The story SOA far

28 Feb 2007

Like death and taxes, hype in the IT industry is an inevitable fact of life. Service-oriented architecture, or SOA for short, is the latest to emerge from the fog of vendor publicity and media attention. But — dare we say it — this may be different and there are glimpses of substance behind the smoke.

This could be due in part to the fact that SOA is not a pure technology product. Instead, as its name suggests, it’s an architecture: a series of processes with the tantalising promise of bringing IT into closer alignment with business. Its current popularity probably owes something to the fact that it dovetails with the current thinking in IT which tries to position technology as a strategic enabler to the business.

Things aren’t quite so simple, however: in fact there are several working definitions of what SOA is. The only thing most of its supporters agree on is that there’s not much agreement. In the broadest terms, what we can say is that SOA is an approach to building IT systems that involves taking an existing asset, such as an application or piece of data, and reusing it elsewhere. “SOA is important to get enterprises working in a fluid manner,” says Martin Percival, senior technical evangelist with BEA Systems. “We’ve certainly got to the point where most organisations have some understanding of SOA, but I’m not convinced that everyone has the same idea as the other person.”

The holy grail at the end of this journey is the prospect of saving money and making an organisation more flexible. A business can now make decisions quickly and act on them without having to worry about the limitations of its IT systems. What’s more, investment made to date in technology isn’t cast aside: the best bits are taken and reused wherever they are needed.

Neil Macehiter, a director with MWD Consultants, points out that SOA also ticks another box: compliance. “The challenge with compliance is enforcing control and ensuring everything has happened in the way that it was supposed to happen,” he points out. “The beauty of an SOA approach is that by having common services, you have one process to control. You apply the controls once, rather than working out where they need to be applied.”

Ovum, an analyst and consulting company, recently surveyed IT decision makers in the US and found clear linkages between an organisation’s commitment to managing IT as a set of services and the success of its SOA implementation. Mary Johnston Turner, Ovum Summit vice-president, who authored the survey, spoke of the need for management strategies that take account of the various dependencies and relationships across the full set of systems and software used to enable end-to-end business services.

“Traditional IT management approaches assume tight connections between systems and applications while SOA environments are much more loosely coupled,” she noted. “Customers who have not made major changes to their day-to-day IT operations management environment can’t keep up with the operational demands of SOA as it scales up from pilot project uses to full-blown enterprise-wide implementations.”

The Ovum study found that organisations that have implemented IT service management best practices such as the IT Infrastructure Library, along with policy-based automated management tools, are twice as likely as other firms to report that their SOA investments are meeting all their IT and business goals.

Findings from the research showed that the most satisfied SOA customers aim to improve business flexibility and IT’s responsiveness to changing business needs, a point Macehiter echoes. “Fundamentally, the value of SOA is that it provides a common language through which business and IT can collaborate … you can start aligning in IT terms with what the business wants to achieve,” he says.

This has implications for the role that IT departments play in terms of the wider organisation — experience borne out locally by EBS Building Society (see panel). According to Macehiter, the IT organisation is shifting to become a service provider to the business, in the same way as a mobile operator or a utility. It follows that the same rigour and expectation will have to be applied to the IT organisation and this, he claims, will lead to the creation of a new role: the service manager. This person may be responsible for capabilities that IT doesn’t currently deliver, he suggests. Overall, he identifies a change in the relationship to a supplier-customer type of approach. IT also shapes what the customer is asking.

Michael McKillen of IBM’s consulting division is clear about exactly where the hierarchy lies between the two groups: “SOA is not primarily an IT initiative, it’s a business initiative,” he says. “Businesses are no longer writing their requests, chucking them over the wall to IT and then in six months’ time they look and say ‘this isn’t what I asked for’. They’re working as one unit rather than two distinct areas of business.”

Percival cites another recent survey which found that SOA projects are now being pushed down from above, from C-level management, with the objective of making or saving money. “It’s interesting how it’s flipped over in a short space of time,” he remarks. “Twelve months ago, a lot of SOA projects were IT-driven, pushed ‘up’ by the technology people. That does seem to have changed recently.”

Percival warns against assuming that SOA is a quick fix and suggests instead that organisations should plan for at least a two- or three-year vision. “The organisations that think they’ll get instant success out of this are usually the most disappointed,” he says. “There are companies seeing good return on investment from their second projects and from re-use of assets.”

McKillen agrees. “You develop and implement once and you get long-term return on investment when other departments come along and use that service,” he says.

Macehiter expands on this thinking. “You should be aiming to deliver services that can be used by more than one department. When you’re doing service-oriented architecture, it’s better to take a cross-department view, identifying services that can be shared and used across departments.” For example, Standard Life in Canada reportedly saved millions by reusing services rather than coding new applications from scratch.

An example of this might be a financial services provider with multiple channels to market. Each one of those lines of business might need particular applications such as a credit check. Using the SOA concept, the best practice and process would be built as a single, reusable component, made available to every line of business that needs it. This also means that if any changes were needed for the credit-check module, they need only be done once, instead of every single point where it’s used. In theory, the credit-check ‘service’ doesn’t even need to live inside the organisation’s own IT system but it could be provided by a specialist third party.

This might all sound incredibly simple, but to put this in context, imagine that same financial services provider doing things the old way. If the business wanted to change its credit-checking process, the IT department would have to find and change every application that would be affected.

According to Percival, SOA projects in the US tend to be revenue-driving. In Europe, by contrast, the focus tends to be on removing costs. “They’ve got a closer eye on what they’re spending. Perhaps that’s easier to measure and manage,” he offers.

