ITIL 3 Leads Way in Helping IT Transform Via the 'Reset Economy' into Mature Business Units

Transcript of a sponsored BriefingsDirect podcast on the latest version of ITIL, and how it helps IT organizations transform how they operate as business units.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: Hewlett Packard.

Free Offer: Get a complimentary copy of the new book Cloud Computing For Dummies courtesy of Hewlett-Packard at www.hp.com/go/cloudpodcastoffer.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect.

Today, we present a sponsored podcast discussion on how to better understand the standards and methods around ITIL Version 3, Prescriptions and Guidelines. We'll unlock the secrets behind ITIL Version 3, and debunk some common misunderstandings about ITIL and how it can be best used.

We're joined by three experts on ITIL, and they are folks who have been instrumental in ITIL development. They'll help us look into ways that IT leaders can leverage IT Service Management (ITSM) for better efficiency, operational accountability and how to keep the IT trains running on time and also at the lowest possible total costs.

Please join me in welcoming David Cannon. He's the co-author of the Service Operation Book for the latest version of ITIL, and an ITSM practice principal at Hewlett-Packard (HP). Welcome David.

David Cannon: Hi, Dana. Thanks very much.

Gardner: We’re also joined by Stuart Rance, service management expert at HP, as well as co-author of ITIL Version 3 Glossary, and of numerous other service management pocket guides. Welcome, Stuart.

Stuart Rance: Hello. Thank you.

Gardner: Also joining us is, Ashley Hanna, business development manager at HP and a co-author of ITIL Version 3 Glossary, and other industry best practices. Welcome, Ashley.

Ashley Hanna: Hello. Thank you.

Gardner: Let me direct my first question to David Cannon. Tell us a little bit about why the need for ITSM is a bit more acute nowadays. What do a tough economy and lean budgets mean in terms of how ITIL can be of benefit?

Cannon: That's a very interesting question. The first thing that comes to mind, whenever we think about that, is that IT needs to save costs. In fact, the business puts a lot of pressure on IT to bring their costs down. But, in this economy, what we're seeing is that IT plays a way more important role than simply saving money.

Business has to change the way in which it works. It has to come up with different services. The business has to reduce its cost. It has to find better ways of doing business. It has to consolidate services. In every single one of those decisions, IT is going to play an instrumental role. The way in which the business moves itself towards the current economy has to be supported by the way in which IT works.

Now, if there is no linkage between the business and the way in which IT is managed, then it's going to be really, really difficult for the business to get that kind of value out of IT. So, ITSM provides a way in which IT and the business can communicate and design new ways of doing business in the current economy.

Gardner: Some of the popular business press released here in the United States has been calling the recession a "reset" and saying that "business as usual" is really not going to fly. Is ITIL something that can help with that, both at the IT level and the business level with this notion of a reset, David?

Changing operating models

Cannon: Yes, it is. That's not to say that, in every single case, IT is going to drive these changes to the business. What we're seeing in the reset is that businesses have to change their operating models.

Part of an operating model within any business is their IT environments and the way in which IT works and is integrated into the business processes and services. So, when we talk about a reset, what we're really talking about is just a re-gearing of the operating models in the business, and that includes IT.

The way in which IT works and the processes that you read about in ITIL Version 3, for example,

What I've seen recently is that organizations that have already achieved a level of ITSM maturity are really building on that now to improve their efficiency, their effectiveness, and their cost-effectiveness.

are increasingly being used in the business environment to create new services or different ways to manage their existing operational environments.

Gardner: I wonder if any of our speakers thinks that the economy has, in fact, provided an impetus or catalyst to embrace ITIL, whether it's in its versions, 1, 2 or 3. Is it possible that there has been a silver lining to this dark economic cloud?

Rance: That's a really interesting question. What I've seen recently is that organizations that have already achieved a level of ITSM maturity are really building on that now to improve their efficiency, their effectiveness, and their cost-effectiveness.

Maybe a year or two years ago, other organizations that were less mature and a bit less effective were managing to keep up, because things weren't so tight and there was plenty of fat left. What I'm seeing now is that those organizations that implemented ITSM are getting further and further ahead of their competition.

For organizations that are not managing their IT services effectively towards the end of the slump it's going to be really difficult. Some organizations will start to grow fast and pick up business, and they are going to carry on shrinking.

Gardner: Thank you, Stuart. Ashley, do you have anything further to offer?

Hanna: I think, as well, that if ITIL has been implemented correctly, then it is not an overhead. As times get tough, it's not something you turn off. It becomes part of what you do day-to-day, and you gain those improvements and efficiencies over time. You don't need to stop doing it. In fact, it's just part of what you do.

Gardner: For those of our listeners who might not be too deeply aware and have the background for ITIL, let's give them a quick primer. David, help me understand a little bit about the context of ITIL and where it fits in now.

Helping operations managers

Cannon: ITIL was initially created within the UK government to help operations managers within IT manage that environment a lot better. As the industry progressed, and as we became more mature about the way in which we managed IT, it became very clear that what we were really doing was not simply managing a set of infrastructure components and applications. What we were really doing was delivering a set of services to the business.

As that matured, we began to realize that we're not simply providing a set of outputs to the business and then forgetting about what the business does with them, and, as long as we produce the outputs, we've done our job. We began to realize that this approach wasn't good enough. What we had to do was focus on not only what we delivered to the business, but also what the business did with those services. So, we are focused more on the business outcomes.

In the current environment and in the current version of ITIL, we're looking at not only how IT manages itself, but how IT provides service to the business, and also how the business generates value based on the services that they use from IT. That's where the industry is right now.

And, just to stress, ITIL didn't invent the stuff. ITIL is not a theoretical approach that came out of the minds of a few academic individuals. It really is based on what companies have been doing over the past 20 years. So, when you read ITIL, everything you see in those books is something that has been done by a company somewhere, and it has worked.

What you have there is a set of recipes, which really talk about how I, as an IT professional, can play a strategic role within the business, and how I can help to measure my contribution of value within the business organization. That's really where we are within ITIL right now.

Gardner: Stuart or Ashley, do you have anything further to offer on a level set on ITIL nowadays?

Rance: I've got a lot that I'd like to say about value, but I'll hold off on that for now. I'd like to talk about what service management is from a more operational viewpoint, because a lot of people don't really get what we're talking about, when we talk about service management.

The point is that there are lots of different service providers out there offering services. Everybody has some kind of competition, whether it's internal, a sort of outsourcing, or alternate ways of providing service.

All of those service providers have access to the same sorts of resources. They can all buy the same servers, network components, and software licenses, and they can all build data centers of the same standards. So, the difference between service providers isn't in those resources they bring to bear. They are all the same.

