Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
10 Teps to SOA
1. TEST CENTER EXCLUSIVE JON UDELL
Systinet’s Next-Generation Here at Last: SQL Server 2005 Innovation Toolkits
Services Registry p56 and Visual Studio 2005 p14 for the Masses p55
®
November 7, 2005 b Issue 45 GET TECHNOLOGY RIGHT ®
Creating a service-oriented
architecture that drives true
business agility demands a plan.
Here’s where to start
p23
i INFOWORLD.COM
2. Service-oriented architecture
begins and ends with business process, marshaling
a sprawling set of technologies along the way.
Don’t know where to start? Try Step 1.
SOA is an idea, not a technology. INFOWORLD SOA EXECUTIVE FORUM SPECIAL ISSUE
True, SOA (service-oriented architecture) builds on the stack 24 Step 1: Think Big, Start Small
of protocols that define Web services, but it is hardly limited 25 Step 2: Go to the Whiteboard
to that stack and draws as much on time-honored notions of 25 Step 3: Survey Your Surroundings
business “re-engineering” as it does on XML, SOAP, and 28 Step 4: Connect Your First Services
WSDL. Simply put, SOA is a broad, standards-based frame- 32 Step 5: Choose and Deploy a Registry or Repository
work in which services are built, deployed, managed, and 32 Step 6: Start Tackling Governance
orchestrated in pursuit of new and much more agile IT infra- 34 Step 7: Lay Your Security Plans
structures that respond swiftly to shifting business demands. 36 Step 8: Build Out Your Messaging Infrastructure
The breadth of that vision is what makes SOA seem so mad- 38 Step 9: Deploy Service Management
deningly vague. Nonetheless, the potential benefits of 40 Step 10: Consider Orchestration
reduced IT costs and greater business agility have spurred PLUS:
many organizations to start down the path to SOA, to the 45 Making SOA Work
point where most large enterprises now have some sort of 46 BAT Builds SOA One Step at a Time
SOA initiative under way. One reason for that extraordinary 48 Sabre Answers to Customer Demands
traction: SOA may ultimately have a transformative effect on 50 Thompson Prometric Rethinks Business Processes
the entire enterprise, but in contrast to other “big bang” 51 Verizon Goes Back to the Workbench
endeavors, most of the applications and infrastructure you’ve
already deployed can remain in place. BY ERIC KNORR AND OLIVER RIST
Throughout the past two years, InfoWorld has interviewed ILLUSTRATIONS BY RON CHAN
INFOWORLD.COM 11.07.05 23
3. countless enterprise architects, developers, and officers who already have a close relationship, or should you mix and
are guiding their organizations toward SOA deployment — match best-of-breed solutions? And, as with any standards-
and who are learning hard lessons, gaining insight, and based initiative, what do you do when many of the standards
encountering infuriating technology gaps along the way. necessary to achieve the real benefits aren’t fully cooked yet?
Many are already enjoying SOA’s early benefits of easy inte- Such questions lack easy answers, and missing pieces of
gration and code reusability. Based on their experiences, and technology, industry disagreements, and vendor lock-in all
the advice of industry technologists and analysts, we offer this threaten to dampen SOA’s much-ballyhooed benefit of hyper-
step-by-step guide to planning, building, deploying, and man- agility. Nonetheless, you’ll find most of the key concepts
aging an SOA. underlying SOA, a number of which may be familiar, right
As you’ll see, SOA provokes many of the same questions here — although not necessarily in exactly the right order for
that dog most grand IT schemes. Should you buy and deploy you. Just as with SOA itself, how you put it all together
SOA-related technology from a single vendor with which you depends on what you’ve got and where you want to go.
1 Think Big, Start Small
SOA starts with a business promise: to enable enterprises to
re-engineer themselves on the fly. From the outset, look for
opportunities for agility. The more dynamic the business, the
more it will benefit from a well-implemented SOA. And the
more allies you have who share the SOA vision, the better. In
particular, it helps to have powerful part-
ners in your company’s business
management who understand the
critical legacy applications as services, providing access to
important data and functionality to other applications for the
first time. Or they use shared services to eliminate redun-
dancy among several difficult-to-maintain stovepipe applica-
tions that overlap in functionality.
Such projects may yield significant benefits, but SOA deliv-
ers the most value — and will scale far better in the future —
when you begin by drawing a box around a set of related
ultimate payoffs of cost reduction business processes that need streamlining, rather
and accelerated response to than attacking technology problems first. Scott
change across the organization. Thompson, senior architect at H&R Block,
“We’re actually kind of fortu- puts it this way: “We had to switch our
nate in that we don’t have to sell mentality from just rendering data and
SOA,” says Ben Moreland, assistant just making a service out of it because
director of foundation services at The we could, to asking: What’s the busi-
Hartford, which got its SOA initiative ness problem that we’re trying to
rolling a few years ago. “Our senior solve, and what applicability does that
vice president, John Chu, recog- business problem have to other
nized the benefits and the areas of the organization?”
value of SOA.” Jean-Michel Van Lippevelde,
This shared vision may be vast, but it pays business architect at Accelior Consulting, has
to start small. “Don’t try to do ‘boil-the-ocean’-type reached the same conclusion. “Take a top-down approach
projects,” advises Ed Horst, vice president of marketing at from a business-process perspective,” he advises. The results
AmberPoint, who has watched overly ambitious initiatives can be highly visible, as they were in Accelior’s engagement
falter. “I think the most successful initial projects we’ve seen with ING Lease Belgium, which targeted a request-for-quote
are those that are small in size — about six to 10 services that process that included automatically generating contracts.
integrate two or three things and take around six months to Before, the process typically took days. But after streamlin-
complete.” ing the process, provisioning services, and automating for-
Many organizations start by provisioning a few mission- merly manual steps, the wait time was reduced to minutes.
24 INFOWORLD.COM 11.07.05
4. “I think the most successful initial projects
we’ve seen [involve] about six to 10 services that
integrate two or three things.”
— Ed Horst, AmberPoint
2
Go to the Whiteboard
You can’t expect to dissect business processes and see what
makes them tick all by yourself. In collaboration with busi-
ness stakeholders, review and rationalize the processes in the
domain you’ve identified. Often, much of the heavy lifting will
be done by the business guys, as they
scratch their heads and figure
out how to restructure process-
es — and you determine the
in line for our attention.”
Timothy Vibbert, senior systems engineer at Lockheed
Martin, takes a like-minded approach. In providing profes-
sional services to government agencies, he’s logged an impres-
sive amount of whiteboard time. “We go through full domain
decomposition before we even think about services,” he says.
