a. Customers - better visibility on their business, more control over their IT systems, automation, newer opportunities, best sourcing options, quick reaction to market trends, extracting more value out of existing applications

b. IT firms - Agility to assemble solutions, productivity improvement due to reuse, modular delivery, lesser cost of development, Less time for building due to standards, The key challenge in front of IT firms when they have to sell -

1. Be able to hook on initially and make sure the initial traction on SOA is not lost amidst various transformation initiatives

2. Translating the promises into credible instances (like quick proposition or proof of concepts) so that SOA is not interpreted as 'snake oil applied'

3. Identify immediate and long term benefits which shows either direct or indirect value in service enabling

4. Advising or providing prescriptions for client's SOA program by appropriately positioning the technology and products

5. Identify the entry points for SOA adoption and defining appropriate pragmatic approaches

6. Understand the disparity amongst the aging systems and provide guidance on appropriate infrastructure

7. Channelizing the direction of SOA adoption through governance with organizational involvement

Common barriers to adoption of SOA that are currently being cited are

• Lack of clarity of the value of SOA investments by business owners

• No clear understanding of how to plan for and execute a SOA adoption strategy

• Sense of frustration with the current state of IT architectures

• A strong realization that architectural limitations are often a major hindrance to strategic business innovation.

McKinsey reports that “Today’s IT architectures, arcane as they may be, are the biggest roadblocks most companies face when making strategic moves.”  The same could be the biggest challenge for IT firms as well to jump on to clients' SOA bandwagon...

I have heard of some small hedge-funds where the IT person administering security is highly motivated to give excellent customer service to hedge fund traders, with a bonus that may be up to 150% of his salary. This is highly desirable from an organizational perspective, except from a security perspective, this scenario is a security breach waiting to happen. This may be an extreme example, but conflicts of interest are common when security is not being handled with an Independent Chain of Command.  The best practice there is to implement an "Independent Chain of Command" for security. In this paradigm, the Security Policy Administration, is handled by a group that reports neither to business, nor to IT- but to an independent senior level executive, such as Chief Financial Office, Comptroller or Chief Corporate Counsel. This prevents conflicts of interest from compromising security. This is depicted in the diagram below. The diagram illustrates the Independent Chain of Command best practice, essential for strong security and SOX compliance. Please click on the diagram to see a larger version in a different window.

So here is how I think whole matter can be approached in more pragmatic manner with getting obsessed with the idea of competency center for SOA. To start with, I could like to differentiate a CoE from competency center or service delivery center as I would like to address it more appropriately. A center of excellence as name suggest is more focused on bringing excellence to few aspects of the domain for which CoE is being built. In general, it will be founded around establishment, management and governance of the core methods, standards and blueprints that are required for any specific domain/discipline to bring excellence. At the same time, service delivery center will be more focused around end-to-end services delivery using a shared services model. So with that definition, surely in the existing model of IT service delivery, SOA competency center or SOA service delivery center doesn’t make as much sense. But let me say this also. As strategic long term picture how I would envisage enterprises moving to, a Business Solution Delivery Center is more promising idea that is built on principles of SOA and has integrated competencies of business and IT. Which means, sometime in future, enterprises will have a common entity in the organization that drives the end-to-end business solution by integrating elemental shared services like applications, process integration, infrastructure, business etc. But for now, I’m leaving it as futuristic idea since most of the enterprises are years away from it. To make the approach easier, let us look at three stages where enterprises might have to think of SOA competency center:

1. Very early days of SOA adoption – this is when enterprise has just thought or heard of SOA and it is trying to find ground and explore the direction with it. Now at this stage all that is needed is to get better understanding of what SOA is all about, its relevance to what it promises to change in the organization and various technological options that it has to explore. At this stage, enterprises should create a focused team that is tasked with this exploration task that might involve collaboration with product vendor, external SOA consultant and other industry SOA forums. This team is largely part time allocated on to the SOA initiative, however might have one or two fulltime allocations to provide rigor and ownership.
2. Enterprise-wide SOA program being run for SOA adoption – this is when enterprise has done some due diligence around SOA strategy and is now ready to go on with the organizational change necessary to bring the enterprise at large to SOA-ready state. At this stage, different IT competency centers like CRM competency centers, SAP competency centers, BI competency centers etc . will need to be prepared to deliver their bits for making SOA work according to overall SOA reference model. On top of that, organizations need additional support to establish common directions and strategies for SOA and subsequently govern what each of the competency centers are doing. At this stage, there are two levels of effort required. At one level, enterprises need to continuously establish SOA capabilities. At another level, it needs to engage other competency centers to adopt and deliver the SOA results with overall governance. For this to achieve, all individual IT competency centers will have their small centers of excellence for SOA specific to their responsibilities of SOA delivery. At the same time, Enterprise Architecture group will have additional roles and competencies of SOA in order to drive the enterprise level SOA. So in this case, there is no separate SOA competency center is established. Instead, it is like a SOA adoption task force consisting of EA group, business groups and IT competency center representative that need to come into existence. It is more of a transient program structure as opposed to a fulltime independent service delivery center.
3. End-state of the enterprise with SOA – this is when all that was supposed to happen, has actually happened and enterprise is now running in SOA-enabled state. To large extent, focus and structure is not much different than previous case but there will not be any transient structure in this case. Since SOA is reasonably in the DNA of the enterprise, there will be very little governance structure needed while most of the responsibilities of SOA delivery will be taken care by IT competency centers for their respective role in overall SOA delivery.