Service management is the capabilities a service provider brings in order to deploy, control, and manage those resources to create some value for their customers. It includes things about all of your processes for managing changes, incidents, or the organizational designs and their roles and responsibilities, and lots of different things that you develop over time as an organization, it's how you create value from your resources and distinguish yourself from alternate service providers.

Gardner: Is there anything from you, Ashley?

Focusing on outcomes

Hanna: I'm just reflecting on what both have said. We've gone from managing technology processes, which was certainly an improvement, to managing end-to-end IT service and its lifecycle and focusing on the business outcome.

It's not just which technology we are supporting and what silos we might be in. We need to worry about what the outcome is on the business? The starting point should be the outcome and everything we do should be designed to achieve what's wanted.

Gardner: David, it certainly seems to me that the progression of IT is toward the delivery of processes, rather than technology sets. The feature function abstraction is perhaps elevated, particularly now, when we think about cloud services and a variety of different sourcing options. That seems to me to dovetail very well with the fact that we're changing the way that IT operates at precisely the same time as the way that IT is consumed is changing. Does that sound fair?

Cannon: Yes, it does sound fair. I think in terms of initiatives or movements like cloud, or should I say trends, what you're seeing is a focus on exactly what it is that I get out of IT, as opposed to a focus from the business on the internal workings of IT.

What you've seen historically is that the business has traditionally been very concerned about the internal workings of IT. They're very concerned about mitigating risk and very concerned about making sure that we're running in a cost-optimal way. What things like cloud tend to do is to provide business with a way of relating to IT as a set of services, without needing to worry about what's going on underneath the surface.

However, I need to point out that, even within a cloud environment, where you have a cloud-service provider, that service provider still has to worry about the processes.

So, business is going to look for clear solutions that meet their needs and can change with their needs in very short times.

They have to worry about managing the technology. These issues don't go away. It really is just a different way of dealing with the sourcing and resourcing of how you provide services.

Gardner: So, I suppose the point is that ITSM, how you run your IT department and how you provide for your users and their perceptions of IT as a business partner, is being elevated by some of these other trends in the sourcing environment?

Cannon: Yes, and what we're seeing is just the need for business to be able to react quickly and the need for them to be able to be very flexible within a rapidly changing volatile economy. So, business is going to look for clear solutions that meet their needs and can change with their needs in very short times.

Gardner: Ashley, let's go to you now about some of the myths or misunderstandings around ITIL -- what needs to be debunked or what lets people stray in understanding ITIL and how they could avail themselves of it?

Responding to change

Hanna: A lot of the issues are based on the fact that something has changed. We all know and love ITIL Version 2, and have a certain image of that in our minds -- and we all respond differently to change.

An issue that comes up quite a lot is that ITIL Version 3 appears to have gotten much bigger and more complex. Some people look at it and wonder where the old service delivery and service support areas have gone, and they've taken surprise by the size of V3 and the number of core books.

There is new content in Version 3, but actually Version 2 was pretty big, if you looked at the complete set of publications that came out. This view of it being small and self-contained was reinforced by what we were taught, when we studied Version 2.

The highest level of certification then was the Managers certificate and exam.

. . . these changes are long awaited and they're very useful additions to ITIL . .

This concentrated just on service delivery and service support. Yet, there were at least five other significant areas. Publications that came out from those other areas, such as business perspective and planning to implement, didn't get the same kind of attention.

When Version 3 came out, it launched with a much bigger perspective right from the beginning. Instead of having just two things to focus on, there are five core books. I think that has made it look much bigger and more complex than Version 2.

It is true that if you go through education, you do need to get your head around the new service life-cycle concept and the concept called "business outcomes", as we've already mentioned. And, you need to have an appreciation of what's unique to the five core books. But, these changes are long awaited and they're very useful additions to ITIL, and complementary to what we've already learned before.

Gardner: Stuart, just for the edification of our audience, what general characteristics would you apply to Version 2 and then Version 3, and what generally distinguishes them?

Better and cheaper

Rance: Version 2 was very much about how the IT service provider could do what it does effectively, efficiently, and cost effectively. All of the Version 2 processes led to ways that the service provider could deliver what they did better and cheaper. What it didn't really look to was the value of what they were doing, and were they doing the right things?

I'll give you a simple example. Version 2, in financial management, talked very much about what sort of cost units you should be looking at, how you should be calculating things, how you should be doing your accounting.

Version 3 includes that, but it includes it in quite a small part of the book in a couple of sentences that basically say your accountants will tell you how to do that. If you look at financial management in ITIL Version 3, it says you really have to understand the cost of supplying each service that you supply and you have to understand the value that each of those services delivers to your customers.

Now, that's a very simple concept. If you think of it in a broader context, you can't imagine, say, a car manufacturer who didn't know the cost of producing a car or the value of that car in the market. But, huge numbers of IT service providers really don't understand the cost of using its service and the value of that service in the market.

ITIL V3 very much focuses on that sort of idea -- really understanding what we are doing in terms of value and in terms of cost-effectiveness of that level, rather than that procedural level.

Gardner: Going to you David, is there something about ITIL and the confusion that might exist in some quarters around this notion of financial management? Where do you see this financial management aspect of ITIL and is that something that people need to better get their heads around?

Cannon: Financial management really hasn't changed in the essence of what it is. Financial management is a set of very well defined disciplines.

ITIL V3 very much focuses on that sort of idea -- really understanding what we are doing in terms of value and in terms of cost-effectiveness of that level, rather than that procedural level.

There are well-established procedures and practices. When applied within IT, financial management really starts to answer some very specific questions.

In Version 3, the nature of those questions changes. For example, in Version 2, we talk about how to account for the cost of providing IT services and how to track your assets, for example. It's very much a cost-based model of financial management.

Within Version 3, the financial management questions become more strategic. How do we calculate value? How do we align the cost of a service with the actual outcome that the business is trying to achieve? How do we account for changing finances over time?

For example, if we invest a certain amount of money this year, what is the relative value of that investment going to be in 5 or 10 years time? How do I align financial decisions that I make with the portfolio of services that I deliver? How can I track the investment in IT throughout the life-cycle of the services that I am providing?

Questions have changed

So, the questions that we ask in financial management within ITIL have changed significantly, but the underlying core procedures and practices are still the standard financial practices that exist within any organization.

Gardner: As we progress from applying financial management to systems, and then now to processes, it sounds as if we're starting to talk more the talk of the business side of the house. Business probably wants to understand the true cost of processes.

