Professional Documents
Culture Documents
May 2006
TABLE OF CONTENTS
INTRODUCTION......................................................................................................................... 3
Companies across all industries and geographies are becoming increasingly interested in
service-oriented architecture (SOA). The basic concept behind SOA is not new – that is,
the idea of accelerating return on IT investment by turning those assets into reusable
building blocks from which new business functionality can be assembled quickly and
efficiently. But what makes SOA different is that, for once, the IT industry as a whole has
backed the concept and the core underlying technologies, giving SOA massive support
and evolving a wide range of standards to make the idea really work. As a result, it has
become possible to bring together a broad spectrum of heterogeneous IT assets into a
uniform collection of reusable parts, thereby enabling the rapid and efficient assembly of
the new systems that modern business demands.
There are many aspects to SOA that must be addressed in order to succeed. Perhaps
the most important is a clear understanding that SOA is not just about technology – it is
also an IT strategy to support business transformation and, as such, SOA has extensive
organizational, procedural, and process implications. These factors aside, when focusing
on the technology dimension of SOA the critical success factor is to ensure that the
necessary framework of tools and technologies is in place.
The starting point for building the reference architecture is services. An SOA is built
around the concept of a business service, this being a reusable piece of logic designed to
execute a piece of business process with standard access and invocation interfaces. So
the first capability of any SOA reference architecture has to deal with service creation,
whether formed of old components or newly written ones.
Once these services have been created, the power of an SOA is derived from joining
these services together. The most flexible way to achieve this is to opt for the ‘loosely-
coupled’, platform-independent approach of messaging. Now services can be joined
together, but there will be no reuse unless it is easy to find out what services exist and
what they do, and so a registry capability is required where services can be catalogued
in a central repository. Once services become a key part of business operations, the next
challenge involves understanding the actual behavior and usage of these services in the
production environment. This requires a level of services management technology that
not only follows what is happening with the services, but also provides essential
governance functionality.
An important aspect of SOA services is that they are clearly related to pieces of business
functionality, rather than simply being an IT-centric piece of code. This now allows these
services to be assembled into a complete business process by using orchestration
technology that can handle service flows to ensure correct execution of the process,
based in its business rules and policies. This relationship between business processes
and the IT components that underpin them now makes it possible to look at the behavior
of the operational system in business terms, and this in turn makes it possible to use
analysis technology to understand and predict business performance and the impact of
change.
Using these technology areas, IT systems can be matched much more closely to
business needs, and change can be handled quickly and efficiently. The final piece of the
puzzle is to ensure that the end-user can take advantage of these new capabilities with
minimal disruption and retraining. User interaction technology such as personalized
portals and role-based tools will limit the disruption of SOA deployments—in terms of
changes introduced on the user’s desktop—while improving user productivity and
effectiveness.
Dealing with new services is relatively easy. The main requirement is to ensure that these
services are container-independent – that is, the caller of the service should need no
knowledge of the environment in which this service will be running. Tools should be
provided to support the development of these services and to register them in the
corporate repository.
Key areas of differentiation in this services layer are the ease with which services can be
created or exposed, the number of legacy environments supported, and the skill levels
required. This last point is particularly important given that services might be built up of
parts running in completely different environments such as mainframes or UNIX or
Windows servers.
Now, just providing the connectivity to allow components and services to interact in a
connection-independent way is not enough. In order to achieve clean interfaces between
services, data formats may have to be manipulated. The issue is that different programs
may have different expectations for data formats; therefore, in order to establish the level
of independence an SOA requires, it may be necessary to map one data format into
another. In this way, each program receives and outputs data in its native format, with the
messaging layer transforming between data formats as required.
Differentiators within this layer include the reliability of the messaging layer and its
performance capabilities. Some operations may well require guaranteed, once-only
communications while others will want to optimize performance rather than recoverability.
Another differentiator will be the extent to which the use of standards is a concern. In fact,
most messaging layers will make use of the Java specification for message services,
JMS.
Then there is the question of usability. For an SOA to be effective, it is vital that
programmers can easily find services they can reuse. Otherwise, developers might be
tempted to take the potentially more interesting option of writing the functionality
themselves, creating redundancy and detracting from one of the key advantages of an
SOA. So the registry layer of the reference architecture must offer easy-to-use browse
facilities and clear descriptive information about the services so that programmers can
quickly identify the specific services that will be of value to them. In addition, because a
successful SOA strategy will result in high levels of reuse, it becomes essential that
programmers are alerted to any changes to services in the registry, since these changes
might affect the way different parts of business operations work.
