Darren Wesemann Blog

At any given time, SunGard has hundreds of active projects involving the decomposition and evolution of its systems, legacy and contemporary alike.  We track and monitor these activities as an organization because many of them are collaborative in nature.  Our SOA effort (the SunGard CSA) enables the collaboration by ensuring reusability of work done, common standards, vision and strategy is achieved over time and an overall customer experience is controlled and enhanced.

I’m often asked how legacy decomposition is going at SunGard.  One customer even used the word “frightening” in a recent conversation where the size of the SunGard portfolio of applications was apparent in the dialogue, and he was curious if the sheer size of this effort would be adding inertia, such that the weight of each situation adds resistance to the whole, eventually slowing it down to a dead stop.  I was happy to report that due to the federated (decoupled and distributed) nature of the SunGard SOA effort (CSA) we’ve found that each project isn’t added weight, its parallel (weight none the less, just not additive), so even though a mammoth undertaking like this looks “frightening” on the surface, it’s actually quite systematic.  Our experience has been one of acceleration with each collaborative activity, rather than burdensome added weight.

Since my posting last month regarding Software-as-a-Solution I’ve noticed a number of additional variations on SaaS, and I find the many options being discovered and used in the real-world very interesting.  In this article I cover various other forms of XaaS (X-as-a-Service) or WaaS (Whatever-as-a-Service).

Various forms of service offerings have appeared on the Enterprise scene, solutions, information, applications, hybrids, infrastructure, etc.  The continual evolution of SOA related to services continues to expose new and interesting domains.  If you define Software-as-a-Service as merely a hosted web-application delivered in a subscription model (pay-as-you-go), you’re missing an entire movement that is appearing to grow ever more prevalent in many Enterprise-SOAs.

Information-as-a-Service, for example is access to business entity information (at real-time).  In Financial Services this may be customer portfolio information, market data, security master, etc.  The information sources are diverse (multiple disparate locations) but abstracted so the information service provides an abstraction to the original location and format, allowing the information to be accessed in a SOA way.  Formats may include XML, SQL, files or other domain specific formats such as FIX, SWIFT, etc.  Web-oriented information used in mashups and other compositions may be WSDL via SOAP over HTTP, or REST, RSS, etc.

Infrastructure-as-a-Service is yet another twist, which focuses on low-level capabilities (plumbing, or the stuff required to be there for any application to run, yet non-specific to applications).  These services include identity services, logging services, reporting services, etc.  This form of service shouldn’t be confused with the comprehensive footprint of the information fabric (the virtualized data layer).  I’m not sure the data layer can be a service (it’s in the information management domain).

Business services, application services, etc… (the list goes on) are yet other types of services showing up in the SOA scene.  Business services deliver a business capability, like a web service that submits a trade to an ORM, or a service that invokes a rules engine to check the suitability of a trade, these would be business services.  Application services would be those necessary components required for an application to function without relevancy to the business domain, but specific to the application.

These services even get sub-classed further, for example Information-as-a-Service may have to assume a common data model for highly shared data, as opposed to passing around huge amounts of data (imagine a data feed containing real-time exchange data replicated to every service requiring a price, as opposed to a shared master table).  Said common data may need to be the ‘context’ for a service to execute, and may contain results; therefore the model is an attribute or characteristic of the service, perhaps sub-classing the service.

My whole point is that there are all kinds of services.  I’m amazed at how simplistic most SOA approaches try to normalize services into the same thing, (like how many Registries treat every service as basically a simple invocation of something, where a little data is provided and an output is expected).  In order for services to be useful in real-world business solutions, the realization of the reality of the various kinds of services is essential.

Just fyi, if you’re subscribed to my blog RSS feed, the address is now:

http://www4.sungard.com/blogs/darrenWesemann/feed/

A popular theme these days is the software distribution method known as Software-as-a-Service.  Although it’s clear the capabilities of SaaS are finding tremendous uptake with applications such as CRM and related offerings, there are markets that require an enhanced context for software services to continue to grow.  Financial Services, for instance require highly configurable services due to the large amount of custom integration involved in software deployments.  This yields an emphasis on solutions that meet specific business needs, as opposed to the services that make up the solutions.  Perhaps Financial Services is not completely unique in this regard; however the need for a solutions-focus is emphasized due to complex integration requirements.  In this blog I’ll describe what SunGard has planned for delivering software solutions comprised of highly configurable services.