At the same time, “you also start looking at what is out there
that you might be able to reuse. And then you go into mission
breakdown collaboratively and or process identification, getting down to a spe-
decide where new automation cific thing you want to tackle.”
can make a difference. After the scope is defined, Vibbert says,
“We started our process map- it’s important to determine who the par-
ping by meeting with each agency ticipants will be. “And once you define those,
individually,” says Dan Thomas, direc- you start building use cases. Then you start
tor of the DC Stat program at the Office of decomposing the use cases. And then you get
the Chief Technology Officer in the District into resource allocation and data allocation,
of Columbia. Thomas’ ambitious program start naming your services at a high level,
is tying together the data repositories of and also talk about the data that
65 separate D.C. government agen- flows,” he says, emphasizing that
cies to give senior officials trans- these steps are iterative, with
parent, up-to-the-minute informa- multiple passes required to cre-
tion with which to make policy ate the right plan of attack.
decisions. Every SOA initiative is unique, so the duration of
Thomas’ team met with each agency to map out its the planning process varies wildly, but Vibbert provides a hint
data-gathering policies and to find out how that data was dis- of how long you’ll be sniffing dry-erase marker: “If you
tilled for presentation. “It’s a time-consuming process,” he already have some pieces of an SOA in place, you can trim
says, “but we didn’t try for all 65 agencies out of the gate. We down the time frame relatively quickly. An SOA from scratch
pared it down to a manageable number. Now they’re getting … it could take months if not longer.”
3
Survey Your Surroundings
Here’s where all that process work starts to meet technologi-
cal reality. Before you implement, look carefully at what you
have in place to leverage. A basic tenet of SOA, particularly
in its early phase, is to work with what you’ve got when pos-
sible but to avoid locking yourself into practices or technolo-
gies that will stymie future interoperability or expansion.
Taking inventory is a multistage process. First, you need to
document the data sources and existing applications that will
be involved in your initial deployment — remembering to
identify partner services outside the firewall that you may
need to connect with and to catalog those services as careful-
ly as you do internal ones. Second, take stock of technology
you have on hand that will play a role in your SOA. Yes, this is
a big job, and no, it’s not necessary to complete it before mov-
ing toward an initial project. But neither can it be ignored if
SOA, rather than a limited project, is your goal.
INFOWORLD.COM 11.07.05 25
5. “Take a top-down approach from a
business-process perspective.”
— Jean-Michel Van Lippevelde, Accelior Consulting
An SOA involves a sprawling set of technologies. The short If you’re not an SOA expert and are leery of hiring a con-
list: tools to build or provision those services; a registry in sultant, don’t despair. There’s no need to run to the Learning
which to expose them; a messaging infrastructure over which Annex for a crash course. Get as far as you can. If your enter-
services and applications will communicate; a means of prise consists of little custom code and mostly off-the-shelf
orchestrating services; and some sort of services management software, contact your software vendors one at a time. Ask
involving intermediaries. Application-layer net- about their SOA plans and capabilities. Often, you’ll be
working may also play a role, and down the road, pleasantly surprised by their direction — and you may
so may BPM (business process management) obtain valuable information that will affect project
and BAM (business activity monitoring) scheduling and future
applications. You’ll also want to take platform choices.
a hard look at the Web services “We moved our
interfaces of your commercial product portfolio
enterprise apps. towards SOA specifi-
That’s quite a stack of stuff, cally because our cus-
but you don’t need to make tomers asked us to,”
sweat-inducing technology deci- says Dwain Kinghorn,
sions about what you’ll change, add, or CTO of Altiris, a large manufacturer of
keep quite yet. You’ll be busy enough figur- asset, network, and security management
ing out how to map and normalize data among platforms. “It allows our customers to free
the systems involved. As Timothy Vibbert of Lockheed notes, themselves from our management consoles. They can now
data among various systems can be “defined 15 different ways, grab specific pieces of management data and incorporate
15 different times for the same data element.” Reconciling that those into any SOA-based management dashboards they may
metadata is hard, tedious work. have developed on their own.”
4 Connect Your First Services
Time to get your feet wet. Take that whiteboard map and
focus on one area as a pilot project. Identify a key point of
redundancy in your set of related applications, spec out your
first service, decide who will build it with what tools, and start
provisioning. After testing, you can start modifying apps to
call your new, shared service.
What basic characteristics should a service have? Timothy
Vibbert of Lockheed lists them: “They’re reusable, they have
and so the reusability of those wasn’t quite as high as what
we had liked it to be,” he says. “So we’ve gone back and
redesigned a lot of our services to be more reusable, not only
to a specific project but really more in tune with the business
purpose that they were designed to serve.”
Several stovepipe applications, for example, may have their
own way of opening a customer account. Create a single
coarse-grained service that each application can call on to
a contract, they’re loosely coupled, they’re stateless, and open an account, and you eliminate redundancy and reduce
they’re discoverable.” Most SOA practitioners would add that application maintenance. Along the way, you may be able to
a service should also be “coarse-grained” — that is, it should glean other benefits: better compliance information, more
map to a business process step or function rather than, say, security across a single repository rather than multiple data
an application component. This helps ensure reusability and dumps, and better Web site management.
avoids overlap with other functionality. Typically, services are published as Web services — which
Scott Thompson of H&R Block learned the value of the promises the greatest potential for reuse because the stan-
coarse-grained approach the hard way. “I think in our early dard protocols that define Web services are designed to tran-
design, we tended to develop services that were more in tune scend platforms and programming languages. In practice,
with our object layer than they were true business services, however, SOAs typically expose other types of services, such as
28 INFOWORLD.COM 11.07.05
6. “We moved our product portfolio
towards SOA specifically because
our customers asked us to.”
— Dwain Kinghorn, Altiris
those accessible via JMS (Java Message Service). cation servers, on Windows Server, or provisioned on
How do you decide what type of service to use? “One thing legacy systems themselves — and thanks to Web ser-
it depends on is the payload,” Lockheed’s Vibbert says. vices interoperability, your developers can generally
“If the messages you have going back and forth have choose their favorite tools and platforms for
relatively small data sizes, Web services are fine. provisioning. “One of the things that a service-
Or if it’s not time-critical, Web services are probably oriented architecture gives you is the benefit
the best choice. But if you’ve got things that of rendering that decision secondary,” says
involve large amounts of data going Charles Stack, CEO of open source reg-
back and forth or are time- istry provider Flashline. “You can
critical, you might not change deployment platforms
go with a Web service” at the service level without
and instead build affecting your service-ori-
a service accessible ented architecture. Ser-
through JMS or some other vices abstract that very
binary protocol. infrastructure level. It’s much less of a
Services can be deployed on Java appli- strategic decision than that sort of thing used to be.”
