may 2006everware-cbdi.com/public/downloads/pURv0/journal2006-05.pdf · capabilities of the ESB and...
Transcript of may 2006everware-cbdi.com/public/downloads/pURv0/journal2006-05.pdf · capabilities of the ESB and...
CBDIJournal2 Editorial
On Evolution and Natural Selection
4 Best Practice ReportThe Service Oriented Infrastructure (SOI)
Maturity ModelWhile SOA infrastructure may be project specific in the early stages, it rapidly becomes apparent that there are real benefits to be gained from standardizing to some extent at the enterprise level. In developing the enterprise SOA infrastructure it is useful to use maturity modeling techniques and in this report we explore an approach that extends and specializes the guidance we have given
in a our general maturity model reports.By Lawrence Wilkes
13 Best Practice ReportBSP for SOA
Within the CBDI service engineering approach, business modeling is used at two distinct levels – at the planning level (as input to business design and service planning) and at the requirements level (as input to service design, acquisition and management). In this article, we shall discuss the development of high-level business
models for planning purposes.By Richard Veryard
23 Best Practice ReportApplying Product Line Techniques to SOA –
Part IIOften separate consumers of a service will follow slightly different processes or require slightly different information for their particular business sector or domain. In addition to loose-coupling, SOA provides the architectural mechanisms to enable many types of variability at both design-time and runtime. But this is also a key driver behind software product lines and application family engineering, two well established software techniques. Part 1 of this series explored methods for identifying reusable components and enabling service variability. Once variability has been introduced, managing configurations becomes critical. This article explores the similarities and differences in configuration management between typical SOA
development and the software product line methodologies.By John Butler
Independent Insight for Service Oriented Practice
may 2006
ISSN 1745–1884
Editorial
www.cbdiforum.com
Business processes are
constantly evolving. You
ignore the organizational
issues at your peril.
On Evolution and Natural Selection
My current reading is This Thing of Darkness by Harry
Thompson, a fictional account of the voyages of the Beagle.
The Beagle survey took five years, two-thirds of which
Charles Darwin spent exploring on land. He studied a rich
variety of geological features, fossils and living organisms, and met a wide
range of people, both native and colonial. He methodically collected an
enormous number of specimens, many of them new to science.
At one point Thompson tells how Darwin crossed the Andes from Chile
to Mendoza, Argentina by mule train, with the pack animals piled high
with bulging sacks of geological specimens and incredibly Darwin’s bed.
They crossed the continental divide at a height of thirteen thousand feet
at a height that was under snow all year round, incredibly cold where no
one had ever lived.
On the way down Darwin set animal traps and succeeded in catching a
mouse. He observed that the animal was quite different from the animals
on the other side. His guides confirmed that all the animals on the Chilean
side are different from those on the Mendoza side – while the condors fly
from one side to the other, the animals will not cross the passes because
it is too cold. So the Chilean animals and the Mendocino animals are all
quite different.
This was perhaps the beginning of Darwin’s thinking about evolution,
and was later corroborated many times over with tangible evidence of
independent development. A good example is that every island in the
Galápagos Archipelago had its own kind of tortoise, these had originated
from a single tortoise species and had adapted to life on the different
islands in different ways.
The parallels with today’s modern enterprise are way too close for
comfort. We see most enterprises are organized in such a way that
business processes are constantly evolving in a manner that is
specialized to particular lines of business. While there is increasingly
centralized planning of technology infrastructure, there is typically almost
no central or coordinated planning of data and applications/services. In
this environment evolutionary business pressures inevitably and quickly
create variants that have interesting consequences for business.
Darwinians might suggest divergence is good news for a corporation,
strengthening the species by natural selection. However the obvious
cbdi journal © CBDI Forum Limited, May 2006 �
downside is excess cost – incurred through massive
duplication of functionality across lines of business
generate huge, unnecessary life cycle costs. Even
more worrying we can see evidence everywhere that
divergent data and processes cause inconsistent
customer experience that is a major problem in many
businesses today.
Over the past year we have written and talked a
lot about standardization as a key mechanism
underpinning SOA. We suggest it is vital that business
management decide on what areas of the business
should be standardized and which should be allowed
(encouraged even) to evolve and innovate. In effect the
question of standardization vs variation becomes an
essential part of business strategy, a topic that has
been inadequately debated in corporate boardrooms.
If one listened too closely to vendor marketing one
might have been persuaded that adaptability (or
agility, flexibility, responsiveness etc) were the primary
justification for service architecture. Yet standardization
of foundation stones such as customer experience
based on consistent customer data, is about stabilizing
corporation data and process rather than increasing
the rate of change.
I don’t suggest that SOA doesn’t deliver more adaptable
environments. It does because formalization of well
designed, contractually based interfaces is going to
reduce the horizon and cost of change. However the
notion that everything is in a state of constant change
is complete nonsense. Rather each enterprise needs
to decide where it’s innovation dollars should be spent,
and stabilize areas that will obviously have a high level
of continuity.
In his time Darwin’s ideas were considered heretical
and he did much of his work in secret. Darwin’s book,
On the Origin of Species by Means of Natural Selection,
set off a public controversy which he monitored closely,
keeping press cuttings of thousands of reviews,
articles, satires, parodies and caricatures. The SOA
parallel is that managing business standardization
and variation requires profound changes in the way
a corporation is run. Much of this change is inevitably
going to be unpopular with LOB managers who are
used to controlling their own business processes and
IT investment, and are not accustomed to operational
collaboration with their peers.
There is growing understanding that the key to SOA is
solving the organizational issues. It is all too easy to
push ahead with projects and technology infrastructure.
These are controllable matters that we technologists
understand. But you ignore the organizational issues
at your peril. You will find that natural selection and
evolution will continue to happen apace that completely
undermines all the investment put into SOA.
David Sprott, CBDI, May 2006
Best Practice Report
� cbdi journal © CBDI Forum Limited, May 2006
By Lawrence Wilkes
The Service Oriented Infrastructure (SOI) Maturity Model
While SOA infrastructure may be project specific in the early stages, it rapidly becomes apparent that there are real benefits to be gained from standardizing to some extent at the enterprise level. In developing the enterprise SOA infrastructure it is useful to use maturity modeling techniques and in this report we explore an approach that extends and specializes the guidance we have given in a our general maturity model reports.
IntroductionIn our Maturity Model reports1 we have conventionally included operational infrastructure as one activity stream in order to guide and manage the SOA infrastructure development in line with application driven requirements.
In practice many enterprises are acquiring SOA infrastructure on a project by project basis because this is the natural driver and justification for the investment. Consequently there is a tight linkage between infrastructure and application needs. However most enterprises will come to recognize the significant opportunities that are created by some level of infrastructure standardization and it may often be that investment in common infrastructure is one of the first and most obvious steps to enterprise SOA adoption.
There are always linkages between SOA infrastructure and applications, however as the infrastructure increasingly supports a broadly based set of business service needs the relationship changes from specific feature function support to macro issues such as consistent security, trust and SLA architectures; consolidation of resources to deliver economies of scale and scalability and so on.
In this report we suggest that the enterprise Service Oriented Infrastructure (SOI) has a maturity model that needs to be addressed, communicated and managed in a manner that is largely independent of individual application programs. Further we suggest that by delivering levels of cost, adaptability and standardization, SOI maturity is potentially an important enabler of new business strategies.