My question then is, do the folks on the business side of the house need to know anything about ITIL, or do they simply need to know what the fruits of ITIL are? Let me throw that out to Stuart.

Rance: Something that David said earlier, which I have also come across, is that a lot of businesses are in the service business themselves. It might not be IT service, but many of the customers we're dealing with are in some kind of service business, whether it's a logistics business or a transport business. Even a retailer is in the service businesses, and they provide goods as well.

In order to run any kind of a service you need to have service management. You need to manage your incidents, problems, changes, finances, and all those other things. What I'm starting to see is that things that started within the IT organization -- incident management, problem management and change management -- some of my better customers are now starting to pick up within their business operations.

They're doing something very much like ITIL incident management, ITIL change management, or ITIL problem management within the business of delivering the service to their customers.

. . . if you're running yourself as a business, you need to understand the business or businesses you serve, and you need to behave in the same way.

That completely gives you an end-to-end value chain, where the incident management, problem management, and change management you're doing within IT is simply a subset of your overall business incident management, problem management and change management. And, I could have listed all the other processes as well.

Gardner: It sounds as if we're moving toward some sort of a unifying theory of how to run both your business and your IT department. Essentially, they're both providing service management, provisioning, delivery, and measurement function. Why shouldn't they have a similar framework?

Hanna: I absolutely agree. Some of the shock that some people have when they pick up the service strategy book in ITIL V3 is they see it reads as a business book -- where is the IT, where is the data, where has my memory chip gone from this book? That's deliberate. It sets out that if you're running yourself as a business, you need to understand the business or businesses you serve, and you need to behave in the same way.

There's a great deal of new thinking that has gone into the service strategy side of things around providing a service of any kind. And as Stuart said, businesses can start adopting some of the IT process practice, but also the other way around. The IT people, when they start thinking about it, start to realize that it's not just them who have change management and incident management. Their business has to implement these aspects when they talk to their customers and the products that they sell. It is very much coming together in the industry.

Gardner: Is this a two-way street? Do the lessons learned on the business side apply to IT, and then vice versa? Does anyone want to offer an insight into the transfer of best practices?

Two-way communication

Rance: It's a very important question, but I'd like to go even further than that and say that, as a business unit, IT is already participating in a lot of this two-way communication. In many cases, IT doesn't think of itself as a business unit, but if you think about it, they really are. Today, the average IT department is delivering services to external customers and those services are revenue producing.

When that starts to happen, the IT unit starts becoming both an internal service provider, as well as a strategic business unit within the organization. And so, not only is it communicating with the business, it, in fact, is the business in many cases. That's a very important realization to come to within most IT organizations.

Gardner: I suppose we're all parochial and that we are involved with IT, but it sounds as if IT is not just a peer business unit, but perhaps a special business unit in a modern cooperation or enterprise. David, do you have any sense of whether we can claim special status in IT, or whether that gets us in trouble?

Cannon: We certainly could claim a special status, but I wouldn't try that. I think that the most important thing about ITIL and about ITSM is to ensure that IT is viewed as part of the business, that it is contributing to the value generated from the business, and that it is able to achieve its objectives.

I wouldn't try to create any special case for it. I would simply say that the management

I never heard an organization saying it needed to get the legal department aligned with the business or the finance department aligned with the business

challenges within IT tend to be more unique, and it's important to use approaches like ITIL, which are specifically designed around these challenges.

Rance: Can I speak up on that just for a moment? In the days of ITIL Version 2, a lot of organizations used to talk about business-IT alignment, and how important it was to align IT and its goals and strategies with the business and its goals and strategies.

I always found it very strange that you never heard a similar conversation about other business units. I never heard an organization saying it needed to get the legal department aligned with the business or the finance department aligned with the business.

I think that used to be a fundamental failing of IT organizations -- that they were trying to align with the business instead of trying to be a part of the business. That was one of the big changes in ITIL V3. I don't think an IT department should consider itself special or different. It should consider itself part of the business in exactly the same way as other core, shared services are.

Gardner: Perhaps another way to phrase the question is rather than to ask about whether it should be special, ask why it should not be special, and should be peer.

Rance: Exactly.

What do they want?

Hanna: Absolutely. One customer I work with felt they were getting a beating from industry best-practices consultants. The consultants were saying, "Look, you need to understand and align with your business. If only you did that, everything would be okay." What the IT organization found when they tried to do that was that, when they communicated with the business and got the right discussion around availability, performance, or whatever it was, the business didn't know what it wanted either.

So there's this idea that the magic is just a little bit further away, if you can get there. Once that organization engaged with the business, and they both realized they had challenges in this space, and it wasn't just one or the other's fault, they were able to start working together to get things done in a better way.

Gardner: I wonder if we could take a moment to understand better the relationship between HP and its approach to IT data centers, IT shared services and ITIL. Several of you here are instrumental, but also working with HP, what's the relationship?

Cannon: Dana, are you talking about the relationship between data-center management and ITSM?

Also I'm using it myself personally. I'm using ITIL guidance to help define and manage a service portfolio, which is a new concept within ITIL.

Gardner: No, I was asking about HP, as a vendor supplier, a partner and ITIL as a progression. How do they relate?

Hanna: I'm a business development manager within HP, within our Mission Critical Services organization, and I'm using ITIL as part of our assessment and continual improvement methodologies and tool set. So, I'm either helping to sell those kinds of ideas as a product or I am using it to improve what I do when I do that.

Also I'm using it myself personally. I'm using ITIL guidance to help define and manage a service portfolio, which is a new concept within ITIL. Within that, I have a pipeline of services that I offer to my customers, and new services or significant changes I'm bringing along. I've also got a service catalog of things that I sell to my clients today.

So, I am very much personally using ITIL, and I know many of my other colleagues are. But, it's not just how we go to market -- it's also within our own infrastructure.

Gardner: Does anyone else want to offer a way in which the philosophy of HP aligns with ITIL?

Everything is ISTM

Cannon: Absolutely. The point is that there is nothing in HP that we do that is not service management. Everything that we do -- from manufacturing and delivering computers to installing those computers, to making sure that they are operating effectively, to working with our customers to make sure that they are able to use IT and support their businesses -- are essential components of ITSM.

So, our whole approach to ITSM is not only that we help our customers do ITSM, but, as Ashley pointed out, we use ITSM internally to make sure that we are doing things in a quality manner and in a way that creates an added value for your customers.

For example, when I got into the data center services side of things, a lot of people said to me, “Oh, so you are leaving service management?” And the point is, no, absolutely not. How can you deliver IT services, how can you manage those services, if you have no control of your data center? Everything we do is tied into service management and how our customers are able to achieve value within their organizations.