7. 5 Choose and Deploy a Registry or Repository
Many organizations mark the beginning of their SOA initia-
tive at the point when they deployed a registry as a
mechanism for service discovery. At a minimum, a
registry prevents duplicative effort, a place where
developers can determine whether a service has
already been created. As Timothy Vibbert of
Lockheed notes, “It could just be a Web site
that lists [services]. It may be manual dis-
mainly to have a more structured way to store and manage
service metadata. To complicate matters, the distinction
between “registry” and “repository” is rather slip-
pery. The common definition is that a registry
contains data about services — where they’re
located, XML schemas, and so on — whereas a
repository contains the services
themselves. In truth, services still
covery, but they’re discoverable.” run on their deployment platform,
But as the number of services and the so repositories actually contain what
applications that use them grow, you’ll amounts to a deeper level of meta-
need a real registry. “We selected a UDDI data — plus, registries generally
registry in 2003 and put it in production offer repository capabilities. They
in 2004,” says Ben Moreland of The Hart- just don’t call them that.
ford. “We use it for the dynamic bind- Choosing a registry may
ing capabilities to give us the well be the first SOA-specific
loose coupling between the client buying decision you’ll face.
and the producer of the service.” And it may also be the first time
Most SOA deployments employ you encounter the fundamental choice between
some sort of commercial registry or repository that offers a single vendor’s offering and best-of-breed SOA solutions.
deeper functionality than that defined by the UDDI spec, All the big platform players, including BEA Systems, IBM,
6 Start Tackling Governance
Registries are more than just containers in which services can
be described by metadata and discovered by clients and other
services. They are also centers of SOA governance, where IT
can list human service owners, manage versioning, ensure
compliance with enterprise requirements, and more. The
sooner you start thinking about how governance will work,
the better.
Governance is best defined as a combination of workflow
your business,” says Randy Heffner, vice president at Forrester
Research. “They deserve attention and governance as much
as the design of your business does.”
SOA is fundamentally a new paradigm of IT, according to
a technology exec at a major financial conglomerate who
asked not to be named. “When you increase dependency and
complexity, it presents a whole new set
of problems,” the tech exec says.
rules — who is responsible for what services, what happens “The more SOA is successful, the
when quality assurance uncovers problems, and so on — plus more management becomes a
management of service interface definitions. Those defini- problem.” This exec believes that
tions become an analogue of an IT org chart gradually trans- governance should be distrib-
formed by the disruptive effect of SOA. “The strongest way to uted rather than centralized,
look at your service interfaces is that they are the design of in a manner similar to the
32 INFOWORLD.COM 11.07.05
8. Microsoft, Oracle, and Sun have their own registries or repos-
itories. But pure-play vendors abound — including Above All
Software, Flashline, Infravio, SOA Software, and Systinet —
all of which boast a unique mix of capabilities. Depending on
the product, you may discover a wealth of stuff — graphic rep-
resentations of the relationships between WSDL and services,
identity-based security that limits access to certain services, a
rules engine to help manage service policies, and more.
When it comes to registries or repositories, David Aubrey
takes the single-vendor view. “If you’re using any kind of
framework, they’ll push a repository,” says Aubrey, senior
architect at KomatiSoft, a New York-based financial applica-
tion startup. “That’s one area, I wouldn’t try and force a third-
party alternative unless I absolutely had to. At least not today.
The key is interoperability with the framework and its rules
engine, and that’s what they’re guaranteeing. Bring in a third-
party solution, and you’re putting that whole synergy at risk.”
Not surprisingly, Flashline’s Stack takes the opposite view-
point. “If you’re building your infrastructure for a service-ori-
ented architecture on a proprietary vendor platform, I think
you’re making an enormous mistake,” he says. “We caution all
of our customers from the infrastructure standpoint to put a
premium on openness, because otherwise you’ll have the
worst case of vendor lock-in you’ll ever see.”
relationships among federal, state, and local government in
a democracy. And he means that literally: He is currently
studying The Federalist Papers for insight.
In 2004, The Hartford formed an enterprise architecture
group to put a “governance process around projects,” accord-
ing to Moreland. In the beginning, he says, the governance
process was all about communication. “We had
architects talking together for the first time that
were really solving the same problems, but in
different lines of business. Now we’re to the
point where we will actually stop a project if it
does not conform to the reference architec-
ture or the line-of-business blueprint. And
we have the authority from upper man-
agement to be able to do that.”
Moreland provides a specific exam-
ple of the types of problems good gov-
9. “If you’ve got things that involve large
amounts of data going back and
forth or are time-critical, you might
not go with a Web service.”
— Timothy Vibbert, Lockheed Martin
ernance can avoid. Recently, one business unit of The Hart- ‘I don’t have the funding or the budget or the resources to do
ford published a useful service in the proper SOAP format. A that. I’m tied up with other stuff,’ “ Moreland recalls. In such
different area of the business applied to use that service but a case, he says, good governance stipulates that the service in
also requested that the service return two additional data val- question should be owned by a group with a dedicated team
ues within the XML. “The owner of that first service … said, that can maintain and modify it for the entire enterprise.
7 Lay Your Security Plans
Years ago, when the industry began promoting Web services,
the first objection raised was: What about security? That’s
because, back then, the emphasis was on XML integration
across enterprise boundaries. By contrast, SOA tends to focus
on the architecture of a single enterprise — or closely related
enterprises — where the underlying assumption is that every-
thing occurs within one, big trusted zone.
“Many people have this sense of, ‘When I’m doing this kind
for securing XML messages beyond the time when they’re in
flight: WS-Security, which is perhaps the most often used
Web services specification after SOAP and WSDL. Today,
many enterprises combine WS-Security with SAML tokens
to assert user identity through every stage of a multipart
transaction — an especially useful solution for financial ser-
vices organizations.