With this, my take is that setting up a proper SOA program structure for first two stages is more important than actually setting up a dedicated service delivery center for SOA. However:

• It is essential to focus on the excellence part of the SOA delivery in terms of adherence of SOA standards, metrics of SOA success etc. through appropriate governance structure. It should be housed in the EA group.
• SOA brings in responsibility of designing the business solutions effectively using services methodology for which business analysts should be taking the ownership.
• A capable SOA infrastructure in the enterprise includes strong service orchestration, composition and delivery platform. This is typically housed in the Integration / ESB domain of the EA. I see this as a significant part of the SOA game plan. And hence to large extent, what I would liked to see in the SOA competency center should be taken up by the existing Integration Competency Center. That way, an Integration Competency Center that has been upgraded to provide all necessary SOA infrastructure for service orchestration, composition and delivery will be what I would see as a the SOA competency center. It will work very closely with the previous two core structures to deliver full SOA compliance Business- IT solutions.

To me it made perfect sense to approach in this manner. But again, I will be glad to hear the alternative perspectives.

Consistent and high-quality Service experience
SOA enforces standardization of service behavior which will mean that consumers of the services will experience high degree of consistency and quality throughout the life-cycle of the service delivery. This is particularly important because service experience is a key component of the ‘service orientation’. When services are being designed and developed, service behavior becomes an integration part of the considerations so that when services are deployed, the experience it creates with service consumer in terms of service engagement, service usage and service support, that makes lot of difference to consumer community.
More meaningful Business - IT mapping
Traditionally, I always felt that transition from business requirements to technical architecture has been a challenge in the industry due to lack of practical frameworks that can be used as transition model. With SOA, now we have service architecture sitting in between business functional design and technical design. This allows business functional maps to be easily configured and mapped to IT capabilities (typically using BPM wireframe) without creating hard-wiring between the two. This way in my view, whole service modeling and service architecture exercise brings Business and IT together where each has a critical role to play to make the SOA happen. This becomes partnering model between business and IT as opposed to traditional ‘handover’ model where business disengages itself after certain stage expecting IT to take over.
Shared view between Business and IT
Further to previous point, Service architecture acts as a common language / platform / view between business and IT and thus enables more meaningful and collaborative engagement between the two. Typically the gap between business and IT in terms of delivery model as well as common vocabulary has been a concern for most of the enterprises. Now Business and IT can talk the language of services that will make sense to both communities.
Service Level driven focus
Service level focus, in my view is a very essential part of the ‘service-orientation’ that also plays important role in the ‘service experience’ that we talked of before. In an SOA driven environment, service levels are governed to cater to stringent business performance metrics in direct fashion and hence entire monitoring, reporting, alignment, support and continuous improvement efforts are focused around the service level performance of the services. This changes the tradition model of ‘managed by exception’ to ‘managed for excellence’ which hopefully will change the level of accountability and ownership IT teams specifically take today for the business outcomes.
Separation of logical capabilities to provide simpler and cleaner architecture
Service architecture provides ability to consolidation and rationalize the business / IT capabilities in optimized fashion that have similar behavior, anatomy and operations. This allows more cohesive and efficient interactions/collaborations across capabilities in various logical layers (by design rather than by accident) to deliver final business outcomes. In principles, software architecture had the ‘logically’ separated layers always but with service architecture, now it is much easier to separate out the logical layers at execution level as well.
Easier Change Management
Changes ( of all sorts, technology change, business change, regulatory changes, IT vendor change, IT in-house staff change) are here to stay in the industry, at least for good number of years in my view. Through various core principles like decoupling, virtualization, meta modeling etc in SOA, it will make the life easier to change different elements of the solution without too much pain or expense. Change management is adopted as a mainstream focus for service management and hence we can expect more discipline in maintaining the software solutions.
Hide technical complexities of service implementation
Service architecture allows diversity in service implementation (through mash-ups, service virtualization etc.) to make use of new technologies while enforce standardized service interface to shield the consumers from complexity of service integration and implementation. As I see, industry is far from standardizing on a single technology platform and as we move further in future, more and more technology advancements will put the challenge to technology standardization. If we accept that fact, service architecture paradigm will allow enterprises to leverage new technologies in more flexible, open and easy manner.
Quicker and simpler solution composition
Making the software solution composition (highly productive, cost effective by reuse and ability to innovate solution patterns etc.) and development life-cycle (allows develop, testing and deployment done at service level where service being the modules of development and not the components) quicker and simpler is another difference SOA adoption can bring into the organizational DNA. This has long lasting implications, much wider than what we might think. Service architecture based development practice will bring innovation to transition typical ‘build’ intensive solutioning methodology to ‘composition’ intensive methodologies. This will not only allow the need of having large ‘coding’ teams with intense technology knowledge to be shifted to more ‘solution composition’ teams that may not so much technology intensive knowledge requirements. That way, today software development talent profiles are already upgrading themselves into new roles which I think is a positive change.
Business Scalability
Ability to support (and even ignite) the business growth (more services, more users, more geographies, more partners) through accelerated scalability, global integration capability and easy service on-boarding infrastructure is definitely a great win for business community. Business scale is not just in terms of doing more of the same but actually lot more of ‘doing different things’ for which time to market is a key differentiator. Service fabric of the business-IT architecture allows easier composition of the solution as we learnt in previous points and further to that, it ensure that when business goes out for scaling in terms of functionality, geographies, value chain expansion etc, the SOA enabled business-IT architecture acts as a enabler to support the change.

