Darren Wesemann Blog

A popular theme these days is the software distribution method known as Software-as-a-Service.  Although it’s clear the capabilities of SaaS are finding tremendous uptake with applications such as CRM and related offerings, there are markets that require an enhanced context for software services to continue to grow.  Financial Services, for instance require highly configurable services due to the large amount of custom integration involved in software deployments.  This yields an emphasis on solutions that meet specific business needs, as opposed to the services that make up the solutions.  Perhaps Financial Services is not completely unique in this regard; however the need for a solutions-focus is emphasized due to complex integration requirements.  In this blog I’ll describe what SunGard has planned for delivering software solutions comprised of highly configurable services.

I’ve commented several times on SaaS (see SaaS Infinitely Configurable, Trend of Software Delivery Methods, Software-as-a-Service vs ASP).  Today, I’d like to extend those comments into the context of configurable solutions.  This is an area near and dear to my heart, because in the financial services sector, (the market I’m exclusively focused in), the SaaS model as it is generally offered, mostly doesn’t fit.  The reason is a CRM-like application doesn’t model the solutions servicing the needs of the typical financial institution.  In the financial services space, seldom can you simply log-in to an online application without intense data and functional integration to existing back-office systems.

Accordingly, software services offered in a hosted or SaaS fashion must not be the endgame, but rather components of what should be emphasized instead, which is the Solution!  So, from our perspective, it ought to be Software-as-a-Solution.

Back in November, SunGard held an event with industry analysts.  At the event, we announced our plan to address a solutions-focused Software-as-a-Service offering for our SOA enabled components.  You can read what was presented here.  We call the offering Infinity.  I’m very enthused about this direction, as it provides configurable components with the endgame being the solution, which directly solves a customer’s business problem.  This is what is needed to make SaaS work with financial institutions.

As I noted in my last post, SOAs have a mixed reputation due to the usual hype cycle of any new technology, and not much can live up to the peek of the hype. SOAs are are no different than most disruptive initiatives because it promises more than it can deliver, it involves people and processes, and is not well understood by business stakeholders. However, SOAs are indeed making significant and impressive headway.Evans Data Corp. conducted a Web Services Development Survey in December and found that more than 40 percent of the 400 web developers surveyed say are able to complete a typical SOA development effort within 3 months, which is more than half the time of the percentage a year ago. Also, more than 60 percent of all SOA projects are finishing within 6 months. Those are impressive, especially considering that traditionally there is a rather high rate of failure among enterprise technology projects.

John Andres, President of Evans Data Corp. concluded “…we are now moving from the SOA pilot stage into full live deployments, taking advantage of the reuse of frameworks and services thus driving the much improved productivity curve,… This adoption highlights the proven benefits that both the IT and line of business organizations achieve through their SOA efforts.”

I get asked a lot about .NET vs. Java for SOA implementations, (SunGard, for example has a full native SOA stack for both, since we grow through acquisition and don’t normally have the luxury of selecting one over the other, we have to embrace both). I’ve said before in this blog roll that it shouldn’t matter. Evans Data postulates that organizations are adopting .NET and Java for SOA in nearly equal proportions. And, as for the growth, Evans Data estimates that by 2009, two out of three SOA developers will be running most of their applications in managed code. Additionally, half of developers working on Web services are currently using AJAX, or plan to do so, over the coming 12 months (AJAX is of course Java/.NET agnostic, it’s equally available from both technologies).

Some more findings I thought were interesting include the number of companies with 40 or more Web services in production has doubled over the last two years, which is expected to double again over the next 12 months.

I’ve argued in past postings that the most difficult (and most important) element of an SOA strategy is the organizational support and governance process that follows. The Evans findings cite likewise that most companies indicated the two biggest challenges are determining the ROI for SOA projects obtaining organizational buy-in.

Also, speaking of adoption rates and the whole governance and business management aspect of SOAs, there’s an interesting quote from Jim Eckenrode, Managing Director, Banking and Payments Practice, TowerGroup in Bank Systems & Technology article: “SOA exploration — ranging from “skunkworks” projects to formal architectural plan development — will continue in 2007 at large banks around the globe. Ultimately, SOA will sail (or flounder) based not on banks’ abilities to manage complex technology, but rather, success will be determined on issues of governance and business management.”

