Service-Oriented Architecture Fundamentals

Presentation delivered at Mercury World on October 10, 2006. This one-hour presentation includes an introduction to SOA, building the business case for SOA, and some recent thinking on SOA quality and management. File is presented in pdf.form.

HP buys Mercury, positions itself for SOA management

When the $4.5 billion deal is completed later this year, HP will gain Mercury’s software management technology plus the Systinet Registry, which Mercury acquired this past January. Assuming that HP can successfully integrate the Mercury and Systinet products into its OpenView management architecture, it will be positioned to compete with IBM Tivoli and Computer Associates, said Jason Bloomberg, senior analyst with ZapThink LLC.

“It’s now the battle of the Titans, HP versus CA and IBM Tivoli, to see who can put together the most complete, service-oriented enterprise IT management (EITM) story for the enterprise,” the analyst said.

“CA is well on its way to reworking its entire product line to take advantage of the CA Integration Platform, essentially an ESB that enables their products to interact via services as part of a service-oriented product architecture,” Bloomberg explained. “Under OpenView CTO Mark Potts HP has also been reworking its OpenView architecture along SOA lines. With the Mercury acquisition, HP now adds full lifecycle management to the mix and what will likely turn out to be the gem of the deal, the Systinet Registry — HP’s answer to IBM’s new registry/repository product. The war is over EITM, but the battle zone is shaping up to be SOA governance.”

Read more at: SearchWebServices

HP to buy Mercury Interactive for $4.5B

Jason Bloomberg, an analyst with ZapThink LLC in Baltimore, said that the deal now creates a battle of the titans between HP, CA and IBM to see who can put together the most compelete enterprise information management offering. He said the battle zone is shaping up to be over service-oriented governance.

“With the Mercury acquisition, HP now adds full lifecycle management to the mix, and what will likely turn out to be the gem of the deal: the Systinet registry, HP’s answer to IBM’s new [Web services] registry product,” Bloomberg said.

Read more at: ComputerWorld

HP’s Mercury Buy Boosts SOA Play

Ronald Schmelzer, a Baltimore-based analyst with ZapThink, said the HP acquisition of Mercury makes it “clear that governance and the registry are becoming a key part of companies’ enterprise architectures, so much so that it makes sense to incorporate those capabilities as part of the overall enterprise systems management and infrastructure that companies come to depend on today.”

In particular, SOA is driving many companies to adopt common strategies for governance and management in a world of increasing heterogeneity, Schmelzer said.

Moreover, Schmelzer said that for HP to continue to play in the enterprise system management and enterprise architecture space, they need to have a strong story around governance and heterogeneous systems management.

“The purchase of Mercury goes a long way to meeting these specific requirements because they recently purchased Systinet and they have significant capabilities for SOA governance, registry and repository, and policy management,” he said.

In addition, Schmelzer said he believes the move enables HP to tackle the entire service life-cycle.

Schmelzer said before the Mercury acquisition, HP “primarily had capabilities [that came into play] once applications were deployed. With Mercury and Systinet under their belt they can credibly approach the design, test and deployment phases of the life-cycle and not just deployment and management.”

Read more at: eWeek

Rogue services lurk in SOA

Jason Bloomberg, a senior analyst at ZapThink LLC., and another voice warning against rogue services, describes the worst case scenario this way: “Think of a laptop with personal customer information left in a taxi, only now it’s left in a Web service accessible from the Internet. Just as serious.”

This governance view is shared by ZapThink’s Bloomberg, although he finds that not only are rogue services a “very real problem,” but also a present danger.

“We’re seeing them all over the place,” he said, sharing the concerns of Foody. But reflecting Erickson’s view, the analyst argues that it is first of all a management and governance issue.

“These services often don’t have the appropriate management infrastructure in place to ensure their reliability and availability, impacting their loose coupling, and they are also ungoverned, which means they can potentially violate corporate policies of various sorts,” Bloomberg said.

But a second part of the problem in the analyst’s view is the proliferation of Web services by organizations that believe that they are doing SOA when they may only be creating IT chaos.

“Some companies think that all they have to do is build enough services and they’ll grow themselves an architecture, which is the furthest thing from the truth,” Bloomberg said. In his view this ungoverned production of Web services not only creates potential rogue services, but because they are unknowns, they often provide redundant capabilities that defeats the purpose of reuse in SOA.

