Monday, May 25, 2009

SOA Visibility

This video shows how VordelReporter provides visibility on SOA traffic, including service response times and usage patterns. You can drill into particular services, in order to see reports on usage, uptime, and response times. New in v5.2, you also can view the Real-Time Monitoring statistics, live on the screen.

Friday, May 15, 2009

(SOA is Dead) is Dead?

Joe McKendrick blogs about the report from Randy Heffner at Forrester about perceptions of SOA methodology (e.g. "only one percent of current SOA adopters say they have received little or no benefit from the methodology").

The key word in the paragraph above is "methodology". There has been cynicism of SOA in organizations where products such as Registries or Agent-based SOA Governance tools were put in place, but then were not used or, if they were used, did not perform. That is the fault of thinking "let's buy this product and then we are doing SOA". However, SOA is a methodology. Breaking out re-usable components, and then creating services which can actually be used by other application is the key. There is a widespead agreement that SOA is a good methodology. But throwing registries or agents at the architecture doesn't help, without this methodology in place.

The other reason for cynicism has been the proliferation of SOA "silos" within larger organization. For example, in the government area, there has been a tendency to say "SOA is great, we'll have 100 of them". And then those silo-ed SOAs do not link together. That's where XML Networking products like an XML Gateway come in, by providing the backbone for SOA. That also allows SOA methodology to be effectively applied not only in silos, but across the organization.

Thursday, May 14, 2009

White House mandate for Cloud Computing

The White House has released a budgeting document which includes a mandate for US Federal Govt usage of Cloud Computing. The document notes that "Businesses facing market pressures from which the Government is more insulated are forced to innovate, adopting emerging technologies with agility, to achieve maximum efficiency. Where appropriate, the Government needs to adopt innovations with the same agility."

I've added emphasis to some of documents recommendations on Cloud Computing:

Pilot projects will be implemented to offer an opportunity to utilize more fully
and broadly departmental and agency architectures to
identify enterprise-wide common services and solutions,
with a new emphasis on cloud-computing. The pilots will
test a variety of services and delivery modes, provisioning
approaches, options, and opportunities that cloud computing
brings to Federal Government. Additionally,
the multiple approaches will focus on measuring service,
cost, and performance; refining and scaling pilots to full
capabilities; and providing financial support to accelerate
migration. These projects should lead to significant savings,
achieved through basic changes in future Federal
information infrastructure investment strategies and
elimination of duplicative operations at the agency level.

Cloud-computing is a convenient, on-demand model for
network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications,
services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction.
The cloud element of cloud-computing derives from
a metaphor used for the Internet, from the way it is often
depicted in computer network diagrams. Conceptually
it refers to a model of scalable, real-time, internet-based
information technology services and resources, satisfying
the computing needs of users, without the users incurring
the costs of maintaining the underlying infrastructure.
Examples in the private sector involve providing common
business applications online, which are accessed from a
web browser, with software and data stored on the “cloud”
provider’s servers.

Implementing a cloud-computing platform incurs different
risks than dedicated agency data centers. Risks
associated with the implementation of a new technology
service delivery model include policy changes, implementation
of dynamic applications, and securing the dynamic
environment. The mitigation plan for these risks depends
on establishing a proactive program management office to
implement industry best practices and government policies
in the management of any program. In addition, the
Federal community will need to actively put in place new
security measures which will allow dynamic application
use and information-sharing to be implemented in a secure
fashion. In order to achieve these goals, pilot programs will
provide a model for scaling across the Government.

It is good that the risks are being noted up-front. But, it seems to me like a "jump over to the cloud" approach - rather than identifying current government applications and surgically adding Cloud Computing components to them. For some of the pilots which the document mentions, I'd like to see examples of current applications which are made more "elastic" (adding capacity quickly) or more cost-effective through the usage of Cloud Computing. It can't be only "let's create pilot programs which are only Cloud-based". I've written about this model - combining traditional applications with the Cloud - here in this IBM DeveloperWorks article: Connecting to the cloud, Part 1: Leverage the cloud in applications (and Part 2 of the IBM DeveloperWorks series, which includes a sample application and source code). This is the kind of thing I'd like to see the govt doing.

And what about interoperability between Cloud platforms? "Imagine a federal mandate advocating cloud interoperability among any federal cloud vendors?" - Bob Marcus of the OMG, quoted by Reuven Cohen:

Tuesday, May 12, 2009

Breaking the rules

The first sentence of Malcolm Gladwell's piece in this week's New Yorker on "When David beats Goliath - When underdogs break the rules" starts:

"When Vivek Ranadivé decided to coach his daughter Anjali’s basketball team, he settled on two principles."

At this point, like any tech professional, I thought "Is that Vivek Ranadivé from TIBCO?". And, when I flicked a couple of pages further to check, sure enough it is Vivek Ranadivé the CEO of TIBCO.

Well worth reading the article. Gladwell talks about how the "full press" strategy for basketball, while not pretty, can unsettle more skilful opponent team and allow the underdog to win. Gladwell uses a number of analogies, such as Laurence of Arabia's campaign against the Ottoman Empire, though I'd say a glaring omission is Jack Charlton's "Put them under pressure" strategy for the Republic of Ireland team in the Italia '90 World Cup campaign. That strategy was based on harassing the other team into losing the ball, and generally closing down the other team and not letting them play. It meant that the Irish team did much better than expected, reaching the quarter finals versus Italy in Rome. However, the strategy fell down when the other team didn't play (witness the notorious game versus Egypt) but it generally worked well. But, as Gladwell asks, what if every team did this? I think the secret is practice, attitude and training, something which is a common thread with Gladwell (that practice, training, and attitude trump talent - e.g. the Beatles spent a year performing 8-hour sets in Hamburg in order to hone their art). Not every team gets the attitude right, and that's what Ranadivé instilled.

Friday, May 8, 2009

CSO Magazine on Vordel rollout for SOA Security in the banking sector

Check out CSO Magazine's profile of how EBS Bank uses Vordel its SOA. In addition to the online story, there is a podcast / audio recording of an interview with David Yeates, whose responsibility it was to secure the SOA infrastructure.

There is a wealth of great information and advice in this case study. For example:

- "...the internal network has also to be considered a dirty environment."
- "A process-driven development creates dynamic applications where business processes can be easily created and changed. This presents major change management, service management and compliance challenges for an organization. Transactional security becomes very complex, very fast."
- "The strongest approach was to embed security within the services infrastructure itself, provide consistent security policy enforcement and to protect all endpoints, not just the perimeter."

More on why Vordel was chosen to secure this infrastructure, on Page 2 of the CSO Online article.

Get the Podcast