Tuesday, September 25, 2007

Integration Infrastructure Approaches Must Adjust to New World of SaaS and Shared Services

Edited transcript of BriefingsDirect[TM] podcast with Cape Clear's Annrai O'Toole and analyst Phil Wainewright, recorded Sept. 13, 2007.

Listen to the podcast here. Sponsor: Cape Clear Software.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today, a sponsored podcast discussion on integration infrastructure for modern software-as-a-service (SaaS), and on-demand applications providers.

The support and requirements for integration among these organizations, these hosters of many different types of services and applications, require a different integration approach. They're dealing with complexity, massive scale, and a cost structure that’s very lean. They have a business model that’s often based on ongoing subscriptions, and, therefore, they have a margin issue to maintain. They also have a wide variability of users and service-level agreements (SLA) to meet.

Reuse is becoming an important issue, as are patterns of automation. We're going to take a look at the market for integration in these modern service provider organizations. We’re going to look at the characteristics of the IT infrastructure support that meets these new requirements. And, we’re going to offer some solutions and approaches that satisfy these needs provided by Cape Clear Software.

Here to help us weed through this issue, we have Phil Wainewright. He's an independent consultant, director of Procullux Ventures, and also a fellow ZDNet blogger, primarily on this SaaS environment. We're also joined by Annrai O’Toole, CEO of Cape Clear Software. Welcome to you both.

Phil Wainewright: Thanks.

Annrai O'Toole: Great to be here.

Gardner: Phil, let’s start with you. It seems that SaaS and the new ecology of providers that are welling up around it require a different approach to integration, and this amounts to supporting the shared-services capability. Not only are these service providers going to require this capability, but also enterprises, as they become hosts themselves. Can you describe the different approaches to integration that we're now going to need in order for this business model to prosper?

Wainewright: Part of the issue that people face is that integration has crept up on them. In the early days of SaaS, it was very much about adopting point solutions. One of the reasons Salesforce.com has been so successful in the CRM space is that what Salesforce.com did with automation software didn’t have to affect the rest of the business, because they could just do it in isolation. IT wasn't really worried about it. So, they said, "Okay, we’ll just go to do that and it won’t affect the rest of the IT infrastructure" Now, we're getting more sophisticated about SaaS, because it's being taken on board in a whole range of areas within the enterprise, and people want to do integration.

There are two forms of integration coming to the fore. The first is where data needs to be exchanged with legacy applications within the enterprise. The second form of integration that we see -- not at the moment, but it’s increasingly going to be an issue -- is where people want to integrate between different services coming in from the cloud. It’s a topic that’s familiar when we talk about mashups, fairly simple integrations of services that are done at the browser level. In the enterprise space, people tend to talk about composite applications, and it seems to be more difficult when you are dealing with a range of data sources that have to be combined.

Gardner: It seems to me that now we are elevating to an integration of integration types. Does that make sense?

Wainewright: People have realized that if you're doing integration to each separate service that's out there, then you're creating the same point-to-point spaghetti that people were trying to get away from by moving to this new IT paradigm. People are starting to think that there's a better way of doing this. If there's a better way of delivering the software, then there ought to be a better way of integrating it together as well.

Therefore, they realize that if we share the integration, rather than building it from scratch each time, we can bring into the integration field some of the benefits that we see with the shared-services architecture or SaaS.

Gardner: How is this different from the way that application service providers (ASPs) of an earlier era went? It seems that they had a stack underneath each and every application. Now, we're hearing more about virtualization and the efficient use of infrastructure and platform elements. Help us compare and contrast the ASP model to where SaaS providers are headed now.

Wainewright: In the ASP model, you took existing conventional applications -- I like to call them unreconstructed applications -- and just hosted them in a datacenter. I've always said that it’s more than just a relocation exercise. You need to change the way the software is architected to take advantage of the fact that it's now in the Web and is in a shared-services environment.

In 1999 or 2000, one company came out with hosted webMethods integration as an offering. The problem was that it wasn't scalable. This is the problem with the ASP model. You were hosting a customized infrastructure for each individual customer.