1The SOA Maturity Model. http://www.cbdiforum.com/secure/interact/2005–12/The_SOA_Maturity_Model.php. The SOA Maturity Model – Part II http://www.cbdiforum.com/secure/interact/2006–0�/The_SOA_Maturity_Model_Part2.php
Service Oriented InfrastructureService Oriented Infrastructure (SOI) is a generic term used for the infrastructure to support SOA. It is useful to see this from two perspectives. From one, infrastructure is seen as an enabler of the Business SOA. For example, the current focus in the early learning and integration stages of SOA Maturity on the use of an Enterprise Service Bus (ESB) as an agile mechanism to facilitate the delivery of Business Services. We term this SOA Infrastructure which we define in Box 1.
However, from a second perspective we can see that the infrastructure to support SOA will go through its own separate maturity model as it becomes Service-based. That is, infrastructure itself increasingly adopts the SOA approach, delivering its capability through published Services and conforming to the principles of SOA such as loose coupling.2 This view is consistent with the use of the term SOI we have seen presented by Intel, Microsoft and the grid community. To differentiate however, we therefore define this as Service-Based Infrastructure (SBI) as shown in Box 2.
SOA Infrastructure is the IT infrastructure that supports delivery of SOA.
Key capabilities are:
Ability to support the delivery of Business Services
Support for Service as a 1st order concept
Mediation of Service Requests
Management of Services to Service Level Agreements
Key components are:
Enterprise Service Bus (ESB) – to provide integration and mediation capability
Network – to provide local and wide area connectivity
Security – to ensure integrity and confidentiality, and manage access
Service Management – to manage and deliver Quality of Service (QoS) according to Service Level Agreements (SLA)
Registry – to manage publication and discovery of Services.
Box 1. SOA Infrastructure Defined
•
•
•
•
•
•
•
•
•
Service Based Infrastructure (SBI) is IT infrastructure that adheres to the principles of SOA. Key characteristics of SBI are:
Service-Based – infrastructure capabilities are exposed as published Services
Virtualization of Resource – Physical resources are not dedicated to specific applications or users, but allocated from a shared pool as required
Location Independence – Physical resources are location independent (internal or external)
Policy-Based – Usage and allocation of resource is determined by policies
Separation of Concerns – infrastructure capabilities are separated from the IT processes that manage them
Box 2. Service Based Infrastructure Defined
•
•
•
•
•
2Principles of Service Orientation. http://www.cbdiforum.com/secure/interact/200�–0�/Principles_of_Service_Orientation.php
cbdi journal © CBDI Forum Limited, May 2006 5
6 cbdi journal © CBDI Forum Limited, May 2006
The Service Oriented Infrastructure (SOI) Maturity Model continued . . .
Figure 1 differentiates between,
SOA Infrastructure. The infrastructure needed to support the Business SOA. Primarily the capabilities of the ESB and network. It should also be recognized that the separation of concerns in SOI requires the same mediation and networking capability as the Business SOA. That is, the consumers of SOI such as IT processes are loosely coupled to infrastructure resources, and may require an ESB to mediate the connection between them.
General Purpose SOI. The underlying network, compute and data resources that support business or IT applications – regardless of whether that application is itself Service-Based.
SOA Infrastructure as SBI. The components such as ESB that provide the SOA Infrastructure will themselves become Service-based.
•
•
•
Orthogonal to these layers are the capabilities that are again relevant to the Business SOA and SOI. For example:
Security infrastructure is required to ensure secure use of both the Business SOA and the SOI. E.g. authentication of IT operators is as relevant as Business Users.
Management. The Service-based provisioning of resources and monitoring of their status is equally applicable to business application resources and infrastructure resources.
Governance over the IT processes applies equally whether the process is one of delivering the business SOA or the SOI. The Service Lifecycle3 is applicable to both Business Services and Infrastructure Services.
•
•
•
3The Service Lifecycle. http://www.cbdiforum.com/secure/interact/2005–11/the_service_lifecycle.php
Figure 1: SOI Layers
The scope of SOI is shown in Figure 1:
SOA Infrastructure
cbdi journal © CBDI Forum Limited, May 2006 �
Again, each of these capabilities will also become Service-based, with Security and Systems Management already well down that track.
CBDI SOI Maturity ModelAs discussed, the infrastructure to support the Business SOA is not necessarily Service-Based. That is, it may support the delivery of Service-based business solutions that use the Business SOA, but the infrastructure capability itself does not apply the principles of SOA. This is reflected at Level 1 (SOA Support) of our SOI Maturity Model shown in Figure 2.
The key change to SOI occurs at Level 2 (Integrated), when the infrastructure itself becomes Service-based. At Level 2 infrastructure capability is exposed as Services enabling integration of capabilities from different providers such as external infrastructure Service providers, or Services exposed from internally operated infrastructure (typically
purchased from a platform or middleware vendor – or open source). An example of the type of capabilities that might be assembled this way to support IT processes is shown in our recent report on IBM Tivoli enabling Service Oriented Management4.
We first introduced the Infrastructure Services Architecture (ISA) concept in an earlier report on ESB5.In the same way organizations require a Business Service Architecture (BSA), to enable assemblies of infrastructure capability requires an ISA defining the set of Services for each infrastructure domain (e.g Systems Management, Security, Mediation, etc).
If infrastructure capabilities from different sources are to be orchestrated in the same IT process, clearly it is advantageous if Services from various providers conform to a standardized Service specification. As with the BSA, not every Service in the ISA needs be standardized, but the ability to plug & play different providers together, or dynamically mediate between different Services depending
Figure 2: CBDI SOA Maturity Model
4IBM Tivoli–Enabling Service Oriented Management. http://www.cbdiforum.com/secure/interact/2006–01/IBM_Tivoli_Enabling_Serv_Oriented_Man.php5Time to Board the Enterprise Service Bus. http://www.cbdiforum.com/secure/interact/200�-0�/Enterprise_Service_Bus.php
SOA InfrastructureCurrent infrastructure hardware & software
� cbdi journal © CBDI Forum Limited, May 2006
The Service Oriented Infrastructure (SOI) Maturity Model continued . . .
on current conditions and policies is greatly enhanced when those providers share a common specification. This is reflected at Level 3 (Standardized).
A consequence of standardization is commoditization. With Infrastructure Services from different providers complying with the same specification and hence delivering the same capability, differentiation is achieved in variation of Quality of Service (QoS) and price. With fully Service-based infrastructure, the location of the capability is transparent, and the capability can be shared between many consumers and virtualized across many providers. Hence the SOI becomes L4 (Utility).
Further characteristics of these maturity levels are explored in Table 1.
Impact on ITTable 2 illustrates how SOI maturity impacts the IT organization. Gradually, IT moves from being a Service Provider to the business, to becoming a Service Provisioner. That is, it moves from operating the infrastructure, to managing the provision of infrastructure that is itself operated by other entities. Focus shifts from implementation and integration, to selection, procurement, policy administration and some aspects of management.
A key raison d’etre for SOA is to enable the automation of processes rather than manual self-service. This is equally applicable to both Business and IT processes. Consequently, as the SOI becomes more mature, IT
processes are increasingly automated. IT’s role is to set policies and contracts, not the low-level configuration of individual SOI components which is undertaken by the SOI provider.
SOI BenefitsA key benefit to customers of SOI is cost reduction. Reductions in the cost of infrastructure provision and administration are suggested by the organizational impacts identified in Table 2. Further cost reductions are explored in Table 3
Cost reduction is not the only motivation of course. Other reasons for SOI adoption include
Scalability, Reliability – QoS is easily delivered across a shared virtualized pool of resources
IT Agility – ability to use alternative better/cheaper/faster resources on demand
Business SOA Maturity and Business Agility – The ability to deliver the top levels of SOA Maturity for the business will require corresponding levels of SOI maturity
Figure 3 suggests there is a process of continuous improvement at each level of SOI maturity with further incremental steps detailed in Table 4.
