have any instances, metrics, or anecdotes about how that’s actually worked out in the field, practice versus theory?
Madewell: In this field it’s kind of a journey, as we've got the visibility and some basic control in place. We've turned up the policy management and SLA management with the ServiceNet product.
Some of the immediate benefits we had were with the early diagnosis of problems and troubleshooting. We had a recurring issue with a specific customer reporting errors with Web services, decoupling that traffic, and having it right there in a real-time dashboard.
We were able to turn around and find the root cause and find that they were submitting multiple attempts with invalid log-ins and flooding the Web service. Our ability to diagnose that quickly was definitely a benefit we were able to realize with Sonoa.
Gardner: Let’s think about some other scenarios -- and I’ll open this up to both Chet and Tim -- with cloud computing and boundaries, hybrid models, business processes that are composed of services from different clouds or different SaaS providers. Quite a bit of complexity can creep into this very rapidly, and the visibility, control, and scale issues become significantly aggravated. What can solutions like Sonoa bring to that level of complexity, when we move beyond a single SaaS-type of application into a business process that’s composed of services.
Hybrid Applications
Kapoor: Dana, let me take a shot, and Tim, as a technologist, would also have a view. We’ve spent the last half an hour talking about how a provider of services -- what are some of their motivations, what are some of their pains, what is the ROI? Tim has done a great job of articulating all of that.
As you said, there are a lot of consumers of cloud services like Innotas, and they probably do it in a very hybrid model because I don’t think on-premise computing is going away. So, customers will write applications or custom applications, where they probably want to use Oracle or SAP inside the firewall and maybe have another custom application of some sort, Innotas or Salesforce or whatever -- outside.
They want to write a composite application, a mashup, or whatever you decide to call it, and they want all these different services. A critical need that we find is that customers start to get nervous. It's not so much with the Innotases of the world, because they are fairly secure. They run like an enterprise application, but it’s available in the cloud. It happens when you start using things like Amazon Elastic Compute Cloud (EC2), and people are starting to put custom applications there.
What we’re finding is there is a need for a way to govern what goes on outside the enterprise. Govern could be a fairly heavy word, so let me be more specific. You want to have visibility into, how many accounts I have at EC2, for example.
If you ask a CIO -- and I've had 50-plus conversations about this -- how many cloud users you have at a very basic level, the SaaS companies you have contracts with, it’s fairly easy. I am using EC2 only as an example. But, if you ask how many people actually use a credit card to open an EC2 account and are doing something with compute resources and doing things with storage, the answer is no.
They have no idea who those people are. So one thing they need is visibility into who is doing what. The next thing is, all senior executives in companies every quarter sign a document saying, "I have complied with law." If I'm in the health-care industry, I am not going to let certain medical information about my patients go out. If I'm in the financial services industry, I'm not going to let the Social Security numbers go out.
The question is how do they know? How do they know that what they are signing is actually happening? There's no way of them figuring out if compliance laws have been broken or not. So, we find that a lot of customers who are just consuming, not doing the SLAs and things like that, as Tim was talking about, but just consumption. They want to have some visibility into what is happening with the cloud. Then, as they get more visibility, they want to see if they are paying extra for SLAs and the SLAs being mapped.
The second thing is that they have multiple cloud providers for resources. Which one is cheaper? Which one is better? Which one has better SLAs? Which one is easier to configure? And, things like that. Or, they can go off and say, "You know the network is really slow because this set of individuals are doing a lot of compute-intensive things, and we are not going to give them the ability to bring the network down towards the end of the quarter." So you don’t only have visibility, but you also have control, and it’s all from a consumer point of view.
Gardner: Let’s take that to Tim. In Innotas, if you get into a position where you are starting to compose services from cloud-based resources and models and deliver that back out to your SaaS providers, it sounds like you are going to really be interested in this level of visibility?
The Importance of Governance
Madewell: Yes, we would. Visibility is real, just from a technology standpoint, and working with my customers through initial security questions and audits that I need to go through as a software provider. What Chet has articulated here is real and growing in my opinion. Governance is going to be very important.
I'll just give you an example. SaaS, especially in the large enterprises, is something that’s very new. In many cases, as I'm working and partnering with our customers to go through the due diligence, the technical review, and the network and infrastructure review, their standards have not been modified yet to even accommodate SaaS.
So, there is a level of education needed there, and this goes back to we started talking about how to get the comfort level up. Well, this is the driver for it. There are many companies out there that have stated that no data is outside their four walls. Yet, now they're trying to accommodate and adopt a hybrid model, which I firmly believe is where this is going.
With that, if they don’t realize the need for governance and control at an enterprise level, as Chet has outlined here, they will very soon, because folks like Innotas and others are making inroads into the enterprise space -- and we’re viable.
There's a very good reason to keep certain data -- health-care is a great example with the HIPAA requirements -- inside your four walls. But, there may be other Tier 2 application solutions that are going to be outside your walls. How do you control that? How do you audit that? These are very important problems to solve.
Gardner: In addition to governance, there is the management from the provider side, as you get into more tiered services and more managed services. You're going to offer different levels of service compliance depending on the pricing and you’re going to have sales people who want to slice and dice these services in a variety of ways, as they can package them and deliver them.
We’re at the early innings of SaaS, but I can foresee that by the sixth or seventh inning, we’re going to get into some serious complexity around those delivery mechanisms. Tim, help us a little bit in terms of what road map you might have at Innotas and what the solution might start to look like?
Madewell: Well, out of the gate, we try to keep it simple, and that is one of the benefits, one of the value props, we push with on demand and with our product in the PPM space -- to keep it simple.
This gives us more flexibility in how we package. Absolutely. I agree. What does our road map look like? We've got about a 12-to-18 month road map at any given time that point features and capabilities into our product. We're looking at ways that we bundle that up and we bring the right mix to the customers. We're looking at ways that we can tier that.
Look at examples of some of the pioneers, especially in the SaaS space. Look at Salesforce.com. They have a pretty simple tiered model. As you walk up to and through their enterprise addition, you're just adding on capability.
That’s in line with what we’re trying to do -- keep a nice, small, reasonable entry cost. The subscription model is very powerful. And then, it's services as you need them, or services as you consume them. We're finding it a lot more appealing to customers, especially in this environment than give me everything and buy it all up front in one lump sum.
Gardner: Because of our use case scenario here we've been focusing on the concerns of the SaaS provider, but as Chet mentioned, we also have the incoming network for the user organization, be it enterprise or small- to medium-sized business. It seems that the solution here benefits receivers and senders. I'm wondering if this is a little bit of a leap into blue sky, Chet, but how about this visibility as a service -- that is to say, getting somewhere between the receiver and the sender. Is there anything that we might look forward to in the future along those lines?
Kapoor: Absolutely Dana. It's something that we recognized and are working on. If you really think about the person who is doing a mash up, every consumer is probably going to be a provider at some point, and every provider is going to be a consumer at some point. So, we've certainly thought about it and have been working on providing, taking what Sonoa provides a ServiceNet product, and making it available as a service. We have some customers that are already going in production. It's something that we will start talking about in the very near future.
Gardner: Well, great. I appreciate your input, Tim, on helping us understand a little bit more of the concerns of a SaaS provider. It’s really important that you're delivering this to the IT organization because they're the ones that are always going to be on the vanguard of managing these boundaries, as they become more permeable, and we see more of these arising scenarios around services delivery and consumption.
I also want to thank you, Chet. We've been discussing how enterprises expectations need to meet up with cloud delivery models, how there is a need for additional trust and maturity, and how services are perceived and delivered.
We've been talking with Chet Kapoor, CEO of Sonoa Systems. We've also been talking with Tim Madewell, vice president of operation at Innotas, an on-demand PPM service. I just want to throw out one more opportunity for input. Is there anything additional you think we should convey Tim?
Madewell: We've covered it well. My daily takeaway, as I go about my business, is that a lot of this is evolving, is new, and it’s a journey. This is one of the things I have really benefited from and appreciated with Sonoa, as well as other vendors that I worked with. We're all evolving in this SaaS and cloud space together.
What I am really encouraged by is that it's heading upstream, if you will, into the enterprise. The leaders in this space, are pushing these boundaries, pushing the governance, recognizing that with breaking down traditional walls comes new challenges that need to be controlled. It’s important to be looking two steps ahead, and evaluating how this all works.
Gardner: Very good. This is Dana Gardner, principal analyst at Interarbor Solutions. You've been listening to a sponsored Briefings Direct Podcast. Thanks for listening and come back next time.
Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: Sonoa Systems.
Transcript of a BriefingsDirect podcast on how visibility and control lead to better governance and security in cloud and SaaS operations. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.
Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: Sonoa Systems.
Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today, we present a sponsored podcast discussion on bringing enterprise IT expectations on visibility, control, and security to software as a service (SaaS), and cloud-based applications delivery.
As established enterprise IT expectations meet up with cutting-edge cloud delivery models, there's a clear need for additional trust and maturity in order for enterprises to further adopt cloud-based services.
We're going to examine how one SaaS provider, Innotas, has developed a more matured view into services operations and application programming interfaces (APIs) and how they can extend the benefits from that visibility to their customers.
We'll hear how Innotas has used solutions from Sonoa Systems to provide better managed services based on service level agreements (SLAs). We'll also hear how they derive more analytics from network activity and thereby provide mounting confidence in how services are performing.
At the same time, they can add more attributes and benefits to the services they deliver. The goal here is to make online and on-demand applications and services delivery come across with the same sense of maturity, control, reliability, and scale that enterprises and medium-sized business are accustomed to.
Here to help provide an in-depth look at how SaaS and cloud delivery management can be improved is Chet Kapoor, CEO of Sonoa Systems. We're also joined by Tim Madewell, vice president of operations at Innotas, an on-demand project portfolio management (PPM) service. Welcome, Tim.
Tim Madewell: Thank you, Dana.
Gardner: Let’s first get into the whole cloud topic. The world is changing around us. SaaS, of course, has been around for some time and many elements of cloud have been around, but we're starting to see more interest in bringing the enterprise on-premises model in some alignment with what goes on with cloud and SaaS. There's an interest in finding a common sense of security and trust.
Let’s start with you, Tim. Give us a rundown of what Innotas does and a little more information about what your customers' expectations are, now that we’re a bit deeper into this whole cloud mentality?
Madewell: Sure, I’d be happy too. Innotas is an on-demand PPM solution. We focus on IT organizations and provide software access via a standard Web browser for managing projects, as well as non-project work within an IT department.
Our goal, or value proposition, and the problem we're trying to solve with Innotas, is more of a top-down enterprise problem -- how best to utilize the resources that you have within your IT department. That's from a cost standpoint and budgets, as well as capacity and actual resources. Innotas is providing an IT governance solution on-demand, and providing it as a service.
Gardner: So, you're actually at two levels of opportunity and benefits here. You offer visibility, based on the requirements of the application, but also delivering it as SaaS. Has it always been an on-demand application, or did you have this as an on-premises product at one time?
On-Demand and Multi-Tenant
Madewell: Innotas has always been on-demand. We've been on-demand and multi-tenant from day one. That’s been one of our differentiators. Certainly, PPM is not a new category, but something that Gartner has tracked for some time, and there are plenty of competitors out there on the on-premises world.
One of our differentiators was that being on-demand and multi-tenant from day one enabled us to be one of the early adopters in the SaaS world and in subscription-based software.
Gardner: Interestingly enough, you've taken this to the IT department folks, and they've had a chance to examine how SaaS and on-demand works for them. I suppose that’s sort of greasing the skids for their acceptance of these services that they can deliver to either their employee constituents or to online customers and partners.
Madewell: That’s exactly right. Our target audience is IT, and that’s just where we have really chosen to focus.
In many ways, IT has very few projects that they perform that are internal for IT. You end up being your own customer in this type of implementation. We have seen how the attitude around SaaS has matured and evolved here. SaaS has become more standard and available, and as the technology has matured, especially around security, the acceptance level for SaaS has improved. One of the things that benefit us is in focusing on IT. Typically this type of change in acceptance for software starts within the IT organization itself.
Gardner: This is fairly sensitive information, right? What’s going on with the projects? IT could have a great bearing on where a strategy is headed for an organization. So, security, governance, and risk-compliance concerns need to be addressed at this level
Madewell: Absolutely. That’s where differentiation comes into play. To be a business application in a SaaS model today means that you have to step up and be enterprise class.
We look at ourselves as an extension of all of our customers' internal IT and operations groups and we need to live up to those same standards. That’s not unique to us. Any SaaS provider that’s out there that is going to provide a business solution and is going to have to adhere and live up to the same type of standards.
Gardner: As you’ve sought out solutions that can bring those elements of maturity and trust back into your service and therefore to your customers, what sort of problems did you encounter and how did you move forward from them?