As I mentioned in my blog on SOA governance SOA efforts (especially at large banks) are monumental tasks, requiring a very different paradigm (one of collaboration) to be engrained in the social infrastructure. This takes time. The technologies that enable SOA’s are available (granted, they have to be adopted, integrated, which also takes time and patience), but don’t underestimate the time it takes for a federated and collaborative process to be adopted.Regarding the technology, the expectation needs to be set (or reset as the case may be) that the changes technically are more likely a three to seven year evolution. Some of the confusion on SOA timing expectation likely came from the traditional notion of installing something “and you’re done”. You don’t “install” an SOA, rather you evolve your architecture and governance process towards it. As I’ve preached before starting small, and taking baby steps is a key to SOA success, and I see a lot of enterprises doing exactly that, which of course is slow, but progressive.

The IT industry in general likes to come up with new names and acronyms for things all the time, so over time we may be calling SOA something else (“SOA” is merely a renaming of multiple distributed computing attempts before it). But regardless of what it’s called, flexible composite solutions comprised of loosely coupled parts in a federated process is the goal for the organizations SunGard works with (25,000 customers). Many of our customers (mostly financial institutions) are motivated by intense market pressure to improve the way they do things and to respond quicker to the needs of their clients, (which in the financial services space, demand for innovative products is ever increasing). Whatever you call it, they will be investing heavily in agility.

Below is a brief recap of some of the topics that came up in my discussion with a senior IT executive:Don’t model your governance after any other process in your organization

Okay, I’m not suggesting you start from scratch exactly; in fact there are likely a number of existing processes that can be leveraged. The reason for my bold, possibly misleading header for this paragraph is that in his case he had a process that existed for years, which defined how a particular department worked on business requirements and how the workflow occurred of handing those off onto IT for architecture and implementation (all in a vacuum, without regard to stuff already in place or things needed by other departments). He indicated that he tried widening that very process to include multiple organizations working in SOA fashion. This attempt resulted in frustration and ultimately failed because each department had their own methods and mechanisms, and no one was prepared for the paradigm shift of interfacing in a common way. Each silo resulted from disparate thinking, so pulling one into the other didn’t seem to work.

Governing a federated service-oriented process requires a dramatic culture change, differing from most other approaches to workflow for IT than most existing paradigms. A large part of figuring this out stems from understanding and accepting that principle. In an SOA, we proliferate services that may originate from previously disconnected departments. Functions are then brought together to form solutions in composite form with common services and reuse. Infrastructure services like databases, service busses and security are normalized across the platform so that economies of scale and common standards can be taken advantage of. So, the first suggestion is to throw away any notion that an existing process can merely be spread across the organization.

Consider the types of business processes

There are levels and paradigms involved in a business, therefore SOA governance should be patterned after each organizational role. Consider the business, how it captures requirements, consider the IT organization and how architecture is defined, where it’s defined and why. Remember there are operational attributes that work in certain ways, such as run-time environments, production support and networks. Think about the security requirements (from user authentication to entitlements to data protection and privacy), not to mention regulatory compliance, which happens to be a key topic for banks. All things considered, SOA governance must involve characteristics deeply embedded throughout the business.

Ensure certain attributes in each area are covered

We discussed a bit about what each area of the process needs to include and we brainstormed over some key characteristics. The first was measurements, meaning objective attributes that could be used to hold certain departments and people accountable to important parts of the workflow. We reviewed the importance of incentivizing key stakeholders in each department to ensure compliance with SOA requirements, and to hold them accountable to the process for proper discipline. We discussed open communication and availability of measurement in the process, for complete transparency.

The Gartner ICC

Gartner preaches a concept referred to as the Integration Competency Center. I’ve found that concept to be solid, and in practice it’s a key part of putting an SOA governance model together, in particular with organizations involving disparate silos. I mentioned this concept and related some examples in our experience at SunGard in terms of a central team to manage the overall process.

Putting the pieces together

Through the previous topics, a lot of ground work was laid to piece together the parts of a service-oriented governance process. We first discussed standards. It’s important to lay down what data models, what busses, what databases, what server architectures, what interfaces will be accepted. Including how development is done and what tools are used. There’s far more in those standards than can be defined initially, so the process needs to consider how the standards are amended, extended, modified, and how they live.

Next, the framework that implements the standards needs to be considered, so the actual architecture of the run time infrastructure can come together. This should describe the overall network, how software executes and how computing resources are provisioned.

Eventually we got on the topic of policies. We discussed things like scoping and lifecycles of services, version control, regulatory constraints and conditions for quality and production deployment, including maintenance and SLA’s. Which lead us to operational management, which deals with how to operate the production environment and the support from a user perspective.