Figure 3 is similar to a graph presented by Intel at a recent OMG meeting. The CBDI model expands the number of
•
•
•
L1SOA Support
L2Integrated
L3Standardized
L4Utility
Deployment InternalCentralized
Internal Virtualization External VirtualizationFederatedPolicy driven On Demand deployment
Integration of different SOI Products
IsolatedLimited interoperability
Integration of products via published Services
Full interoperability based on standardsPlug & play
Provider/Vendor
Software/Hardware vendorMiddleware vendorNetwork vendor
Some point Service ProvidersSpecialist Infrastructure Service vendorse.g. Security ProvidersSpecialized Hosting (e.g. Web Servers
In addition, the Telco or similar provides SOI as part of the network
“Grid” like SOI resource providersSingle Service Provider takes overall responsibility
Commercial Basis Software License SLA Level (e.g. Gold Customer)
MeteredDynamic negotiation
Table 1: Further Characteristics of SOI Maturity
cbdi journal © CBDI Forum Limited, May 2006 �
L1SOA Support
L2Integrated
L3Standardized
L4Utility
IT/Business Relationship IT is a Service Provider IT is a Service Provisioner
Focus of IT Operations Implementation Integration CertificationPolicy administration
Selection
Systems Management Reactive PredictiveConfiguration Management Service
Manage to SLA Autonomic
IT Process Manual, fragmentedTool specific
SOI enables Process AutomationSeparation of IT Process from SOI capabilityIT is seen as a “business process” Use of ITIL, COBIT
Process is Contract and Policy-based
Governance and Policy Management
Config files and scriptsGovernance is fragemented and non-automated
Proprietary policy definitionsTool dependent and lifecycle state specificSome automated governance though policy compliance checking
Growth in Policy Assertion LanguagesPolicy Assertion Languages and frameworks standardizedFull lifecycle Governance
Table 2: SOI Impact on IT Organization
L1SOA Support
L2Integrated
L3Standardized
L4Utility
Deployment Consolidation Internal virtualization for pooling and sharing
Limited outsourcing Lower cost provision of certain point SOI capabilities
Wide-scale outsourcing Seamless Virtualization
Commercial Rationalization and consolidation to reduce software/hardware licenses
Reduce cost by only paying for what is needed/used
Pay only when Service Level delivered
PAYG (Pay As You Go)
Infrastructure Operations and Configuration Management
Reduce problems through Predictive analysis
Plug & Play Autonomics replaces need for most manual intervention
Infrastructure Management Process
Reduce time though Process AutomationRepeatable process to reduce errors
Delegate much of infrastructure management process to Managed SOI provider
Only need to administer SLA, Policies
Table 3: SOI Enabling IT Cost Reduction
10 CBDI Journal © CBDI Forum Limited, May 2006
The Service Oriented Infrastructure (SOI) Maturity Model continued . . .
stages and makes a distinction between internally and externally virtualized infrastructure. We feel this is important because today the focus of virtualization is on the general purpose infrastructure (network, compute, data). Virtualization is typically enabled through proprietary “clustering” type approaches (many jobs sharing many processors, or one job using many processors) and the virtualization of a single processor (many jobs sharing a single processor). Today, virtualization is not service-based. Hence management of the resources is tightly coupled to the resources. Whereas, with SOI:
Virtualization should be based on SOA to enable loose coupling of resources and management of the resources.
Virtualization should also include the other components of SOI that enable SOA such as the ESB.
Virtualization should also be applied externally in a more “grid” like fashion, with SOI shared across many consuming organizations. The grid community is already
enabling external virtualization using SOI today via Open Grid Service
Architecture6 (OGSA) – though the focus is primarily on technical/scientific applications.
•
•
•
enabling external virtualization
•
•
The infrastructure to support
SOA will go through its own
separate maturity model as it
becomes Service-based
6http://www.globus.org/ogsa/
Figure 3: SOI Enables Continuous Improvement
cbdi journal © CBDI Forum Limited, May 2006 11
Business SOA and SOI ConvergenceWe started by suggesting that Business SOA and SOI have their own independent Maturity models. This report has considered how there are benefits to IT in adopting SOI at each level of maturity regardless of the maturity of their adoption of SOA in support of business requirements.
For many organizations however, it is likely that their SOI needs are driven by the requirements of their Business SOA, and the two will be entwined.
Finally therefore we consider how SOI supports the business SOA, and how ultimately they are on a path of convergence.
L1/2 – Internal Business SOA Integration and Agility
At level’s 1 and 2 the prime thrust is enabling integration and agility using SOA. For example, the delivery of enterprise-level Shared Business Services requires
Enterprise-wide SLA and trust architecture
Enterprise-sharing of SOI
•
•
To support these, at these levels the SOI provides
Common Mediation layer
Common Service Management and monitoring services – integration of disparate management capabilities
Common Security Services
L2/3 – External Business SOA Agility
At level’s 2 and 3 we would expect to see more requirements for SOI to support federated SOA with multiple participants, and to support collaborative and virtualized businesses.
This gives rise to ecosystem-level dependency on Shared and External Business Services that require
Consistent SLA and response
Federated Manageability
Predictable and reliable response to change
Normally, each participant may be expected to still continue to operate their own infrastructure, but in some scenarios there may be ecosystem-level sharing of SOI components.
•
•
•
•
•
•
Level SOI Benefits
L1 SOA Support SOI InfrastructureInfrastructure Software/Hardware deployed in houseInfrastructure used to support Business SOARationalized Standardization of products, consolidated deployment
Cost saving, simplified management, control
Internal Virtualization Proprietary internal virtualizationShared resources using proprietary clustering and provisioningCentralized (clustered)
L2 Service-Based Internal and external SOI capability is exposed as a service.Use of proprietary, point SOI Service solutions
Ease of integrationReduction in manual effort, errorsAbility to integrate best of breed specialist Services
L3 Service Standardization
Standardization of capability Consumer choice and flexibilityInteroperability
Policy Based Allocate resources based on policyMediate based on Policy
Improved governance – Consistency of policy enforcement
Managed Service Full portfolio of SOI is provided as a managed Service Full end-to-end SLA
External SOI and SOA Virtualization
Enabled by L2/L3SOA and SOI Standards-based virtualization (grid)Manage to SLA
Reduction in cost and improvement in scalability across large-scale shared resources
L4 Utility Commodity SOI GridStandardization of SOI Services and SOI Management facilitates commoditization
Lower cost SOI provisionCompetitive provision
Table 4: Benefits of Continuous SOI Improvement
12 cbdi journal © CBDI Forum Limited, May 2006
The Service Oriented Infrastructure (SOI) Maturity Model continued . . .
To support these SOI level 3 provides standards-based federated interoperability and manageability.
L2/3 – Managed SOI
At these levels some scenarios may also benefit from a managed SOI. The concept of a Business Service Network7 that is provided as a service to all participants.
A managed SOI helps to provides:
Management of end-to-end service delivery process, including federated scenarios
Dynamic response to major change in demand within the SOA at optimum cost (upgrade, dynamic scaling)
L4 – Managed SOI and Business SOA
At level 4, the Business SOA is key competitive opportunity enabling predictable and continuous business process improvement. Business Services are virtualized and there are commodity Business Service providers.