Madewell: The problems where we would initially see a push-back was along those lines of acceptance and confidence -- how could we communicate and establish the confidence with our customers that this is secure and reliable. Once we get past the initial security challenges, folks are very interested and concerned about reliability and performance.
When it was traditionally inside your four walls, there was a greater sense of control. As soon as you step into the cloud or with any SaaS provider, some of the benefits and the value prop is that they control it, they manage it for you, but you're giving up some control. Building that confidence and acceptance into the solution is important, and ties back to being enterprise class. What I’ve got to establish and manage within my operations is operations as a service.
I need to be very much like a data center, providing a level of service that’s transparent to customers and with some predictability, and wrap that all up with the SaaS model. I need to do that at a reasonable cost, so that I can keep subscription rates reasonable, and where customers feel like they're getting a reasonable cost-to-value ratio.
Gardner: Let’s go over to Chet. You’ve heard some of the concerns that Tim has had in the way that he is trying to bring more maturity and confidence into his product. I'm sure there are many other providers, and there will be more as this cloud opportunity develops. What does Sonoa look at when it tries to help organizations like Innotas?
Maturity of Services
Chet Kapoor: Thanks, Dana. The approach that Sonoa has taken with a SaaS company like Innotas or an enterprise that wants to take its services and make them available to the cloud is to ask what is the maturity or the evolution of the services. Tim would tell you, using a quote that he has done for us: You always start by wanting to see the needle, because you can’t move the needle, if you don’t see it.
So the first thing is visibility. I want to know who is using my service, what are they using it for, how long are they using it, things like that. You have to have visibility into the services you provide. You always start there.
The next thing you say is, "Okay, now that I have visibility, I want to start putting in some security access control." You may choose to do that at the same time. They could be parallel approaches, and you want to start by saying, "I want to give priority access to priority customers."
Then, the third step that most customers take is to scale it. They have something working across 50 API calls or 100 API calls, and they say, "You know what, we are going to make this available throughout our application, make all our functionality available." And, they want it to be available at a scale where all their customers are getting it.
We've been working with companies like Innotas to get them through this evolution. Some customers choose to get our technology in the form of appliances. Some of them do it in the form of software, as Tim has. And, some of our customers are choosing to get our technology right in the cloud itself where they do not have any data-center whatsoever.
Gardner: Now, these days, being in a tough economic climate, providing visibility and efficiency needs to often be accompanied by a strict return on investment (ROI). Are there elements of what you are providing to organizations like Tim’s that fall into that business case and solution at a high economic value?
Kapoor: We believe so. I'd like Tim to take a stab at this also either now or sometime later to get his perspective. At the end of the day, when somebody is providing a cloud service or consuming a cloud service, it has an element of the client-server model. You are saving cost, especially if you are getting something on demand and you are a consumer of something like Innotas inside the enterprise.
So, there is definitely cost saving there from that point of view. The easier we can make it for enterprises to access the information for their composite applications through APIs, the more successful companies like Innotas are, and there is more adoption. IT enterprises end up saving money.
The second aspect of this is that it's probably a new revenue stream for Web 2.0 and SaaS companies, as well as enterprises. They've maximized or have worked very hard on their channels, whether user access or a browser-based channel. Now, they have an opportunity to go after a different set of folks who are trying to not just go off and use Innotas through a browser or Salesforce.com through a browser.
Somebody else wants to write custom applications and that’s not necessarily the project manager or the sales person, but the CFO wanting to do something. They want the access to information from something in the cloud. So, we’ve found that the ROI model comes in two flavors -- not only cost savings, but also new revenue-generation opportunities with a completely new set of customers.
Gardner: Let’s take that over to Innotas. Tim, when it comes to gaining benefits through this visibility, how you are able to justify that from a cost perspective?
Looking at Immediate Needs
Madewell: I would just second Chet’s comments. Those are right in line with how I looked at this when I was going through the early stages of evaluating Sonoa and just looking at what my immediate needs were within my operations department.
Here's how I justify it. The first one was very selfishly from an SLA. I have an SLA I've got to maintain and deliver against. As the sales team is selling this, my services team is implementing it.
At the end of the day, I've got to have the availability and the performance that was up to what we're selling. That ties directly back to the visibility point Chet made. That was absolutely my biggest value target day one to get up and running -- to give me the visibility and how that translates into my SLA.
I can’t address the problem until I can see it. Sonoa helped me identify problems or potential problems earlier. When I turned up the ServiceNet product it decoupled the traffic from my Web users, my end-users, the traditional users from my back end, and from my API.
Then, I was able to take a look at to see what kind of activity was occurring on the back end. That visibility gave me some input into when my servers were getting hot or heating up. I was seeing a lot of activity and started to differentiate if this activity was generated through the front end or through the back end.
So, my immediate return was to give my operations team a solution and a tool that gives them better visibility and then to control some of that traffic on the back-end.
My ROI on that is A) certainly living up to an SLA. I have penalties if I don’t hit it. So there is a dollar amount that could be tied to that. And B) it’s about serving up an experience of the customers. Certainly a tolerance for response times on an API is a lot greater than an end-user clicking on the screen.
So I have to have this healthy balance, if you will, between making sure I'm still serving up a reasonable end-user experience to the Web browser, and then serving the request on the back-end.
That ROI is really about the experience, and that means renewals for me. In a subscription-based model like Innotas' the customer is absolutely paramount, and the service that we provide is paramount to keep the renewals coming.
Gardner: Of course, when it comes to efficiency in the current economic downturn, a dollar saved is important. You have to meet your SLAs first. Does this give you an opportunity to tweak and customize in such a way that you're getting more utilization?
Aiming for Efficiency
Madewell: I'm serving a lot of customers in this multi-tenant architecture and I need to make sure that I can’t just throw hardware at the problems. I need to be very efficient, and the multi-tenancy gives me efficiency. I also need to make sure that I'm managing the utilization and managing those systems very efficiently.
It gives me that capability that I needed as a multi-tenant application. To your question of this economic environment, with this visibility I'm able to put in some controls that will give me the ability to look at how I make more and better use of the capacity that I have today.
A good analogy here is in my commute over the Bay Bridge -- sitting there in queue, waiting for the metering lights to turn on, and wishing there was another lane or two lanes. I certainly hit some point, where I guess it’s probably a good queuing-theory model where it does make sense to add another lane or two. I'm always looking at that from an operations and capacity standpoint.
But, I don’t want to just throw hardware or lanes at the problem. If I can still move traffic through in an efficient manner, much like the metering lights. I can make the best use of the lanes I have. That’s exactly what I'm looking at, especially in this environment: Where is my capacity, where is my unused capacity, and how do I deploy or redeploy that as efficiently as possible?
Gardner: So, the visibility and control offer you apparently a fairly significant ROI that you are comfortable with. But, then there is that additional benefit that Chet discussed, in terms of richness and additional benefits that you can apply for your services as they’re perceived, delivered, and even built against for your customers.
Madewell: That’s right. Now, from a front-end and from a user model, we're very familiar with the different user types in an application. You may have view-only users, standard users, or power users. We can take the same view on the back end with Web-services. There are certainly different levels of users or different levels of service you could provide for users, depending on their needs.
If I've got real-time integration I'm looking to deploy, my requirements are a lot different and a lot more stringent than somebody on a monthly or weekly basis, which is like an extract and much more tolerant. Now, I've got the ability to take a look at offering some tiered services or tailoring my back-end user type and then tying that to my revenue model.
Gardner: That provides a level of maturity -- not one size fits all, but more customization. Your receiving organizations, if you will, start to view this as closer to what they've been accustomed to with the client-server or distributed computing. Do you have any instances, metrics, or anecdotes about how that’s actually worked out in the field, practice versus theory?
Madewell: In this field it’s kind of a journey, as we've got the visibility and some basic control in place. We've turned up the policy management and SLA management with the ServiceNet product.
Some of the immediate benefits we had were with the early diagnosis of problems and troubleshooting. We had a recurring issue with a specific customer reporting errors with Web services, decoupling that traffic, and having it right there in a real-time dashboard.
We were able to turn around and find the root cause and find that they were submitting multiple attempts with invalid log-ins and flooding the Web service. Our ability to diagnose that quickly was definitely a benefit we were able to realize with Sonoa.
Gardner: Let’s think about some other scenarios -- and I’ll open this up to both Chet and Tim -- with cloud computing and boundaries, hybrid models, business processes that are composed of services from different clouds or different SaaS providers. Quite a bit of complexity can creep into this very rapidly, and the visibility, control, and scale issues become significantly aggravated. What can solutions like Sonoa bring to that level of complexity, when we move beyond a single SaaS-type of application into a business process that’s composed of services.
Hybrid Applications
Kapoor: Dana, let me take a shot, and Tim, as a technologist, would also have a view. We’ve spent the last half an hour talking about how a provider of services -- what are some of their motivations, what are some of their pains, what is the ROI? Tim has done a great job of articulating all of that.
As you said, there are a lot of consumers of cloud services like Innotas, and they probably do it in a very hybrid model because I don’t think on-premise computing is going away. So, customers will write applications or custom applications, where they probably want to use Oracle or SAP inside the firewall and maybe have another custom application of some sort, Innotas or Salesforce or whatever -- outside.
They want to write a composite application, a mashup, or whatever you decide to call it, and they want all these different services. A critical need that we find is that customers start to get nervous. It's not so much with the Innotases of the world, because they are fairly secure. They run like an enterprise application, but it’s available in the cloud. It happens when you start using things like Amazon Elastic Compute Cloud (EC2), and people are starting to put custom applications there.
What we’re finding is there is a need for a way to govern what goes on outside the enterprise. Govern could be a fairly heavy word, so let me be more specific. You want to have visibility into, how many accounts I have at EC2, for example.
If you ask a CIO -- and I've had 50-plus conversations about this -- how many cloud users you have at a very basic level, the SaaS companies you have contracts with, it’s fairly easy. I am using EC2 only as an example. But, if you ask how many people actually use a credit card to open an EC2 account and are doing something with compute resources and doing things with storage, the answer is no.
They have no idea who those people are. So one thing they need is visibility into who is doing what. The next thing is, all senior executives in companies every quarter sign a document saying, "I have complied with law." If I'm in the health-care industry, I am not going to let certain medical information about my patients go out. If I'm in the financial services industry, I'm not going to let the Social Security numbers go out.
The question is how do they know? How do they know that what they are signing is actually happening? There's no way of them figuring out if compliance laws have been broken or not. So, we find that a lot of customers who are just consuming, not doing the SLAs and things like that, as Tim was talking about, but just consumption. They want to have some visibility into what is happening with the cloud. Then, as they get more visibility, they want to see if they are paying extra for SLAs and the SLAs being mapped.
The second thing is that they have multiple cloud providers for resources. Which one is cheaper? Which one is better? Which one has better SLAs? Which one is easier to configure? And, things like that. Or, they can go off and say, "You know the network is really slow because this set of individuals are doing a lot of compute-intensive things, and we are not going to give them the ability to bring the network down towards the end of the quarter." So you don’t only have visibility, but you also have control, and it’s all from a consumer point of view.
Gardner: Let’s take that to Tim. In Innotas, if you get into a position where you are starting to compose services from cloud-based resources and models and deliver that back out to your SaaS providers, it sounds like you are going to really be interested in this level of visibility?
The Importance of Governance
Madewell: Yes, we would. Visibility is real, just from a technology standpoint, and working with my customers through initial security questions and audits that I need to go through as a software provider. What Chet has articulated here is real and growing in my opinion. Governance is going to be very important.
I'll just give you an example. SaaS, especially in the large enterprises, is something that’s very new. In many cases, as I'm working and partnering with our customers to go through the due diligence, the technical review, and the network and infrastructure review, their standards have not been modified yet to even accommodate SaaS.
So, there is a level of education needed there, and this goes back to we started talking about how to get the comfort level up. Well, this is the driver for it. There are many companies out there that have stated that no data is outside their four walls. Yet, now they're trying to accommodate and adopt a hybrid model, which I firmly believe is where this is going.
With that, if they don’t realize the need for governance and control at an enterprise level, as Chet has outlined here, they will very soon, because folks like Innotas and others are making inroads into the enterprise space -- and we’re viable.
There's a very good reason to keep certain data -- health-care is a great example with the HIPAA requirements -- inside your four walls. But, there may be other Tier 2 application solutions that are going to be outside your walls. How do you control that? How do you audit that? These are very important problems to solve.
Gardner: In addition to governance, there is the management from the provider side, as you get into more tiered services and more managed services. You're going to offer different levels of service compliance depending on the pricing and you’re going to have sales people who want to slice and dice these services in a variety of ways, as they can package them and deliver them.
We’re at the early innings of SaaS, but I can foresee that by the sixth or seventh inning, we’re going to get into some serious complexity around those delivery mechanisms. Tim, help us a little bit in terms of what road map you might have at Innotas and what the solution might start to look like?