Several other security specifications are in various stages of
of stuff inside the firewall, based on restricted network seg- development. WS-Trust is an extension to WS-Security that
ments or whatever else, I’m OK without a deeper sort of use ensures the service requestor is properly authenticated before
of security in my services environment’,” Forrester’s Heffner security tokens are issued. WS-SecureConversation extends
says. “But the time when everybody says, ‘I have to do some- the trust derived from positive authentication to groups of
thing with security,’ is an external connection.” messages. And WS-SecurityPolicy enables services to
Although SOA shifts the emphasis toward exchange security policies and to negotiate authentication
internal architecture, B-to-B integration with and authorization without user inter-
partners is a natural extension — and in many vention. None of these three specs,
cases a core benefit. Across firewalls, the solu- which will be fairly essential in a
tion can be as simple as a two-way SSL con- world where XML messages
nection. But before you jump to any tech- routinely cross domains, has yet
nology conclusions, Heffner advises that seen widespread use.
you first decide whether your enterprise is a “For us, this is another area
“hub” or a “spoke.” where we’re struggling through as
Hubs, says Heffner, can simply lay best we can until new standards
down the law. “If you’re a Wal- and practices emerge to make
Mart, then as a hub, you just say the job easier,” says Bob Laird,
what the architecture is going to be … because IT chief architect at MCI. Mean-
everybody’s got to do what you say.” For the rest of while, Laird is focusing on solid external defense
us spokes, “you’ve got to look at what your partners, the peo- systems, an effort that includes making his existing infra-
ple you’re going to connect to, what sort of security architec- structure security managers aware of new traffic flows and
tures they are doing. And then decide on the strategy of just transactions, and purchasing dedicated SOA defense hard-
pure edge security, so you’ve got an XML security gateway ware such as XML firewalls from Sarvega.
and can do authentication/authorization at that level,” or a “Something bad has to happen before SOA security tools
deeper level of security, where authentication travels along really start happening,” Laird says. “We’ll see XML-based
with XML documents as they move within the enterprise. attacks, maybe even viruses, hitting someone publicly — and
Fortunately, the industry has agreed on a simple framework that’s what it’ll take to galvanize the industry.”
34 INFOWORLD.COM 11.07.05
10. 8 Build Out Your
Messaging
Infrastructure
Your next crucial technology choice: how messages will be
sent or received among services and applications. With small-
scale SOA implementations, you can often get away with
direct, synchronous XML (most often, SOAP) connections
that essentially assume services will be available 24/7. As
deployments grow larger and more complex, however, asyn-
chronous, reliable messaging may be required — and because
different messaging schemes support this in different ways,
the danger of lock-in increases.
ESBs (enterprise service buses), EAI middleware from such
stalwarts as Tibco or webMethods, and application servers
from BEA, IBM, and Oracle enhanced with integration add-
ons all provide asynchronous, reliable messaging functional-
ity. All support a range of messaging protocols, including
SOAP, JMS (Java Message Service), and MQ (Message Queu-
ing), and offer application adaptors for legacy systems. Today,
however, each solution has its own way of ensuring the arrival
of messages, a situation that is unlikely to change even with
broad adoption of standards such as WS-ReliableMessaging.
ESBs occupy a particularly confusing area. As Ben More-
land of The Hartford says, "if you get 10 architects together,
you're going to get probably 11 different definitions of an ESB.
Some are going to say that it's an architecture pattern; oth-
ers are going to say it's a single product. Others are going to
say it's a suite of products." Even among ESB products, the
11. “The strongest way to look at
your service interfaces is that they are
the design of your business.”
— Randy Heffner, Forrester Research
InfoWorld Test Center encountered surprising diversity cost, and grow his SOA as IBM’s product set evolves. “And
(infoworld.com/3532). please don’t think we’re closing our eyes to ragged-edge tools,”
Most people have a natural tendency to stick with what he says. Laird indicates that MCI actually encourages its
they’ve got. Bob Laird at MCI provides a case in point. “We developers to try non-IBM tools as they emerge. Those that
wound up using WebSphere because we already had IBM become popular are purchased in small quantities first and
MQ installed,” he says. “It just made the most sense. Plus, it are integrated into specific projects. If they pass that test,
allows our developers to be eased into SOA concepts through they’re rolled out in larger numbers. “This way, we keep our
tools with which they’re already familiar.” options open while avoiding large-scale compatibility
Lockheed’s Vibbert says he encounters this tendency all headaches,” he says.
the time. Although he likes the lightweight, standards-based “Most companies that have a message-oriented middleware
messaging solution offered by the JMS-based Sonic ESB, he system in place are more likely than not to leverage what they
doesn’t try to convince clients to switch if they already have already have because it makes little sense not to use the robust
a deep relationship with another vendor providing similar messaging topologies that many of these companies have in
functionality. place,” Flashine’s Stack says. “So unless you don’t have one of
But some folks, especially smaller shops, take a dimmer those, it seems to me that the MOM [message-oriented mid-
view of the single-vendor default. “To us, flexibility is every- dleware] solutions are going to be the reliable messaging ser-
thing,” says Paul Lindo, a 13-year veteran of development at vice — and most have announced their intent to support the
the Federal Reserve and now CIO of a small New York-based reliable messaging protocols.”
development company. “What you get with a messaging sys- A technology exec at a major financial conglomerate offers
tem like MQ is a rehash of older proprietary technology with corroboration of this perspective. His company’s asynchronous
a new SOA spin. For us, sticking to straight Web services stan- messaging solution is a well-established EAI product, which
dards makes much more sense.” among other benefits provides the binary throughput neces-
MCI’s Laird concedes that relying on IBM may limit his sary for high-volume transactions. When asked his opinion on
choices in the long term, but he is willing to make that trade ESBs, he replies with a question: “Why should I go for a light-
in order to start with SOA today, enjoy a low initial platform weight JMS solution when I already have a heavy-duty one?”
9 Deploy Service Management
If more than a handful of services are up and running, and
if any are mission-critical, you need to manage them
the way you would any network
resource. Several vendors offer dash-
boardlike solutions that monitor the
health of services, maintain service
levels, scale performance, set up fail-
overs, handle exceptions, and so on.
between the network layer and the application layer. Among
other benefits, intermediaries virtualize services, creating
proxies that hide the details of a service’s implementation
from clients and thereby add security.
They may also throw in XML firewall or
acceleration features, as well as the abil-
ity to modify large groups of services
from a single control panel — to
This is made possible by the wonder respond to changes in regulatory
of XML messaging, which allows statutes, for example, or to meet new
intermediaries — services in security requirements.
themselves, sometimes pack- Services management is slowly
aged in appliances — to tap moving toward standardization with
into message streams. OASIS’s approval of WSDM (Web Services Dis-
Intermediaries establish a new slice of functionality tributed Management) last March. A second specification,
38 INFOWORLD.COM 11.07.05
12. “We’re to the point where we
will actually stop a project if it does not
conform to the reference architecture.”