Gardner: I would think that also end-to-end visibility, control management, and integration are essential to providing that end service in a timely and efficient manner. Is there a

Within our service management profession, it's incredible how many different things people are doing with service management.

comprehensive aspect to what HP involves in working with a number of partners and what you can then attain with ITIL guidelines?

Rance: We have within HP something we call a service management profession, which is part of our overall knowledge management. Interestingly, knowledge management, a relatively new process for ITIL was something we have been doing for a long time, as with many other organizations of course.

Within our service management profession, it's incredible how many different things people are doing with service management. They're all engaged with service management and they're all sharing knowledge and capabilities with each other, but it ranges from people who are developing, planning and delivering ITIL training courses. People are developing, delivering, configuring, installing, and managing our complete range of software products.

Our internal IT organization, our outsourcing organization, many different people doing different source of consulting, anything you can think of in the service management space, there is somewhere in HP a team doing it. Usually, those teams are doing it in every country around the world. We all talk to each other and learn from each other, and it's a lot of fun. I don't think there is any other organization in the world that comes close to that.

Gardner: So, in a sense, it's a whole greater than the sum of the parts.

Rance: Absolutely.

Concrete examples

Gardner: We've talked about this ITIL set of benefits and we debunked some of the misunderstandings. We've kept it at a fairly theoretical level, but I wonder if we had some concrete examples. As you pointed out earlier, ITIL has come from practices and not academics. Where are people applying these guidelines and the increased role of ITSM to a benefit? What are some of the metrics of success? Let's start with you, David.

Cannon: It all depends what each company is trying to achieve with their implementation. For some organizations it's about simply trying to solve a very specific problem. For example, how do I become more responsive to my customers when my IT services break, or how do I control changes within the organization?

If that's all that you are trying to achieve right now, then your metrics are going to reflect what it is that you've been working on. So, am I getting quicker at resolving these incidents? Am I getting fewer incidents? Are changes being more controlled, and are there fewer incidents as a result of rolling out changes? Some of the metrics that you are going to focus on are going to be very operational and very much focused on the problem that you're trying to solve.

In other organizations, which are trying to go for a more holistic implementation and are trying to really get into a growth mode for their organization, they are going to approach this in a very different way. They are going to look at things like, "What kind of services am I delivering? Are those services achieving the desired outcomes?"

The metrics are going to be a combination of what their businesses are using to measure their

So, the discussion changed very, very quickly from, "How much does ITSM cost us?" to, "Hey, can we have some more of this kind of thing?"

success, as well as how IT is measuring the consistency, the reliability, and the availability of their services. It's going to be a combination of that.

We've seen a number of organizations, which have really been using ITSM extensively, coming up with some very interesting ways of measuring the success of the program. What's interesting is that they may start out with looking at, "What is the cost of ITSM and how can I demonstrate the return on investment (ROI)?" But, where they end up is very interesting. Where they end up is, "How does IT support our business?"

I was sitting in one customer organization and they were talking about the cost of IT. We switched the discussion around and took a very specific example of a service that was used commonly within the business. We said to them, "Let's not focus on the cost of IT for now. Let's focus on what you get out of the service."

The managers in the business sat around and talked about the things that they do with the service. It turns out that by using the service, the business was able to save something like $20 million a year in certain testing procedures that they were running.

So, the discussion changed very, very quickly from, "How much does ITSM cost us?" to, "Hey, can we have some more of this kind of thing?" Again, it really depends on the kind of initiative that you have going within your organization and how you're going to measure the success of your ITSM program.

Gardner: Stuart, how about you? Do you have any examples of ITIL in practice and perhaps any metrics on its impact?

Service management journey

Rance: I'll tell you about one of my customers. I don't think it was a metric when they stopped, but it was certainly an outcome. This was an organization that started on their service management journey about four years ago. It was a big mobile phone company somewhere in Eastern Europe.

They started on an ITIL implementation program at the time of ITIL Version 2, and their goals and metrics were largely around quality of service and cost of delivering service, the sorts of things that we think of when we think about ITIL Version 2. It was a really good program and it went really well.

They got the cost reductions they were looking for. They got the improvements in services they were looking for. The other thing that wasn't originally on their goals was that was they got a massive improvement in the relationship with the business. As a direct result of the improvements that they made with their ITIL program, the IT manager became the IT director. In other words, he got himself a seat on the board.

He was quite happy to come back to us afterward and say, "Thank you for your help. Implementing that program directly led to me getting a seat on the board."

The outsourcer couldn't complete the deal, and the IT organization is still in house today. So, that's a great success story from that IT organization.

It's a really nice piece of feedback, because the next thing he said to me was, "Now, what does ITIL V3 mean for me, and how can I capitalize on that and get even better?

I've run quite a few strategy and planning workshops to look at the best way of implementing ITIL V3 in different organizations. We did one of those here and came up with a number of ideas for his next four- or five- year program to improve the relationship even better and to improve the outcomes he's delivering in the business.

Gardner: Ashley, similar question to you.

Hanna: I have a very interesting example as well. I've worked with one of our customers on the Mission Critical Partnership and we helped them implement continual improvement over a number of years. We benchmarked them as to where they were against best practice and against peers in the industry. Then, we helped them identify key risks to address and the improvements that they could make. We helped them measure their progress on an annual basis.

What's very interesting is that they were so successful that, when the decision was made to outsource the IT organization, the outsourcer found that they were already so efficient and effective, they couldn't make the required saving to make the deal worthwhile. The outsourcer couldn't complete the deal, and the IT organization is still in house today. So, that's a great success story from that IT organization.

Looking into the crystal ball

Gardner: Before we wrap up, I'd like to take a peek into the crystal ball, looking into the future a bit. As I mentioned earlier, it strikes me that the emphasis on process over systems and on services from a variety of sources, over monolithic and tightly controlled centralized delivery, is probably going to be growing in importance over the coming years. That perhaps augurs well for ITIL and particularly ITIL V3. So I'd like to go one last time through our panelists on this crystal ball notion. David, what's your prediction for how ITIL Version 3 progresses?

Cannon: What we're going to start seeing is the market will continue to mature, as it has been over the last 20 years. More and more organizations will get in control of their IT environments. They will be articulating value to the business more and more.

But, two additional things are going to start happening as we move forward. The first thing is

In addition, we're going to see ITSM moving more-and-more inward into the IT organization.

that service management is going to move outward. We are already seeing how organizations are starting to use the procedures, the practices, and the principles of ITIL within the business. For example, a lot of businesses are using simple IT event management to drive some of their business operations. So we are going to see ITSM moving out and being applied into business environments.