I’ve commented several times on SaaS (see SaaS Infinitely Configurable, Trend of Software Delivery Methods, Software-as-a-Service vs ASP).  Today, I’d like to extend those comments into the context of configurable solutions.  This is an area near and dear to my heart, because in the financial services sector, (the market I’m exclusively focused in), the SaaS model as it is generally offered, mostly doesn’t fit.  The reason is a CRM-like application doesn’t model the solutions servicing the needs of the typical financial institution.  In the financial services space, seldom can you simply log-in to an online application without intense data and functional integration to existing back-office systems.

Accordingly, software services offered in a hosted or SaaS fashion must not be the endgame, but rather components of what should be emphasized instead, which is the Solution!  So, from our perspective, it ought to be Software-as-a-Solution.

Back in November, SunGard held an event with industry analysts.  At the event, we announced our plan to address a solutions-focused Software-as-a-Service offering for our SOA enabled components.  You can read what was presented here.  We call the offering Infinity.  I’m very enthused about this direction, as it provides configurable components with the endgame being the solution, which directly solves a customer’s business problem.  This is what is needed to make SaaS work with financial institutions.

As I noted in my last post, SOAs have a mixed reputation due to the usual hype cycle of any new technology, and not much can live up to the peek of the hype. SOAs are are no different than most disruptive initiatives because it promises more than it can deliver, it involves people and processes, and is not well understood by business stakeholders. However, SOAs are indeed making significant and impressive headway.Evans Data Corp. conducted a Web Services Development Survey in December and found that more than 40 percent of the 400 web developers surveyed say are able to complete a typical SOA development effort within 3 months, which is more than half the time of the percentage a year ago. Also, more than 60 percent of all SOA projects are finishing within 6 months. Those are impressive, especially considering that traditionally there is a rather high rate of failure among enterprise technology projects.

John Andres, President of Evans Data Corp. concluded “…we are now moving from the SOA pilot stage into full live deployments, taking advantage of the reuse of frameworks and services thus driving the much improved productivity curve,… This adoption highlights the proven benefits that both the IT and line of business organizations achieve through their SOA efforts.”

I get asked a lot about .NET vs. Java for SOA implementations, (SunGard, for example has a full native SOA stack for both, since we grow through acquisition and don’t normally have the luxury of selecting one over the other, we have to embrace both). I’ve said before in this blog roll that it shouldn’t matter. Evans Data postulates that organizations are adopting .NET and Java for SOA in nearly equal proportions. And, as for the growth, Evans Data estimates that by 2009, two out of three SOA developers will be running most of their applications in managed code. Additionally, half of developers working on Web services are currently using AJAX, or plan to do so, over the coming 12 months (AJAX is of course Java/.NET agnostic, it’s equally available from both technologies).

Some more findings I thought were interesting include the number of companies with 40 or more Web services in production has doubled over the last two years, which is expected to double again over the next 12 months.

I’ve argued in past postings that the most difficult (and most important) element of an SOA strategy is the organizational support and governance process that follows. The Evans findings cite likewise that most companies indicated the two biggest challenges are determining the ROI for SOA projects obtaining organizational buy-in.

Also, speaking of adoption rates and the whole governance and business management aspect of SOAs, there’s an interesting quote from Jim Eckenrode, Managing Director, Banking and Payments Practice, TowerGroup in Bank Systems & Technology article: “SOA exploration — ranging from “skunkworks” projects to formal architectural plan development — will continue in 2007 at large banks around the globe. Ultimately, SOA will sail (or flounder) based not on banks’ abilities to manage complex technology, but rather, success will be determined on issues of governance and business management.”

As I mentioned in my blog on SOA governance SOA efforts (especially at large banks) are monumental tasks, requiring a very different paradigm (one of collaboration) to be engrained in the social infrastructure. This takes time. The technologies that enable SOA’s are available (granted, they have to be adopted, integrated, which also takes time and patience), but don’t underestimate the time it takes for a federated and collaborative process to be adopted.Regarding the technology, the expectation needs to be set (or reset as the case may be) that the changes technically are more likely a three to seven year evolution. Some of the confusion on SOA timing expectation likely came from the traditional notion of installing something “and you’re done”. You don’t “install” an SOA, rather you evolve your architecture and governance process towards it. As I’ve preached before starting small, and taking baby steps is a key to SOA success, and I see a lot of enterprises doing exactly that, which of course is slow, but progressive.