•
•
At this level we would expect to see convergence of the Business SOA and SOI in that a virtualized Business Platform (Figure 4) can provide both Business and Infrastructure resources supporting whole federated ecosystem.
The Virtualized Business Platform can support reconfiguration of the business network with minimum cost and time to change with autonomic response from the SOI to support the business change.
ConclusionsSo where are we now? Figure 3 shows the current state of the market. The SOA infrastructure to support the business SOA such as the ESB is well established. Organizations can also take advantage of the virtualization offered by platform vendors today to consolidate resources and reduce costs.
Level 2 SBI is beginning to appear, most notably in the Systems Management arena, and for some point infrastructure capabilities such as the Service Registry.
More advanced Level 3 SOI is apparent in Security, with the WS-Security standards providing a policy-based approach, and support of federated SOA requirements through Liberty Alliance. External Service-based resource virtualization is also possible through the use of OGSA8.
We anticipate over the next 12 months that initial commercial offerings of Business Service Networks will become available providing the initial platform and roadmap for delivering L4 capability.
As we have highlighted elsewhere SOA is meant to free organizations from the tyranny of tightly coupled applications. This applies equally to infrastructure as it does business applications.
It is therefore important that organizations understand the SOI maturity level of the Infrastructure they are using to support SOA, and get a clear vision from the vendor as to their plans.
Figure 4: Virtualized Business Platform
7Strategy Review – Enabling the Business Service Network. http://roadmap.cbdiforum.com/reports/ICT/8Grid and SOA. http://www.cbdiforum.com/secure/interact/2005–02/Grid_and_SOA.php
cbdi journal © CBDI Forum Limited, May 2006 1�
Best Practice Report
By Richard Veryard
1Applied Insight: How to Find Your Competitive Advantage http://www.cio.com/archive/050106/applied.html
BSP for SOABusiness Strategy Planning for the Service Economy
Within the CBDI service engineering approach, business modeling is used at two distinct levels – at the planning level (as input to business design and service planning) and at the requirements level (as input to service design, acquisition and management). In this article, we shall discuss the development of high-level business models for planning purposes.
Introduction
Motivation
Why model your business before you plan? Because if you don’t, your plan will be the same as everyone else’s – only worse. In a recent article in CIO magazine1, Geoffrey Moore provides a few strategic thoughts from his recent book Dealing with Darwin (Penguin 2006).
Moore argues that IT needs to support the business strategy by providing different kinds of systems and services to support different capabilities – according to how each capability sits within the business strategy. I’ll come back to Moore’s model later in the article. But let me just quote a few examples of his thinking here.
At Domino’s Pizza, customer delivery is core; at Pizza Hut, it’s context. At Volvo, safety is core; at Ford it is context.
I think it is a fairly clear consequence of Moore’s thinking that you cannot have a one-size-fits-all approach to service planning. A service portfolio that is right for Domino’s Pizza is not going to be right for Pizza Hut. How does the IT person know whether he’s working in a Domino’s company or a Pizza Hut company? Moore suggests a set of questions that helps the IT person find out about the company strategy.
Discovering Company Strategy
For each competitor
What are they so good at?
Is our goal to equal or beat them at that?
Is there some other thing that we do, or could do, that they in turn would find hard to compete with?
Is it our plan to commit significant resources to such an activity?
•
•
•
•
For our own company
What is our company’s primary competitive differentiator today?
What is its best chance for equal or greater differentiation tomorrow?
What are the most important business initiatives under way to create that future competitive differentiation?
•
•
•
Table 1: Discovering Company Strategy (source: Moore)
1� cbdi journal © CBDI Forum Limited, May 2006
The Service Oriented Infrastructure (SOI) Maturity Model continued . . .BSP for SOA continued . . .
These are basically questions about capabilities and outcomes (goals). Our business modeling approach provides a systematic way of exploring capabilities and outcomes, and mapping them to each other and to the core business concepts. The marketing guru Seth Godin puts it differently2, but his questions can also be understood as referring to capabilities.
What is the hardest thing in your business? Does everyone you work with know that it’s the hardest thing? And what percentage of your time do you
spend on it?
This is the reason why business modeling is important. And you can’t just go to Accenture or IBM or SAP, and expect them to give you the standard functional decomposition for any generic food services industry, which you implement without further thought. Of course, if a standard industry model exists, you can use it as a starting point, but what is important (core to your own business strategy) is what
you inscribe onto this model. (To do otherwise would be tantamount to outsourcing your business strategy.)
ScopeWhich comes first – business modeling or service planning? In a top-down process, we may do business modeling at several different levels. We may model for a whole ecosystem, for a single enterprise, or for a domain within an enterprise. (Each domain may have a separate semantic model.) The domains themselves may be defined as part of the service planning activity.
At the higher levels, the primary purpose of business modeling is to understand the requirements for business design and service planning. (This corresponds to what in older methodologies was known as Business Strategy Planning). At the lower levels, the primary purpose of business modeling is to understand the detailed requirements for service design.
Figure 1: Service Engineering
2http://sethgodin.typepad.com/seths_blog/2006/0�/the_hardest_thi.html
cbdi journal © CBDI Forum Limited, May 2006 15
Business PlanningDistinction between planning and requirements
Modeling Construct
Planning Level Requirements Level
Outcome At the planning level, we are interested in high-level business goals.
At this level, we are interested both in steady-state outcomes (what the business must continue to achieve if it is to remain viable) and major improvement outcomes (where the business wishes to make strategic improvements).
The strategic differentiation between “core” capabilities (which cannot be outsourced) and “contextual” capabilities (which may be outsourced) depends largely on mapping the capabilities to the business goals.
We are also interested in the key uncertainties facing the business.
At the requirements level, we are interested in the outcomes that can be delivered by simple or composite services, matching the required outcomes to the available outcomes, and identifying additional services to fill any outcome deficits.
Outcomes are also used to determine required service levels.
When building customer-facing services, we are interested in the outcomes for the customer as well as the outcomes for the business, and in creating win-win service outcomes.
In addition, every business outcome implies a set of services for monitoring and controlling that outcome, which may include closed-loop business intelligence.
Collaboration At the planning level, we are interested in identifying collaborators. This is a key aspect of defining scope.
For example, in the case of a regulated industry, the scope of the model may include the regulator and the regulated companies, as well as other parts of the ecosystem.
At the requirements level, we are interested in the detailed collaboration arrangements. Although we don’t generally want to fix the choreography or orchestration into the service architecture, it is useful to identify some typical collaboration patterns to make sure that the architecture is sufficient robust and flexible.
Capabilities At the planning level, we are interested in assigning capabilities to collaborators. Some capabilities will be designated “core”, while others will be designated “contextual”.
At the requirements level, we are interested in identifying capabilities that can be rendered as services.
Those capabilities that have direct value to customers, or direct relevance to external collaborators, may be exposed as external services.
Coordinating capabilities may be implemented as process-level services.
Business Concept At the planning level, we need a strategic semantic model showing the strategic assets of the business.
At the highest level, strategic assets are things that contribute to the value of the business, which might be reflected in the company balance sheet, or otherwise perceived as central to the value and viability of the business.
For example: Brand, Customer Relationships, Product, Distribution Channels, Intellectual Property, Human Capital, Knowledge.
At the requirements level, we need to have a referential semantic model, which defines how the business concepts are identified and differentiated.
The referential model supports the semantics of services and messages, and also supports the precise definition of outcomes (including metrics).
For example, at the reference model level, we need to know things like whether a married couple counts as one customer or two (or even three), and how we recognize and differentiate customers.