In general, I could say that SOA has lot in store to transform the organization but probably it is the seriousness that industry has to get to make it happen. I'm very confident that it will happen. What do you think?

 The benchmark numbers are impressive, and are for a dual CPU Intel Box. I wish the benchmarks used Java 1.5, which is approved in many enterprises rather than Java 1.6, which is not. But I do not think the numbers will be dramatically different.  

 Want to protect your SOA infrastructure from being flooded by badly written XML that does not conform to your schema? This could be an external denial of service attack, or more likely an error at the XML producer end. With SOA and agile development, there is the advantage of incremental development, but it is coupled with the risk of error prone code getting into your production or performance/staging environment.  The Intel SOAExpressway can validate XML to a schema at the rate of 507 MB/second, on a dual CPU box.

Want to validate the data that has come in using simple XSLT based rules? The Intel SOAExpressway provides XSLT processing at very high speeds. For example, specific fields could have valid ranges, or be constrained based on values of other fields.

An interesting feature of the SOAExpressway architecture, that it is not a pure appliance- non-XSLT based validations written in Java or C++  can also therefore be done on the XML data. As pointed out in this  excellent presentation on parleys.com(see slide #20,21) ,  there is always something that is very difficult, if not impossible to do in XML.

Want to convert about 1 GB of flat file into XML? It should take about 30 minutes or less with the SOAExpressway running on a dual CPU Intel Linux server. A past engagement showed a data volume of 50 MB per hour exchanged with an external application service provider. It would have been very convenient to use an appliance to validate, transform and import/export data using a product like the Intel SOA Expressway. The flat file to XML conversion is comparatively slower.

XML to XML conversions run a lot faster. The benchmark paper mentioned earlier, shows XML to XML conversions running at between: 500 KB per second to 41 MB per second. This is on a dual CPU box. This is not "wirespeed" as most appliance vendors hype, but it is enough to meet the needs of  many enterprise or even consumer facing enterprise portal needs. For example, consider a WML page of 4 KB on a cellphone, which is refreshed every 60 seconds. Assuming a transformation rate of 20 MB per second, a dual CPU server could support around 30,000 users.

XPath execution speeds in the  benchmark paper ranged from 400,000 to 1.5 million expressions per second. Using XPath to perform rule based validation, is thus very scalable using the Intel SOA Expressway. Incoming XML document can be validated for consistency, such as "To-date" being greater than from date.

Why not use XALAN instead? The manageability features of the SOAExpressway including basics such as SNMP Trap creation, Email notification, as well as the more advanced features such as  application level end-point support  and  Scriptable management using CLI are critical in an enterprise environment. 