The registry should also hold a range of associated attributes for each service. These
might be dependent on business policies, for example when and where information
should be encrypted as it passes between SOA components, or could be installation-
relevant attributes such as the name of the service creator. The important factor to
consider is that the registry should hold all relevant information regarding each service
and present it to browsers in an easily digestible way.
The key differentiator in the registry layer will be the extent to which functionality extends
beyond the basic repository requirement to encompass all the other ancillary areas. Many
companies looking to SOA have the idea that the registry is just a repository for Web
services definitions such as WSDL (Web services Definition Language), but in reality it is
much more than this.
On the execution front, facilities are needed to monitor the availability of services and
their performance and take appropriate actions when quality-of-service problems occur
(such as slow response time). Reporting mechanisms are required, ideally providing both
real-time and off-line statistical summaries of operational activity. Support must be
provided to allow services to be quiesced, taken off-line, and restarted. Fault avoidance
and fault tolerance mechanisms should also be put in place, such as fail-over support
and the ability to re-route around failures. Once performance is being monitored, it also
becomes desirable to start tracking the Service-Level Agreement (SLA) status of
individual services. This is important when trying to ensure that the SOA is serving the
business appropriately and delivering the expected benefits. Businesses should be able
to specify what the service level requirements are for individual services, and then IT
should have the ability to monitor the SLA to detect any out-of-compliance situations.
In order to offer this facility, the orchestration layer needs to provide the ability to define
and model processes (see figure above), and to analyze them to understand the impacts
of any changes. As well as system-to-system interactions, the orchestration layer will also
need to deal with human workflow elements where the process passes through a human
touch-point. This places distinct requirements on the orchestration layer, such as the
ability to manage the assignment of work and tasks to individuals as well as groups, and
handle long-running tasks spanning days rather than seconds. This is an important
distinction given that in a human-intensive workflow, such as an insurance claims
assessment process, there may be long periods between different steps. This may
require the system to maintain transaction state for days or weeks, and this need must be
addressed by the orchestration layer of the SOA reference architecture.
Finally, the orchestration layer needs to provide support for monitoring and management
capabilities at the process level, rather than at the level of the individual service
components underneath. It must be possible to start and stop processes, rather than the
underlying services and components, and to understand how the process is behaving at
an end-to-end level.
This ability to analyze operations from the business perspective can be particularly
valuable when putting in place necessary compliance measures and processes. Once
the business behavior of the real-time system can be monitored and understood, it
becomes possible to match that behavior to regulatory or corporate policy requirements
in order to detect out-of-line situations. This, in turn, ensures that companies can respond
much more quickly and effectively to compliance failures, mitigating any associated
penalties.
An effective user interaction layer will enable companies to achieve dramatic time-to-
market improvements for new initiatives, efficiently and without the need for high-cost
specialized skills.
SOA offers attractive advantages to companies across all industries as they strive to get
increased levels of return from IT investments while delivering the level of agility that
competitive business demands. The development productivity and quality of service
benefits of reuse offer the potential not just for IT to deliver better service in the near
term, but also to ensure that the benefits increase proportionally over time as levels of
reuse increase. At a higher level, the ability to gain a clearer view of process execution
across the business and to analyze, understand, and act upon this information presents
the opportunity for significant improvements to overall business performance and
effectiveness. Bringing all of this together, SOA enables companies to address new
business challenges with a great deal more agility, quickly composing new business
services without the need for extensive investment or skills.
This level of increased competitiveness is only possible by ensuring that the appropriate
groundwork has been done and that the foundations to support these benefits are in
place. From an IT perspective, the SOA reference architecture is designed as a blueprint
for this foundation, outlining each required layer and its associated capabilities so that
informed decisions can be made about product selection and implementation. These
details may differ between different technology suppliers, but as long as the general
principles of the SOA reference architecture are followed then the likelihood of SOA
success will be greatly increased.
All rights reserved. No part of this work covered by copyright herein may be
reproduced in any form or by any means—graphic, electronic or mechanical—
including photocopying, recording, taping, or storage in an information retrieval
system, without prior written permission of the copyright owner.