— Ben Moreland, The Hartford
WS-Management, which overlaps a bit with WSDM but “We use AmberPoint,” says Scott Thompson of H&R Block,
focuses on managing network hardware rather than on appli- although he admits he has rolled out that vendor’s solution
cation-level messaging, was submitted to the Distributed in a limited fashion. “We’re taking baby steps,” he says, “start-
Management Task Force by Intel, Microsoft, and Sun ing out with basic service-level management monitoring.
Microsystems last June. But today, for all practical purposes, Then we played with exception monitoring, but we really
you need to use the same Web services management solution want to mature the model into managing encryption, decryp-
across your SOA deployment if you really want centralized tion, authentication, and authorization types of functions.”
control. As Bob Laird of MCI puts it, “It’s a big mess right Ben Moreland of The Hartford cites “the ability to be noti-
now, and we just have to muddle through.” fied when there’s an SLA failure or there is a failure in the ser-
Interestingly, the pure-plays — including Actional, Amber- vice [and] the ability to enforce policies” as reasons his orga-
Point, Blue Titan, and SOA Software — lead the way in Web nization deployed a Web service management tool.
services management. But the big network management Some see centralized policy management as the most
players are catching up: BMC, Computer Associates, Hewlett- important promise of all. It’s relatively easy to check the
Packard, IBM, and Novell are all sponsors of WSDM and are health of Web services running locally, but to reconfigure
in various stages of incorporating Web services management thousands of Web services across an organization, you need a
into their offerings. In addition, Cisco’s AON (Application- standard that works across platforms. The WS-Policy stan-
Oriented Networking) initiative should soon result in net- dard is designed to address this, but implementation in prod-
working equipment with service management capabilities. ucts remains at an early phase.
10 Consider Orchestration
Every platform includes some method for orchestrating ser-
vices. Whether it works well is another question. Ultimately,
service orchestration will be vital for whipping up new,
process-based composite applications in the dynamic man-
ner promoted by the SOA vision. Few are implementing it
today, however, because it’s complex to pull off and because
the relatively modest SOA rollouts that generally inhabit the
real world don’t really require it.
tainly not going to be able to have an orchestration happen
in a quarter of the second. You may not even be able to get it
to happen in 5 seconds.”
Today, BPEL (Business Process Execution Language) pro-
vides the only standardized means of orchestration,
although BPM (business process manage-
ment) solutions have provided proprietary
orchestration schemes for years. “Orches-
Randy Heffner of Forrester Reasearch offers some guide- tration is trying to codify BPM,” says
lines. “One easy entry point for thinking about orchestration Lindo, who works at a New York-based
is: I have one request coming. … development firm. “And that’s just unbe-
How should I do a full and com- lievably complex. If you point it at certain
plete business unit of work?” he industries like manufacturing, you can
asks. “If the answer to that ques- focus enough to make the concept man-
tion is, ‘Well, I’ve got to make sev- ageable. But for general business man-
eral things happen in a sequence agement, the relationships are so
across multiple underlying complicated that tackling such a pro-
applications,’ then you’ve got ject from a coding or interface per-
a scenario for orchestra- spective is a massive bear.”
tion.” Heffner adds that orchestration also demands some Forrester’s Heffner draws a clearer distinction between ser-
tolerance for latency. “Depending on how many things you vice orchestration and BPM, which has its roots in end-to-
need to have happen in lower-level applications, you’re cer- end workflow modeling. “The two are not well-connected,”
40 INFOWORLD.COM 11.07.05
13. “Orchestration is trying to
codify BPM...and that’s just
unbelievably complex.”
— Paul Lindo, New York-based development firm
he says. “In the modeling languages, … there’s no way to have SAP. “Down the road, we have BPEL4People, which is a stan-
a full view of the complete process where I just say, ‘OK, push dard that a couple of the large vendors are now pushing
these steps down into BPEL.’ I really can’t get that.” because they recognize that efficiency of workflow within the
In the opinion of Flashline’s Stack, the failure to accom- BPEL specification,” he explains. “I think that those two lay-
modate human interaction is a fatal weakness of BPEL. ers, the BPEL orchestration and the BPM workflow, are going
“When the industry was debating BPEL last year, I think the to consolidate.”
decision to go with the machine-to-machine-only orchestra- Meanwhile, it won’t hurt to explore proprietary BPM solu-
tion protocol was a big mistake,” Stack says. “We don’t have tions, as Scott Thompson of H&R Block has discovered. Iron-
any customers that are using BPEL in anything but a trivial, ically, working with Tibco’s BPM tool has helped SOA gain
experimental sense,” he adds, including sophisticated Web traction in his company. “Until we started to orchestrate var-
services customers such as Sabre and Countrywide. ious services together to form a business process, we didn’t
Ben Moreland of The Hartford, however, sees potential in have outright adoption of our SOA,” he says. “It was more of
an extension to the BPEL spec jointly proposed by IBM and a low-level IT type of project.”
Stepping Into the Future
Everyone has heard the clichés about “aligning business and business services, but a lot of them are application-level ser-
IT,” as if technologists needed to be corralled into serving vices that aren’t really modeling the business per se but open-
business needs. The problem, though, isn’t the will, it’s the ing integration paths to applications that people couldn’t get
way. SOA provides the framework necessary for a new level to before.” That assessment may pale in comparison to big
of IT responsiveness, even if some technology components promises about hyperagility, but for IT on the ground, it’s a
have yet to mature. pretty big deal.
Hooking up BPM (business process management) to large Meanwhile, those who attack the whiteboard in earnest
portions of SOA infrastructure will represent one big step may be doing more to prepare for an SOA future than early
toward the new era. Another will be wide deployment of inte- adopters who push orchestration to its current limits. Accord-
grated BAM (business activity monitoring) solutions, which ing to Ben Moreland of The Hartford, “from an organiza-
will tap into SOA message streams to help determine that tional perspective, the biggest issue we have is really SOA
processes and composite applications are providing the best education and getting people to understand roles and respon-
possible business value. Beyond those technologies, industry sibilities that are a little different than they were historically.