The IT industry in general likes to come up with new names and acronyms for things all the time, so over time we may be calling SOA something else (“SOA” is merely a renaming of multiple distributed computing attempts before it). But regardless of what it’s called, flexible composite solutions comprised of loosely coupled parts in a federated process is the goal for the organizations SunGard works with (25,000 customers). Many of our customers (mostly financial institutions) are motivated by intense market pressure to improve the way they do things and to respond quicker to the needs of their clients, (which in the financial services space, demand for innovative products is ever increasing). Whatever you call it, they will be investing heavily in agility.

Below is a brief recap of some of the topics that came up in my discussion with a senior IT executive:Don’t model your governance after any other process in your organization

Okay, I’m not suggesting you start from scratch exactly; in fact there are likely a number of existing processes that can be leveraged. The reason for my bold, possibly misleading header for this paragraph is that in his case he had a process that existed for years, which defined how a particular department worked on business requirements and how the workflow occurred of handing those off onto IT for architecture and implementation (all in a vacuum, without regard to stuff already in place or things needed by other departments). He indicated that he tried widening that very process to include multiple organizations working in SOA fashion. This attempt resulted in frustration and ultimately failed because each department had their own methods and mechanisms, and no one was prepared for the paradigm shift of interfacing in a common way. Each silo resulted from disparate thinking, so pulling one into the other didn’t seem to work.

Governing a federated service-oriented process requires a dramatic culture change, differing from most other approaches to workflow for IT than most existing paradigms. A large part of figuring this out stems from understanding and accepting that principle. In an SOA, we proliferate services that may originate from previously disconnected departments. Functions are then brought together to form solutions in composite form with common services and reuse. Infrastructure services like databases, service busses and security are normalized across the platform so that economies of scale and common standards can be taken advantage of. So, the first suggestion is to throw away any notion that an existing process can merely be spread across the organization.

Consider the types of business processes

There are levels and paradigms involved in a business, therefore SOA governance should be patterned after each organizational role. Consider the business, how it captures requirements, consider the IT organization and how architecture is defined, where it’s defined and why. Remember there are operational attributes that work in certain ways, such as run-time environments, production support and networks. Think about the security requirements (from user authentication to entitlements to data protection and privacy), not to mention regulatory compliance, which happens to be a key topic for banks. All things considered, SOA governance must involve characteristics deeply embedded throughout the business.

Ensure certain attributes in each area are covered

We discussed a bit about what each area of the process needs to include and we brainstormed over some key characteristics. The first was measurements, meaning objective attributes that could be used to hold certain departments and people accountable to important parts of the workflow. We reviewed the importance of incentivizing key stakeholders in each department to ensure compliance with SOA requirements, and to hold them accountable to the process for proper discipline. We discussed open communication and availability of measurement in the process, for complete transparency.

The Gartner ICC

Gartner preaches a concept referred to as the Integration Competency Center. I’ve found that concept to be solid, and in practice it’s a key part of putting an SOA governance model together, in particular with organizations involving disparate silos. I mentioned this concept and related some examples in our experience at SunGard in terms of a central team to manage the overall process.

Putting the pieces together

Through the previous topics, a lot of ground work was laid to piece together the parts of a service-oriented governance process. We first discussed standards. It’s important to lay down what data models, what busses, what databases, what server architectures, what interfaces will be accepted. Including how development is done and what tools are used. There’s far more in those standards than can be defined initially, so the process needs to consider how the standards are amended, extended, modified, and how they live.

Next, the framework that implements the standards needs to be considered, so the actual architecture of the run time infrastructure can come together. This should describe the overall network, how software executes and how computing resources are provisioned.

Eventually we got on the topic of policies. We discussed things like scoping and lifecycles of services, version control, regulatory constraints and conditions for quality and production deployment, including maintenance and SLA’s. Which lead us to operational management, which deals with how to operate the production environment and the support from a user perspective.

Whew… and that’s just the tip of the iceberg. In a nutshell, any successful global governance model for SOA will be a combination of the standards, policies, as well as the interoperability of departments, functionality and requirements. The process must define everything from requirements gathering to architecture to development to deployment and to operation management and support. A central team (the ICC) optimizes the governance where disparate silos of teams and departments are involved. It ensures that control and accountability remains in place. It needs to provide standards for data, for technology and for interoperability, as well as guidelines for teams to work together, find common ground, abstract the variable and normalize the reusable parts.

As I indicated toward the beginning, you can leverage existing processes (SOA is all about leveraging existing stuff anyway), but keep in mind the paradigm shift involving a central team for measuring, ensuring accountability and overall governing the process with possibly a new way of interfacing with each team.