Different approaches aside, what’s clear is that SOA is not some fly-by-night IT industry trend that no one will be talking about in 12 months’ time. Chances are it may have come up in conversation with a colleague or was referred to at a meeting or conference. Other signs are more substantial. For instance, IBM is investing US$1bn in SOA for this calendar year — with a good portion of that being directed at the company’s technology campus in Dublin.

Case study: The loan arranger

EBS is a building society that operates on co-operative mutual principles. It has been providing home loans to its members since 1935 and currently holds in excess of a 10pc share of the €26bn Irish home loan market.

As part of its technology upgrade strategy, EBS has implemented an SOA that will enable the company to connect seamlessly online with thousands of mortgage brokers in Ireland.

Historically, the building society only operated through its proprietary network of branches and franchise agents, instead of offering its products through brokers. But with more and more prospective homeowners choosing the latter route in order to find mortgages, EBS knew that it needed to start talking with these agencies in order to compete for business.

For this EBS needed an on-demand IT channel to reach the broker community. After speaking with IBM’s Global Business Services consultants, EBS Building Society chose an SOA for its scalability and flexibility to integrate disparate IT systems.

The new architecture is built on IBM’s WebSphere software and will allow EBS to encourage new business with the broker community. It’s thought this will change the loan-approval process, by saving administration costs for brokers and reducing the amount of time they — and their customers — need to obtain loan approval.

The system will connect EBS directly to the brokers’ in-house systems, by laying the groundwork for SOA using IBM WebSphere process server and IBM Rational Application Developer for WebSphere. IBM business consultants will also provide project management and SOA guidance which will ensure that EBS Building Society’s tailored SOA application will have the maximum positive impact on their profitability, by increasing the organisation’s ability to reach new customers.

David Yeates, senior manager of IT architecture at EBS, takes up the story. “A mortgage is actually a portfolio of different products that includes the home loan, the life assurance, the house assurance and the title switch,” he explains. Using SOA, EBS’s online mortgage processing system will now enable EBS and the brokers who use its system to easily exchange XML-formatted information in transactions that replace faxes, emails and phone calls.

SOA is a means to seamlessly integrate complex and disparate IT operations, such as credit checking in EBS. SOA manages and packages this process so that the business can more easily consume it into any number of similar IT processes which require that same service. SOA allows a company’s existing technology to more closely align with business goals and helps to result in greater efficiencies, cost savings and productivity by removing the need to recreate IT services from scratch each and every time they are needed.

For EBS, SOA will enable it to become extremely flexible in its ability to change business goals and priorities, adapting the company as needs dictate. It believes it can now compete more effectively and position itself as a provider of choice for mortgage brokers because it can bring new services to market faster. In some cases, EBS has been able to remove some of its own operational systems where there is duplication with another provider, such as an insurance firm. “We’re getting to the space where we’re manufacturing more ‘white label’ products, so we can act quicker. We can sell on other people’s products very easily,” Yeates explains.

This has an impact on the role of IT. “The biggest thing is the change to the IT department: we have to think differently,” Yeates quips. “You’re not going to be spending your whole time coding.” Instead, IT now gets involved in business relationship management, talking to various divisions within EBS. “We get to know what’s going on in all the business areas,” he says, citing the example of discussions with the risk group. “For once, we were able to talk the same language as them.”

This overarching view of the business means that IT can spot where work in one area of the organisation complements work being done in another — in other words, identifying opportunities for SOA. “A huge amount of business knowledge exists in the IT department, but that tacit knowledge remained there,” Yeates says of the old way of working. “It turns the IT department on its head: suddenly, from being in the back room, you have to be at the front. The issues for IT departments are absolutely enormous. IT isn’t a thing that’s holding people back anymore.”

Wise council

SOA’s influence isn’t restricted to big business — it’s applicable in the public sector, with South Dublin County Council (SDCC) having begun a project using SOA principles. At present the scale of the project is very small, says Tommy Kavanagh, IT manager with SDCC. “It’s a single application which we are trying out an SOA-like approach,” he says. “It’s driven not by a want to utilise an SOA, but as part of a security initiative. It just happens that the best solution was based around an SOA approach.”

Sheldon Kerr, SOA expert with Enovation Solutions, which designed and coded the web server for the project, adds that the council’s Data Access Framework (DAF) is an SOA implementation designed to message data between internet-deployed applications and the protected internal intranet applications. In this instance, the DAF is acting as a secure messaging system using web services and standardised web service security which implements XML encryption, socket encryption and other secure messaging methods.

According to Kavanagh, increased levels of security between extranet and intranet applications was the prime goal of the project. “As a by-product of this initiative there are other potential uses typical of SOA environment.”

The main benefit for the council is the ability to provide multi-platform integration in a secure and managed basis. “Interoperability becomes easier to accomplish assuming the SOA standards are accessible throughout the range of technologies that you may wish to use,” he says.

Ticking another SOA box, Kavanagh confirms that the council intends to re-use software code for other services beyond the scope of the current project. “After a project close-out review — and if there is broad acceptance of the project deliverables and measurable success indicators — then it can become the platform for multiple projects,” he says. “Essentially all computer systems and in particular online services have a requirement to be secured, and as stated the goal of the project has its genesis in a security initiative providing secure multiple platform access to corporate information on a controlled basis. Thus it makes sense for us to consider it an integral part of both our internal and contracted systems developments.”

“In addition to having a flexible framework in place for code re-use, we also have different technologies exchanging information in a clean and standardised way,” Kerr points out. “Any information which needs to be messaged between applications now has a framework in place for providing a secure and homogeneous service.” These messaging transactions can be of many different types such as database, encrypted file transactions or payment messaging, he notes.

Kavanagh says the goals of the project are primarily based around achieving a secure interoperable environment on which multiple technology platforms can participate. “But it must be said that it isn’t a silver bullet but a component of overall security implications of a multi-platform environment,” he adds.

By Gordon Smith