Madewell: Well, out of the gate, we try to keep it simple, and that is one of the benefits, one of the value props, we push with on demand and with our product in the PPM space -- to keep it simple.
This gives us more flexibility in how we package. Absolutely. I agree. What does our road map look like? We've got about a 12-to-18 month road map at any given time that point features and capabilities into our product. We're looking at ways that we bundle that up and we bring the right mix to the customers. We're looking at ways that we can tier that.
Look at examples of some of the pioneers, especially in the SaaS space. Look at Salesforce.com. They have a pretty simple tiered model. As you walk up to and through their enterprise addition, you're just adding on capability.
That’s in line with what we’re trying to do -- keep a nice, small, reasonable entry cost. The subscription model is very powerful. And then, it's services as you need them, or services as you consume them. We're finding it a lot more appealing to customers, especially in this environment than give me everything and buy it all up front in one lump sum.
Gardner: Because of our use case scenario here we've been focusing on the concerns of the SaaS provider, but as Chet mentioned, we also have the incoming network for the user organization, be it enterprise or small- to medium-sized business. It seems that the solution here benefits receivers and senders. I'm wondering if this is a little bit of a leap into blue sky, Chet, but how about this visibility as a service -- that is to say, getting somewhere between the receiver and the sender. Is there anything that we might look forward to in the future along those lines?
Kapoor: Absolutely Dana. It's something that we recognized and are working on. If you really think about the person who is doing a mash up, every consumer is probably going to be a provider at some point, and every provider is going to be a consumer at some point. So, we've certainly thought about it and have been working on providing, taking what Sonoa provides a ServiceNet product, and making it available as a service. We have some customers that are already going in production. It's something that we will start talking about in the very near future.
Gardner: Well, great. I appreciate your input, Tim, on helping us understand a little bit more of the concerns of a SaaS provider. It’s really important that you're delivering this to the IT organization because they're the ones that are always going to be on the vanguard of managing these boundaries, as they become more permeable, and we see more of these arising scenarios around services delivery and consumption.
I also want to thank you, Chet. We've been discussing how enterprises expectations need to meet up with cloud delivery models, how there is a need for additional trust and maturity, and how services are perceived and delivered.
We've been talking with Chet Kapoor, CEO of Sonoa Systems. We've also been talking with Tim Madewell, vice president of operation at Innotas, an on-demand PPM service. I just want to throw out one more opportunity for input. Is there anything additional you think we should convey Tim?
Madewell: We've covered it well. My daily takeaway, as I go about my business, is that a lot of this is evolving, is new, and it’s a journey. This is one of the things I have really benefited from and appreciated with Sonoa, as well as other vendors that I worked with. We're all evolving in this SaaS and cloud space together.
What I am really encouraged by is that it's heading upstream, if you will, into the enterprise. The leaders in this space, are pushing these boundaries, pushing the governance, recognizing that with breaking down traditional walls comes new challenges that need to be controlled. It’s important to be looking two steps ahead, and evaluating how this all works.
Gardner: Very good. This is Dana Gardner, principal analyst at Interarbor Solutions. You've been listening to a sponsored Briefings Direct Podcast. Thanks for listening and come back next time.
Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: Sonoa Systems.
Transcript of a BriefingsDirect podcast on how visibility and control lead to better governance and security in cloud and SaaS operations. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.
Labels:
Cloud computing,
Dana Gardner,
governance,
Innotas,
Interarbor Solutions,
Kapoor,
Madewell,
SaaS,
security,
Sonoa
Monday, January 26, 2009
BriefingsDirect Analysts Discuss Service Oriented Communications, Debate How Dead SOA Really Is
Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 36, on communications as a service and the future of SOA in light of hard economic times.
Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Charter Sponsor: Active Endpoints. Additional underwriting by TIBCO Software.
Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.
Dana Gardner: Hello, and welcome to the latest BriefingsDirect Analyst Insights Edition, Volume 36. This periodic discussion and dissection of IT, infrastructure related news event with a panel of industry analysts and guests comes to you with the help of our charter sponsor Active Endpoints, maker of the Active VOS visual orchestration system, as well as through the support of TIBCO Software.
I'm your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions. Our topic this week, the week of Jan. 12, 2009, starts and ends with service-oriented architecture (SOA) -- dead or alive?
We're going to begin with an example of what keeps SOA alive and vibrant, and that is the ability for the architectural approach to grow inclusive of service types and therefore grow more valuable over time.
We're going to examine service-oriented communications (SOC) a variation on the SOA theme, and a way of ushering a wider variety of services -- in this case communications and collaboration services from the network -- into business processes and consumer-facing solutions. We're joined by a thought leader on SOC, Todd Landry, the vice president of NEC Sphere.
In the second half of our show, we'll revisit the purported demise of large-scale SOA and find where the wellsprings of enterprise architectural innovation and productivity will eventually come from.
We’ll also delve into the psychology of IT. What are they thinking in the enterprise data centers these days? Somebody’s thoughts might resuscitate SOA or perhaps nail even more spikes into the SOA coffin.
Here to help us calibrate the life span of SOA is this week’s BriefingsDirect Analyst Insights Panel. Please welcome Tony Baer, senior analyst at Ovum. Hey, Tony.
Tony Baer: Hey, Dana how are you doing? I hope you're keeping warm up there.
Gardner: Oh yes. Jim Kobielus, senior analyst at Forrester Research. How are you, Jim?
Jim Kobielus: Hi, Dana. Hi, everybody.
Gardner: Joe McKendrick, independent analyst and prolific blogger on ZDNet and ebizQ. Hey, Joe.
Joe McKendrick: Hey, Dana. Great to be here.
Gardner: Dave Linthicum, founder of Linthicum Group and Blue Mountain Labs.
Dave Linthicum: Hey, Dana.
Gardner: JP Morgenthal, senior analyst at Burton Group.
JP Morgenthal: Good morning.
Gardner: And, Anne Thomas Manes, vice president and research director for application platform strategies at Burton Group. Welcome to the show, Anne.
Anne Thomas Manes: Thanks, Dana.
Gardner: As I mentioned, we’re welcoming our guest Todd Landry, vice president of NEC Sphere. Let’s go to you first, Todd. First of all, welcome to the show.
Todd Landry: Good morning, Dana. We’re joining you today from sunny Chicago, where it started out at minus 17 degrees.
Gardner: Many of us are at or under zero this morning.
Landry: We're looking forward to the balmy weather.
Gardner: I hope you get to move south soon. First, tell us what you mean by SOC and help our listeners, who might not be familiar, understand a little bit about NEC, which is based in Tokyo, and Sphere in particular within that larger organization.
Variety of Applications
Landry: Sounds great, Dana. With SOC, what we're really talking about here is the fact that organizations today use a variety of business applications to help them improve efficiency and drive productivity in their organizations.
But, if you look at any implementation and then what happens in the business, the real connective tissue between all of these includes people. The decisions and actions that take place in a business on a day-to-day basis are highly dependent on these people being effective.
Therefore, the manner in which we can help them with their communications and help them collaborate becomes a critical factor in how the workflows can be more effective and more efficient. We've looked at that and said the more you can make communications into business applications, the more you can make communications a more natural part of an SOA.
The workflow can naturally connect people, when they become part of that workflow process. It should streamline how those processes can be completed, and therefore the result is streamlining how businesses can be effective.
Gardner: Well, exactly what types of services are we talking about here? Is this simply mashing up instant messaging into some more applications? Is it more than that? What’s the scale that we are talking about?
Landry: The idea of being able to click-to-call has been around for quite some time. With the more recent technologies mashing up the directory listings, mashing up a call function inside of a business application, is much more achievable and can be done much easier manner than it has in the past.
Now, that said, we can go to the next step and to give you examples. In one view, we are reaching a human for an approval on a transaction. It can be instigated from the business application itself. So, notifications reaching out to individuals to get approvals, using voice technology for actual voice imprint signatures, is one method.
Another example of use is digital assets of the corporation. As we are all aware there are times when we unfortunately have to have organizations come in and collect a lot of emails and history to help the organization. As part of that, organizations are now looking at dialogues between humans, whether they were voice, text tool, conference calls, or exchanges via email. They become part of the digital assets of the corporation.
When we look at communications wrapping those dialogues with some metadata, bringing them back up into content management system so they become indexable, they may become part of the digital assets of the corporation and become uniquely valuable.
Gardner: Just quickly tell us about Sphere. You were acquired by NEC just a year or two ago, right?
Landry: That’s correct, Dana. Sphere Communications was founded in 1994 with a focus on a mission of turning communications hardware into software and, as a result of turning it into software, building it more like a business application.
About 18 months ago, we concluded a transaction with NEC Corp., headquartered in Tokyo. Our focus stays on the software aspect of building communications for the business environment, but we do that now in the context of a much larger organization.
Gardner: With this philosophy of converting the hardware to software as software services, these communications functions can now be brought into a wider variety of business processes, particularly if you're using SOA, mashups, or a variety of different development frameworks and types. The goal here is to bring people into process. Is that fair?
The SOC Ultimate Goal
Landry: That’s really the ultimate goal. On any given day in a business, do people care about doing the mashup or do they care about having their business be more effective, especially in these times? We believe that people will continue to look for more efficiency in their IT infrastructure. They'll continue to look for how people can be more connected, not only internally but with their customers. At the end of the day, you're right. It’s really about how people get more interconnected with the business process.
Gardner: How about this taxonomy? Why do we have to have another acronym, another three letter word, SOC? Wouldn’t this simply be part and parcel with SOA? Why do you see them as different?
Landry: Well, if there isn’t one born, and then it won’t ever die, right? We looked at it and had to communicate to the industry the concept of how communications integrates into frameworks in the IT infrastructure. SOA is a one term still used out there to define an approach. When we built our communications platform, we opened up all its services in a manner that we believe fit very naturally into the concept of a SOA. Therefore, our communications platform is really more service oriented than it is a closed and proprietary traditional PBX-oriented system.
Gardner: Lets go to our panel. Tony Baer, we've talked about this disconnect between processes and the business world, SOA architectural values, and people. I think we had a show devoted almost entirely to the BPEL for People spec when it came out.
Clearly, if SOA is not to wither and die on the vine, bringing people into the process, finding ways of creating new types of efficiencies and innovations, not just repaving cow paths but doing something quite new all becomes important. From your perspective, Tony, what’s the important deal here with bringing communications services into the play?
Baer: I hate to use a cliché, but it’s like the last mile of enterprise workflow and enterprise processes. The whole goal of workflows was trying to codify what we do with processes and trying to implement our best practices consistently. Yet, when it comes to verbal communications, we’re still basically using technology that began with the dawn of the human voice eons ago.
Gardner: I've seen people use sign language.
Baer: Well, that maybe too, and smoke signals.
Gardner: A certain finger comes up from time to time in some IT departments.
Kobielus: At least the use of a trusty index DTMS finger.
Gardner: There you go.
Baer: Exactly, and maybe some other fingers as well. But the fact is that in some cases, there's a huge gap. An example is in the area of compliance. It was a well-publicized case. I won't mention the name of the corporation, because I don’t want to get us into legal trouble here. But, there was a major case of cooking the books. The CEO went to jail, but his predecessor, under whom it was alleged these practices began, was never touched. Allegedly, it’s because he left no trail of breadcrumbs. He never used email. It was all spoken.
The idea of being able to manage and integrate spoken communications may actually be a critical gap in compliance strategy. I could see that as being an incredible justification for trying to integrate voice communications. Another instance would be with any type of real-time supply chain or with trading.
Very often, when I call my broker, the message says please do not leave voice messages on the phone. Provide trading instructions. We can now start to track all that. I'm not sure that it’s such a great idea to leave trading instructions in a voice mail, but there are lot of areas where you're integrating voice communications that could provide business value.
Gardner: Jim Kobielus, isn’t there more to this on the consumer side as well? We've got these hand-held devices that people are using more and more with full broadband connectivity for more types of activities, straddling their personal and business lives and activities. We know Microsoft has been talking about voice recognition as a new interface goal for, what, 10 years now. What’s the deal when it comes to user habits, interfaces, and having some input into these back-end processes?
An Important Extension
Kobielus: That’s a huge question. Let me just unpeel the onion here. I see SOC as very much an important extension of SOA or an application of SOA, where the service that you're trying to maximize, share, and use is the intelligence that’s in people’s heads -- the people in the organization, in your team. You have various ways in which you can get access to that knowledge and intelligence, one of which is by tapping into a common social networking environment.
In a consumer sphere, the thing is the intelligence you want to gain access to is intelligence sets residing in mobile assets -- human beings on the run. Human beings have various devices and applications through which they can get access to all manner of content and through which they can get access to each other.
So, in a consumer world, a lot of the SOC value proposition is in how it supports social networking. The Facebook environments provide an ever more service-oriented environment within which people can mash up not only their presence and profiles, but all of the content the human beings generate on the fly. Possibly, they can tag on the fly as well, and that might be relevant to other people.