In addition, we're going to see ITSM moving more-and-more inward into the IT organization. We're going to start seeing ITSM being applied to the actual infrastructure, applications and networks within the IT organization, and we are going to see more and more technical applications of ITSM as well.

Gardner: Stuart, your view on the future?

Rance: I'm not sure if I agree with David on this. Rather than more organizations getting good at service management, what's going to happen is a massive consolidation. There will be fewer really good organizations that understand service management, do it well, Increasingly, they're going to be dominating the market, and the small, ineffective IT organizations aren't going to suddenly learn how to do service management. They're just going to go out of business.

The other thing that I see happening is that those organizations that are currently running their services using good service management practices and developing the capabilities and managing end-to-end services are in a really great position to take on new technologies, paradigms, and ideas to invest in things like virtualization, clouds, blades, and other technologies which provide a more complex infrastructure environment.

Because they're already managing these things from the viewpoint of the service, they're going to find adoption of new and interesting architectures much easier. So again, those organizations that do service management well are the ones who are going to be able to take advantage of all of the flexibility and cost savings of new technologies.

Gardner: Last point to you, Ashley.

Much easier to do

Hanna: Speaking to that idea around the new technologies, some organizations have used some of the new blade infrastructures in virtualization as being easier to deploy than some of the old style mainframe heavy-duty things, but are finding that actually a lot of it is absolutely much easier to do. There is more automation and things work better and smoother.

But, with many more devices and new concepts, they still need to apply these traditional service management approaches. So, I think, we'll see a lot of these organizations that have branched out recently into new technologies realizing that they need to equally invest in new service management guidance.

And I think, best practice today is relatively high level, and I think we'll see the actual sources of best practice like ITIL will get deeper down, and we will get more day-to-day operational advice and templates made available that also adhere to this best practice.

Gardner: Very good. We have been discussing how to better understand the standards and methods around ITIL Version 3, Prescriptions and Guidelines. And we have been better understanding how that can impact the modern enterprise.

I want to thank our panel for today's discussion. We have been joined by David Cannon, an ITSM practice principal at HP, thank you David.

Cannon: Thanks for having me.

Gardner: We have also been joined by Stuart Rance, an ITSM expert at HP and author of the ITIL V3 Glossary. Thank you Stuart.

Rance: Thank you. It's been fun.

Gardner: And Ashley Hanna, an author of Version 2 and Senior Examiner for ITIL V3 as well as a business development manager at HP. Thank you so much, Ashley.

Hanna: Thank you.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a sponsored BriefingsDirect podcast. Thank you for listening and joining us and come back next time.

Free Offer: Get a complimentary copy of the new book Cloud Computing For Dummies courtesy of Hewlett-Packard at www.hp.com/go/cloudpodcastoffer.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: Hewlett Packard.

Transcript of a sponsored BriefingsDirect podcast on the latest version of ITIL, and how it helps IT organizations transform how they operate as business units. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

Interview: Guillaume Nodet and Adrian Trenaman on Apache ServiceMix and Role of ESBs in OSS

Transcript of a BriefingsDirect podcast with Guillaume Nodet and Adrian Trenaman of Progress Software on directions and trends in SOA and open source infrastructure.

Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: Progress Software.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect. Today, a sponsored podcast discussion about open source, service-oriented architecture (SOA) developments, and trends.

We are going to catch up and get a refresher on some important open-source software projects in the Apache Software Foundation. We’ll be looking at the Apache ServiceMix enterprise service bus (ESB), and the toolkit, and we are going to talk with some thought leaders and community development leaders to assess the market for these products, particularly in the context of cloud computing, which is certainly getting a lot of attention these days.

We'll also look at the context around such technologies as OSGi and Java Business Integration (JBI). We want to also think about what this means for enterprise-caliber SOA, particularly leveraging open-source projects. [Access more FUSE Community podcasts.]

To help us sort out and better understand the open-source SOA landscape, we’re joined by Guillaume Nodet, software architect at Progress Software and vice president of Apache ServiceMix at Apache. Welcome to the show, Guillaume.

Guillaume Nodet: Thank you.

Gardner: We are also joined by Adrian Trenaman, distinguished consultant at Progress Software. Hey, Adrian.

Adrian Trenaman: Hey, Dana. How is it going?

Gardner: Good. Now, we are starting to see different patterns of adoption and use-case scenarios around SOA, and open-source projects. Counterpart offerings for certification and support, such as the FUSE offerings from Progress, are getting more traction in interesting ways. The role of ESBs, I think as we can safely say, it is expanding.

The role for management and policy and rules and roles is becoming much more essential, not on a case-by-case basis or tactical basis, but more from a holistic management overview of services and other aspects of IT development and deployment.

First I want to go to Guillaume. Give us a quick update on Apache ServiceMix, and how you see it being used in the market now?

Nodet: Apache ServiceMix is one of the top-level projects at the Apache Software Foundation. It was started back in 2005, and was graduated as a top-level project a year-and-a-half ago. ServiceMix is an open-source ESB and it's really a well-known ESB for several reasons, which we’ll come to later. It's really a full-featured ESB that is widely used in a whole range of companies from government to banking applications. There’s very wide use of ServiceMix.

Gardner: Tell us a little bit about your background, and how you became involved. How long have you been working on ServiceMix, and what led you up to getting involved?

Nodet: Back in 2004, I was working at a small company based in France, and we were looking for an ESB for internal purposes. I began to do some research on the open-source ESBs available at that time. I was involved in the Mule Project and I became a committer in my spare time, and had been one of the main committers for six months.

In the summer of 2005, my company was firing people for economical reasons, and I decided to take a break and leave the company. So I sent an email to James Strachan, who was just starting ServiceMix, and that's how I became involved. I was hired by LogicBlaze at the time, which has been acquired by IONA and now Progress.

Gardner: Tell us a little bit more about the context of the ServiceMix ESB in some of the other Apache Software Foundation projects, just so our listeners understand that this isn't necessarily standalone. It can be used, of course, standalone, but it fits into a bigger picture, when it comes to SOA infrastructure. Maybe you could just explain that landscape as it stands now.

The bigger picture

Nodet: ServiceMix is an ESB and reuses lots of other Apache projects. The main ones which ServiceMix reuse is Apache ActiveMQ which is a message broker so it is for the JMS backbone infrastructure. We also heavily use Apache CXF, which is a SOAP stack that integrates nicely in ServiceMix. One of the other projects that we use is Apache Camel, which is a sub-project of Apache ActiveMQ, is a message router, which is really efficient and it uses DSL to be able to configure routers very easily. So these are the three main projects that we use.

