Justifying & Funding your SOA Project

Many organizations struggle to build the business case for implementing Service-Oriented Architecture (SOA)–not because SOA doesn’t provide numerous benefits to the organization, but rather because they don’t properly identify the business problems in their organization that SOA would be particularly well suited to address.

This paper addresses this deficiency by delineating the most important business benefits of SOA: reduction in the cost of integration, achieving asset reuse, increasing business visibility, and achieving business agility. Implementing SOA to achieve these benefits, however, requires many capabilities that fall under the broad umbrella of SOA governance, including visibility into IT assets, change management, enforcement of best practices, measurement of effectiveness, collaboration capabilities, lifecycle management, and open standards support.

SOA Quality across the Service Lifecycle

As organizations move beyond straighforward implementations of Web Services to the more complex world of Service-Oriented Architecture (SOA), maintaining the quality of the implementation in the face of changing business requirements becomes an increasingly difficult challenge. In the final analysis, quality represents how well a system meets the needs of the business, so when the business case for SOA calls for business agility, SOA quality means meeting business requirements as those requirements are in an ongoing, continual state of change.

As a result, SOA quality extends well beyond traditional quality assurance tasks to cover the full Service lifecycle, and encompasses both SOA management and governance into a broad set of capabilities that any organization must implement in order to be successful with their SOA initiatives.

Sponsored by iTKO.

SOA Security: Centralize & Integrate

Written by Tony Baer, Associate Analyst, ZapThink.

SOA adds a new dimension to information technology (IT) security challenges. Usage is dynamic and conditional. At design time, Service providers may not know how users may eventually consume the Services. Making trust explicit, therefore, is a key requirement for SOA, while establishing a dual-level of coarse and fine-grained entitlements is critical for efficiently supporting the security needs of large groups of Services from diverse application sources.

SAIC, a systems integrator with over 37 years of serving public and private sector clients with some of the world’s most demanding security requirements, is applying its expertise and investing heavily in SOA. As a result of their extensive research involving multiple technologies and vendors covering client application authentication, XML Security Appliances, and application server platforms across a variety of SOA scenarios, SAIC has developed a general architecture for SOA Security which provides centralized coarse-grained authorization and access control, while implementing fine-grained authorization at the service level.

Recently applying that experience to a pioneering installation serving a multinational oil and gas company, SAIC has implemented a scalable SOA solution and SOA security architecture for B2B collaboration that interoperates across a diverse internal environment with multiple standards for enforcing security.

Software AG CentraSite Community

Written by Tony Baer, Associate Analyst, ZapThink.

Governance is drawing significant attention from the boardroom down as a result of heightened regulation, increased competition, and constant change in the marketplace. There are two faces to SOA governance. On one hand, SOA governance simply means governing a SOA implementation initiative—for example, communicating corporate policies to developers implementing Services, and giving them the tools they need to follow those policies as they assemble the various elements of the SOA implementation. On the other hand, there’s a broader, more strategic definition of SOA governance: IT governance in the context of SOA.

Software AG takes a big picture view to SOA governance, based on the premise that SOA governance extends well beyond the governing of Web Services. It believes that the extensible nature of SOA requires a similarly extensible strategy to governance. Software AG has established the CentraSite Community as its strategy for providing a SOA governance solution that customers can adapt to their unique business and technology needs. Organizationally, the CentraSite Community promotes shared wisdom through its collaborative online presence. Architecturally, Software AG CentraSite registry/repository supports the community through its extensible data model and broad standards based approach. Because the CentraSite Community does not impose a one-size-fits-all governance solution, customers can implement the right governance recipe to meet their unique business needs.

SOA: Building the Roadmap

Written by ZapThink Associate Analyst Tony Baer.

By now, most Information Technology (IT) organizations have become aware of the potential of Service-Oriented Architecture (SOA) to pierce through those silos. Just as Rome wasn’t built in a day, implementing SOA should be an incremental, iterative process that should start modestly. Your first foray into a SOA implementation should be through a pilot project, where your organization has the opportunity to conduct an evaluation to determine whether to make further investments. The goal is gain experience while mitigating the risks. Consequently, the scope of the pilot should be limited. Choose a handful of Services that will make a difference, and that people will notice.

Governance is essential. Lacking governance, SOA projects become yet another example of undisciplined software development. As your organization becomes more experienced with SOA, it eventually learns to compose business Services bridging those silos, and gradually becomes more efficient to the point where SOA supports business processes to the point where you can continuously optimize your business.

From a starting point of point-to-point integration, organizations evolve to developing more flexible dynamic couplings that exploit far more effectively the Services that they have exposed. At that point, governance becomes essential if SOA is to evolve beyond isolated, discrete connections to support an environment where Service contracts drive development, Services become composable, and the agility that SOA promises becomes reality.