There is a strong potential for SOC and that consumer Facebook-style paradigm of sharing everybody’s user-generated content that’s developed on the fly.
Gardner: Joe McKendrick, it seems that bringing communications into the stew really does add value. These are the areas that traditionally have been separate. People did voice activities, they did communications, and they also did data and application activities. Straddling the two was something you did with wetware, with your mind or your hands. Do you think that SOC is perhaps a catalyst to increase value in SOA?
McKendrick: Absolutely. There always have been two levels to this discussion. On the upper level, you’re looking at a lot of business traditionally driven by serendipity. That's the chance encounter in the hallway between two people. Or, it's a phone discussion that may evolve to, "By the way, did you hear about such and such a company laying off or such and such company moving to this market."
One challenge that’s always been out there is to figure out a way to capture this more informal transmission of knowledge that highlights business opportunities. If there's a way to at least capture even a segment of that, to digitize it, and put it into the knowledge base. I think that’s a great advance for companies.
Gardner: So it’s bringing tacit knowledge into play with business processes. Is that what you’re getting that?
McKendrick: Exactly. We heard a lot about artificial intelligence (AI) a couple of decades back, and that showed a lot of promise for capturing some of the knowledge. You had these Jedi Knights that seemed to know everything and had everything in their heads. Once they left the organization, that was it. They walked out of the door with the knowledge and moved to Florida or Arizona. That has been the challenge for AI. Now we refer to it as knowledge management, being able to capture this knowledge, this serendipity, and these informal channels the voice communications.
Landry: It’s human nature to use reference points, historical reference points of dialogs -- whether they’re written or wherever I find them -- to remind me of a topical discussion and bring me tighter into the fold of a particular thread. Think of how we use email. Often, there's a thread of email that helps us go back and look at the history of the dialog that occurred. This has happened in pseudo real time basis with instant messaging these days.
As you described, the natural tendency is a quick discussion at the water cooler. To the degree that we can capture that information, put it in a format that’s indexable, and in my day-to-day workflows as an individual be able to pull that up as I am having more and more dialogs, it becomes very useful referenceable information about why we made certain decisions in the business. That’s one aspect we look at there.
Text-Mining Capability
Kobielus: One of the services in the infrastructure of the SOC that will be critically needed in a consumer or a business environment is a text-mining capability within the cloud. That can go on the fly to all these unstructured texts that have been generated, and identify entities in relationships and sentiments to make that information quickly available. Or, it can make those relationships quickly available through search or through other means to people who are too busy to do a formal search or who are too busy to even do any manual tagging. We simply want the basic meanings to just bubble up out of the cloud.
Gardner: Dave Linthicum, it seems like we're just finding ways of joining different networks. There were the telephone networks. We have had IM networks that are still based on Internet protocols, but are doing their own thing. We've had all these disparate communications types and modes that have popped up over the years and now we are trying to bring them to some kind of harmony.
Do you agree that this is really what SOA, as an approach, should do, and that we don’t need a subset of SOC? And, what are your clients looking for in terms of how communications relates to business applications and processes?
Linthicum: Well, if you're going to take services like this, expose them as services, and make easier use of them, then it’s there. You have to create the integration yourself through very disparate mechanisms and things like that. People are always struggling, trying to figure how to aggregate this stuff and its solutions. This is definitely one approach and it’s viable on the market.
As SOA evolves, they are much more rudimentary. We'll talk about later about the whole "death of SOA" thing. The fact of the matter is that people are just getting their arms around exactly what a service is and how you take multiple services and turn them in solutions.
What's occurring, especially with the downturn in the economy, is that people are focused on more tactical and, what I call a shorter, SOA issues. They're trying to solve particular problems with particular instances of technology. Some organizations have the potential for doing that.
When you look at SOA, you talk about this whole big strategy around structuring services and aggregating those services into solutions. But, if you really look at what people want to do, they want to solve particular tactical problems in a very short period of time and show a very quick value proposition. The ability to take all these communications and actually turn them into services and leverage them is a wonderful use case within the context of SOA. It makes sense.
Gardner: Todd Landry, even though we're in such tight economic circumstances, cost savings obviously need to be part of just about any activity. Is there a clear return on investment (ROI) from your perspective in doing away with the hardware and the PBX-based infrastructure around telecom at least inside of enterprises and going to pure software?
Are you able to really demonstrate that going to software, not only for the purposes of extending it into business processes but just alone as replacement for the cost of a traditional PBX infrastructure, is a good story?
The Two Levels
Landry: There is, and there are two levels. I can put some examples around that. At the first level, remember the three large guys with tool belts who show up in a moving van. They roll some big thing that looks like a refrigerator into the secret room and everybody says, "Yeah, that’s the phone system." Nobody knows how it works, except for the specialist who's been through 10 months of training. These systems are very, very costly to maintain these days. They are specialty hardware, very proprietary, and the maintenance alone has become quite an issue now.
Imagine all that capability being delivered to you as part of a download. You run it on the same computing infrastructure that you use for many of your other business applications and you administrate and manage it in the same way. You don’t have to look very hard at that to imagine some significant efficiencies in IT infrastructure. If it’s built in a way where it opens up its services, you can look at some real examples in the business.
Suppose I have a customer who is a major distributor of airline parts. The issue with parts for aircraft is that they are under strict inspection. Once they are put into the distribution center and shipped to a mechanic, they can no longer be restocked without going through a very expensive, re-inspection process.
What happens with airline mechanics is they'll call in to get certain parts and not being sure what they really need, they'll order three or four different parts. The theory is they'll just send the one’s back that they didn’t need.
This has been a big problem for the distributor. What they've utilized is an actual recording of the dialog between the mechanic and the order entry as that order is posted. They can now go back and very easily pull up that transaction and pull forward the recording. Therefore, the mechanic and the airlines have to take those parts.
These are just real, street-level business issues that I've dealt with. We have several of those scenarios, where once you look at inefficiencies in your business and look at how the human action makes that transaction occur, you can apply the technology to overcome it.
Gardner: JP Morgenthal, we've got cell phones, mobile Internet devices, netbooks, this notion of always on and multi-modality always on. Now just saying that you've got voice, text, and the ability to have two-way communications -- synchronous and asynchronous -- begs the necessity for bringing more communications into business processes. Do you agree with that?
Morgenthal: I definitely do. Clearly from an analyst perspective, you can talk about it and give it a very analytical representation, but the interesting thing is that I actually have real world experience in data behind this. Before coming back to being an analyst and joining Burton in November, I had my own software company, Avorcor, and we had developed supply-chain management as a service.
One things I did was integrate with an open-source communications project called StarPound, which is business-process management integrated with Asterisk, and we built a demonstration that really illustrated the value proposition in the warehouse.
I'd been working with a number of companies who had warehouse issues, and we were basically normalizing those issues by instituting a new services architecture and layering that on top of that legacy system, so they could build their business processes.
One of the biggest issue was they were still communicating exceptions that were happening in the warehouse because device limitations were scanners and text in a very noisy environment. Everyone agreed that the best communications tool in that environment was their cell phone because it vibrated. Well, the Blackberry now has vibration too. So, that’s also a valid form of communication.
If you tie this as a unified communications strategy to the business process, it’s very effective and not only is it very effective, but -- I hate to say it -- it begs only more constant information overload.
Years ago, we took it for granted. You didn't get things for a couple of days, because the communications pipeline took that long to complete. Now, we expect things in microseconds. So, it's enhancing the expectations of people in general because of that. But still, I think overall productivity goes up tremendously, and we move much more effectively toward a real-time event architecture across communications and systems and people. It’s really fascinating to watch and it’s very effective.
Gardner: Anne Thomas Manes, we think about crossing these gaps between what were traditionally telephony technologies, and now it can exercise the services and access the services, but there remains a cultural gap. Analysts, architects, and developers are not always thinking along the communications network line of reasoning. They don’t always look necessarily for these on-ramps and off-ramps to business processes. Do we need to try to encourage developers and architects to think differently around SOC capabilities, as they increase their business agility?
Change the Way We Talk
Manes: We’ll get into the "SOA is dead" discussions later. One thing that I have pushed is not that service orientation needs to go away, but that we need to change the way we talk about it. What we need to be focusing on are services that actually provide value to the developers who need access to capabilities and to the business guys who need the capabilities to be inherent inside their systems.
When we're talking about communications services, you want to make sure that those services are very easy to access. With communications services, when you start looking inside PBXs, voice over IP, and those kinds of things, that’s arcane and completely out of the realm of normal development skills that you would get in a Web developer.
Now, we do have some nice capabilities like click to call, and those are set up as drop-in components that people can now use inside their Web applications. Wouldn’t it be nice, if we actually had a much more powerful communications service that a developer can use to communicate with a customer, communicate with a shop manager, or communicate with whatever at this point in the application?
They can call out to a communications service and specify, "Here is who I want to talk to. Here is the information I want to send. And, here is the method through which I want send it." And, and then they can have the communications service completely take care of the whole processes associated with making that work.
I can guarantee that a developer is going to choose that over, "Oh, I have to write all kinds of arcane code in order to figure out how to send an email or how to launch a phone call." So, building these services that simplify a very complex process is extremely valuable from a productivity perspective.
You can also look at it from another perspective and that is that I can call out to this communications service. This goes back to the first conversation we were having about this topic, which is, "I need to make sure that I actually record this and capture this in my CRM system or I need to audit it for whatever reason."
You can apply policy to the service and have that be something that you can manage and maintain from a policy perspective, which is separate from the code that’s actually implemented in the application or in the communications service.
Gardner: How about that, Todd Landry? Do we still require developers to do arcane integrations, or are there application programming interfaces (APIs) and/or other means of automating and easing the ability for developers to exploit communications services?
Landry: I'm really glad you raised that point, because we know your example of click-to-dial has been around for a while, but the execution of that has been very complex. A lot of companies that have enabled that have done it using people who are rich in telecom protocol experience and things like that.
With SOC platforms, we see it as creating an abstraction to those telecom functions -- such as making a call, recording a call, or setting up media streams -- and hiding that all from the developer. You are welcome to a white paper that describes this approach of abstracting the communications complexity.
When we looked at it in terms of how you would make it available to the applications developer, for example, our tools include Web services description language (WSDL) files that can be imported into your environment. So, you can take an IBM Rational environment, bring in functions available on the communications system and use application and Web-type technologies, without having to understand the complexities of underlying telecom protocols. That’s probably one of the most critical things that we need to do on the communications side to allow the developer community to benefit from this.
Gardner: Isn’t there another approach to this, in addition to trying to ease the actual development, to make these services all part of the same cloud? Perhaps salesforce.com or Google might start offering more telephony services within their cloud. Therefore, the integrations are being done within their infrastructure and it becomes easier for developers to create processes. Do you expect that SOC will have a role in how some of these cloud providers increase their value to developers and then therefore to end-users?
Distributed Cloud SOC Services
Landry: Yes, and in the way we deploy today in many of our customers, we would, in some respects, describe it as a private cloud, because of way it’s built and because of way it’s a distributed and shared service within the enterprise.
We've got a handful of cases where we deployed that in more of a service-provider approach and you could argue that, because the consumer, the enterprise, has some stuff on premises they can also overload that or use services from the local provider. It’s built on that kind of model.
There's is another piece of this that says these platforms are bringing together multiple forms of media, so that you can utilize text messaging, audio, or video communications. You can do screen-sharing data collaboration in a simpler and more consistent fashion and you can utilize one set of services to do that.
Whether they're deployed as a cloud and the enterprise is using those services from within a cloud or whether they've made the decision to do them on premises, both are very viable and, in many cases, both are being done today.
Gardner: Okay, last question on SOC. Dave Linthicum, with the emphasis on cloud nowadays, do you see bringing these communications services into a cloud portfolio as a way of enticing more enterprises to get involved, particularly if we're talking about reaching out to consumers through these communications channels? Where do you see SOC and cloud intersecting?
Linthicum: They already are, probably not as formal services and definitely not as integratable data into the enterprise, but anything that’s a value within enterprises, as we are finding, ultimately will be something that some start up or even some big company packages up as a set of services and sticks them up in the cloud.
If you look in ProgrammableWeb, you'll find that there are a ton of services that are very communications oriented. They're probably not as sophisticated as the ones we're talking about now, but as more and more people adopt that as a paradigm and need these things to build enterprise composites or even mashups, then you're going to see a lot of movement in that direction, because it’s a fairly simple thing ultimately to do.
It’s going to be a very high value service to sell. You're not competing with the guys who are giving the stuff away for ad share. And, it’s just going to be another value cloud out there that people can leverage and integrate within their enterprise.
Kobielus: I want to add one last observation before we go to the "SOA is dead" topic. In order for this integration to happen in the cloud, the cloud providers need to federate their new registries with those of their enterprise customers. But, humans are reachable through a different type of registry called a directory, lightweight directory access protocol (LDAP) and other means.