A common problem in many SOA Projects is creating a "sub-set" XML document, from a given XML document. For example: The XML provided to you has 250 fields, but you need only 10 of them, in your application. A standard pattern is to read the large XML document, parse it to discover the 10 needed elements. The memory consumed in this parsing operation, can be large, causing frequent garbage collections.  Performing this operation on Intel SOAExpressway should be a lot faster than in the application server.  Moreover, you are  performing the transformation on a server that is comparatively cheaper. A fully loaded dual J2EE  Portal Server can easily cost  upwards of $100,000 per fully loaded server. In one portal project, about 95% of the portlets, called webservices on the backend, and transformed the XML so obtained, to generate the HTML markup. The  XML transformation load could be a large fraction of the CPU use on your expensive portal server.

In a given project, thinking about using a XML appliance may be difficult, but if XML Transformation and validation are provided as standard services, then this technology can percolate into the mainstream of your enterprise.

Clearly as it could be noticed based on all the papers presented, the service computing research community is heading towards developing platforms for large scale development.  By large scale development what I meant was development that not localized but distributed across many locations.

Also, I feel worth mentioning here is an intresting poster stuck near the registration desk, it talked about a mashup application.  An application which could help in monitoring and possibly predicting the effect of wild fire.  It took the information provided by google earth API's and weather information service. It is so interesting to see so many valuable innovation and possiblities through mashups.

After the initial excitement about Service Engineering, post lunch it was time for the topic which I have been looking for - Architecture for service based computing.  This tutorial proposed an 'Enterprise Service Architecture' (ESA) and gave the background and stressed on the fact of why this was necessary.  This explored the use of competence theory for answering few important questions that researchers perceived very essential. However, most interesting part of the tutorial was when the authors reviewed various frameworks that could be the basis of ESA.  Few of these frameworks that I remember were Porter's Value chain model, Business motivation model, Strategy maps, i*, and few more.  The tutorial was concluded by highlighting few gaps and setting few more motivations.  This being my area of interest, I feel there is lot research that needs to be put in both from formalizing it and finding ways to apply to real life situations.

The day ended with a simple and quite banquet, a regular tradition at any conference....

Will continute to post some interesting discussion at conference...

•          SOA Reference Model (SOA-RM) is a framework which captures the various capabilities/patterns (e.g. Multi Channel, Process Automation) required to effectively implement a service based information technology platform for achieving a specific business function or a set of business functions
•          These capabilities are grouped in 2 main categories
•          Functional – The capabilities in this category help the services meet a specific business function or a set of business functions
•          Non-functional – The capabilities in this category help the services meet the business functionality within the defined contracts
•          SOA-RM is not directly tied to any technology, standards or concrete implementations. It provides a common understanding that can be used across different implementations
•          Is superset of Reference Architecture: Reference Architecture is derived from Reference Model
•          Highest level of abstraction

•          SOA Reference Model (SOA-RM) is a framework which captures the various capabilities/patterns (e.g. Multi Channel, Process Automation) required to effectively implement a service based information technology platform for achieving a specific business function or a set of business functions
•          These capabilities are grouped in 2 main categories
•          Functional – The capabilities in this category help the services meet a specific business function or a set of business functions
•          Non-functional – The capabilities in this category help the services meet the business functionality within the defined contracts
•          SOA-RM is not directly tied to any technology, standards or concrete implementations. It provides a common understanding that can be used across different implementations
•          Is superset of Reference Architecture: Reference Architecture is derived from Reference Model
•          Highest level of abstraction

What’s the ‘Reference Architecture’
-          It defines a consistent vision of SOA throughout the enterprise/business Unit and  supplies the context (for identified patterns) for imposing best practices on development and deployment of SOA
-          It offers an architectural framework for planning SOA-based projects that maximize interoperability and reuse across the enterprise or business unit
-          It represents IT’s architectural alignment (through selection of technology stack) with the business objectives for SOA. In the process, this helps the business case associated with the SOA initiative, including infrastructure requirements (technology, process, etc) and investment priorities.
-          Guided by Reference Model
-          Drives towards concrete Technology Architecture. Considers Protocol, Standards, Specifications etc. Accounts for Business and Technical Requirements, IT/Business Goals

Lets take a real life example, to ensure the difference is clear enough. Reference model for a vehicle would be:
·         Need for a vehicle which would help to move from one place to another in a reasonably faster way
·         Must carry people in sitting position
·         Should have a mechanism to control the speed/direction
·         Either automatic or manual manoeuvre
·         May have cruise control