The Value of SOA Governance

The definition of corporate governance is creating, communicating, and enforcing policies in a corporate environment. Governance is the key to balancing executive control with employee and customer empowerment across the enterprise. While many corporate governance activities don’t directly involve the information technology (IT) department, the enterprise does call upon IT to provide tooling for automating policy creation and enforcement, when it’s possible to represent policies in a machine-understandable format.

Service-Oriented Architecture (SOA) is an approach to organizing IT resources to meet the changing needs of the business in flexible ways. Governance is an essential part of any SOA implementation, because it ensures that the organization applies and enforces the policies that apply to the Services that the organization creates as part of its SOA initiative. But more importantly, organizations can leverage SOA best practices to represent policies broadly in such a way that the organization can achieve better policy management, flexibility, and visibility into policy compliance across the enterprise.

The SOA Governance Timeline

Governance consists of creating, communicating, and enforcing policies in a corporate environment. In many ways, it is the key to maintaining the balance between executive control and employee and customer empowerment.

Implementing SOA requires governance in order to ensure that the organization applies and enforces the policies that apply to the Services that the organization creates as part of its SOA initiative. But more importantly, organizations can leverage SOA best practices to represent policies broadly in such a way that the organization can achieve better policy management, flexibility, and visibility into policy compliance across the enterprise. Because of these two characteristics, enforcing policies and leveraging SOA best practices, it is critical for all organizations to deploy SOA governance as soon as they begin their SOA initiative.

With its acquisition of Mercury and its Systinet division, HP has propelled itself into a leadership position in the SOA governance space. HP is well-positioned to help its customers leverage SOA for IT governance, and more broadly, for corporate governance.

Using SOA to Accelerate New Business Growth

Written by Tony Baer, Associate Analyst, ZapThink.

Founded in 1895, Kansas City Life Insurance Company serves over a half million policyholders across the continental U.S. with a mix of individual life, annuity and group products. Selling through a network of 1400 independent agents, Business to business (B2B) partnerships have always been a way of life for this midsized insurer. As customers are gaining more choices, selling life insurance has grown more competitive. Kansas City Life responded with an innovative strategy that leveraged its core competency: It expanded its ability to sell life insurance products by creating a new channel that enabled Property & Casualty (P&C) insurers to sell Kansas City Life’s products through their existing agent networks.

The challenge, however, was that Kansas City Life could not impose its agent management structures on its new P&C insurance partners. The company needed a seamless way of integrating new agents into its adminstrative systems and Web portal. Having made the commitment to Web services and SOA, it looked to DataDirect to help create interoperability between its mainframe CICS environment and its distributed .NET Web services that powered its agent portal.

SOA provided the infrastructure flexibility needed to allow Kansas City Life to rapidly assimilate agents from new partner P&C insurers, expanding its business into new areas with reduced IT costs and faster time to market.

Case Study commissioned by DataDirect Technologies.

BPM the SOA Way

Successful businesses are built on great products or services, operational efficiency, excellence in satisfying customers, well-honed sales and marketing efforts, and leveraging relationships with suppliers and partners. To respond to changing market forces that impact these efforts, companies don’t necessarily change the product or service itself, but rather the process they use to serve their customers. However, building an agile infrastructure that supports process needs from beginning to end and top to bottom while allowing for frequent and ad hoc changes presents many challenges to the business.

Enterprise applications typically provide only a siloed approach to business process management (BPM) and are inflexible in the face of process change. To achieve true business agility, organizations must separate the processes from the underlying applications using an architectural approach that abstracts the application functionality as Services so that the business can compose those Services into composite applications in a flexible manner. We call that architectural approach Service-Oriented Architecture (SOA).

To be successful with SOA, organizations require a BPM suite that includes a SOA platform to support the Services as well as the compositions of those Services. Software AG’s Crossvision Suite is well-positioned as a BPM-savvy SOA platform that can help organizations achieve their vision of agile business processes.

This paper was coauthored with Patti Jefferies, Director, Product Marketing, Software AG

The Critical Need for Entitlement Management in SOA

Entitlements are the corporate, industry and contractual rules that determine access privileges to resources for a specific individuals, groups of individuals, applications, or even Services. Entitlement Management is the administration, enforcement, auditing, and review of policies for determining whether a particular entity is entitled to take a particular action or access a particular bit of information, given the context of the request. Because entitlements are a form of policy, Entitlement Management is a form of policy management, which is an integral part of SOA governance for those organizations who are implementing Service-Oriented Architecture (SOA).

Securent’s Entitlement Management Solution provides scalable, flexible Entitlement Management functionality that extracts and loosely couples access control from underlying individual applications, providing policy enforcement at a finer level of granularity, and with greater precision, than any Web Single Sign-On approach to access management. Furthermore, since Securent exposes its Entitlement Management capabilities as standards-based Services, any organization implementing SOA can include Securent’s capabilities as an integral part of their SOA rollout.