Cloud providers need to federate their identity management in a directory environment with those of their customers. I don’t think the industry has really thought through all the federation issues to really make this service oriented, business communications in the cloud scenario a reality any time soon.
Gardner: So we need an open Wiki-like phone book in the sky.
Kobielus: Exactly.
SOA: Dead or Alive?
Gardner: All right. Let’s move on to our next subject -- "SOA: dead or alive?" Anne, you created a little bit of stir with a recent blog or around declaring SOA under significant pressure, particularly as a result of the economic climate, because people are not going to spend money without that verifiable ROI.
These large-scale SOA implementations are too complex and taking too much time. The economic climate is going to postpone, if not kill them outright. Did I get it right, and what’s been your position since the blog, in terms of the viability of SOA?
Manes: Certainly, lots of people have refuted my claim. At the same time, I've had at least as many people, and probably more, I am dead-on right. My goal with the blog post was to at least get the conversation going, and I think I managed to do that effectively.
I still believe that if you go before a funding board this year -- if you are an IT group and you are trying to get funding for some projects -- and you go forward with a proposal that says we need to do SOA, because SOA is good, it’s going to get shot down. Instead, what you have to go forward with is very specific value-add projects that say we need to do this, we need to do that, and we need to do that.
You need to talk about what services you're going to provide. In the example of communications services, there's a really strong value proposition associated with creating communications services. Likewise, going forward with a request to say, "We need to build a billing service which replaces the 27 different billing capabilities that we have in each of our product applications out there."
That’s a very strong, financially rich, good ROI type of proposal that’s going to win. But, it's not going to work, if you go forward and just say, "Oh, we need to go get an ESB. We need to go get some registry and repository technologies. We need to invest in all the SOA infrastructure. We need to do SOA just because SOA is what everybody is telling me we need to do."
Just talk about the services and talk about the practices that are going to help improve the architecture of your systems. Talk about doing application rationalization and talk about reducing the redundancy within your environment.
Talk about dismantling the 47 data warehouses you have that contain customer information and create a set of data services instead that actually gives you a richer, cleaner and more complete information about your customers. Those are things that are going to win.
Gardner: Does that mean that we're really still heading toward SOA, but we're just going to do it through a variety of tactical measures, and ultimately, without even realizing it, you're going to be doing SOA and that, at some point, you might need to rationalize that at a higher architectural abstraction with such things as ESBs and wider governance? Does that sound right?
Manes: Yes and no. It’s absolutely critical that you still have a strong architectural group. One of my favorite comments that came back from the blog post were the number of people who said, "Basically, we just really suck at doing architecture."
One of the primary reasons that a lot of SOA initiatives are failing is because people don’t actually do the architecture. Instead, what they do is service-oriented integration, as opposed to SOA. If you're truly doing architecture, then you're doing an analysis of your applications architecture, figuring out why you have so much extra garbage in your environment, and figuring out what you should actually start to get rid of.
You still need to have that planning group which is very strongly focused on setting the priorities. But then, what you go forward with in terms of funding are the projects that are actually going to help you achieve your architectural goals.
Bunker Mentality
Gardner: Another observation I had from watching the discussion that you helped create is that there seems to be quite a bunker mentality out there right now. A lot of people in IT are saying, "Listen, we're not going to do anything. We are going to just hunker down and keep it the way it is. We don’t need to innovate now. Wait until we get through this terrible crisis and then we will figure out how to be modern or agile."
On the other hand, I am seeing people saying, "No, now is the time to get innovative, to leapfrog, to take advantage of the pressure to reduce waste and look for efficiencies which ultimately will allow us to be more competitive not only in the short-term but over the long-term." Are we really looking at a typical, conservative-liberal breakdown in terms of the philosophy inside of IT department?
Manes: I suspect that you're going to have a lot of organizations that don’t have a lot of architectural maturity following the first camp, which is, "We're going to cut out everything. We’re just going to focus on tactical projects."
But, the folks who have a little more architectural maturity recognize the value of taking this opportunity, when lots and lots of projects are no longer going forward. They can say, "Well, now is a great time for us to start focusing on architecture and figure out how we can position ourselves to take advantage of the economy, when it does finally turn around."
Gardner: Okay. Tony Baer, we're heading into this deep depression, recession, whatever you want to call it. Those companies that aren’t very good at architecture will probably, if they hunker down, fall even further behind. Those organizations that have some budget to play with, that are not in survival mode alone, and are looking to be something bigger and better on the other side of the recession, they move further ahead. Are we coming into a bifurcation of who does IT better or worse, based on this recession?
Baer: I don’t think there is any question about that. I'd call that the Walmart strategy. Take a look at the previous recession. To some extent, the same thing is happening now that happened back in the recession of 2001-2002. Walmart actually increased its spending for expansion with the expectation that its low-price strategy was sound. In other words, its marketing architecture was sound for that period, but that it would be better prepared for the upswing, when the recovery happened.
I think what Anne is saying right now is that organizations that did get ahead of the curve with SOA, that thoughtfully began the architecture process and rationalized it, will go ahead, because there will be real economies at some point compared to traditional application development.
Those that have been basically doing what Joe McKendrick has called "just a bunch of web services" are just going to essentially retrench and say, "We just can’t afford to create more spaghetti right now. We are just going to do it a lot of break fixes." So, I would totally agree with Anne there.
Gardner: Joe McKendrick, are we going through an acceleration of winners and losers in IT, particularly at a sort of company-strategy level and core-competency level?
McKendrick: Yeah, Dana, absolutely. I've always said that the companies that have gravitated towards SOA are the companies that will probably do well anyway. Those are the companies with more visionary management and more tightly integrated approaches to business. Those are the companies that we've seen in all the case studies that over recent years that have gravitated towards SOA. Let’s face it, if they didn’t have SOA, they probably would have been doing okay anyway, because they're well-managed companies.
The companies that really could have used SOA, the companies not likely to be adopting SOA, or not likely be looking at SOA, as Anne and Tony discussed, those are the hunker-down companies, the companies that have fairly unsatisfactory architectures or no architectural approach. We're going to be seeing that going forward as well.
Gardner: To further refine this, Dave Linthicum, are we talking about companies that are good at IT, regardless of what’s in their quiver whether it’s SOA, Web oriented architecture (WOA), or communications and SOC? Regardless of the tools that you have at your disposal, it’s how well you use them that defines you, and if you fall further behind and you don’t adopt more tools, that’s a bad thing. Is that oversimplifying it?
IT Talent Shortage
Linthicum: Not really. The point that I made is the same point I have been making for a long period of time. We have talent shortage in the world of SOA. There are companies out there that have some very good IT talent, and they can take SOA, WOA, or cloud computing, look at the business problems, make some very nice systems, and automate the business nicely.
However, the majority of people out there who are wrestling around with architecture are ill equipped to solve some of the issues. They have a tendency to focus in wrong areas. Anne hit this in her blog as well. It was brilliant.
In the area of, "Let’s do quick tactical things, and look at this as a big systemic issue we are looking to solve," it just becomes too big, too complex. They try to solve it with things that are too tactical and just don’t have enough value. There are no free lunches with SOA or any kind of an architectural approach or any thing we have to improve the business.
You're going to have to break things down to their functional primitive and build them up again. You're going to have to think long and hard about how your architecture relates and links back to the business and how that’s going to work.
I wish there were something you could buy in a box or something you could download or some cloud you can connect to, but at the end of the day it’s the talent of the people who are doing the job. That’s where people have been falling down. Over and over again, in the last three years, we have identified this. I don’t think anybody has taken steps to improve it. In fact, I think it’s gotten worse.
Gardner: JP Morgenthal, without trying to be derogatory, it sounds like those people who do just tactical things, who are not evolving to a larger culture at a business-process level, at a agility level are kind of like Neanderthals. They were walking around Europe 25,000-100,000 years ago. Then, these Homo sapiens come on the scene and maybe have a little higher abstraction of skills, competency, look strategically at IT, much more services-oriented that eventually will overtake the landscape. Does that sound right?
Morgenthal: It's a great question. To say that you are going to be successful in business because you focused on IT architecture is a stretch. When we did our 2009 predictions, one of my predictions was the rise of disposable computing. For a certain class of businesses, it’s going to be okay to have "good enough" software and not worry about, "Am I going to be using the same application 20 years out," -- really moving the thought processes from 3-5 year plans to 5-9 month plans.
When you talk about things in that range, SOA falls apart as a requirement, because that’s something that you definitely want to engage in where you have longevity or a long-term strategy to apply. Including cloud computing and the rise of start ups in the cloud, or at least their IT infrastructure in the cloud, versus building data centers, is going to introduce an opportunity for that to occur.
There is a class of organizations that hears SOA. They're going to get IT staff that come from an environment where people did SOA. There's going to be a little culture clash, because the executives there are going to be saying, "I don’t get this. I don’t get you. Who are you? I want my cell phone to do this, this and that, and I can make it do that by looking at it sideways. You’re telling me I've got to go spend all this money. Are you nuts?"
So, you have that going on, and then you have organizations that are involved in some very complex business opportunities in the financial sector or in the manufacturing sector. If they don’t look at their business and model it in a way that their systems mirror what they are doing one for one, they’re going to continue to fight that impedance mismatch that’s been going on since the early days of computing.
Then, the mismatch made sense, because the costs of computing were so expensive that we had to take small bites, chew on it, and make it work. Now, with the cost of computing where it’s at, we should be disregarding that notion, reexamining our systems, and saying our systems should meet our business requirements one for one. We shouldn’t have this discrepancy that when I talk business, it needs to be translated for IT purposes.
Gardner: Todd Landry, for some organizations, SOA is dead, at least during the economic downturn. For other organizations, it could be alive and well. From your perspective, what differentiates these organizations? How do you separate the innovator class from the "let’s just keep it simple and do our jobs and hope for the best" class?
Landry: Finding them and separating them is probably an arduous task. During tough economic times, the question of what projects should be worked on becomes more of a financial question than just it’s a cool technology question. During better times, we do many different projects and don’t spend time looking at the business benefit.
JP’s point of, "if you do technology architecture, your business will get better" is not real. There are hundreds of different projects you can look at in any IT infrastructure, and, especially today, people are spending more time looking at which ones will help the business operate in a more streamlined fashion.
They’re questioning what it’s going to cost to do that, how I can do that without spending outrageous dollars, and is it going to make a difference for my business? Again, the observation of cost associated with those projects becomes more heightened during these kinds of economic times.
We're looking for people who are investing in new initiatives, because they see this as an opportunity to optimize, an opportunity to streamline, and it will help them longer term. We look for those kind of people that realize that this can be seen as an opportunity, as much as a tough situation to deal with the economy.
Kobielus: The whole "SOA is dead" theme struck a responsive chord in the industry, because there's a lot of fatigue, not only with the buzzword, but the very concept. It’s been too grandiose and nebulous. It’s been oversold, expectations have been built up too high, and governance is a bear.
We all know the real-world implementation problems with SOA, the way it’s been developed and presented and discussed in the industry. The core of it is services. As Anne indicated, services are the unit of governance that SOA begot.
We all now focus on services. Now, we’re moving into the world of cloud computing and, you know what, a nebulous environment has gotten even more nebulous. The issues with governance, services, and the cloud -- everything is a service in the cloud. So, how do you govern everything? How do you federate public and private clouds? How do you control mashups and so forth? How do you deal with the issues like virtual machine sprawl?
The range of issues now being thrown into the big SOA hopper under the cloud paradigm is just growing, and the fatigue is going to grow, and the disillusionment is going to grow with the very concept of SOA. I just want to point that out as a background condition that I’m sensing everywhere.
Gardner: Anne, is there a hedge on this somehow? That is to say, can you continue to be tactical, can you avoid some of the larger cost issues around SOA, but, at the same time, not put yourself at a disadvantage 18, 24, or 36 months down the road for moving closer to SOA at that time?
Manes: My core recommendation is to think big and take small steps.
You need to do the planning, and your architecture team should be able to do that, without having to go get permission from your funding organization to do planning, because that’s what they’re supposed to be doing. But then, they have to identify quick, short, tactical projects that will actually deliver value.
That’s what they should do and are designed to do to improve the architecture as a whole. It can't be just, "Oh I have to integrate this system with that system." They really should be focusing on identifying projects that will, in fact, improve the architecture. In that way, you’ll be in a better position when things are over.
Gardner: Just to pull our two discussions together, do you think that SOC forms one of those tactical benefits that demonstrates ROI, improves productivity, but that also sets you up for larger benefits later?
Manes: Communications services, as a general rule, are valuable because having your applications integrate with communications is often challenging. But, you need to take a look at your individual corporate priorities to determine whether that actually is a higher priority this year than something else.