Domain Strategic assets may be grouped into domains. A domain manages the creation, development, preservation and use of strategic assets.
A single domain may provide the scope for a detailed requirements analysis exercise.
Table 2: Two Levels of Modeling
16 CBDI Journal © CBDI Forum Limited, May 2006
The Service Oriented Infrastructure (SOI) Maturity Model continued . . .BSP for SOA continued . . .
Business Strategy for ITIn the general business modeling method, we are interested in different kinds of outcomes at different levels. At the planning level, we are interested in the outcomes desired by the business (i.e. goals) and the outcomes that affect the success of the business (i.e. key uncertainties or risks).
We are going to want to see capabilities that manage these high-level outcomes (including monitoring and control capabilities), and we are going to want to understand how each capability contributes to the top-level business goals.
One way to differentiate between core capabilities and contextual capabilities is that the core capabilities are the ones with the greatest impact on the top-level business goals. Meanwhile, designating a capability as contextual is often a useful way of exporting risk. We use a loosely coupled architecture as a way of limiting the impact of a given uncertainty.
Understanding third party goals is relevant to the platform strategy – for example, releasing value by creating a better alignment between our capabilities and the customer’s goals.
Handling UncertaintyHere’s an example of how a business uncertainty may be reflected in the IT strategy.
Many companies have a strong requirement for capabilities that reference identity, but these capabilities are potentially affected by an uncertainty about the external shape of the identity ecosystem. There are several plausible scenarios as to which players will be dominant.
Credit card companies
Government agencies (e.g. national ID cards)
Telecoms companies
No single dominant position
So what is the appropriate strategic response to this uncertainty?
1. Do nothing until the situation resolves itself.
2. Pick a winning horse. Maybe try to influence the outcome.
3. Develop a strategy that is independent of the outcome.
SOA provides useful support for the third approach. If identity is a significant source of uncertainty (which it is),
•
•
•
•
then abstract away from any identity-related assumptions. Strip all identity from the applications, and prevent developers creating any local identity processing. Establish a standard set of identity-related services, separate from the basic applications. We may then be able to define two different business cases for building and using these shared services.
1. Tactical efficiency. Economics of scale / scope.
2. Strategic flexibility. Ability to accommodate any of the possible scenarios.
Experience indicates that four scenarios is a good number for this kind of analysis – sufficient to provide reasonable variety, while small enough to be meaningful to management.
CBDI ApproachIn the general business modeling method, we are interested in different kinds of outcomes at different levels. At the planning level, we are interested in the outcomes desired by the business (i.e. goals) and the outcomes that affect the success of the business (i.e. key uncertainties or risks).
We are going to want to see capabilities that manage these high-level outcomes (including monitoring and control capabilities), and we are going to want to understand how each capability contributes to the top-level business goals.
One way to differentiate between core capabilities and contextual capabilities is that the core capabilities are the ones with the greatest impact on the
top-level business goals. Meanwhile, designating a capability as contextual is often a useful way of exporting risk. We use a loosely coupling architecture as a way of limiting the impact of a given uncertainty.
Understanding third party goals is relevant to the platform strategy – for example, releasing value by creating a better alignment between our capabilities and the customer’s goals.
Having analysed goals and uncertainties and mapped these to the business concepts and capabilities, we can now produce a loosely-coupled business architecture.
This will be used in service planning to produce a loosely-coupled systems architecture.
One of the strategic questions at this level is what business services will be exposed to customers and other external collaborators. The whole business becomes a platform. (See my piece on the Lightweight Enterprise in the April Journal).
Why model your business before you plan? Because if you don’t, your plan will be the same as everyone
else’s – only worse
cbdi journal © CBDI Forum Limited, May 2006 1�
Examples
Customer Relationship Management
The strategic asset called Customer Relationship may be managed by a domain called Customer Relationship Management. Some administrative aspects of customer relationship management (CRM) may be delegated to a software package or commercial service (e.g. SalesForce), and some aspects of customer service may be delegated to a call centre operation, but the capability of building relationships with customers may well remain as a core capability.
So there is an important distinction here between the business capability of CRM, which is core, and the information processing capability of CRM, which may be contextual.
Part of the problem here is that CRM is an inaccurate name for a software product or service. Companies like Salesforce.com provide services that SUPPORT customer relationship management, they do customer relationship management information processing, but they don’t really DO customer relationship management.
And this is one of the reasons why it’s useful to analyse outcomes – because it defines what precisely is and isn’t being delegated to the service provider.
Industry Regulation
Consider a regulated industry, such as financial services, where a regulator must monitor a number of operating companies.
So there is a compulsory collaboration between the operating company and the regulator, which can be modeled like any other collaboration. Both operating company and regulator have an interest in controlling certain key outcomes, such as capital adequacy, and have similar or overlapping information needs.
The current arrangement (let’s say) is that the operating companies must provide loads of data in a specified format to the regulator. Some of the data may be dual-purpose – used internally as well as for external reporting. But despite this, such arrangements are often burdensome to both sides. The formats are inflexible, and the regulator is often unable to make effective use of the data to achieve the underlying regulatory goals.
Figure 2: How CRM can support management of Customer Relationship
1� cbdi journal © CBDI Forum Limited, May 2006
The Service Oriented Infrastructure (SOI) Maturity Model continued . . .BSP for SOA continued . . .
So a good question for SOA is this. How might it be possible to use SOA to make such collaborations more productive for both sides? For example, to make the necessary controls more flexible and responsive.
One possible answer to this question involves the definition of a platform – a standard set of services that each operating company is required to establish, both to support its own internal controls, and also to expose for specified external access. In some cases, access to these services will be restricted to the regulator; in other cases, these services may be made publicly available for other interested parties such as customers and investors. Regulation often achieves its aims by requiring certain types of transparency, and it will often be more efficient to deliver this with a pull model instead of a push model.
Let’s suppose we are doing this from the regulator’s perspective. At the planning level, we focus on the commonality of the outcome (in this case Capital Adequacy) to identify the potential for a service solution (in this case a Capital Adequacy Platform).
At a later stage (analysis), we shall analyse the differences between the goals of the various stakeholders, to help specify and standardize the content of the service solution.
In business terms, the regulator needs to take a view about which aspects of capital adequacy control are aligned with the goals of the operating company. The regulator may choose to focus attention on those aspects of capital adequacy where there is the greatest risk of non-compliance, which may be inferred from a detailed analysis of the outcomes.
Strategy
Triage: Core and Contextual
The IT strategy tends to follow a different path for those capabilities designated “core” and those designated “contextual”.
This requires some triage, which is based on three aspects of the business model.
impact of capability on strategic outcomes (goals, uncertainties)
knowledge and know-how embedded in capability
future trajectory of capability (innovation, commoditization, etc.)
In the recent work of Geoffrey Moore, he talks about the split between core and contextual capabilities, and how this shift evolves over time. This model corresponds to a retail
•
•
•
Figure 3: Current Arrangement (pre-SOA)
Figure 4: Mapping Shared Outcomes to Shared Capabilities
Figure 5: Service Platform as Possible Solution
cbdi journal © CBDI Forum Limited, May 2006 1�
cycle which Philip Boxer and I mentioned in our article in the Microsoft Architects Journal (5).3
The classification of capabilities depends partly on the link to business outcomes / value. It also depends on the knowledge associated with each capability. Correct decoupling between capabilities depends on encapsulating the knowledge (know-how) embedded in each capability. (This is a version of the well-known architectural principle: separation of concerns.)