Now taking this to next level i.e. A Reference Architecture. Eventually you might end up having different Reference Architecture depending on the need of the final Vehicle. In this case, the Reference Architecture for a car would address the following
·         Must have seat to ‘carry people’
·         Must have engine ‘for speed’
·         Must have steering wheel to ‘control the direction’
·         Must have wheels ‘for movement’
·         Must be automatic
·         No need to have boots
·         No cruise control

Now concrete implementation would have
·         How many seat car should have – 2 seats or 4 seats or more
·         Engine capacity 1.2ltr or 2.0ltr or more
·         Size of the steering wheel
·         Number of Wheels – 4 or 6 or more

In terms of decreasing level of abstraction: Reference Model --> Reference Architecture (can be many RA for a RM) --> Concrete Implementations

For any meaningful process performance analysis, it’s imperative that the statics gathered through BAM have business significance. For this it is very important that business relevant high impact KPIs are defined during process design. ...

To define business relevant KPIs following methodology can be adopted

-         Define key objectives for BPM initiative, such as enhance customer responsiveness, improve quality, expand market share, reduce product design cost etc.

-         Translate the objectives into quantifiable goals, e.g. reduce turnaround time for customer on-boarding from 5 days to 2 days, increase new customer contacts in southern region to 45 per week, …

-         Having defined quantifiable goals for BPM initiative next step would be to identify candidate processes for implementation and categorize these processes into critical process, value add process, support process etc. Categorizing processes into these broad categories helps define goals for the process categories (and thus for each process), e.g. value add process have maximum potential for enhancing market penetration, increase revenue etc, while support processes greatly impact customer satisfaction.

-         Once processes are categorized and process goals are defined, business analysts would analyze each process and from the process goals derive matrices and KPIs for all critical activities

-         Next step is to set milestones and targets for improvements in these KPI measures

Defining KPIs derived from business goals helps analyze performance of the business processes and facilitates identifying real impediments in achieving the performance goals, which helps redesign the business processes and improve business performance

In my previous blog- I discussed the basic capabilities of XML appliances. In this and subsequent blogs, I  plan to discuss the advanced features of XML Appliances: Field Level Fine Grained Security, Rule Based XML validation, XML to HTML transformation, XML to WML transformation and XML to XML transformation.  In this blog entry, I will discuss only Fine Grain entitlements, and discuss other aspects mentioned above  in a subsequent blog entry. 

Fine grain entitlements for XML

           XML Appliances can provide fine grained security for enterprise data available in XML format.

A Customer Record could for example be split into four parts based on entitlement based on role:

• Sales Representatives can see Customer Record including internal discussions
• Account managers can see, notes made during Sales Calls including details of clients organization
• Support  Engineers can see technical details of past purchases by the client
• Accountants can see details such as credit limit as well as credit rating of the customer.

The entire customer record could be represented as a XML document, which is secured using fine grained role based entitlements.  The standard used to describe the fine grained security-XACML-is described in an informative tutorial  

The processing of role based security can be very CPU intensive. A XML appliance can process role based fine grained entitlements in a cost effective manner.

XML data so secured could be made available to portals such as WebCenter 2.0 from Oracle.  It could also be used to create HTML using XSLT transformation. For PC and mobile clients, with the CPU capacity, this transformation can be done on the client. For other clients.with limited CPU processing capbility, the XML appliance itself can perform this transformation.

When we study the history and operation of the Eisenhower System (a.k.a The Dwight D. Eisenhower National System of Interstate and Defense Highways | http://www.fhwa.dot.gov/reports/routefinder/), we will find many parallels to the information superhighway of the Enterprise, the Service Bus, such as

When I find that the product vendors are pushing the enterprise IT for ESB adoption, where IT managers do not know what to do with existing message queue or EAI investments, it is very similar to the 50 years of the Eisenhower system. The current system owners are afraid that they would need to give away many of their exiting processing capabilities for cheaper sourced processing capabilities, interconnected through the super highway. Meanwhile, the architects are marching with their big SOA roadmaps and plans to construct new adapters, services and composites (=exits, entrances, interchanges, bridges and routes), where they debate and argue about the intricacies of service naming, bundling and so on. The enterprise governance officials (=bureaucrats, senators and congressmen) are deep in their discussion on funding, leadership, ownership and contracting, where there are many business driven exceptions (=one of the congressmen want to change the route to include his consistency). 

So let me propose to all the SOA enthusiasts – Folks, we should study the 50 years of The Eisenhower System; it should be handy to build our new Service Bus driven IT enterprise Architecture.