Although there was some sharing of the infrastructure that you could do with virtualization -- and Oracle’s On-Demand is an example that’s done a lot of work with virtualization -- you still end up with every individual customer having an individual application tailored to his or her specific requirements. You get no economies of scale from doing that.

So, the new generation of SaaS providers, are really talking about a shared infrastructure, where the application is configured and tailored to the needs of individual customers. In a way, they’re segmented off from the way the infrastructure works underneath.

Gardner: Annrai, at Cape Clear Software, you’re targeting these providers and recognizing that they’re going to be moving to service-oriented architecture (SOA) relatively quickly, based on their requirements of their business and demands of complexity. How are you seeing these providers, as you are encountering them in the field, managing this discrepancy between commonality on the infrastructure, but high variability on the application and delivery to the end-users?

O'Toole: As Phil just said, taking unique integrations and hosting them isn’t very useful, because the person who is doing the work just ends up doing tons and tons of different customizations for every single customer. In the integration world, the solutions to these problems are reasonably well understood. The difficulty has always been about delivering them.

So, we’ve been working pretty closely with a number of prominent SaaS companies, most publicly Workday and some of our large enterprise customers, in figuring out how to solve integration problems for these on-demand and hosted providers.

What come out of it are two issues. First, Salesforce.com, really pioneered multi-tenanting as a concept to reduce the cost of hosting an application for lots of different users. We've got to do the same thing with integration, and we’ve been working with our customers and updating our enterprise service bus (ESB) to support multi-tenanting at the ESB level. You can have integration and have it segmented, so that it can be utilized by different customers at the same time.

In a large enterprise, this allows you have a shared-service model as well. You can build integrations in a datacenter and then segment them, so that different people can use them simultaneously.

There is also another aspect to the problem that needs to be solved. When you build an integration, you always end up having to customize it in some way for different customers. Customers will have different data formats. They’ll want to access it slightly differently. Some people will want to talk to it over SOAP. Some won't, and they’ll want to use something like REST. Or they might be going backwards and are only able to send it FTP drops, or something like that.

Multi-tenanting is one solution to the problem. The other is what we call multi-channel, which is the ability to have an integration, and make it available with different security policies, different transports, and different transformations going in and out.

A combination of multi-tenanting and multi-channeling allows you to build integrations once, make them accessible to different users, and make them accessible in different ways for each of those different customers. It gives you the scalability and reuse you need to make this model viable.

Gardner: Phil, it sounds as if we're really redefining integration and that we’re putting a higher abstraction, infrastructure-as-a-service, integration-as-a-service approach and model around it. Is this unprecedented, or is there anything in the past that we can look to, within even a closed environment, or a siloed environment, that relates to this. Or, are we into something entirely new when it comes to integration?

Wainewright: We're trying something that hasn’t really been tried with conviction in the past. In fairness, there’s still a lot of skepticism out there about whether we can really share integrations in the way that Annrai has just described. There’s a certain amount of agreement that we need to reuse integrations, but people haven’t necessarily brought into the whole shared services model.

People are particularly doubtful whether you can do all of the nuances of integration that you need to do in a purely declarative model, whereby you can simply have a description of the integrations that are required and have a need to work, and then that gets abstracted by the architecture into operation.

Annrai could probably elaborate on how it’s become possible to get the level of detail into this more loosely coupled architecture to enable people to share integrations, without giving up the individual requirements that they each have.

O'Toole: To pick up on that, I would be the first to share Phil’s skepticism and to offer that we may not have all the answers. However, one point worth bearing in mind here is that this problem is going to get solved, because the economic reality of it suggests that we must solve this. One, the payoff for getting it right is huge. Second, the whole model of SaaS won’t be successful, unless we skin the integration problem. We don’t want the world to be limited to just having Salesforce.com with its siloed application.

We want SaaS to be the generic solution for everybody. That’s the way the industry is going, and that can only happen by solving this problem. So, we’re having a good stab at it, and I'll just briefly address some of the things that I think enable us to do it now, as opposed to in the past.

First, there is a standardization that’s taken place. A set of standards has been created around SOA, giving us the interoperability platform that makes it possible in a way that was never possible before. Second is an acceptance of this shared-services, hosted model.