Gardner: Does anybody else want to chime in quickly on SOC as a tactical benefit to SOA? Todd, you must have something to say on that.
Landry: The tactical benefit we’re seeing is a lot of very specific cases already in the end-customer areas, where people have made the decision that this is important. We talk about the economy, but security concern is at an all-time high, and there is a lot of sensitivity there.
In most government organizations, they’ve now assigned a geo spatial officer, someone to go look at how the communications system is better used across the different emergency organizations, and how first responders can come together and communicate and collaborate in emergency situations.
We’ve recently demonstrated some multidimensional collaboration tools that bring together the identity of vehicles and simplify the manner in which you tie radio IP-based communications across different emergency entities. You’ve got real cases here that people are addressing today. There are some tactical activities out there related to that.
I think the point made about think big and pick small projects is really important, because it is a big ocean out there and you’ve got to pick the things that makes sense for your business.
Gardner: Great. I want to thank the panel for this week, we had Tony Baer, senior analyst at Ovum. We had Jim Kobielus, senior analyst at Forrester Research. Joe McKendrick, independent analyst and blogger. David Linthicum, founder of Linthicum Group. JP Morgenthal, senior analyst Burton Group, and Anne Thomas Manes, vice president and research director of Burton Group.
We also thank our guest, Todd Landry, vice president of NEC Sphere. I want to also thank our charter sponsor for the BriefingsDirect Analyst Insights Edition podcast series, Active Endpoints, maker of the Active VOS visual orchestration system.
We’re also coming to you through the support of TIBCO Software. This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening and come back next time.
Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Charter Sponsor: Active Endpoints. Additional underwriting by TIBCO Software.
Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.
Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 36, on communications as a service and the future of SOA in light of hard economic times. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.
Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Charter Sponsor: Active Endpoints. Additional underwriting by TIBCO Software.
Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.
Dana Gardner: Hello, and welcome to the latest BriefingsDirect Analyst Insights Edition, Volume 36. This periodic discussion and dissection of IT, infrastructure related news event with a panel of industry analysts and guests comes to you with the help of our charter sponsor Active Endpoints, maker of the Active VOS visual orchestration system, as well as through the support of TIBCO Software.
I'm your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions. Our topic this week, the week of Jan. 12, 2009, starts and ends with service-oriented architecture (SOA) -- dead or alive?
We're going to begin with an example of what keeps SOA alive and vibrant, and that is the ability for the architectural approach to grow inclusive of service types and therefore grow more valuable over time.
We're going to examine service-oriented communications (SOC) a variation on the SOA theme, and a way of ushering a wider variety of services -- in this case communications and collaboration services from the network -- into business processes and consumer-facing solutions. We're joined by a thought leader on SOC, Todd Landry, the vice president of NEC Sphere.
In the second half of our show, we'll revisit the purported demise of large-scale SOA and find where the wellsprings of enterprise architectural innovation and productivity will eventually come from.
We’ll also delve into the psychology of IT. What are they thinking in the enterprise data centers these days? Somebody’s thoughts might resuscitate SOA or perhaps nail even more spikes into the SOA coffin.
Here to help us calibrate the life span of SOA is this week’s BriefingsDirect Analyst Insights Panel. Please welcome Tony Baer, senior analyst at Ovum. Hey, Tony.
Tony Baer: Hey, Dana how are you doing? I hope you're keeping warm up there.
Gardner: Oh yes. Jim Kobielus, senior analyst at Forrester Research. How are you, Jim?
Jim Kobielus: Hi, Dana. Hi, everybody.
Gardner: Joe McKendrick, independent analyst and prolific blogger on ZDNet and ebizQ. Hey, Joe.
Joe McKendrick: Hey, Dana. Great to be here.
Gardner: Dave Linthicum, founder of Linthicum Group and Blue Mountain Labs.
Dave Linthicum: Hey, Dana.
Gardner: JP Morgenthal, senior analyst at Burton Group.
JP Morgenthal: Good morning.
Gardner: And, Anne Thomas Manes, vice president and research director for application platform strategies at Burton Group. Welcome to the show, Anne.
Anne Thomas Manes: Thanks, Dana.
Gardner: As I mentioned, we’re welcoming our guest Todd Landry, vice president of NEC Sphere. Let’s go to you first, Todd. First of all, welcome to the show.
Todd Landry: Good morning, Dana. We’re joining you today from sunny Chicago, where it started out at minus 17 degrees.
Gardner: Many of us are at or under zero this morning.
Landry: We're looking forward to the balmy weather.
Gardner: I hope you get to move south soon. First, tell us what you mean by SOC and help our listeners, who might not be familiar, understand a little bit about NEC, which is based in Tokyo, and Sphere in particular within that larger organization.
Variety of Applications
Landry: Sounds great, Dana. With SOC, what we're really talking about here is the fact that organizations today use a variety of business applications to help them improve efficiency and drive productivity in their organizations.
But, if you look at any implementation and then what happens in the business, the real connective tissue between all of these includes people. The decisions and actions that take place in a business on a day-to-day basis are highly dependent on these people being effective.
Therefore, the manner in which we can help them with their communications and help them collaborate becomes a critical factor in how the workflows can be more effective and more efficient. We've looked at that and said the more you can make communications into business applications, the more you can make communications a more natural part of an SOA.
The workflow can naturally connect people, when they become part of that workflow process. It should streamline how those processes can be completed, and therefore the result is streamlining how businesses can be effective.
Gardner: Well, exactly what types of services are we talking about here? Is this simply mashing up instant messaging into some more applications? Is it more than that? What’s the scale that we are talking about?
Landry: The idea of being able to click-to-call has been around for quite some time. With the more recent technologies mashing up the directory listings, mashing up a call function inside of a business application, is much more achievable and can be done much easier manner than it has in the past.
Now, that said, we can go to the next step and to give you examples. In one view, we are reaching a human for an approval on a transaction. It can be instigated from the business application itself. So, notifications reaching out to individuals to get approvals, using voice technology for actual voice imprint signatures, is one method.
Another example of use is digital assets of the corporation. As we are all aware there are times when we unfortunately have to have organizations come in and collect a lot of emails and history to help the organization. As part of that, organizations are now looking at dialogues between humans, whether they were voice, text tool, conference calls, or exchanges via email. They become part of the digital assets of the corporation.
When we look at communications wrapping those dialogues with some metadata, bringing them back up into content management system so they become indexable, they may become part of the digital assets of the corporation and become uniquely valuable.
Gardner: Just quickly tell us about Sphere. You were acquired by NEC just a year or two ago, right?
Landry: That’s correct, Dana. Sphere Communications was founded in 1994 with a focus on a mission of turning communications hardware into software and, as a result of turning it into software, building it more like a business application.
About 18 months ago, we concluded a transaction with NEC Corp., headquartered in Tokyo. Our focus stays on the software aspect of building communications for the business environment, but we do that now in the context of a much larger organization.
Gardner: With this philosophy of converting the hardware to software as software services, these communications functions can now be brought into a wider variety of business processes, particularly if you're using SOA, mashups, or a variety of different development frameworks and types. The goal here is to bring people into process. Is that fair?
The SOC Ultimate Goal
Landry: That’s really the ultimate goal. On any given day in a business, do people care about doing the mashup or do they care about having their business be more effective, especially in these times? We believe that people will continue to look for more efficiency in their IT infrastructure. They'll continue to look for how people can be more connected, not only internally but with their customers. At the end of the day, you're right. It’s really about how people get more interconnected with the business process.
Gardner: How about this taxonomy? Why do we have to have another acronym, another three letter word, SOC? Wouldn’t this simply be part and parcel with SOA? Why do you see them as different?
Landry: Well, if there isn’t one born, and then it won’t ever die, right? We looked at it and had to communicate to the industry the concept of how communications integrates into frameworks in the IT infrastructure. SOA is a one term still used out there to define an approach. When we built our communications platform, we opened up all its services in a manner that we believe fit very naturally into the concept of a SOA. Therefore, our communications platform is really more service oriented than it is a closed and proprietary traditional PBX-oriented system.
Gardner: Lets go to our panel. Tony Baer, we've talked about this disconnect between processes and the business world, SOA architectural values, and people. I think we had a show devoted almost entirely to the BPEL for People spec when it came out.
Clearly, if SOA is not to wither and die on the vine, bringing people into the process, finding ways of creating new types of efficiencies and innovations, not just repaving cow paths but doing something quite new all becomes important. From your perspective, Tony, what’s the important deal here with bringing communications services into the play?
Baer: I hate to use a cliché, but it’s like the last mile of enterprise workflow and enterprise processes. The whole goal of workflows was trying to codify what we do with processes and trying to implement our best practices consistently. Yet, when it comes to verbal communications, we’re still basically using technology that began with the dawn of the human voice eons ago.
Gardner: I've seen people use sign language.
Baer: Well, that maybe too, and smoke signals.
Gardner: A certain finger comes up from time to time in some IT departments.
Kobielus: At least the use of a trusty index DTMS finger.
Gardner: There you go.
Baer: Exactly, and maybe some other fingers as well. But the fact is that in some cases, there's a huge gap. An example is in the area of compliance. It was a well-publicized case. I won't mention the name of the corporation, because I don’t want to get us into legal trouble here. But, there was a major case of cooking the books. The CEO went to jail, but his predecessor, under whom it was alleged these practices began, was never touched. Allegedly, it’s because he left no trail of breadcrumbs. He never used email. It was all spoken.
The idea of being able to manage and integrate spoken communications may actually be a critical gap in compliance strategy. I could see that as being an incredible justification for trying to integrate voice communications. Another instance would be with any type of real-time supply chain or with trading.
Very often, when I call my broker, the message says please do not leave voice messages on the phone. Provide trading instructions. We can now start to track all that. I'm not sure that it’s such a great idea to leave trading instructions in a voice mail, but there are lot of areas where you're integrating voice communications that could provide business value.
Gardner: Jim Kobielus, isn’t there more to this on the consumer side as well? We've got these hand-held devices that people are using more and more with full broadband connectivity for more types of activities, straddling their personal and business lives and activities. We know Microsoft has been talking about voice recognition as a new interface goal for, what, 10 years now. What’s the deal when it comes to user habits, interfaces, and having some input into these back-end processes?
An Important Extension
Kobielus: That’s a huge question. Let me just unpeel the onion here. I see SOC as very much an important extension of SOA or an application of SOA, where the service that you're trying to maximize, share, and use is the intelligence that’s in people’s heads -- the people in the organization, in your team. You have various ways in which you can get access to that knowledge and intelligence, one of which is by tapping into a common social networking environment.
In a consumer sphere, the thing is the intelligence you want to gain access to is intelligence sets residing in mobile assets -- human beings on the run. Human beings have various devices and applications through which they can get access to all manner of content and through which they can get access to each other.
So, in a consumer world, a lot of the SOC value proposition is in how it supports social networking. The Facebook environments provide an ever more service-oriented environment within which people can mash up not only their presence and profiles, but all of the content the human beings generate on the fly. Possibly, they can tag on the fly as well, and that might be relevant to other people.
There is a strong potential for SOC and that consumer Facebook-style paradigm of sharing everybody’s user-generated content that’s developed on the fly.
Gardner: Joe McKendrick, it seems that bringing communications into the stew really does add value. These are the areas that traditionally have been separate. People did voice activities, they did communications, and they also did data and application activities. Straddling the two was something you did with wetware, with your mind or your hands. Do you think that SOC is perhaps a catalyst to increase value in SOA?
McKendrick: Absolutely. There always have been two levels to this discussion. On the upper level, you’re looking at a lot of business traditionally driven by serendipity. That's the chance encounter in the hallway between two people. Or, it's a phone discussion that may evolve to, "By the way, did you hear about such and such a company laying off or such and such company moving to this market."
One challenge that’s always been out there is to figure out a way to capture this more informal transmission of knowledge that highlights business opportunities. If there's a way to at least capture even a segment of that, to digitize it, and put it into the knowledge base. I think that’s a great advance for companies.
Gardner: So it’s bringing tacit knowledge into play with business processes. Is that what you’re getting that?
McKendrick: Exactly. We heard a lot about artificial intelligence (AI) a couple of decades back, and that showed a lot of promise for capturing some of the knowledge. You had these Jedi Knights that seemed to know everything and had everything in their heads. Once they left the organization, that was it. They walked out of the door with the knowledge and moved to Florida or Arizona. That has been the challenge for AI. Now we refer to it as knowledge management, being able to capture this knowledge, this serendipity, and these informal channels the voice communications.
Landry: It’s human nature to use reference points, historical reference points of dialogs -- whether they’re written or wherever I find them -- to remind me of a topical discussion and bring me tighter into the fold of a particular thread. Think of how we use email. Often, there's a thread of email that helps us go back and look at the history of the dialog that occurred. This has happened in pseudo real time basis with instant messaging these days.