Of course, for ServiceMix 4.0, we are also using the Apache Felix OSGi Framework, and lots of other projects that we use throughout ServiceMix. There are really big ties between ServiceMix and the other projects. Another project that we can leverage in ServiceMix is Apache ODE, which is the business process execution language (BPEL) Engine.

Gardner: Now, it's not always easy to determine the number of implementations, particularly in production, for open-source projects and code. It's a bit easier when you have a commercial vendor. You can track their sales or revenues and you have a sense of what the market is doing.

Do you have any insight into what's been going on, in a larger trend around these SOA open-source projects in terms of implementation volumes? Are we still in test, are people in pilot, or are we seeing a bit more. And, what trends are there around actual production implementation? I'll throw that to either one, Adrian or Guillaume.

Trenaman: I’m happy to chip in there. We’ve seen, quite a lot of work in terms of real-world sales. So you started in ServiceMix, obviously. We have been using ServiceMix for some time with our customers, and we have seen it used and deployed, in anger, if you will. What's interesting for me is the number of different kinds of users out there, the different markets that it gets deployed in. We have had users in airline solutions, in retail, and extensive use in government situations as well.

We recently finished a project in mobile health, where we used ServiceMix to take information from a government health backbone, using HL7 formatted messages, and get that information onto the PDAs of the health-care officials like doctors and nurses. So this is a really, really interesting use case in the healthcare arena, where we’ve got ServiceMix in deployment.

It’s used in a number of cases as well for financial messaging. Recently, I was working with a customer, who hoped to use ServiceMix to route messages between central securities depositories, so they were using SWIFT messages over ServiceMix. We’re getting to see a really nice uptake of new users in new areas, but we also have lots of battle-hardened deployments now in production.

Gardner: One of the nice things about this trend towards adoption is that you often get more contributions back into the project. Maybe it would be good now to understand who is involved with Apache, who is really contributing, and who is filling out the feature sets and defining the requirements around ServiceMix. Guillaume, do you have any thoughts about who is really behind this in terms of the authoring and requirements?

From the community

Nodet: The main thing is that everything comes from the community at large. It’s mainly users asking how they can implement a given use case. Sometimes, we don't have everything set up to fulfill the use case in the easiest way. In such a case, we try to enhance ServiceMix to cover more use cases.

In terms of contributors, we have lots of people working for different companies. Most of them are IT companies who are working and implementing SOA architecture for one of their customers and they are using ServiceMix.

We have a number of individual contractors who do some consulting around ServiceMix and they are contributing back to the software. So, it's really a diverse community. Progress is, obviously, one of the big proponents of Apache ServiceMix. As you have said, we run our business using the FUSE family of projects.

So, it's really a very diverse community and with different people from different origins, from everywhere in the world. We have Italian guys, we have, obviously, US people, and we have a big committee.

Gardner: The JBI specification has been quite central to ServiceMix. If you could, give us an update on what JBI, as its own spec, has been up to, and what that means for ServiceMix, and ultimately FUSE. Furthermore, let's get into some of the OSGi developments. It has really become hot pretty quickly in the market. So what's up with JBI and OSGi?

Nodet: The JBI specification has been out since the beginning of 2005. It defines an architecture to build some ESBs in Java. The main thing is that the key concept is normalized exchanges. This means that you can deploy components on the JBI container, and all of these components will be able to work together without any problems because they share a common knowledge of exchanges, and the messages between components are implemented. This is really a key point.

Anyone can grab a third party component from outside ServiceMix. There are a number of examples of components that exist, and you can grab such a component and deploy it in ServiceMix and it will just work.

That's really one of the main points behind the JBI specification. It’s a Java centric specification. I mean that the implementation has to be done in Java, but ServiceMix allows a lot of different clients from other technologies to jump into the bus and exchange data with other components.

So one of the things that we use for that is a STOMP protocol, which is a text-based messaging protocol. We have lots of different implementations from Ruby, Python, JavaScript and lots of different languages that you can use to talk to the ServiceMix bus.

OSGi is a specification that is really old, about 10 years, at least. It was originally designed for embedded devices. During the past two years, we have seen a lot of traction in the enterprise market to push OSGi. The main thing is that the next major version of ServiceMix, which will be ServiceMix 4.0, is based on OSGi and reuses the OSGi benefit.

The main driver behind that was mainly to get around some weaknesses of the JBI specification mainly related to the JBI packaging and class loader architecture. OSGi is really a nice specification for that and we decided to use it for the next version of ServiceMix.

Gardner: Now, we tend to see a little bit of politics oftentimes in the market around specifications, standards, who supports them, whether there is a competing approach, and where that goes. We’ve seen a bit of that in the Java Community Process over the years. I wonder, Adrian, if you might be able to set the table, if you will, around where these specifications are and what some of the commercial interests are?

For example, I know that IBM is quite strong behind OSGi, and Oracle has backed it to an extent as well. These guys, obviously, have quite a bit clout in the market. Set the table on the vendors and the specification situation now.

Sticking with JBI 1.0

Trenaman: JBI is currently at version 1.0, or 1.11 actually. There is a JBI 2.0 expert group, and I believe they are working under JSR 312. So, I think there’s work going on to advance that specification.

However, if you look at what the vendors are doing -- be it Sun, Progress, or Red Hat through JBoss -- I think the vendors are all sticking with JBI 1.0 at the moment, making customers successful with that version of the spec and in anticipation of a new version of the spec. But, I believe it’s quite quiet. Guillaume, is that correct, for 2.0?

Nodet: Yes. I am part of the 2.0 expert group for JBI and the activity has been quite low recently. One main driver behind JBI 2.0 is to refocus on what I explained is the key point of the JBI 1.0 specification, which is the concept of normalized exchanges and the normalized message router.

The goal of the JBI 2.0 Expert Group I think is to refocus on that and making JBI play much more nicely with other specifications that somewhat are seen as opponents to JBI, like SCA, and also play more nicely with OSGi because ServiceMix is not the only JBI implementation that goes towards the OSGi way. So we want also to be sure that everything aligns correctly.

Gardner: Just so listeners can understand, what is it about OSGi that is valuable or beneficial as a container in an architectural approach, when used in conjunction with the SOA architectural component?

Trenaman: OSGi is the top of the art, in terms of deployment. It really is what we’ve all wanted for years. I’ve lost enough follicles on my head fixing class-path issues and that kind of class-path hell.

OSGi gives us a badly needed packaging system and a component-based modular deployment system for Java. It piles in some really neat features in terms of life cycle -- being able to start and shut down services, define dependencies between services and between deployment bundles, and also then to do versioning as well.