Years ago, people would have laughed at you and said, "I’m going to trust all my customer data to a provider in the cloud?" But, they’re doing it happily because of the economics of it. The whole trend towards trusting people with outsourced offerings means that the people will be more likely to trust integrations out there, because a lot of the technology to do this has been around for quite sometime.

Gardner: To Phil’s point, Annrai, how do you begin to accomplish this? Is this a matter of creating forms, templates, and models and then applying that to the ESB, where the ESB executes on that model and then they can be reused? If not, please explain? Then second, how much automation are we talking about? Are we going from 5 percent or 10 percent reuse, and then working up more -- or can we actually bite off more of a total integration as a pattern?

O'Toole: That’s a very good question. It's a movement to a more declarative style of integration. Certainly, what we’re doing is saying that a lot of the issues in integration are very common across different types of integration. For example, a lot of the issues currently in integration revolve around data transformation. Other issues revolve around the complexities of dealing with transports. For example, information can come in on email, but I need to be able to send it out to someone else on FTP.

The third set of issues is around handling errors in a meaningful way, so that when things go wrong, you’ve got a nice model of propagating errors back to people. The next set of things is security policies. Again, in integration you’re touching different things with different security models. With what we’ve done, you can visualize a whole bunch of pre-build security policies, transports, and transformations, and you’ve got this palette of things that you can then assemble together.

Someone still has to write the core business logic of the integration. That fact hasn’t changed. You still need that. Once I have the core business logic of the integration built, then all of the things around it I can put on in a visual and declarative manner around that integration, such as, "I want that integration to be accessed with this security policy, over this transport and with this transformation to get the data in and out of it."

I can take a single integration and create hundreds of different access routes into it, all with different security policies, different transformations, etc., and can segment them so that none of those things interferes with another during that multi-tenanted mode.

That technique allows people to reuse that integration for hundreds, if not thousands, of different customers and users in a totally segmented way. So, that’s at the core of what we are doing.

Gardner: What’s a ballpark figure for percentage of reuse, versus project-by-project or instance-by-instance customization?

O'Toole: There is no hard and fast data, so we rely on heuristics and rule of thumb. If we look at what our own consultants and systems engineers would do for customers, 70 or 80 percent of our time is spent around configuring different transports, and working at security. These are the things that are totally unglamorous, but really nasty gotchas in integration. For a long time, as people focused on making the core creation of the integration easier, they missed those other issues around this, and they’ve always been left to one side.

You might say, "It’s not hard to write a few lines of Java code to handle a different security policy." Well, it isn’t, but it is, if you've got to do a thousand different times for a thousand different people. It becomes tedious, and then you've got to manage all those things. So, it really is attacking some of the kind of nasty little gotchas on which people spend the vast majority of their time.

Gardner: Phil, you mentioned declarative, and Annrai mentioned graphical and visual approaches to this. Is it too farfetched to consider that non-programmers and non-technicians will be getting involved with this? Are we elevating an integration function to folks that are architects and/or business process analyst types?

Wainewright: A lot of the integration that people need to do is for business reason. Therefore, it should be in the hands of business people. For a long time, the answer back from the technologists has been, "Well, sorry guys, we can’t let you go there, because it’s too complicated." If a lot of the infrastructure can be automated and done in a way that, as Annrai says, takes care of the complexity, then it becomes easier to offer out certain aspects of the integration to business people, but I think the technology guys are still going to have to be there.

It’s a good idea for business people to be able to link up different business processes, or to say, "I want to aggregate this data with that data, so I can analyze it, as well as have a dashboard that tells me what’s actually going on in my business," but that has to operate within the constraints provided by the technology guys who actually make it all happen reliably.

I was listening to what Annrai was saying. He made a couple of very interesting statements, which are worth going back to, because a lot of people who approach integrations in terms of SaaS, are really talking about on-premises integration that links into the SaaS stuff in the cloud.

Annrai is talking about taking the integration off premises, putting it in the cloud as well, and then sharing a lot of the capability. In the SaaS market space, large amounts of integration reuse is happening at the moment. It's simply a matter of installing the same data connector in different customers, and perhaps reusing the expertise, but it’s not in any sense a shared service.