As you described, the natural tendency is a quick discussion at the water cooler. To the degree that we can capture that information, put it in a format that’s indexable, and in my day-to-day workflows as an individual be able to pull that up as I am having more and more dialogs, it becomes very useful referenceable information about why we made certain decisions in the business. That’s one aspect we look at there.
Text-Mining Capability
Kobielus: One of the services in the infrastructure of the SOC that will be critically needed in a consumer or a business environment is a text-mining capability within the cloud. That can go on the fly to all these unstructured texts that have been generated, and identify entities in relationships and sentiments to make that information quickly available. Or, it can make those relationships quickly available through search or through other means to people who are too busy to do a formal search or who are too busy to even do any manual tagging. We simply want the basic meanings to just bubble up out of the cloud.
Gardner: Dave Linthicum, it seems like we're just finding ways of joining different networks. There were the telephone networks. We have had IM networks that are still based on Internet protocols, but are doing their own thing. We've had all these disparate communications types and modes that have popped up over the years and now we are trying to bring them to some kind of harmony.
Do you agree that this is really what SOA, as an approach, should do, and that we don’t need a subset of SOC? And, what are your clients looking for in terms of how communications relates to business applications and processes?
Linthicum: Well, if you're going to take services like this, expose them as services, and make easier use of them, then it’s there. You have to create the integration yourself through very disparate mechanisms and things like that. People are always struggling, trying to figure how to aggregate this stuff and its solutions. This is definitely one approach and it’s viable on the market.
As SOA evolves, they are much more rudimentary. We'll talk about later about the whole "death of SOA" thing. The fact of the matter is that people are just getting their arms around exactly what a service is and how you take multiple services and turn them in solutions.
What's occurring, especially with the downturn in the economy, is that people are focused on more tactical and, what I call a shorter, SOA issues. They're trying to solve particular problems with particular instances of technology. Some organizations have the potential for doing that.
When you look at SOA, you talk about this whole big strategy around structuring services and aggregating those services into solutions. But, if you really look at what people want to do, they want to solve particular tactical problems in a very short period of time and show a very quick value proposition. The ability to take all these communications and actually turn them into services and leverage them is a wonderful use case within the context of SOA. It makes sense.
Gardner: Todd Landry, even though we're in such tight economic circumstances, cost savings obviously need to be part of just about any activity. Is there a clear return on investment (ROI) from your perspective in doing away with the hardware and the PBX-based infrastructure around telecom at least inside of enterprises and going to pure software?
Are you able to really demonstrate that going to software, not only for the purposes of extending it into business processes but just alone as replacement for the cost of a traditional PBX infrastructure, is a good story?
The Two Levels
Landry: There is, and there are two levels. I can put some examples around that. At the first level, remember the three large guys with tool belts who show up in a moving van. They roll some big thing that looks like a refrigerator into the secret room and everybody says, "Yeah, that’s the phone system." Nobody knows how it works, except for the specialist who's been through 10 months of training. These systems are very, very costly to maintain these days. They are specialty hardware, very proprietary, and the maintenance alone has become quite an issue now.
Imagine all that capability being delivered to you as part of a download. You run it on the same computing infrastructure that you use for many of your other business applications and you administrate and manage it in the same way. You don’t have to look very hard at that to imagine some significant efficiencies in IT infrastructure. If it’s built in a way where it opens up its services, you can look at some real examples in the business.
Suppose I have a customer who is a major distributor of airline parts. The issue with parts for aircraft is that they are under strict inspection. Once they are put into the distribution center and shipped to a mechanic, they can no longer be restocked without going through a very expensive, re-inspection process.
What happens with airline mechanics is they'll call in to get certain parts and not being sure what they really need, they'll order three or four different parts. The theory is they'll just send the one’s back that they didn’t need.
This has been a big problem for the distributor. What they've utilized is an actual recording of the dialog between the mechanic and the order entry as that order is posted. They can now go back and very easily pull up that transaction and pull forward the recording. Therefore, the mechanic and the airlines have to take those parts.
These are just real, street-level business issues that I've dealt with. We have several of those scenarios, where once you look at inefficiencies in your business and look at how the human action makes that transaction occur, you can apply the technology to overcome it.
Gardner: JP Morgenthal, we've got cell phones, mobile Internet devices, netbooks, this notion of always on and multi-modality always on. Now just saying that you've got voice, text, and the ability to have two-way communications -- synchronous and asynchronous -- begs the necessity for bringing more communications into business processes. Do you agree with that?
Morgenthal: I definitely do. Clearly from an analyst perspective, you can talk about it and give it a very analytical representation, but the interesting thing is that I actually have real world experience in data behind this. Before coming back to being an analyst and joining Burton in November, I had my own software company, Avorcor, and we had developed supply-chain management as a service.
One things I did was integrate with an open-source communications project called StarPound, which is business-process management integrated with Asterisk, and we built a demonstration that really illustrated the value proposition in the warehouse.
I'd been working with a number of companies who had warehouse issues, and we were basically normalizing those issues by instituting a new services architecture and layering that on top of that legacy system, so they could build their business processes.
One of the biggest issue was they were still communicating exceptions that were happening in the warehouse because device limitations were scanners and text in a very noisy environment. Everyone agreed that the best communications tool in that environment was their cell phone because it vibrated. Well, the Blackberry now has vibration too. So, that’s also a valid form of communication.
If you tie this as a unified communications strategy to the business process, it’s very effective and not only is it very effective, but -- I hate to say it -- it begs only more constant information overload.
Years ago, we took it for granted. You didn't get things for a couple of days, because the communications pipeline took that long to complete. Now, we expect things in microseconds. So, it's enhancing the expectations of people in general because of that. But still, I think overall productivity goes up tremendously, and we move much more effectively toward a real-time event architecture across communications and systems and people. It’s really fascinating to watch and it’s very effective.
Gardner: Anne Thomas Manes, we think about crossing these gaps between what were traditionally telephony technologies, and now it can exercise the services and access the services, but there remains a cultural gap. Analysts, architects, and developers are not always thinking along the communications network line of reasoning. They don’t always look necessarily for these on-ramps and off-ramps to business processes. Do we need to try to encourage developers and architects to think differently around SOC capabilities, as they increase their business agility?
Change the Way We Talk
Manes: We’ll get into the "SOA is dead" discussions later. One thing that I have pushed is not that service orientation needs to go away, but that we need to change the way we talk about it. What we need to be focusing on are services that actually provide value to the developers who need access to capabilities and to the business guys who need the capabilities to be inherent inside their systems.
When we're talking about communications services, you want to make sure that those services are very easy to access. With communications services, when you start looking inside PBXs, voice over IP, and those kinds of things, that’s arcane and completely out of the realm of normal development skills that you would get in a Web developer.
Now, we do have some nice capabilities like click to call, and those are set up as drop-in components that people can now use inside their Web applications. Wouldn’t it be nice, if we actually had a much more powerful communications service that a developer can use to communicate with a customer, communicate with a shop manager, or communicate with whatever at this point in the application?
They can call out to a communications service and specify, "Here is who I want to talk to. Here is the information I want to send. And, here is the method through which I want send it." And, and then they can have the communications service completely take care of the whole processes associated with making that work.
I can guarantee that a developer is going to choose that over, "Oh, I have to write all kinds of arcane code in order to figure out how to send an email or how to launch a phone call." So, building these services that simplify a very complex process is extremely valuable from a productivity perspective.
You can also look at it from another perspective and that is that I can call out to this communications service. This goes back to the first conversation we were having about this topic, which is, "I need to make sure that I actually record this and capture this in my CRM system or I need to audit it for whatever reason."
You can apply policy to the service and have that be something that you can manage and maintain from a policy perspective, which is separate from the code that’s actually implemented in the application or in the communications service.
Gardner: How about that, Todd Landry? Do we still require developers to do arcane integrations, or are there application programming interfaces (APIs) and/or other means of automating and easing the ability for developers to exploit communications services?
Landry: I'm really glad you raised that point, because we know your example of click-to-dial has been around for a while, but the execution of that has been very complex. A lot of companies that have enabled that have done it using people who are rich in telecom protocol experience and things like that.
With SOC platforms, we see it as creating an abstraction to those telecom functions -- such as making a call, recording a call, or setting up media streams -- and hiding that all from the developer. You are welcome to a white paper that describes this approach of abstracting the communications complexity.
When we looked at it in terms of how you would make it available to the applications developer, for example, our tools include Web services description language (WSDL) files that can be imported into your environment. So, you can take an IBM Rational environment, bring in functions available on the communications system and use application and Web-type technologies, without having to understand the complexities of underlying telecom protocols. That’s probably one of the most critical things that we need to do on the communications side to allow the developer community to benefit from this.
Gardner: Isn’t there another approach to this, in addition to trying to ease the actual development, to make these services all part of the same cloud? Perhaps salesforce.com or Google might start offering more telephony services within their cloud. Therefore, the integrations are being done within their infrastructure and it becomes easier for developers to create processes. Do you expect that SOC will have a role in how some of these cloud providers increase their value to developers and then therefore to end-users?
Distributed Cloud SOC Services
Landry: Yes, and in the way we deploy today in many of our customers, we would, in some respects, describe it as a private cloud, because of way it’s built and because of way it’s a distributed and shared service within the enterprise.
We've got a handful of cases where we deployed that in more of a service-provider approach and you could argue that, because the consumer, the enterprise, has some stuff on premises they can also overload that or use services from the local provider. It’s built on that kind of model.
There's is another piece of this that says these platforms are bringing together multiple forms of media, so that you can utilize text messaging, audio, or video communications. You can do screen-sharing data collaboration in a simpler and more consistent fashion and you can utilize one set of services to do that.
Whether they're deployed as a cloud and the enterprise is using those services from within a cloud or whether they've made the decision to do them on premises, both are very viable and, in many cases, both are being done today.
Gardner: Okay, last question on SOC. Dave Linthicum, with the emphasis on cloud nowadays, do you see bringing these communications services into a cloud portfolio as a way of enticing more enterprises to get involved, particularly if we're talking about reaching out to consumers through these communications channels? Where do you see SOC and cloud intersecting?
Linthicum: They already are, probably not as formal services and definitely not as integratable data into the enterprise, but anything that’s a value within enterprises, as we are finding, ultimately will be something that some start up or even some big company packages up as a set of services and sticks them up in the cloud.
If you look in ProgrammableWeb, you'll find that there are a ton of services that are very communications oriented. They're probably not as sophisticated as the ones we're talking about now, but as more and more people adopt that as a paradigm and need these things to build enterprise composites or even mashups, then you're going to see a lot of movement in that direction, because it’s a fairly simple thing ultimately to do.
It’s going to be a very high value service to sell. You're not competing with the guys who are giving the stuff away for ad share. And, it’s just going to be another value cloud out there that people can leverage and integrate within their enterprise.
Kobielus: I want to add one last observation before we go to the "SOA is dead" topic. In order for this integration to happen in the cloud, the cloud providers need to federate their new registries with those of their enterprise customers. But, humans are reachable through a different type of registry called a directory, lightweight directory access protocol (LDAP) and other means.
Cloud providers need to federate their identity management in a directory environment with those of their customers. I don’t think the industry has really thought through all the federation issues to really make this service oriented, business communications in the cloud scenario a reality any time soon.
Gardner: So we need an open Wiki-like phone book in the sky.
Kobielus: Exactly.
SOA: Dead or Alive?
Gardner: All right. Let’s move on to our next subject -- "SOA: dead or alive?" Anne, you created a little bit of stir with a recent blog or around declaring SOA under significant pressure, particularly as a result of the economic climate, because people are not going to spend money without that verifiable ROI.
These large-scale SOA implementations are too complex and taking too much time. The economic climate is going to postpone, if not kill them outright. Did I get it right, and what’s been your position since the blog, in terms of the viability of SOA?
Manes: Certainly, lots of people have refuted my claim. At the same time, I've had at least as many people, and probably more, I am dead-on right. My goal with the blog post was to at least get the conversation going, and I think I managed to do that effectively.
I still believe that if you go before a funding board this year -- if you are an IT group and you are trying to get funding for some projects -- and you go forward with a proposal that says we need to do SOA, because SOA is good, it’s going to get shot down. Instead, what you have to go forward with is very specific value-add projects that say we need to do this, we need to do that, and we need to do that.
You need to talk about what services you're going to provide. In the example of communications services, there's a really strong value proposition associated with creating communications services. Likewise, going forward with a request to say, "We need to build a billing service which replaces the 27 different billing capabilities that we have in each of our product applications out there."
That’s a very strong, financially rich, good ROI type of proposal that’s going to win. But, it's not going to work, if you go forward and just say, "Oh, we need to go get an ESB. We need to go get some registry and repository technologies. We need to invest in all the SOA infrastructure. We need to do SOA just because SOA is what everybody is telling me we need to do."