SOA boosters set their sites rather high, prophesizing a self- There’s more of a shared responsibility. Now, you focus on
optimizing IT nirvana in which applications and network your business area, leveraging services and infrastructure
infrastructures monitor and reconfigure themselves based on from other [areas] where you may not have any control.” In
easily adjusted business rules. other words, cultural change to meet the challenge of SOA
If self-optimizing SOAs ever arrive on a grand scale, it won’t can begin any time you like.
be in this decade. With the most advanced of today’s enter- As Bruce Richardson, chief research officer at AMR
prises barely achieving orchestration, SOA clearly needs to Research, says, “SOA is a journey, not a destination.” Early
fill a few gaps — in security, reliable messaging, semantics, SOA efforts are already establishing new lines of communi-
process management, and so on — and work its way through cation between IT and business — and in some cases, begin-
important governance issues. ning to affect the organization of business itself, as people
What’s just as clear, however, is that SOA is delivering real grow to understand how service orientation can eliminate
value now. “The thing that I see most folks doing across the duplicative effort and shorten development time. In these
breadth of the industry is just getting services, of any kind, in instances, the future is already beginning to arrive. i
place,” says Randy Heffner of Forrester. “Some of them are — Paul Krill contributed to this article.
42 INFOWORLD.COM 11.07.05
14. implementing SOA (service-oriented architecture) is
one of the most daunting projects that an enterprise IT orga-
Four companies explain
nization can undertake. Service orientation represents a
whole new way of thinking and doing, one that changes the
how service-oriented
way developers operate and interact with the business.
I spoke with IT managers from four companies about
architecture has transformed
their experiences implementing SOA, and each story was
different. For British American Tobacco, developing a mea-
their businesses and how
sured, step-by-step approach was crucial. For Sabre Hold- their IT departments met
ings, the unique nature of its IT environment presented the
key challenge. Thomson Prometric learned that personnel the challenge
and training were essential to success, whereas Verizon’s
efforts took off only after it developed incentives for busi-
ness units to adopt SOA.
Industry best practices are beginning to emerge (see
“10 Steps to SOA,” page 23), so there’s still no easy recipe
for SOA success. But as these stories show, success is with-
in reach, provided companies remain focused on their
unique business needs. BY LEON ERLANGER
INFOWORLD.COM 11.07.05 45
15. “You really need the right human
resources and skills deployed.”
— Gavin Targonski, British American Tobacco
BAT Builds SOA One Step at a Time governance and service management
tools. Rounding out BAT’s SOA infra-
For British American Tobacco (BAT), SOA success came early. The structure are an application router from
Cast Iron Systems, which provides the
challenge now lies in determining how quickly SOA should be standards-based back-end integration
scaled across the enterprise, and for which functions. platform, and Network Director
switches and servers from Blue Titan,
The company’s SOA journey began with a pilot project to build a which provide Web service routing,
Web services-based dashboard that to develop and consume Web services mediation, and management.
could extract real-time metrics informa- as, and when, they needed to,” Tar- Early successes have demonstrated
tion from legacy systems. The success of gonski says. the value of SOA to BAT’s business.
that pilot convinced those involved that The right toolset came in the form of Now SOA’s proponents within the com-
SOA could be the catalyst to move BAT’s Skyway Software’s Integrated Service pany are in the process of getting the
IT away from siloed implementations to Management platform — now known news out to the development teams and
an agile, supply-and-demand organiza- as Skyway SOA Platform. Its Builder business units, including providing a
tion, says Gavin Targonski, global sys- module provided developers with a reference implementation to make SOA
tems architect at BAT. model-driven, codeless development development an accepted practice in
For a company like BAT, however, environment that could automatically the organization. According to Targon-
ski, that can’t happen fast enough.
Scaling Across the Enterprise “We need to get better at getting the
BAT’s SOA abstracts legacy system functions and data as a set of core Web services consumed good news out more quickly. It’s easy
by its dashboard and finance applications. to forget the value we’re adding
because of the speed in which we’re
developing applications, providing
XML/SOAP
Blue Titan Director Fabric prototypes, and approaching new
(Web services routing, mediation,
and management) business requirements with a different
Finance app
perspective,” Targonski says.
Targonski also points out that with
Cast Iron Application Router
XML/SOAP (back-end integration) such quick development cycles it’s
important to get a handle on how far
SOA should go — and how quickly. “Do
Dashboard app SERV we charge on or make sure the opera-
SERV
WEB
IC
WEB
IC
tional aspects are in line first? We
ES
ES
decided we have to be certain that what
Legacy system Legacy system we create is supportable and maintain-
able and that we can manage services
with more than 300 products in 180 generate standard J2EE Web services. from birth to death. It’s easy to forget
markets and 90,000 employees world- “Skyway embeds an SOA approach in the guys who have to support this stuff
wide, such a transformation would be the core of their tools,” Targonski says. and make the datacenter work,” he says.
a tough challenge. For one thing, BAT “The ways in which objects are exposed One side effect of scaling SOA has
had more than 1,000 IBM Lotus and externalized to the runtime are been that BAT’s IT organization has
Domino applications, and many of its already SOA-enabled, so developers can had to start reinventing itself. “All of a
developers were more versed in Domi- build SOA apps without having to think sudden, you don’t have a database guy, a
no than Web services, .Net, or J2EE. about all those issues, such as what network guy, and a mainframe guy all
GARY STRENG
“We needed a way to make our exist- SOA means and how to do it. It makes working on their own,” Targonski says.
ing development teams productive in SOA a no-brainer.” “All their skill sets have to be pulled
SOA from the word go, allowing them Skyway’s product also provides SOA together because a Web service has so
46 INFOWORLD.COM 11.07.05
16. “We’d go out and validate our ideas in
customer meetings.”
— Todd Richmond, Sabre Holdings
many different touch points to make it and building a new finance application Some of those customers became
work. You really need the right human with a Web services-based UI. beta testers, migrating from Sabre’s
resources and skills deployed.” Targonski says that it has also been desktop products or their own screen-
For all these reasons, BAT has been important to make sure BAT’s SOA scraping desktop applications to prod-
developing additional services carefully, approach is moving in step with that of ucts that could consume Web services.
targeting key projects to drive SOA and its largest technology suppliers, such as Meanwhile, Sabre started analyzing its
forcing developers to deliver on ROI SAP, and vice versa. “You’ve got to be customer usage metrics.
statements. Some of these initiatives cognizant that if you leave existing “We have a lot of data that helped us
have included transitioning BAT’s glob- implementations behind, you’re not determine what might be interesting as a
al messaging backbone from IBM necessarily delivering real value,” he Web service. Then, we’d go out and vali-
MQSeries to SOA messaging standards advises. “Evolution, not revolution.” date our ideas in customer meetings and
take their feedback,” Richmond says.