Whew… and that’s just the tip of the iceberg. In a nutshell, any successful global governance model for SOA will be a combination of the standards, policies, as well as the interoperability of departments, functionality and requirements. The process must define everything from requirements gathering to architecture to development to deployment and to operation management and support. A central team (the ICC) optimizes the governance where disparate silos of teams and departments are involved. It ensures that control and accountability remains in place. It needs to provide standards for data, for technology and for interoperability, as well as guidelines for teams to work together, find common ground, abstract the variable and normalize the reusable parts.

As I indicated toward the beginning, you can leverage existing processes (SOA is all about leveraging existing stuff anyway), but keep in mind the paradigm shift involving a central team for measuring, ensuring accountability and overall governing the process with possibly a new way of interfacing with each team.

As the SaaS hype cycle continues to climb, deficiencies are becoming apparent, such as true configurability of the desired solution, in other words if it’s merely a canned app, aren’t we just talking about ASP? Click more below to see what’s up SunGard’s sleeve relative to SaaS. I’ve been itching to blog specifically about our SaaS strategy for several months, as we’ve been working diligently on what I would argue is the natural evolution of Software-as-a-Service.
To set the context, consider the celebrated market leader of the SaaS approach, Salesforce.com. Clearly, Salesforce.com has revolutionized the way we think about software delivered in service form, and kudos to their continued efforts in making inroads into proliferating the benefits. Back in October (at the Dreamforce conference), the Apex language and platform for easier extensions, additions, etc. expanding the “reach, scope, and depth of applications available through the AppExchange and will enable any type of enterprise application to be delivered on demand”, see apex press release. Great move, as it fosters the service delivery concept by allowing anyone to leverage the AppExchange SaaS platform.

The next meaningful move was yesterday’s announcement that an integrated billing feature is now part of the platform, see monetization press release. Dubbed “AppStore” the initiative provides a list of commercial services for marketing, selling, invoicing and delivering applications via AppExchange. As a firm believer in the tremendous value of delivering software in service form (“on-demand”), this is truly exciting. Likely we will soon see SaaS registries pop up all over the place with integrated commercial services as well as openness to extend, even register new software.

Having said all that, in environments where integration and customization is commonplace (i.e. situations where an off-the shelf, canned, on-demand application won’t fit), there is a need to add something to the on-demand model. In these environments, the real value of SaaS will come when the software made available is truly configurable (infinitely configurable) which is what SunGard is aiming at contributing to the SaaS movement through a new offering branded “Infinity”. The keys to “infinitely configurability” are standards and decomposed services. The standards provide automated service-oriented ways in which composite solutions come together with less work, and decomposed services ensure there is useful content to draw from.

The reason for the focus on this for a company like SunGard (as a provider of software to the Financial Services industry) is because most of our solutions are intenerated tightly with our customer environments. Configurability is a key part of the value we provide to Banks, and I believe we can bring this focus and context to the SaaS movement. Infinity includes infrastructure services (such as the commerce support in AppStore), which support the delivery of components to the financial services industry for the purpose of configuring them into composite solutions, such as: Support call center Training portal Collaborative forms Quality center (CoE) for testing components for compliance Marketplace to search for applicable components Provisioning components for production consumption Billing (commerce services) Registry to host the definitions of each service component Composite solution shell Utility stack for integration, data mapping, extension, etc. The infinite configurability is enabled by a combination of the composite solution shell and the utility stack mentioned above. Together they enable a custom solution that works more like an admin configuring a user with comprehensive entitlements, as opposed to a software developer building a custom solution. Real powerful stuff… More on Infinity to come…

As a follow up to my last blog, (Trend Virtual), I continue to see more evidence that the expectation is that the service delivery of software will overtake the traditional binary-installation delivery of software at some point. Perhaps not next year, or even five years from now, but the growth projected is intriguing. A Gartner report predicts that Software-as-a-Service (accounting for merely 5% of spending last year), will increase to 25% by 2011, a healthy increase in merely 5 years from now. I wonder if the real number will be a bit higher, because Gartner’s predictions are heavily weighted with CRM sales (although Salesforce.com is clearly leading the way in CRM SaaS delivery, there are many other industries that have been working diligently on decomposing apps into configurable services for delivery in an SaaS model… like, for example, SunGard, but more on that in a future blog soon).

The first hurdle in SaaS was to break the barrier of complexity and cost, and the undisputed leader there is Salesforce.com. They blazed the trail of simple and cheap in a hosted domain, which many consider the cornerstone of the SaaS movement. But the reality is that all the model gives us is what the ASP movement promised six years ago.

I attended the inaugural ASP Forum, and with all the hype and excitement running around back then, it’s amazing it took this long, (and a renaming, SaaS) in order to realize substantial growth of hosted applications in a subscription model. I wondered back then if the market would adopt hosted applications as a service. As I look at where things have evolved to, all we really have in SaaS-touted services are canned applications that happen to be hosted. Wouldn’t hosted components of functionality that can be orchestrated into a custom composite solution be far more advantageous? I’ll get to that in a minute.