You're basically duplicating all of that infrastructure. If you can put the integration infrastructure in the cloud, then you start to get the benefits of shared services and you can get above the 50 percent level of sharing. But, if you’re going to do that, you’ve got to have the confidence that the architecture, can actually support all of that and isn’t going to fall over with certainly a thousand integrations happening all at once, and mustn’t conflict with each other. Cape Clear has actually managed to package that into a product that people can buy and install. I think that’s pretty impressive.

Gardner: Annrai, it still brings up these issues about integration on the hosting organization side, where they’re going to be integrating across resources, infrastructure components, application types, and data streams. They’re going to need to do that to manage the complexity and scale of their endeavor and their business, but is there a certain level of integration where there is more permeability between the enterprise, the on-premises, and what’s available through the cloud or the provider?

Are you talking about both, or either/or? Does one to have to come first, and how do you see this shaking out in terms of integration and these different directions?

O'Toole: The way I’d phrase this is that we’re seeing a little bit of both. We’re not wildly being drawn into one end of the spectrum or the other at this time. What we're seeing from companies like Workday is a requirement for them to more or less exclusively host integrations for all their customers, and all the various back ends that they talk to.

For example, they talk to things like ADP and benefits providers and so on, and they are hosting those integrations on their sites, because they don’t want to go to ADP -- well, they can’t go to ADP -- and make ADP to change and so on.

Gardner: And, ADP is a payroll service provider.

O'Toole: It's the largest payroll service provider in the world, I believe.

We’re seeing things like that, but in enterprises you’re seeing this big move to virtualization and shared services. They’re saying, "Why are we having development teams build integration in all these branch offices at all these locations around the world? It’s extremely wasteful. It's a lot of skill that we've got to push out, and there are a lot of things that go wrong with these. Can't we consolidate all of those into a centralized data center? We’ll host those integrations for those individual business units or those at departments, but we'll do it here. We’ve got all the expertise in one place."

Those guys are delighted, because at the individual local level they don’t maintain all the costs and all the complexity of dealing with all the issues. It’s hosted out in their internal cloud. We haven't seen enough data points on that, but this hosted integration model can work. We’ve got it working for pure entities in SaaS companies like Workday, and we’ve got it working for a number of large enterprises. There is enough evidence for us to believe that this is really going to be the way forward for everybody in the industry.

Gardner: At Cape Clear Software you're not just dealing with this as an abstraction. You have product ties. I understand that you’re going to be introducing a new iteration to the Cape Clear platform, Version 7.5, in late September. Can you tell us a little bit about how you’ve taken on the need in the market, what you foresee as possible and doable, and what you’re actually delivering?

O'Toole: The generic need we've seen in the market is what we like to call on-demand integration. Before the advent of all the things we’ve just talked about -- shared services and SaaS -- the only way people did integration was with big patches, what became known as enterprise application integration (EAI), and they were essentially hand customized, on-premises integrations that were different for every customer.

We think that the demand we’ve seen in the market is a move away from on-premises integration into on-demand integration, because, for the reasons we spoke of, people want to be able to integrate with SaaS. They want to run shared-services models in their own organizations.

We think there is a new movement from EAI into on-demand integration and we have been targeting several features in our ESB, specifically around this multi-tenanting and multi-channel stuff, and that’s all getting rolled up into a release called Cape Clear 7.5 that goes out on September 25. We're pretty pleased with this. All our guys worked hard, and I think it’s the best product we’ve ever done.

Gardner: Give us the short list of the new functionality?

O'Toole: Essentially I think it boils down into three major buckets. There’s a new graphical editor that we're calling the SOA Assembly Editor, and this is an Eclipse-based editor that allows you to graphically clip together the type of things I was describing: transports, security and so on. That’s a whole new editor that no one has ever seen in our product before, except the people who have been involved in our tech preview.

Gardner: Let me pause you there. Is this something that you foresee being useful and applicable to non-techies or at least folks that can cross the chasm between the business issues and the technologies? Who’s going to typical author with this tool?