The ability to have multiple versions of the same service in the same JVM with no class-path conflicts is a massive success. What OSGi really does is clean up the air in terms of Java deployment and Java modularity. So, for me, it's an absolute no-brainer, and I have seen customers who have led the charge on this. This modular framework is not necessarily something that the industry is pushing on the consumers. The consumers are actually pulling us along.

I have worked with customers who have been using OSGi for the last year-and-a-half or two years, and they are making great strides in terms of making their application architecture clean and modular and very easy and flexible to deploy. So, I’ve seen a lot of goodness come out of OSGi and the enterprise. You mentioned politics earlier on, Dana, and the politics for me are interesting on the number of levels.

Here is my take on it. The first level is on the OSGi core platform, and what you’ve got there is a number of players who are all, in some sense I guess, competing to get the de-facto standard implementation or reference implementation. I think Eclipse Equinox emerges as the winner. They are now strongly backed by IBM.

The key players

And in the Apache Software Foundation you’ve got Felix. One of the other key players will be Knopplerfish OSGi, which is really Makewave, and they deliver Knopplerfish under a BSD-style license. So, we have some healthy competition there, but I guess in terms of feature build out Equinox seems to be the winner in that area.

That's one way of looking at it. The other thing is, if you look at your traditional app server vendors and what they are doing, IBM, Oracle, Red Hat, and Sun have all put OSGi, or are about to put OSGi, within their application servers. This is a massive movement.

I think it's interesting that OSGi is no longer a differentiator. It’s actually an important gatekeeper. You have to have it. This is a wave that the industry and that our customers are all riding, and I think they are very welcoming to it.

Politically, all of the app server vendors seem to be massively behind OSGi and supportive of it. The other area that maybe you alluded to is that in the broader Java community, there’s been a debate that's gone for some time now about JSR 277, which is the Java Community Process attempt at Java modules. The scene there is that JSR 277 overlaps massively with what OSGi intends to achieve, or rather has already achieved.

That starts getting messy all over again, because Java 7.0 will include JSR 277. So the future of Java seems to have hooked into this Java module specification, and not taking what would be the sensible choice, which would be to follow an OSGi based model, or at least to passionately embrace OSGi and weave it in a very nice way into JSR 277.

So, there is still some distance to go there on that debate over which one actually gets accepted and gets embraced by the community. I think the happiest conclusion for that is where JSR 277 really does embrace what OSGi has done, and actually, in a sense, builds support into the Java language for OSGi.

Gardner: Clearly, the momentum around OSGi has been substantial. I’ve been amazed at how far this has come so quickly.

Trenaman: Exactly.

Gardner: Now, IONA now within Progress Software, is in this not just for “peace on earth and good will toward men.” With the latest FUSE version being 4.0, you have a certification, support, and enterprise-ready service value around the ServiceMix core. Is there something about OSGi that helps Progress in delivering this to market, given the modularity and the better control and management aspects? I am thinking, if I am in certification and enterprise-ready mode for these, that OSGi actually helps me, is that correct?

It's a community issue

Trenaman: My perspective on that would be that embracing of OSGi in FUSE is a community issue. It’s the community that's driven that and that's a part of ServiceMix. So, this is something that we in Progress now are quite happy to embrace and then take into FUSE.

For me, what the OSGi gives us is clearly a much better plug-in framework, into which we can drop value-added services and into which we can extend. I think the OSGi framework is great for that, as well as in terms of management, maybe moving toward grid computing. The stuff that we get from OSGi allowed us to be far more dynamic in the way we provision services.

Gardner: Great. Now, you mentioned the big “grid” word. A lot is being talked about these days in cloud computing, and there’s an interesting intersection here between open-source early adopters and the very technology savvy providers or companies and the cloud phenomenon.

We’ve seen some quite successful cloud implementations at such organizations as Google, Yahoo!, and Amazon, and we’re starting to see more with chat in the market from Microsoft and IBM that they are going to get into this as well.

These are the organizations that are looking for control, the ability to extend code and “roll their own.” That's where their value add is. What's the intersection between SOA, open-source infrastructure, and these cloud implementations? Then, we’ll talk about where these clouds might go in terms of enterprises themselves. Who wants to take the high view on the cloud and open-source SOA discussion?

Trenaman: A lot of SOA is down to simply "Good Design 101." The separation of the interface from the implementation is absolutely key, and then location independence, as well. You know, being able to access a service of some kind and actually not really care exactly where that is on the cloud, so that the whole infrastructure behind the service is transparent. You do not get to see it.

SOA brings some very nice concepts in terms of contract-first design and standard-based specification of interfaces, be they using WSDL or just plain old XML and REST -- or even XML and JMS.

I think the fact that we can now define in a well-understood way what these services are, and that allows us to get the data into and out of the cloud in a standardized way. I think that's massively important. That's one of the things that SOA brings to the cloud that becomes very important.

What open-source brings to cloud, apart from quality software against which to build massively distributed systems. What it brings is maybe a business model or a deployment model that actually suits the cloud.

I think of the traditional software licensing models for closed source where you are charging per CPU. When you look at massive cloud deployments with virtual machines on many different physical hardware boxes, those models just don't seem to work.

Gardner: A great deal of virtualization is taking place in these cloud infrastructures.

A natural approach

Trenaman: I think open source becomes a very natural and desirable approach in terms of the technologies that you are going to use in terms of accessing the cloud and actually implementing services on the cloud. Then, in order to get those services there in the first place, SOA is pivotal. The best practices and designs that we got from the years we have been doing SOA certainly come into play there.

Gardner: Let's move into this notion of a private cloud, which also requires us to understand a hybrid, or managing what takes place within a private, on-premises cloud infrastructure -- and then some of these other available services from other large consumer-facing and business-facing cloud providers.

Vendors and, in many cases, community development organizations are starting to salivate over this opportunity to provide the software, services, and support in helping enterprises create that more efficient, high availability, much more creative utilization range incumbent in a well-designed cloud infrastructure or grid or utility infrastructure.

Trenaman: Sure.

Gardner: It seems unlikely that an organization creating one of these clouds is going to go out and just buy it out of the box. It seems much more likely that, at least for the early adoption stages, this is going to be a great opportunity to be exerting your own special sauce as an internal IT organization, well versed in open-source community development projects and then delivering services back to your employees and your customers and your business partners in such a way that you can really reduce your total cost, gain agility, and gain more control.

Let's go to Guillaume. How do you see ServiceMix, in particular, playing in this movement, now that we are just starting to see the opening innings of private cloud infrastructure?

