Enterprises sketch out service-oriented architectures

With the first Web services rolling into production, plans are in the works for SOAs that promise unprecedented flexibility and reuse

The bigger the house, the harder it is to keep in order. General Motors, No. 2 on the Fortune 500, “has one of the largest system integration

challenges of probably anybody on the planet,” according to GM’s plainspoken CTO, Tony Scott. The company has more than 80 factories across the globe, each with its own mix of enterprise applications. Connecting just one class of application in each factory — inventory, for example — to GM’s global SCM (supply-chain management) system means dealing with dozens of different APIs.

“It’s very expensive to maintain all these discrete individual interfaces,” Scott says. “We’re wrapping them with Web services so that we can abstract what’s going on in the plant — and in essence, end up with a common interface to our factories around the world.” Going forward, factories will be able to upgrade their apps  while the interface stays consistent. “That saves you money,” he adds.

Nothing pleases an IT exec like quick ROI. But from a loftier, architectural perspective, Scott’s Web services pilot program has also helped lay the foundation for GM’s budding SOA (service-oriented architecture) so that any Web services-enabled application can consume factory inventory data on demand. That SOA vision — in which applications become services and services are rolled into other applications — is driving home Web services’ long-touted benefits of application reusability and low-cost integration.

The new momentum is obvious. In a September survey of IT execs, Forrester Research reported that 85 percent of respondents planned to deploy Web services this year, up from 71 percent a year ago. Vendors ranging from Web services startups Actional and Reactivity to stalwarts IBM and Microsoft report surging interest. IBM is training 35,000 Global Services consultants in Web services development; Microsoft is busy building a towering stack of draft Web services protocols into its forthcoming Longhorn version of Windows.

None of this means that the path from a handful of a Web services to a full-blown SOA will be smooth — nor, for some businesses, advisable. The bugaboos of Web services security, performance, management, and QoS still loom. Yet large enterprise customers such as GM, Sony, American President Lines, and Conway profess a long-term commitment; in fact, it’s getting hard to find a big company that doesn’t. Most are in the planning or early implementation phase. But much can be learned from their work so far, as well as from vendor efforts to provide Web services tools and platforms.

Laying the foundation

Examining the proprietary SOAs of the past also supplies a lesson or two. Dan Foody, CTO of Actional, a provider of Web services management software, is quick to point out that “financial services firms have had SOA for 15 years.” But financial services companies were among the few that could afford to build and maintain a proprietary SOA. “What Web services do is take the burden off the organization. Now the vendors are providing the tools and providing the infrastructure,” Foody says. Click for larger view.

Examining the proprietary SOAs of the past also supplies a lesson or two. Dan Foody, CTO of Actional, a provider of Web services management software, is quick to point out that “financial services firms have had SOA for 15 years.” But financial services companies were among the few that could afford to build and maintain a proprietary SOA. “What Web services do is take the burden off the organization. Now the vendors are providing the tools and providing the infrastructure,” Foody says. Click for larger view.

Those tools proliferate. Visual Studio .Net — Microsoft’s Web services-friendly IDE (integrated development environment) — is in its second version, with a third version, code-named Whidbey, shipping in 2004 with major enhancements, including a graphical tool to help developers design and build SOAs. On the J2EE side, the latest versions of application servers and IDEs from BEA Systems, Borland, IBM, and Oracle enable developers to create and deploy Web services without knowing a lick of the underlying XML vocabulary.

In other words, even Joe Developer can now wrap a COM object or a JavaBean in SOAP and publish it as a Web service. The hard part is envisioning how a given organization’s ever-expanding set of Web services will work together in an SOA and devising enterprisewide guidelines for writing the WSDL interfaces that describe what each Web service does. An SOA requires an enterprise to re-examine its business processes and to devise a strategy for expressing them in software.

“You need to think about what you want to make available and start there,” says Ted Schadler, director of research at Forrester. “The way that I hear that expressed from people who have already done it is, ‘Start with a schema. Start from the outside in. Start with a definition of the service.’ ”

At RouteOne, a startup that relies on Web services in handling consumer loan applications for auto dealers, Chief Architect T.N. Subramaniam still wrestles with the XML schema and WSDL interfaces that define Web services capabilities. “An XML schema is a definition of a document. WSDL is actually the entire transaction between two parties,” Subramaniam explains. His system hinges on the exchange of Web services documents, which exposes a WSDL limitation. He has found it quite difficult to shoehorn document schema into WSDL descriptions.

Scott Dietzen, CTO of BEA, cites a related pitfall. “The biggest problem we see right now across our customer base is schema proliferation,” he says. In some cases, “developers are introducing them at will, one for each application that’s developed,” Dietzen laments. That may ease integration in the short run, but it flies in the face of the universal interoperability promised by SOA.

Bob Sutor, director of WebSphere infrastructure at IBM, admits that wrong turns are likely. “You can create really terrible interfaces if you’re not careful — [interfaces] that nobody can use or that expose so much of the way you’re actually doing the process underneath that you can tie your hands.”

“Developers have a tendency to expose what’s easiest, and that may not be the best, longer-lived contract,” Dietzen says. “You might be better off doing more work to implement a particular Web service. Getting the right Web services contract [or WSDL description] can deliver the right long-term value.”