Sabre Answers to Customer Demand As it turns out, Sabre’s customers
were divided into major camps. “Some
How does a technology-driven company with massive performance and said, ‘Just expose each individual host
command as a Web service, and I’ll
scalability requirements — and incredibly varied customer and supplier build the apps to aggregate them.’ Oth-
bases — transition to SOA? For Sabre Holdings, the answer was a lot of ers said, ‘I don’t want to know about the
host and the back end. Just show me
in-house development and a complex interweaving of the old and new. the flights, select the flight, price it, sell
Sabre’s three companies include the 2002, largely in response to requests it, and ticket it in high-level Web ser-
Travelocity online travel service; the from its larger customers. “We were vices,’ ” Richmond explains.
Sabre Travel Network, whose GDS pushing Web services to lower our So Sabre had to build both capabili-
(Global Distribution System) connects costs, but [customers] were major dri- ties. According to Richmond, the com-
travel agents and suppliers with travel- vers on what functions would be first on pany’s first release had 30 or 40 Web
ers; and Sabre Airline Solutions, which the list and how we’d work out security services at the low level and another 30
supplies reservations and other services and business issues,” says Todd Rich- or 40 at the high level. “Now all those
to major airlines. mond, Sabre’s vice president of strate- who asked for the low level are losing
Sabre launched its SOA initiative in gic architecture. interest as they see what the high level
can do,” he says.
The architecture is complex. Rich-
Sabre’s SOA Takes Flight mond’s team defined very terse XML
Sabre’s SOA abstracts in-house IBM TPF and NonStop reservation systems and data and presents them
as Web services based on the OTA’s XML standard. It also consumes and presents XML content from descriptions that are passed to services
suppliers. Orchestration, management, and integration functions were all developed in-house. over an IBM MQSeries message queue
or within a CORBA message. Sitting on
In-house session manager top of the system are a set of services
and aggregator
that manage session, state, and transac-
- Session management SERV
- State management tion flow as data moves from Sabre’s
WEB
IC
Internet
ES
Sabre customer - Transaction flow management IBM TPF (Transaction Processing Facil-
- Rules engine
ity) mainframes to open systems and
- Service orchestration Third-party
service then back out to the customer.
So far, Sabre has done most of its
SERV SERV back-end integration in-house, although
WEB
WEB
IC
IC
Sabre customer it is looking to transition to tools from
ES
ES
GARY STRENG
Legacy TPF SeeBeyond — now a division of Sun
system Microsystems. Sabre engineers have
Legacy NonStop
system also developed an aggregator that takes
48 INFOWORLD.COM 11.07.05
17. an incoming request, parcels it out to “We sent our TPF and assembly lan- problems. Still, many challenges still lie
the appropriate servers and applica- guage programmers to C++ school ahead in Sabre’s ongoing SOA efforts.
tions, and uses a rules engine to tailor a because we thought that object-orient- “We have substantial transactions
response based on the particular cus- ed methodologies wouldn’t be difficult through our Web services gateway,”
tomer’s contractual agreement. for people so experienced in the appli- Richmond says. “Do we push all the
Many customers receive messages cation,” Richmond says. “The result is way off TPF or continue investing in
from Sabre as standard XML based on that we made some of the common TPF for the parts that run effectively
the Open Travel Alliance (OTA) stan- errors that novice object-oriented pro- there? What we do with SOA is very
dard (infoworld.com/3457). Others still grammers make and did some other much tied to that decision. We also have
connect over the same private links they stupid things. Now, we’ve had to go a lot of mom-and-pop travel agencies
used in the past, including teletype, X.25 back over it all and do a better job.” that are not necessarily interested in
connections, and an old UN/EDIFACT Richmond says Sabre also learned Web services and airlines with interna-
(United Nations Electronic Data Inter- over time that someone has to have an tional locations [that are] still using
change for Administration, Commerce, end-to-end view of transactions in 386 systems over 2400-baud lines. Our
and Transport) standard. This mix of order to ensure that infrastructure and strategic vision is there, but the rate at
new technologies and legacy systems application developers will work which we get there is in flux based on
has proved challenging in many ways. together to troubleshoot customer these business realities.”
18. “We had to do a lot of retraining and evangelism
about SOA principles.”
— Christopher Crowhurst, Thomson Learning
Thomson Prometric Rethinks Processes services necessary to support them.
Eventually, Crowhurst and his staff came
“The biggest challenge we’ve faced in creating an SOA has been up with five services, which he calls Who,
What, Where, When, and How.
identifying exactly what a service is,” says Christopher Crowhurst, “Who is the customer; What exams
vice president and chief architect at Thomson Learning. “Under- will they take; Where and When will
they take them; and How will we collect
standing what the business is doing, converting that to a set of ser- the fee — all our registration systems
vices, and working out how to expose applications, when suddenly there was performed those functions in one way
those services in a granular, extensible a eureka moment in which we realized or another,” Crowhurst says.
way so that you’re not constantly break- we could create an abstraction between The next step was to define an XSD
ing consumers’ interfaces — we learned all the different applications using (XML Schema Definition) that
that many people just can’t do it.” XML. This triggered a whole process to described those processes and to build
Thomson Prometric, a division of complete the design and was the gene- a set of SOAP interfaces. But, accord-
Thomson Learning, is a leading sis for thinking about a whole SOA ing to Crowhurst, it was also tough to
provider of technology-based testing environment,” Crowhurst says. get everyone’s hands around REST
and assessment services, including At first, Crowhurst presented the idea (Representational State Transfer).
GRE, TOEFL, GMAT, and Cisco certi- to Thomson Prometric CEO Michael “It requires a very different skill set
fications. In total, it administers Brannick as a way to save money, but than what programmers are used to,”
approximately 4,000 tests to 8 million Brannick had different goals. “He under- Crowhurst says. “People kept coming up
people in 120 countries worldwide. stood the power of what we were doing with fine-grained RPC-style interfaces
The company grew via acquisitions of and kept challenging us to do more,” that were no more extensible than what
many smaller testing companies, each Crowhurst says. “He said, ‘I don’t want they were doing back in the CORBA,
of which came with its own test centers you to save me money. I want you to COM+, object-oriented world. We had
and test scheduling and registration make me money.’ It was very challeng- to do a lot of retraining and evangelism
systems. Radical change was needed. ing, but a great time to be involved.” about SOA principles.”