Read more at: SearchWebServices

Mercury Snaps Up SOA Provider Systinet for $105 Million

Ron Schmelzer, a senior analyst at Zapthink, told the E-Commerce Times that the Mercury acquisition is significant because it marks a year of consolidation in the governance space, a hot area within SOA.

“SOA is gaining momentum as a way to build applications out of reusable composable component services within an organization,” Schmelzer said. “The more we try to combine services, the more we have to know what we are doing so that we are not combining services that shouldn’t be combined.”

Schmelzer said the governance space, which offers solutions for managing people and operations in compliance Free Trial: Eliminate IM compliance and security threats with policy and enforcement. with regulatory requirements, has finally reached a tipping point. Large vendors like IBM (NYSE: IBM) Latest News about IBM, BEA (Nasdaq: BEAS) Latest News about BEA Systems, and Oracle (Nasdaq: ORCL) Latest News about Oracle, he added, are looking for an answer.

“Large vendors are either going to have to build it or buy it,” Schmelzer predicted. “These smaller vendors have done such a good job maturing their products that they are all ripe for consolidation. Not just Systinet, but also LogicLibrary, Infravio, and a few others.”

Read more at: E-Commerce Times

ZapForum Webcast: Implementing a Reliable SOA Lifecycle

Guest Experts: Michael Morris, CTO, MW2 Consulting, and Avrami Tzur, Senior Director SOA Strategy, Mercury

Topics:

Audience will learn:
• Learn how to identify points of reliability and assess your SOA using new best practices and approaches.
• Learn an SOA Blueprint that might help you quickly implement SOA solutions that deliver …
  

Business in the driver’s seat

“It is an emerging market, and vendors approach it from different angles,” says Jason Bloomberg, an analyst at ZapThink LLC, an IT research and consulting firm in Waltham, Mass. An effective, full-fledged IT governance product must perform four functions, he says. “It must provide a way for management to communicate its policies. It must give rank-and-file employees a way to implement the policies. It must give management visibility into whether the policies are being followed. And it should include mitigation techniques, so if there is a problem, there is a way to fix it,” he says.

Read more at: IDG.se

Testing & QA in the Web Services World

Jason Bloomberg of Zapthink adds, “The silo problem is more complex than just operational security people on one hand and developers and QA on the other. The way people are approaching security is changing. You can no longer rely on a barrier-type metaphor – inside trusted, outside not trusted. That approach no longer works. The traditional barrier approach operates on the OSI stack, and that’s entirely inadequate for dealing with SOA security. XML can come in, but it’s just text. The traditional firewalls just don’t know what’s inside the message. The security issue impacts content-aware networking – message assembly, encryption, decryption, forwarding, etc. – that is part of the SOA architecture.” And all of that needs to be tested.

Zapthink’s Bloomberg observes that adoption of Web services and service-oriented architectures has taken longer than expected. In his view, customers are still struggling with testing in SOA environments. “If all you’re thinking about is Web services themselves (standards-based interfaces) – you send it test data, load-test it, etc. – that’s a no-brainer and involves traditional testing disciplines. But when you talk about SOAs, that’s something altogether different.” Back in 2002 Bloomberg and Zapthink developed a timeline outlining their expectations for what would be required. (See the updated version of the timeline, reflecting slower-than-anticipated adoption rates.)

Bloomberg notes that governance has two sides. “If you have an SOA, you want to handle governance in a service-oriented fashion, but you have to build the right governance policies as well.” Governance has an IT operational perspective as well as a business perspective.

Read more at: Software Magazine

SOA melds design and runtime testing

Testing Web services by themselves, or software with a simple Web services wrapper, is straightforward, said Jason Bloomberg, a senior analyst at ZapThink LLC. “The challenges come when you start thinking about Web services in the context of a service-oriented architecture,” he said.

“In an SOA with multiple services, you look at meta data associated with those services — whether that’s a registry or a repository of services information — and you test the functionality not of the individual service, but whether you’re handling versioning properly, [for example].” “These runtime questions blur into design-time questions.”

Traditionally, the software world thinks of design as development-centric, and runtime as operation-centric, Bloomberg said. “With SOA that distinction blurs: You’re updating services on an ongoing basis, you have all the issues of operations testing and management, you’re still doing development work and now development work breaks into infrastructure stuff. You’re still doing component-based testing, but you have application development done at the process level, with composite applications built out of services.”

Bloomberg said: “[Ultimately,] design versus runtime [testing] is two sides of the same coin. You have to make sure the code is working, but you also have to make sure the services and operation are working, too.”

Read more at: SearchWebServices