So we can understand the strategic cycle of capabilities (core and contextual) proposed by Geoffrey Moore (Figure
6), by reference to a model of the knowledge cycle proposed by Max Boisot (Figure 7).
Handling Diversity
Geoffrey Moore tends to describe these strategies very much in either/or terms. Either you are Volvo or you are Ford. But what if you are both? (Volvo Cars is now part of the Ford Motor Company.) What about the CIO who has to support a diverse enterprise (Ford, Lincoln, Volvo, Land Rover and Aston Martin), with as much common/shared services and infrastructure as possible?
Figure 6: Services on the Fault Line (based on Geoffrey Moore)
Outsourcing Strategy Platform Strategy
Which capabilities do you want to outsource to appropriate suppliers?
now
future
Are appropriate services available?
Are they cost-effective and adaptable?
•
•
Which capabilities might your customers want to outsource?
now
future
Would this make a viable business platform?
•
•
Table 3: Twin Track Strategy
3http://www.architecturejournal.net/2005/issue5/Jour5Metro/. See also http://www.asymmetricdesign.com/archives/2�
20 cbdi journal © CBDI Forum Limited, May 2006
The Service Oriented Infrastructure (SOI) Maturity Model continued . . .BSP for SOA continued . . .
This comes down to a question of scope. If you are doing a service portfolio for Volvo alone, you may be able to base this portfolio on what is deemed core/contextual at Volvo. But if you are trying to do a service portfolio that will span both Volvo and Ford, you have to build in a much greater degree of flexibility, so that what is core at Volvo can be contextual at Ford, and vice versa.
It may also be a question of time horizon. Volvo and Ford may be at different stages of the knowledge cycle in respect of a given capability. So by having to support Volvo now, the CIO is perhaps implicitly supporting something that Ford will want to do next year.
So in a diverse or future-oriented enterprise, we can’t always just divide capabilities into “core” and “contextual” for the purposes of service planning. We may need additional categories such as “mostly core”, “mostly contextual” and “core-for-the-time-being”. This may create additional complications for the service portfolio, but this may be a justified investment if it makes the business SOA more future-proof.
Service Network Grid
A standard service provides a fixed one-size-fits-all service to each user in isolation. Network services provide the capability for users to connect and communicate with one another. The service network represents an opportunity for
a network provider to move upwards. A variable service network represents a further opportunity for a network provider to move sideways. (This can be understood as a response to asymmetric demand.)
ConclusionsProblem Solving. It may not be necessary for the process to specify how an organization generates the idea for a service – there may be many alternative triggers for identifying a service opportunity. What is important is that an organization has a systematic way of evaluating and implementing such ideas.
Modeling. We need a diagram that shows the ecosystem context for a service. This is used by the service planners, for identifying or verifying service opportunities. It is also used by architects, to confirm that the technical service arrangements are aligned with business service objectives.
Risk Management. One of the most important risks to a service is that the ecosystem changes in ways that undermine the value of this particular service. Among the risks to a service consumer is that the ecosystem changes in ways that invalidate the chosen service architecture. The service engineering process must include some risk management, which will (among other things) reference a model of the ecosystem.
Figure 7: Knowledge Cycle (source: Max Boisot)
cbdi journal © CBDI Forum Limited, May 2006 21
Scoping. The analysis of a business opportunity and the development of a solution require an understanding of a moderately wide area, and the inclusion of multiple stakeholders/perspectives. But however broad the “big picture”, it is always possible to get a bigger picture – and the attempt to include all possible stakeholders and perspectives may lead to infinite scope-creep. This makes scoping (and if necessary rescoping) a critical aspect of the service engineering process.
AcknowledgementsThe material on handling identity and uncertainty is partly based on a contribution made by Steve Davis of Disney Studios to the SPARK architecture workshop in Las Vegas, February 2006.
Thanks to Philip Boxer for helping to clarify the relationship between Geoffrey Moore and Max Boisot, and also for clarifying the opportunities for extending the Service Network Grid to accommodate asymmetric demand.
Figure 8: Stack Strategy
Moving Beyond Early Learning?CBDI Education Services provide methodology
and reference architecture for SOA
CBDIprovides consulting and educational services to enterprises and governments
in our specialized topic areas. CBDI recommends the following classes as
essential guidance for organizations moving beyond the Early Learning stage
of activity:
SOA for ManagersThe challenges in SOA adoption are much wider than simply the technology and engineering skills. If you don’t manage the introduction properly you run the risk of wasted investment and sub-optimal results. This two day workshop for essential education for Program Managers, Architects, Governance Managers, Product Managers, Planners, Development Managers, Integration Managers and Business Analysts provides detailed guidance on managing the adoption of SOA.
Service Portfolio Planning WorkshopA three day workshop providing detailed guidance on creating a reference architecture and policy set for business services; identifying, describing business services, setting policy and establishing project scope that progressively moves an organization towards a well formed service oriented architecture. This workshop is highly relevant to project and enterprise architects, business analysts and program managers involved in SOA. Attendance at the SOA Seminar is strongly recommended as a prerequisite.
Business Modeling for SOAA two day workshop providing detailed guidance on establishing business requirements specifically for SOA, establishing requirements for information and policy based on an event driven business architecture. The class provides delegates with a methodology for determining requirements for standardization and differentiation based on assessment of business need. This class is recommended for Hybrid Business/IT managers, Strategic Planners, Program Managers, Architects, Business Analysts and Senior Developers.
These classes are available as in-house and public courses. For further details see:
http://www.cbdiforum.com/public/events/
Best Practice Report
cbdi journal © CBDI Forum Limited, May 2006 2�
By John Butler
Applying Product Line Techniques to SOA – Part IIExploring Configuration Management Patterns for SOA
Often separate consumers of a service will follow slightly different processes or require slightly different information for their particular business sector or domain. In addition to loose-coupling, SOA provides the architectural mechanisms to enable many types of variability at both design-time and runtime. But this is also a key driver behind software product lines and application family engineering, two well established software techniques. Part 1 of this series explored methods for identifying reusable components and enabling service variability. Once variability has been introduced, managing configurations becomes critical. This article explores the similarities and differences in configuration management between typical SOA development and the software product line methodologies.
IntroductionAnyone that has been a part of a large software development or system integration organization understands the fundamental need for managing the individual assets that comprise a complex service or system and their overall configuration for each release of that service or system. While small services do not typically require sophisticated configuration management (CM), large scale services or complete application systems often involve many analysts and developers working in parallel on the various artifacts created and modified during the lifecycle of that service or application system. And while we want to strive to limit the rate of change in our services, change is inevitable. In order to prevent accidentally “stepping on each others toes” during the lifecycle a robust configuration management process and tooling infrastructure must be established. As noted in an earlier CBDI report1 “If change control does not exist, as more services are introduced into the enterprise, every weekend or maybe even every day can turn into an experiment in software interaction” – Charlie Bess, EDS.
1CBDI Journal, The SOA Lifecycle. Jul/Aug 200�. http://www.cbdiforum.com/secure/interact/200�–0�/SOA_Lifecycle.php
2� cbdi journal © CBDI Forum Limited, May 2006
Applying Product Line Techniques to SOA continued . . .
As if this problem weren’t already difficult enough, SOA introduces additional complications that, if left unaddressed, can eventually swamp a service delivery organization. Part 1 of this series2 talked about the similarities of SOA and Product Line approaches to software development in the area of identifying and enabling variability within services. But while providing a vehicle to enable variability is a key benefit, managing the various configurations that may all be in operation simultaneously significantly increases the complexity of the asset/configuration management process.