“I was sitting in a meeting with a As the SOA project got under way, The orchestration tier was built in
number of project managers talking Crowhurst’s team spent many painful Microsoft BizTalk Server 2004, using
about how to enable cross selling and months analyzing core business its BPEL (Business Process Execution
reduce the number of contact center processes and attempting to identify the Language) tools. Tools from Actional
provide SOA management, while secu-
Integrating Disparate Systems Through Services rity is handled by XML gateway appli-
Thompson Prometric’s SOA abstracts five core functions from its numerous test scheduling registration ances from Reactivity.
systems and presents them to the user as a single registration interface. “At that time, all the WS-* standards
were young, so we decided to abstract
security, management, and orchestra-
Actional SOA management
framework tion to the three platforms [Reactivity,
Customer SERV Actional, and Biztalk] and let the ven-
Microsoft BizTalk Server
WEB
IC
Internet dors keep up with the latest standards.
ES
2004 Orchestration
Now if someone says, ‘I want to use a
Reactivity XML
Security Gateway SERV
Who, What, When,
SERV
new security standard,’ or ‘I want to use
Where, How surname instead of last name as a
WEB
WEB
IC
IC
ES
ES
descriptor in this field,’ we can just
Customer make a configuration change instead of
GARY STRENG
doing a lot of recoding,” Crowhurst says.
Test scheduling
and reservation The next step will be further consoli-
system dation. “We can view the business as
50 INFOWORLD.COM 11.07.05
19. one, but there are still multiple systems
behind us,” Crowhurst says. “We need to
Verizon Goes Back to the Workbench
collapse all those systems, migrate all To overcome its SOA roadblocks, Verizon had to build an entire SOA
those legacy dependences into new ser-
vices, and end-of-life the old registration
operational infrastructure virtually from scratch — and it has the
systems. We’ve done that successfully patents to prove it. “As a technology, Web services are great, but today’s
with one, and we have three more to go.”
For shops that are just getting start-
standards don’t have nearly enough operational infrastructure
ed with SOA, however, Crowhurst around them,” says Shadman Zafar, is that SOA risks simply becoming a
stresses the importance of acquiring, Verizon’s senior vice president of toy for the developer.”
training, and developing the right peo- architecture and e-services. “You can As have many other SOA implemen-
ple to get the job done. end up with a plethora of Web services tations, Verizon’s started after a merger
“Get a core group of architects and but no awareness of which of them are — in this case, the GTE/Bell Atlantic
senior developers to understand, where and provide what function — merger that created Verizon.
embrace, and buy into the strategy,” he and most important — which have the “I was tasked to integrate the two IT
says. “And train. SOA requires a com- right kind of capacity and SLA to be departments to achieve strong synergy
plete change in process and thinking.” usable by what and whom. The result targets,” Zafar says. “During our initial
ADVER
20. “We picked out 500 business
functions and targeted them.”
— Shadman Zafar, Verizon
research, we found that many of our approval before they were started. If but also adds management capabilities.
core business functions were imple- any of the functions were one of those For example, if one development team
mented anywhere from five to 30 times 500 core business functions we had built an address-validation service that
across different applications.” identified, or we found another suitable it wanted to expose to other applica-
Verizon set out to use SOA to reduce business object, the team would have to tions, it could download a lightweight
support costs by consolidating these implement it as a Web service. Once the agent onto its server that would regis-
core functions from 20 or 30 imple- project was completed, it would go ter the Web service and its capacity and
mentations to one or three, in each case. through a tactical architectural assess- define an SLA inside IT Workbench.
The first step was to spend months ment session that would verify the Web After services have been registered,
identifying roughly 500 key business services were built before giving clear- developers can go to the central directo-
functions that were used over and over ance to go into production,” Zafar says. ry to find ones with their specific require-
again for many applications. But as developers began building ments. For example, they can search for
“We didn’t go through 10 million Web services, the operational road- a service with the capacity to support
lines of code. We picked out 500 busi- blocks became clear. “There was a lot of 100,000 transactions per day with less
than a two-second response time and a
A One-Stop Shop for IT Services commitment to be available 99.8 percent
Verizon’s IT Workbench system allows developers to locate services and register their own, complete of the time from 8 a.m. to 12 p.m.
with service-level agreements that establish charge-back fees for service usage.
Accounting and billing are also in place,
Plug-in so the service provider can charge for
Portals SOAP IT WORKBENCH services usage — another incentive to use SOA.
(intranet, - Security
extranet)
Distributed runtime brokers - Orchestration “It started with onesies and twosies,”
- Logging Zafar says. “But when it hit 10,000
- Performance
SOAP - Usage
transactions per month, [SOA] sud-
B-to-b
(apps,
SOAP SOAP - Notification denly took off with exponential growth.
interfaces) - Configuration Now it’s used in almost 10 million
Service consumers
Verizon apps Packaged apps
transactions per day.”
Service consumers
SERV
What’s more, any reluctance to
SERV
expose code has virtually disappeared.
WEB
IC
WEB
IC
ES
ES
According to Zafar, developers are
now competing to get others to use
.Net, J2EE ERP, financials, others
their services, as a way of gaining
recognition within the company. The
ness functions and targeted them,” resistance to using the services because most-used services are listed on the IT
Zafar says, citing examples such as the of the lack of standards around four Workbench portal with the author’s
credit check service, the telephone essential operational pieces: SLAs, name and photo.
number engine that provides new cus- accounting, billing, and capacity man- “Before, people would say, ‘This is my
tomers with telephone numbers, and agement. People weren’t willing to code, use your own,’ ” Zafar says. “Now
the address validation service. “An entrust their mission-critical applica- they’re reaching out to each other over
ordering system might go through four tions to each other,” Zafar says. the weekends, saying, ‘Why don’t you
or five of these key components.” Developers were also very reluctant to use this service I built,’ so they can be
Getting these 500 Web services built expose the code they had worked so hard more popular on the IT Workbench
required deploying SOA not just as a to produce. In many cases, one develop- portal. In fact,” he adds, “developers are
methodology, but as an IT governance er wouldn’t even know what infrastruc- trying to push applications as Web ser-
principle. “We implemented a process ture the other Web services were using. vices that are not suitable because they
GARY STRENG
whereby all development projects To address these issues, Verizon built have few or no logical consumers. It’s an
would have to go through a strategic IT Workbench, an infrastructure layer interesting social phenomenon that I
architectural assessment session to get that houses the Web services directory never anticipated.”
52 INFOWORLD.COM 11.07.05