A list of tech startups attempted to sell hosted software to companies in the late 90’s with the launch of the ASP industry, but most weren’t tuned for the Web, and also carried with them complex implementations and large costs producing a tremendous barrier to widespread market acceptance. Conventional apps hosted as services from the big boys (Microsoft, Oracle, SAP, etc.) haven’t had much success either. Again, the key being Salesforce’s attack on the complexity and cost of the traditional approach, nailing down the simple and cheap. Can the SaaS movement learn from the simple and cheap approach and evolve beyond the canned application, into the hosting of components (decomposed parts of applications), for flexible orchestration into custom, composite solutions? I think so, and that’s where SunGard is heading. Still, more on that in a minute.

With nearly a half million end-user licenses, a 63% growth last quarter, almost a half billion in revenue, Salesforce has clearly proven the SaaS model works when done right, even though it’s a canned app. With the introduction of AppExchange, it appears Salesforce understands the need to build a community ecosystem of additional functionality in the service model to continue its aggressive growth. First appearing in January, AppExchange includes more than 200 applications from partners (like Adobe, Business Objects, Google, Skype, etc…), providing applications beyond CRM, such as HR, marketing, finance and others. Clearly, Salesforce is attempting to be more of a platform for services as opposed to a canned app. This is the right direction, and where SaaS is going.

The key though is the availability of configurable components, which doesn’t appear to be the reality just yet. That’s where it needs to end up. Here’s an example of why that’s important. DuPont is a legacy user of SAP’s conventional CRM application (installed internally and custom integrated with several internal systems such as inventory and manufacturing data links), as well as a user of the SaaS CRM service of Salesforce. Since Salesforce is running remotely as a canned app there are little flexibilities DuPont is left with to make of Salesforce what it specifically needs, instead it’s limited to what the canned app does. Also, since Salesforce does not have the ability to install any software (it’s 100% hosted), there are simply some needs from some customers that can’t be accommodated. As a result, over 10,000 users rely on SAP’s system, while merely 500 use Salesforce. What if components of functionality were available in a registry and the ability to write custom components to round-out hosted services was possible? That’s where SunGard is headed.

SunGard is in a unique position as both a provider of installed software as well as a hosting entity for services in terms of it’s breadth of applications and application-components to the financial services industry. Specifically in wholesale banking, SunGard provides more comprehensive software solutions than anyone else. With such a wide variety of offerings, SunGard does not suffer from the risk of commoditization of a core offering, such as CRM in the case of Salesforce. Instead, the breadth of components can be made available as individual hosted or installed services, with the ability to be combined or orchestrated in solutions involving not only existing SunGard components but partner and even customer-defined components to ensure the unique and individual needs of each customer are realized.

This effort constitutes the next step in the SunGard CSA initiative, as it evolves far beyond an internal collaborative process and technology, and into a community of partners and customers through hosted (and locally installed where required) composite solutions. I consider two keys to the success of this CSA evolution. The first being a robust collection of components in the CSA product registry, (from not only SunGard business units but various partners as well). And, second being the ability to easily orchestrate solutions by a mixture of enablement, adding custom components and integration with existing systems. SunGard will be making these key areas available over the next 12 to 18 months in pilot scenarios, and will make general availability of this configurable SaaS concept accessible shortly thereafter.

I’ve long wondered if the Eclipse foundation, with all its successes, would eventually run into issues due to the competitive support provided by Sun behind the NetBeans initiative. Apparently Mike Milinkovich (of the Eclipse Foundation) said Eclipse has recognized its first committer to an Eclipse project came from Sun, (into the SWT for x86 Solaris, and Simon Phipps (of Sun) approached the Eclipse Foundation regarding Sun developers contributing to other areas of Eclipse. I’m hoping this continues.

Heads up, Iona has open sourced their ESB, dubbed Celtix 1.0, and is a Java-based ESB (hosted by the ObjectWeb Consortium). Apparently Celtix doesn’t rely on a central hub, so it’s more distributed than most ESBs. It should run with any Java Business Integration container and features an implementation of the JAX-WS (Java API for XML Web Services) specification for building Web services-based Java applications. SOAP is supposed to be supported natively as well as multiple transports such as JMS, XML, and HTTP.

I’ve heard Celtix is best for small non mission-critical applications, but that it doesn’t rely on a central hub. Other open source ESB’s include SymphonySoft’s Mule and LogicBlaze’s ServiceMix.