6 hot technologies for 2006: SOA

Service-oriented architecture is among the 6 hot technologies for 2006.

If you're looking for a blockbuster change in the way your company develops applications, service-oriented architecture is just the ticket. But it won't be easy, because SOA means long-term dedication, ongoing maintenance and incremental results.

An SOA environment - one in which application components are built to be modular, reusable, easily integrated and consumed on the fly - promises adopters numerous benefits, such as lower costs, less redundancy among IT resources and fewer people doing the same work. Its potential to improve efficiency and lower costs has an increasing number of enterprise IT shops looking at SOA and industry watchers forecasting big dollars to be spent on SOA-related technologies in the next few years.

According to a recent IDC survey of more than 280 U.S. organizations, more than one-third have SOA projects or application-level initiatives under development or planned for the next 12 months. The research firm estimates that SOA-driven software spending worldwide will reach nearly $9 billion by the end of 2009.

Early adopters and industry watchers warn, however, that the promises of SOA won't sync up with the realities if IT managers opt for a quick fix. Achieving the desired results requires close attention to business processes, consistent changes in application consumption and behavioral discipline across the IT and business organization. Although IT shops could invest in middleware, Web-services technologies and enterprise service buses, SOA doesn't require new technology.

"You can't buy SOA. You can buy tools that may help you get closer to an SOA, but there is no easy, one-off purchase that can make SOA a reality without a lot of work over time," says Ron Schmelzer, a senior analyst with ZapThink. "You have to start with baby steps, incrementally adapting to SOA and consistently proving the value to the business so it will continue to invest further in SOA."

According to Schmelzer, a good first step is to take an inventory of proprietary middleware and application interfaces and replace them with standards-based systems and APIs. The goals are to eliminate the application-integration nightmare that currently haunts a majority of IT shops and to remove redundant components. Adapting the interfaces, either with Web services or other standards, will speed the process of making application components work together. And don't discount legacy systems.

"If you can prove you can make SOA happen on legacy apps, you will have an easier time proving it for new ones," Schmelzer says.

Michael Kronenwetter, vice president of technology management at Highmark, in Pittsburgh, is stepping up his organization's SOA adoption in 2006. The health-insurance provider last year implemented LogicLibrary's Logidex mapping and discovery engine to better understand how application resources are developed, consumed and reused across the organization. The product is helping to create a library of components. Going forward and working with IBM, Kronenwetter hopes to restructure the company's information architecture to better support an SOA model.

"I think people confuse an SOA with doing Web services; it's much more than that," he says. "We need to get a better integration-governance model in place for producers and consumers of application components. As we start to uncover processes from the bottom up and the top down, we need to be sure to structure our data to best support our applications and ultimately our business."

Following inventory and integration, IT managers should start implementing policies across services to enable a common security infrastructure within the SOA components. Schmelzer explains that today many security policies remain disparate and specific to technology or business units. For SOA to work as they envision, IT managers need to standardize security policies.

NOT HOT: Global Web services

Remember the hoopla over Web services and how companies would be able to throw their services into a big UDDI registry that would allow sharing across company boundaries over the Internet? It’s not happening, folks. At least not in 2006. Companies are taking advantage of Web services internally, but they’re not taking the plunge outside the network perimeter in any major way for a variety of reasons, including security, interoperability, authentication, lack of mature standards and weaknesses in XML.

"If each service has its own security infrastructure, it won't work. The security set up for protection will actually get in the way of the components' integration and working across platforms," he says. "Security would no longer be an enabler, it would be an inhibitor. SOA services require centralized ID and policy management."

Christopher Crowhurst, vice president and chief architect for Thomson Prometric, an academic and professional testing-services provider in Stamford, Conn., says his company has been "immersed in SOA since 1997," and most recently wanted to consolidate a series of platforms, only to find traditional enterprise application-integration tools too expensive. He also had to keep security in mind, because his organization is required by law to assure the privacy of personal data and the confidentiality of test results. Last year he implemented Reactivity's XML Security Gateway to provide the protection needed across his SOA.

"We have been following an incremental and iterative approach, waiting for more standards to evolve," Crowhurst says. "Our architecture team had to put a governance in place and establish interfaces that could be consumed and exposed. Then we brought in vendors to augment our processes with management and security tools."

As an SOA becomes more established, IT managers can start to take a look at its cultural impact across an organization.

"IT organizations are not set up to share. Even when you have integration in place, services defined and security applied, crossing the organizational boundaries will still be a hurdle," Schmelzer says. "Questions like who is responsible for this services, what budget pays for it and so on. That's when things can get really messy."

Wade Williams, director of software engineering at San Diego-based Networkcar, which provides telematics for wireless vehicle management, deployed products from SOA Software in July 2005 to ease the processing of Web services requests. The software helps Williams measure how well the SOA and its components meet service-level agreements - and automatically throttle clients demanding too much from his environment and not consuming the SOA components as policy dictates.

"In the past, if we saw violators, it was very manual and tedious to throttle access," he explains. "Now it all goes through the software, and the confusion and manual work are gone. It will automatically lock down access."

Michael Kronenwetter of Highmark

Williams says adding the extra layer of management software helped him better control his SOA, which he feels is critical to his organization's future adoption of emerging technologies.

"SOA is becoming the de facto standard for linking disparate components, and it should be explored, because it will enable companies to continue to adapt to new technologies," he says. "If a company doesn't start to adopt SOA now, it will just become more and more difficult to do business in the future."

Learn more about this topic

Vendors tackle SOA management, security, links to legacy systems

12/05/05

HP makes SOA management play

10/17/05

SOA standards remain a work in progress

10/10/05

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2006 IDG Communications, Inc.

IT Salary Survey: The results are in