What do we mean by an “Asset”?Terminology varies greatly between methodologies. The terms “asset”, “artifact”, “configuration item” have all been used as generic terms for the various “things” containing information generated during the lifecycle of a service. To add further confusion, the Reusable Asset Specification3 standard created by Rational Software prior to its purchase by IBM and subsequently adopted by the Object Management Group (OMG) defines an asset essentially as a collection of artifacts where an artifact is nothing more than a file. CBDI generally refers to a software development asset (SDA), artifact, and file interchangeably.
Examples of the types of SDA that might be created during the development and ongoing maintenance process include the requirements specifications, complete or partial models (such as use case models, analysis models, or design models), architectures, design constraints, user interface specifications, project management plans, test cases, test results, change requests, and/or configuration management plans. In other words, anything that impacts, drives or is created during the development and ongoing maintenance cycles of the service is potentially an asset that should be managed.
Asset Management vs Configuration ManagementWhile asset management has evolved to include much more than simple software configuration management (SCM), SCM still plays a major role in the lifecycle of a service or system. Whereas asset management often includes capabilities such as provider harvesting, provider publication, consumer discovery, consumer reuse and metrics8, configuration management is traditionally defined as the “set of activities designed to control change by identifying the work products that are likely to change, establishing relationships among them, defining mechanisms for managing different versions
Term Methodology Definition Synonyms
Asset AFE4 Valuable, high-quality software workproducts (such as code, designs, architectures, interfaces, test), documents, tools, processes, and compiled knowledge (guidelines, models, formulas, . . . ).
This term is sometimes used instead of component or work product.
FAST5 Not used.
Product Line Practice6
Implicitly defined as a software artifact that is used in the production of a product in a product line. An asset may be an architecture, a software component, a process model, a plan, a document, or any other useful result of building a system.
RUP7 No explicit definition within RUP though term is used.
2CBDI Journal, Applying Product Line Techniques to SOA. Feb 2006. http://www.cbdiforum.com/secure/interact/2006–02/Applying_Product_Line_Techniques_SOA.php3Formal/05–11–02, Reusable Asset Specification, Version 2.2. The Object Management Group. November 20054Jacobson, I.; Griss, M.; & Jonsonn, P. Software Reuse: Architecture, Process, and Organization for Business Success. New York, NY: Addison-Wesley, 1���.5Weiss, D. & Lai, C. T. R. Software Product-Line Engineering: A Family-Based Software Development Process. Reading, MA: Addison-Wesley, 1���.6Clements, P. & Northrup, L. Software Product Lines: Practices and Patterns. New York, NY: Addison-Wesley, 2002.7Rational Unified Process8CBDI Journal, Software Development Asset Management with LogicLibrary Logidex. Jun 2005.
cbdi journal © CBDI Forum Limited, May 2006 25
Reusable Asset Specification
An asset is a solution to a software development problem. The problem may be related the evolution of the system’s artifacts or be directly related to the domain problem that the system is being developed for.
Artifact AFE Not used.
FAST Artifacts represent final or intermediate work products or the information needed to produce them. Such work products may be documents, code or various representations of information. For example, a set of data stored in a file may be an artifact. Artifacts indicate what must be produced.
Work product
Product Line Practice
No explicit definition. Used generally to mean a work product or file of generated during system development.
RUP An artifact is a work product of the process: roles use artifacts to perform activities, and produce artifacts in the course of performing activities. Artifacts are the responsibility of a single role, making responsibility easy to identify and understand, and promoting the idea that every piece of information produced in the process requires the appropriate set of skills.
Reusable Asset Specification
An Artifact is either an actual file or represents a logical entity that contains at least one child Artifact that is an actual file. As an actual file, an Artifact is a work product that can be created, stored and manipulated by asset producers/consumers and by tools.
Configuration Item
AFE A configuration item is a segment of a model that may be subject to version control such as a use case type, a service package containing analysis types , or some code modules. Represented by a package, <<configuration item>>. An entity is a configuration that satisfies an end-user function and that can be uniquely identified.
FAST Not used.
Product Line Practice
Implicitly defined as an artifact that is under the jurisdiction of configuration management
RUP An entity in a configuration that satisfies an end-use function and can be uniquely identified at a given reference point.
Reusable Asset Specification
Not used.
Work Product AFE A work product is a unit of software model, code, or document that can be independently managed within a software engineering organization. Individual types and classes from different models, diagrams, and related documents are typical workproducts. Complete models, subsystems, and test models are also workproducts.
Sometimes referred to as Asset.
FAST Synonym for Artifact Artifact
Product Line Practice
Not used.
RUP No explicit definition.
Reusable Asset Specification
Work product is not explicitly defined though it is implicitly defined as a file produced during project.
Term Methodology Definition Synonyms
26 cbdi journal © CBDI Forum Limited, May 2006
Applying Product Line Techniques to SOA continued . . .
of these work products, controlling the changes imposed, and auditing and reporting on the changes made.”9 In other words, it’s a methodology for managing the change to assets during the lifecycle of a service or application.
Service Variability, Dependence on Core Services and Other Configuration Management IssuesAs discussed in Part 1 of this series, there are substantial similarities between SOA methodologies and product line methodologies such as FAST, Product Line Practice Initiative, and Application Family Engineering from the aspect of service/product variability. Support for simultaneous operation of multiple variations of services (or products in the product line domain) causes a multidimensional version
of the configuration management problem.
Configuration management for a single system defines the set of versions of configuration items that comprise each version of the overall system (see Figure 1). For product lines, versions of each configuration item must be tracked for each product in the line (see Figure 2). This is not surprising since development and support must be provided for each product. As an added wrinkle, however, some products within the line may use an older version of an asset due to a particular need of the market or client base it supports. With a small number of products/variations this is not likely to be much of a problem. But as the number of variations grows, the problem can grow geometrically.
The following is an example of this variation explosion. Some years ago I worked for a small Internet company that provided contract management services within the
9Pressman, Roger S. Software Engineering: A Practitioner’s Approach. McGraw-Hill, New York, NY. ��2
Figure 1: Versioning of Assets for a Service
cbdi journal © CBDI Forum Limited, May 2006 2�
pharmaceutical supply chain. These services included the ability for group purchasing organizations (GPOs) to create requests for proposals (RFPs), send them to pharmaceutical manufacturers and compare the proposals for product and price that came back from the manufacturers. Once a proposal was accepted, the GPOs would forward the agreed pricing information to wholesalers. The wholesalers were then responsible for actually filling orders for product to pharmacies and hospitals who qualified for the GPO-Mfr contract pricing.
In all there were approximately 100+ GPOs, 100+ manufacturers, and 15+ or so wholesalers – not a huge market but even so most organizations had a slightly different contracting processes and each manufacturer had a different proposal format resulting in potentially thousands of combinations. There are a number of patterns for dealing with this type of problem including data-driven approaches that would reduce the number of actual services running. However, variations would still likely occur and need to be managed.
Another difference between single system SCM and product line SCM is that in single system SCM each product or system is managed separately. With product lines such separation
is not feasible due to the reuse of the core components/assets across all the products in the line. As shown in Figure 3, all three systems depend on the Products component. This is typical of product lines wherein many, if not all, of the products will depend on a core set of components that encapsulate key functionality. Changing one of these will likely impact many of the products in the line. Therefore, careful analysis of the impact must be undertaken. If the change is common to all products then the change can be made to the core asset. If, however, variation is required, refactoring of the assets may be necessary. This type of effort would need to be coordinated across the product line.