O'Toole: It’s not an either/or. It’s certainly not something that the business users can use exclusively by themselves, but it's not a tool exclusively for developers. Our grand vision around this business/technical user thing is that you start to create sets of tools that can be shared across people. You can have high-level business folks describing business process and BPMN, and they can be imported into other sets of tools that the technologists use.

Then, there are some issues around how this thing is going to be accessed? Our business analysts do care about that, because they say, "These sets of customers must be able to access it this way." They might not know the details of the technology involved, but they do know how those people want to be able to use the service. So, as I say, it’s a little bit of both. Ultimately, people are really going to get value out of it, but, at the end of day, they’re going to be more on the technology side, because it’s really going to smooth up their job of automating what was an incredibly laborious process.

Gardner: Okay. That was bucket one.

O'Toole: The second bucket of the features is all around multi-tenanting. These are core additions into the ESB to allow segmentation of integrations, data, and reporting. You can set how you want to identify inbound customers, clients, or businesses and then segment use of those integrations on the reporting and management of those integrations, based on those identities.

The third bucket is all of the stuff we’ve seen customers need in terms of running and maintaining large enterprise class Business Process Execution Language (BPEL) deployments. Obviously a lot of our product has been built around the notion of BPEL, as a kind of core metaphor for how people build integrations and manage business possesses. So, we are totally committed to BPEL.

In working with our customers on that, in terms of very large-scale deployments, there's a whole set of issues around how people maintain and manage. So, as our products are evolving, they're evolving away from just being a kind of BPEL engine into a full BPEL management system, where we are giving people all the tools to monitor transactions, and repair transactions when they fail. This is largely for business reasons, because if something goes wrong in the business information, they've got to be able to rebuild that last business information and get that business transaction back on track.

Gardner: It occurred to me earlier, when you were talking, that we are really not only recasting integration, but we are moving beyond implementation of integration into management of integration, and then a step further beyond that into the management of change and integration. Does that sound fair?

O'Toole: One of the nice thing about BPEL is they are long running processes, but the challenge that presents is how do I manage the change in long running processes. I can’t go in and wipe the database and say, "I didn’t like that schema that I had underlying that business process." You need to be able to evolve that. So there's initial support for some of those concepts in this version as well.

Gardner: I like to bounce it off of Phil. Do you think that we're well into integration management and that the execution is important, but it’s the higher value to a shared services environment that's in this change-management capability?

Wainewright: Well, yes. This is part of a big movement that we are seeing in the way that we approach IT from a batch process of having a requirement, building to it, delivering it, and then bringing it into operation, to a much more iterative, ongoing, continuous process of delivering something that is constantly adjusting to the business needs of the organization.

So yes, IT is really catching up with reality. We’re now reaching the level of sophistication in IT infrastructure that actually allows us to manage change as a continuous succession of events, rather than having to wait for an upgrade to Windows or new version rolled out, or whatever it is, to actually move to the next stage in our business automation.

I think it should be welcomed and it’s inevitable. Perhaps it’s frustrating that it always seems to take so long to make it happen. The vision always seems to be several years ahead of the reality, but it's definitely the transformation that we are seeing.

Gardner: Great! I think we’ll leave it there. We’ve been discussing redefining integration as a reusable function for providers of services and hosted applications, and the notion of a shared services environment, which applies to both large enterprises as well as hosted.

We’ve also been discussing the marketplace and this movement towards management and agility in a SOA environment. We’ve talked about how Cape Clear Software is delivering Cape Clear 7.5 to help grease the skids towards this integration functionality. Phil Wainewright, an independent consultant, director of Procullux Ventures and ZDNet SaaS blogger, has joined us in this discussion. Thank you, Phil.

Wainewright: It’s been a pleasure.

Gardner: Also we have been joined by Annrai O'Toole, the CEO of Cape Clear Software. Thank you Annrai.

O'Toole: Thank you guys, it’s been very interesting.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You’ve been listening to a sponsored BriefingsDirect Podcast. Thanks for listening.

Listen to the podcast here. Sponsor: Cape Clear Software.

Transcript of BriefingsDirect Podcast on SaaS with Cape Clear's Annrai O'Toole and analyst Phil Wainewright. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.