Just talk about the services and talk about the practices that are going to help improve the architecture of your systems. Talk about doing application rationalization and talk about reducing the redundancy within your environment.
Talk about dismantling the 47 data warehouses you have that contain customer information and create a set of data services instead that actually gives you a richer, cleaner and more complete information about your customers. Those are things that are going to win.
Gardner: Does that mean that we're really still heading toward SOA, but we're just going to do it through a variety of tactical measures, and ultimately, without even realizing it, you're going to be doing SOA and that, at some point, you might need to rationalize that at a higher architectural abstraction with such things as ESBs and wider governance? Does that sound right?
Manes: Yes and no. It’s absolutely critical that you still have a strong architectural group. One of my favorite comments that came back from the blog post were the number of people who said, "Basically, we just really suck at doing architecture."
One of the primary reasons that a lot of SOA initiatives are failing is because people don’t actually do the architecture. Instead, what they do is service-oriented integration, as opposed to SOA. If you're truly doing architecture, then you're doing an analysis of your applications architecture, figuring out why you have so much extra garbage in your environment, and figuring out what you should actually start to get rid of.
You still need to have that planning group which is very strongly focused on setting the priorities. But then, what you go forward with in terms of funding are the projects that are actually going to help you achieve your architectural goals.
Bunker Mentality
Gardner: Another observation I had from watching the discussion that you helped create is that there seems to be quite a bunker mentality out there right now. A lot of people in IT are saying, "Listen, we're not going to do anything. We are going to just hunker down and keep it the way it is. We don’t need to innovate now. Wait until we get through this terrible crisis and then we will figure out how to be modern or agile."
On the other hand, I am seeing people saying, "No, now is the time to get innovative, to leapfrog, to take advantage of the pressure to reduce waste and look for efficiencies which ultimately will allow us to be more competitive not only in the short-term but over the long-term." Are we really looking at a typical, conservative-liberal breakdown in terms of the philosophy inside of IT department?
Manes: I suspect that you're going to have a lot of organizations that don’t have a lot of architectural maturity following the first camp, which is, "We're going to cut out everything. We’re just going to focus on tactical projects."
But, the folks who have a little more architectural maturity recognize the value of taking this opportunity, when lots and lots of projects are no longer going forward. They can say, "Well, now is a great time for us to start focusing on architecture and figure out how we can position ourselves to take advantage of the economy, when it does finally turn around."
Gardner: Okay. Tony Baer, we're heading into this deep depression, recession, whatever you want to call it. Those companies that aren’t very good at architecture will probably, if they hunker down, fall even further behind. Those organizations that have some budget to play with, that are not in survival mode alone, and are looking to be something bigger and better on the other side of the recession, they move further ahead. Are we coming into a bifurcation of who does IT better or worse, based on this recession?
Baer: I don’t think there is any question about that. I'd call that the Walmart strategy. Take a look at the previous recession. To some extent, the same thing is happening now that happened back in the recession of 2001-2002. Walmart actually increased its spending for expansion with the expectation that its low-price strategy was sound. In other words, its marketing architecture was sound for that period, but that it would be better prepared for the upswing, when the recovery happened.
I think what Anne is saying right now is that organizations that did get ahead of the curve with SOA, that thoughtfully began the architecture process and rationalized it, will go ahead, because there will be real economies at some point compared to traditional application development.
Those that have been basically doing what Joe McKendrick has called "just a bunch of web services" are just going to essentially retrench and say, "We just can’t afford to create more spaghetti right now. We are just going to do it a lot of break fixes." So, I would totally agree with Anne there.
Gardner: Joe McKendrick, are we going through an acceleration of winners and losers in IT, particularly at a sort of company-strategy level and core-competency level?
McKendrick: Yeah, Dana, absolutely. I've always said that the companies that have gravitated towards SOA are the companies that will probably do well anyway. Those are the companies with more visionary management and more tightly integrated approaches to business. Those are the companies that we've seen in all the case studies that over recent years that have gravitated towards SOA. Let’s face it, if they didn’t have SOA, they probably would have been doing okay anyway, because they're well-managed companies.
The companies that really could have used SOA, the companies not likely to be adopting SOA, or not likely be looking at SOA, as Anne and Tony discussed, those are the hunker-down companies, the companies that have fairly unsatisfactory architectures or no architectural approach. We're going to be seeing that going forward as well.
Gardner: To further refine this, Dave Linthicum, are we talking about companies that are good at IT, regardless of what’s in their quiver whether it’s SOA, Web oriented architecture (WOA), or communications and SOC? Regardless of the tools that you have at your disposal, it’s how well you use them that defines you, and if you fall further behind and you don’t adopt more tools, that’s a bad thing. Is that oversimplifying it?
IT Talent Shortage
Linthicum: Not really. The point that I made is the same point I have been making for a long period of time. We have talent shortage in the world of SOA. There are companies out there that have some very good IT talent, and they can take SOA, WOA, or cloud computing, look at the business problems, make some very nice systems, and automate the business nicely.
However, the majority of people out there who are wrestling around with architecture are ill equipped to solve some of the issues. They have a tendency to focus in wrong areas. Anne hit this in her blog as well. It was brilliant.
In the area of, "Let’s do quick tactical things, and look at this as a big systemic issue we are looking to solve," it just becomes too big, too complex. They try to solve it with things that are too tactical and just don’t have enough value. There are no free lunches with SOA or any kind of an architectural approach or any thing we have to improve the business.
You're going to have to break things down to their functional primitive and build them up again. You're going to have to think long and hard about how your architecture relates and links back to the business and how that’s going to work.
I wish there were something you could buy in a box or something you could download or some cloud you can connect to, but at the end of the day it’s the talent of the people who are doing the job. That’s where people have been falling down. Over and over again, in the last three years, we have identified this. I don’t think anybody has taken steps to improve it. In fact, I think it’s gotten worse.
Gardner: JP Morgenthal, without trying to be derogatory, it sounds like those people who do just tactical things, who are not evolving to a larger culture at a business-process level, at a agility level are kind of like Neanderthals. They were walking around Europe 25,000-100,000 years ago. Then, these Homo sapiens come on the scene and maybe have a little higher abstraction of skills, competency, look strategically at IT, much more services-oriented that eventually will overtake the landscape. Does that sound right?
Morgenthal: It's a great question. To say that you are going to be successful in business because you focused on IT architecture is a stretch. When we did our 2009 predictions, one of my predictions was the rise of disposable computing. For a certain class of businesses, it’s going to be okay to have "good enough" software and not worry about, "Am I going to be using the same application 20 years out," -- really moving the thought processes from 3-5 year plans to 5-9 month plans.
When you talk about things in that range, SOA falls apart as a requirement, because that’s something that you definitely want to engage in where you have longevity or a long-term strategy to apply. Including cloud computing and the rise of start ups in the cloud, or at least their IT infrastructure in the cloud, versus building data centers, is going to introduce an opportunity for that to occur.
There is a class of organizations that hears SOA. They're going to get IT staff that come from an environment where people did SOA. There's going to be a little culture clash, because the executives there are going to be saying, "I don’t get this. I don’t get you. Who are you? I want my cell phone to do this, this and that, and I can make it do that by looking at it sideways. You’re telling me I've got to go spend all this money. Are you nuts?"
So, you have that going on, and then you have organizations that are involved in some very complex business opportunities in the financial sector or in the manufacturing sector. If they don’t look at their business and model it in a way that their systems mirror what they are doing one for one, they’re going to continue to fight that impedance mismatch that’s been going on since the early days of computing.
Then, the mismatch made sense, because the costs of computing were so expensive that we had to take small bites, chew on it, and make it work. Now, with the cost of computing where it’s at, we should be disregarding that notion, reexamining our systems, and saying our systems should meet our business requirements one for one. We shouldn’t have this discrepancy that when I talk business, it needs to be translated for IT purposes.
Gardner: Todd Landry, for some organizations, SOA is dead, at least during the economic downturn. For other organizations, it could be alive and well. From your perspective, what differentiates these organizations? How do you separate the innovator class from the "let’s just keep it simple and do our jobs and hope for the best" class?
Landry: Finding them and separating them is probably an arduous task. During tough economic times, the question of what projects should be worked on becomes more of a financial question than just it’s a cool technology question. During better times, we do many different projects and don’t spend time looking at the business benefit.
JP’s point of, "if you do technology architecture, your business will get better" is not real. There are hundreds of different projects you can look at in any IT infrastructure, and, especially today, people are spending more time looking at which ones will help the business operate in a more streamlined fashion.
They’re questioning what it’s going to cost to do that, how I can do that without spending outrageous dollars, and is it going to make a difference for my business? Again, the observation of cost associated with those projects becomes more heightened during these kinds of economic times.
We're looking for people who are investing in new initiatives, because they see this as an opportunity to optimize, an opportunity to streamline, and it will help them longer term. We look for those kind of people that realize that this can be seen as an opportunity, as much as a tough situation to deal with the economy.
Kobielus: The whole "SOA is dead" theme struck a responsive chord in the industry, because there's a lot of fatigue, not only with the buzzword, but the very concept. It’s been too grandiose and nebulous. It’s been oversold, expectations have been built up too high, and governance is a bear.
We all know the real-world implementation problems with SOA, the way it’s been developed and presented and discussed in the industry. The core of it is services. As Anne indicated, services are the unit of governance that SOA begot.
We all now focus on services. Now, we’re moving into the world of cloud computing and, you know what, a nebulous environment has gotten even more nebulous. The issues with governance, services, and the cloud -- everything is a service in the cloud. So, how do you govern everything? How do you federate public and private clouds? How do you control mashups and so forth? How do you deal with the issues like virtual machine sprawl?
The range of issues now being thrown into the big SOA hopper under the cloud paradigm is just growing, and the fatigue is going to grow, and the disillusionment is going to grow with the very concept of SOA. I just want to point that out as a background condition that I’m sensing everywhere.
Gardner: Anne, is there a hedge on this somehow? That is to say, can you continue to be tactical, can you avoid some of the larger cost issues around SOA, but, at the same time, not put yourself at a disadvantage 18, 24, or 36 months down the road for moving closer to SOA at that time?
Manes: My core recommendation is to think big and take small steps.
You need to do the planning, and your architecture team should be able to do that, without having to go get permission from your funding organization to do planning, because that’s what they’re supposed to be doing. But then, they have to identify quick, short, tactical projects that will actually deliver value.
That’s what they should do and are designed to do to improve the architecture as a whole. It can't be just, "Oh I have to integrate this system with that system." They really should be focusing on identifying projects that will, in fact, improve the architecture. In that way, you’ll be in a better position when things are over.
Gardner: Just to pull our two discussions together, do you think that SOC forms one of those tactical benefits that demonstrates ROI, improves productivity, but that also sets you up for larger benefits later?
Manes: Communications services, as a general rule, are valuable because having your applications integrate with communications is often challenging. But, you need to take a look at your individual corporate priorities to determine whether that actually is a higher priority this year than something else.
Gardner: Does anybody else want to chime in quickly on SOC as a tactical benefit to SOA? Todd, you must have something to say on that.
Landry: The tactical benefit we’re seeing is a lot of very specific cases already in the end-customer areas, where people have made the decision that this is important. We talk about the economy, but security concern is at an all-time high, and there is a lot of sensitivity there.
In most government organizations, they’ve now assigned a geo spatial officer, someone to go look at how the communications system is better used across the different emergency organizations, and how first responders can come together and communicate and collaborate in emergency situations.
We’ve recently demonstrated some multidimensional collaboration tools that bring together the identity of vehicles and simplify the manner in which you tie radio IP-based communications across different emergency entities. You’ve got real cases here that people are addressing today. There are some tactical activities out there related to that.
I think the point made about think big and pick small projects is really important, because it is a big ocean out there and you’ve got to pick the things that makes sense for your business.
Gardner: Great. I want to thank the panel for this week, we had Tony Baer, senior analyst at Ovum. We had Jim Kobielus, senior analyst at Forrester Research. Joe McKendrick, independent analyst and blogger. David Linthicum, founder of Linthicum Group. JP Morgenthal, senior analyst Burton Group, and Anne Thomas Manes, vice president and research director of Burton Group.
We also thank our guest, Todd Landry, vice president of NEC Sphere. I want to also thank our charter sponsor for the BriefingsDirect Analyst Insights Edition podcast series, Active Endpoints, maker of the Active VOS visual orchestration system.
We’re also coming to you through the support of TIBCO Software. This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening and come back next time.
Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Charter Sponsor: Active Endpoints. Additional underwriting by TIBCO Software.
Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.
Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 36, on communications as a service and the future of SOA in light of hard economic times. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.
Labels:
Active Endpoints,
Baer,
Dana Gardner,
Interarbor,
Landry,
Linthicum,
Manes,
McKendrick,
Morgenthal,
services,
SOA,
SOC,
TIBCO
Subscribe to:
Posts (Atom)