Solution delivery using services is similar. Mature IT organizations implementing SOA across their infrastructure using a coordinated set of services do so to both a) create a loosely coupled architecture, and b) reduce redundancy (increase reuse). Business rules are implemented only once and changes tend to be more isolated. Figures 4 and 5 show an example of an implementation model and the corresponding configuration item dependencies, respectively, for a portion of the core assets shown in Figure 3. Figure 4 uses UML 2 to illustrate the OrdersService and
Figure 2: Configuration Management for Multiple Related Services
2� cbdi journal © CBDI Forum Limited, May 2006
Applying Product Line Techniques to SOA continued . . .
the ProductsService being used by OrderFulfillmentManager implementation.
The result of this type of architecture is a significant increase in reuse. With that reuse, however, comes increased dependency on the core services. Luckily, the dependency is only on the service specification (including the interface syntax and functional and non-functional specifications), not the implementation itself. The service implementation (the Managers shown in Figure 4) and location can be changed independently as long as the specification does not change. That said, the fact remains that if one solution requires a change to a core service, the service cannot change without potentially impacting other dependent services. This results in the same refactoring scenario identified above for product lines and hence illustrates the potential need for coordinated configuration management across an SOA infrastructure.
The obvious question is whether this type of coordination is required in all cases. And the (hopefully) obvious answer is no for a couple of reasons. First, some services are not critical to business operation. They provide functionality that is convenient to the end user but will not cause business to stop if the interface breaks. An example of such a service
might be a “Recent News” service that is plugged into a user portal. If this interface were not available for a period of time or if the service specification changed so as to make it incompatible with the service consumer business would not be affected to any significant degree (unless, perhaps, it was a news service). In this case, coordinated CM may not be called for.
Second, depending on an organization’s sourcing strategy, some services may be provided by third party organizations. Like other services, third party services may change over time driven by changing regulations, a changing market landscape, or by changes required by other consumers of the service. Again, as stated above, changes to the service implementation will not affect the service consumer. It is the service specification that is of concern. These third parties are very unlikely to allow another organization to control their CM environment. SLAs should be put in place to ensure plenty of advanced notification should the service specification be required to change.
In addition to the obvious development issues involved in managing the various releases of related products in a product line or services in an SOA, once a system or service
Figure 3: Sample Dependency Diagram for a Product Line
cbdi journal © CBDI Forum Limited, May 2006 2�
is deployed user support also requires sophisticated build and release management within the CM tooling. As problems are reported by end users, the support staff must be able to recreate the specific version in use in order to track down the cause of the problem. In the contract management example above, support personnel were not authorized to see live data from service users. If a problem could not be resolved by level one or two support, a separate support environment was created to allow level three support to recreate as closely as possible the production environment using dummy data. Issues could then be diagnosed without impacting production.
Again, not all services require this level QoS. It may be feasible to stop a service for a period of time depending on the criticality of that service. However, more and more organizations are creating mission critical systems using SOA. Downtime can mean thousands of dollars in lost revenue or increased cost. When such is the case, sophisticated testing and support environments must be established and SCM is an integral part.
Finally, as mentioned above, single system CM involves only one development team, product lines often have multiple teams using the components/assets developed by another
team, usually the core asset development team. Since these teams are often not co-located, a very sophisticated SCM repository must be employed to allow for replication of configuration items and parallel development.
When distributed development is in place, accessing a central repository from remote locations often causes significant delay due to the high network bandwidth required to support the check-in/check-out process. Therefore replication of the items is a key feature and is built in to the higher end tools. Further, parallel development may well result in multiple versions of core assets being modified simultaneously by different groups for different purposes. The CM system must therefore allow multiple branches of work to proceed unhindered and then provide merge and conflict resolution capabilities when joining the branches back into the main stream.
Figure 4: Order Fulfillment Implementation Model
�0 cbdi journal © CBDI Forum Limited, May 2006
Applying Product Line Techniques to SOA continued . . .
SummaryThe potential benefits of SOA are tremendous. But as the saying goes, “With great power comes great responsibility”. Vendors talk about how easy it is to just wire services together into complex systems that can run your business. The examples shown, however, are toy problems that do not represent real world of solution development for most organizations. I was recently at a technical conference where a presenter gave yet another presentation of the stock quote example for a service. He talked about how the developer had just looked at the XML for the services and “wired it up” thereby incorporating the service into his solution. This type of example is useful for the neophyte as a way to understand how the underlying technologies work. Unfortunately, this is like comparing building a dog house to building a sky scraper. While one might just start sawing wood to build a new home for Fido, a skyscraper requires a tad more planning and engineering in order to complete safely.
Figure 5: Configuration Item Dependency Example
Service Engineering ServicesIntroducing SOA requires systematic approaches that span technology and application architectures,
processes and organization. CBDI are specialists in this entire topic area and are actively assisting major organizations to understand and embrace this thinking.
CBDI has deep and practical experience gained from our research and numerous consulting engagements and can guide organizations in this complex area.
Service Engineering – An Integrated Set of Methodologies
CBDI provides a comprehensive set of services for managing change including:• Roadmap Planning Workshops• Strategic Planning for Business and IT• Methodology Introduction and Customization• Business Design
Contact CBDI by email at [email protected] by telephone at +353 28 38073
www.cbdiforum.com
Subscribe to the CBDI Forum
The CBDI Journal is published monthly. In addition to the
Journal, subscription includes electronic access to current
and all back numbers that now represent a significant resource
library. There are individual and corporate subscription
schemes. Corporate subscription includes access
to Powerpoint libraries and our workshop materials.
For more details and to subscribe see:
www.cbdiforum.com
CBDI Raison d’etreWe aim to provide unique insight on component and service oriented technologies and processes for the software industry and its customers. To provide high quality analysis and other information resources on best practice in business software creation, reuse and management. To maintain the highest level of independence.
Modus OperandiThe CBDi Forum has a number of channels:
• Subscription services – provision of continuous commentary and information.
• Workshops and seminars – providing indepth briefing and guidance on advanced architectures, processes and practices.
• Consulting – including Adoption Roadmap workshops, methodology customization, architectural guidance and reviews, business design advice, strategy development.
How we compare with othersWe are not a mass market, media oriented organization. All material published by the forum is unique. The majority of material is published by our own analysts, or commissioned from others, and under strict editorial control to ensure accuracy. We rigorously exclude spurious marketing.
We provide depth insight which covers a narrow topic footprint in a deeper way than the other analysts, and in particular cover not just the technology, but also the architectures, usage, practices and processes.
Also we are unusual as analysts; we do not simply echo what the vendors say, we are a think tank, identifying new ideas, opportunities and providing stimulus for thinking. We are thought leaders providing ideas generation and a rich source of conceptual thinking based on practical, real world feedback.
Who Reads the CBDI JournalTechnical leaders including Technical and Application Architects, Business Analysts, Consultants, CTO’s, Designers, Product Strategists, Senior Developers, Project Managers, CIO’s etc. Subscription is split roughly 40% USA and 50% Europe.
Contact UsFor further information on any of our services contact us at: [email protected] or +353 28 38073 (international)
IMPORTANT NOTICE: The information available in CBDI publications and services, irrespective of delivery channel or media is given in good faith and is believed to be reliable. CBDI Forum Limited expressly excludes any representation or warranty (express or implied) about the suitability of materials for any particular purpose and excludes to the fullest extent possible any liability in contract, tort or howsoever for implementation of, or reliance upon, the information provided. All trademarks and copyrights are recognised and acknowledged.
Independent Insight for Service Oriented Practice