Safe at any speed

SOA goals on the horizon seem esoteric compared with two more immediate concerns: security risks and reduced performance. Both objections stem from the fact that Web services deal in text-based XML documents — unlike conventional middleware, which transmits data wrapped in binary protocols. Should a Web service’s XML payload fall into the wrong hands, it can be easily read. And, of course, text-based documents are fatter than binary data.

“You have to master message-based security,” Forrester’s Schadler says. “You have to learn the principles, which of course include encryption and having a way to authenticate without opening up the entire message.” Fortunately, plain old SSL can handle the point-to-point encryption, while the draft WS-Security standard, coupled with SAML (Security Assertion Markup Language), provides a viable way to secure most types of Web services documents (see “Security: A Work in Progress,” page 42). In conjunction with the Sun Identity Management Server, Subramaniam used a combination of WS-Security and SAML in developing RouteOne’s consumer loan management system.

To secure beyond the capabilities of these two basic standards, vendors must provide their own security schemes or implement draft protocols that aren’t as far along, such as those that apply to sharing security guidelines such as WS-SecurityPolicy between organizations. Startups Reactivity and DataPower sell XML firewall appliances that monitor SOAP packets for everything from XML Trojan horses to DoS (denial of service) attacks. Both also improve performance.

BEA’s Dietzen argues that the slowdown due to the size of Web services messages is overblown. “There are two sides to the complaints about XML,” he says. “One is the size complaint — and that one is really easy to defeat. Because if you take an XML document and you Zip it, you’ll end up with encoding that’s more compressed than almost any binary representation. Zip works really well, and it’s efficient. The CPU processing cost is more real. We’re probably at a factor of between 10 and 20 of a highly optimized binary protocol versus what you can do with XML.”

Enterprises with a need for speed may balk at that overhead. RouteOne, for example, uses Web services to communicate with partners — but inside, “it’s purely Java-based,” Subramaniam says. “We have a very service-oriented architecture, but not necessarily a Web services-based, service-oriented architecture. We leverage JRMP [Java Remote Method Protocol], Java serialization, and so on. For internal lines of communication, that’s a lot more efficient than using Web services.”

Managing and manipulating

RouteOne’s internal architecture makes sense for a small company that focuses on a single, processing-intensive line of business. But for larger enterprises, IBM’s Sutor — a key figure in the development of Web services standards — continues to believe that Web services and SOA will transform IT.

“You can have all sorts of gorpy technology under the covers, and on the very top, you can have all these beautiful business models and processes,” Sutor says. “Somewhere they have to meet. So the change that we’re talking about with SOA, with Web services, is that the configuration becomes much easier to map — almost on a one-to-one basis between individual parts of business processes and Web services.”

So how do we reach this nirvana, in which discrete chunks of business logic become reusable, interchangeable parts that can be strung together into business processes with almost no development cost? Should that ever happen, at least two pieces must be in place: new methods of modeling and building business processes, and technology to manage Web services across platforms and to ensure the stability necessary to maintain a mix-and-match environment.

Web services business process protocols remain in their infancy. The closest to widespread acceptance is BPEL4WS (Business Process Execution Language for Web Services), introduced by IBM and Microsoft more than a year ago. Eventually, the industry must adopt Web services standards for orchestration, which will help define “tools for using business rules to compose Web services together,” according to BEA’s Dietzen. That standardization is years off, he says.

Meanwhile, limited SOA deployments are already benefiting from Web services management software’s capability to handle the underpinnings. Actional’s Foody lists QoS, versioning, routing, security, logging, monitoring, and root-cause analysis as key functions that Actional’s Web Services Management Platform handles. He also offers a good example: “If I publish a service on an SOA for bond yield calculation and 20 different users across the organization start to use it, how do I version that service? How do I make sure I’m meeting service-level agreements? How do I deal with fail-over? People like us are providing solutions.”

Web services management software rollouts tend to start small. Last fall, Sony Broadband Services Company chose Blue Titan’s flagship Web services management software, Network Director, to manage a nascent SOA dubbed Web-X (no relation to the collaboration software). “Web-X is designed to reliably connect distributed, loosely coupled Web services,” says Bernard Lin, senior director of Broadband Services and the system’s champion. He also praises Network Director for making deployment easy.

The first service, put in production last March, was a keyword lookup system that eliminated redundancy across Sony’s vast array of Web sites. Network Director handled the authentication, QoS monitoring, and SOAP message routing. “We are committed to an open standards approach to building out service-oriented architectures,” Lin asserts.

According to Blue Titan Vice President of Marketing Sam Boonin, Sony eventually wants to use Web services and SOA for integrating everything from its supply chain to real-time interactions with consumers who use Sony handheld devices.

Enterprise pain relief

Such grand schemes remain in the distant future for most companies. The first jobs on the docket tend to be solving problems that have bugged IT for years.

Sutor has uncovered two popular areas of Web services adoption in his surveys of IBM customers: SCM and integrating the call center into the rest of the enterprise application infrastructure. Steven VanRoekel, director of Web services marketing at Microsoft, notes that he’s seen lots of Web services development around legacy systems.

Cindy Stoddard, CIO of transportation giant American President Lines, falls in that latter group. “Service-oriented architecture and Web services, that’s what we’re evolving to. As we develop new applications, that’s our chosen architecture. Especially to interface with some of the legacy applications that we have on the mainframe.”

1 2 Page 1
Page 1 of 2
InfoWorld Technology of the Year Awards 2023. Now open for entries!