Nodet: ServiceMix has long been a way that you can distribute your SOA artifacts. ServiceMix is an ESB and by nature, it can be distributed, so it's really easy to start several instances of ServiceMix and make them seamlessly talk together in a high availability way.

The thing that you do not really see yet is all the management and all the monitoring stuff that is needed when you deploy in such an architecture. So ServiceMix can really be used readily to fulfill the core infrastructure.

ServiceMix itself does not aim at providing all the management tools that you could find from either commercial vendors or even open-source. So, on this particular topic, ServiceMix, backed by Progress, is bringing a lot of value to our customers. Progress now has the ability to provide such software.

Gardner: So, Progress has had quite a long history, several decades, in bringing enterprise development and deployment strategies, platforms, tools, a full solution. This seems to be a pretty good heritage combined with what community development can offer in starting to craft some of these solutions for private clouds and also to manage the boundaries, which I think is essential.

I can see an ESB really taking on a significantly larger role in managing the boundaries between and among different cloud implementations for integration, data portability, and transactional integration. Adrian anything to further add to that.

Dynamic provisioning

Trenaman: Certainly, you could always see the ESBs being sort of on the periphery of the cloud, getting data in and out. That's a clear use case. There is something a little sweeter, though, about ServiceMix, particularly ServiceMix 4, because it's absolutely geared for dynamic provisioning.

You can imagine having an instance of ServiceMix 4 that you know is maybe just an image that you are running on several virtual machines. The first thing it does is contact a grid controller and says, “Well, okay, what bundles do you want me to deploy?” That means we can actually have the grid controller farming out particular applications to the containers that are available.

If a container goes down, then the grid controller will restart applications or bundles on different computing resources. With OSGi at the core of ServiceMix, at the core of the ESB, that’s a step forward now in terms of dynamic provisioning and really like an autonomous competing infrastructure.

Nodet: Another thing I just want to add about ServiceMix 4, complementing what Adrian, just said is that ServiceMix split into several sub-projects. One of them is ServiceMix Kernel, which is an OSGi enhanced runtime that can be used for provisioning education, and this container is able to deploy virtually any kind of abstract. So, it can support Web applications, and it can support JBI abstracts, because the JBI container is reusing it, but you can really deploy anything that you want.

So, this piece of software can really be leveraged in cloud infrastructure by virtually deploying any application that you want. It could be plain Web services without using an ESB if you don’t have such a need. So it's really pervasive.

Gardner: We were quite early in this whole definition of what private cloud would or wouldn't be. Even the word “cloud,” of course, is quite nebulous nowadays.

I do see a huge opportunity here, given also the economic pressures that many organizations are going to be facing in the coming years. It's really essential to do more with less. As we move toward these cloud implementations, you certainly want to be able to recognize that it isn't defined. It's a work in progress, and having agility, flexibility, visibility into the code, understanding the origin for the code, and the licensing and so forth, I think is extremely important.

Trenaman: It’s massively important for anyone building the cloud, particularly a public cloud. That has got to be watched with total care.

Gardner: We’ve been talking about SOA infrastructure, getting some updates and refreshers on the ServiceMix and Apache Foundation approaches. talking to some community and thought leaders. We've learned a little bit more also about Progress Software and FUSE 4.0.

I’m very interested and excited about these cloud opportunities for developers to use as they already are. The uptake in Amazon Web Services for development activities and test-and-deploy scenarios and performance testing has been astonishing.

Microsoft is going to be right behind them with an appeal to developers to build on a Microsoft cloud. These are going to be ongoing and interesting, and so managing them is going to be critical to their success. A key differentiator from one enterprise to another it is how well they can take advantage of these, and manage the boundaries quite well.

I want to thank our participants. We have been joined by Guillaume Nodet. He is the software architect at Progress Software and vice president of Apache ServiceMix. Thank you, Guillaume, we really appreciate your input.

Nodet: No problem. I am glad that we have been able to do this.

Gardner: We have also been joined by Adrian Trenaman. He is distinguish consultant at Progress Software. Great to have you with us, Adrian.

Trenaman: It's a pleasure.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. I want to thank our sponsor for today's podcast, Progress Software. We’re coming to you through the BriefingsDirect Network. Thanks for listening and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: Progress Software.

Transcript of a BriefingsDirect podcast with Guillaume Nodet and Adrian Trenaman of Progress Software on directions and trends in SOA and open source. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

BriefingsDirect Analysts Discuss Service Oriented Communications, Debate How Dead SOA Really Is

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 36, on communications as a service and the future of SOA in light of hard economic times.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Charter Sponsor: Active Endpoints. Additional underwriting by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect Analyst Insights Edition, Volume 36. This periodic discussion and dissection of IT, infrastructure related news event with a panel of industry analysts and guests comes to you with the help of our charter sponsor Active Endpoints, maker of the Active VOS visual orchestration system, as well as through the support of TIBCO Software.

I'm your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions. Our topic this week, the week of Jan. 12, 2009, starts and ends with service-oriented architecture (SOA) -- dead or alive?

We're going to begin with an example of what keeps SOA alive and vibrant, and that is the ability for the architectural approach to grow inclusive of service types and therefore grow more valuable over time.

We're going to examine service-oriented communications (SOC) a variation on the SOA theme, and a way of ushering a wider variety of services -- in this case communications and collaboration services from the network -- into business processes and consumer-facing solutions. We're joined by a thought leader on SOC, Todd Landry, the vice president of NEC Sphere.

In the second half of our show, we'll revisit the purported demise of large-scale SOA and find where the wellsprings of enterprise architectural innovation and productivity will eventually come from.

We’ll also delve into the psychology of IT. What are they thinking in the enterprise data centers these days? Somebody’s thoughts might resuscitate SOA or perhaps nail even more spikes into the SOA coffin.

Here to help us calibrate the life span of SOA is this week’s BriefingsDirect Analyst Insights Panel. Please welcome Tony Baer, senior analyst at Ovum. Hey, Tony.

Tony Baer: Hey, Dana how are you doing? I hope you're keeping warm up there.

Gardner: Oh yes. Jim Kobielus, senior analyst at Forrester Research. How are you, Jim?

Jim Kobielus: Hi, Dana. Hi, everybody.

Gardner: Joe McKendrick, independent analyst and prolific blogger on ZDNet and ebizQ. Hey, Joe.

Joe McKendrick: Hey, Dana. Great to be here.

Gardner: Dave Linthicum, founder of Linthicum Group and Blue Mountain Labs.

Dave Linthicum: Hey, Dana.

Gardner: JP Morgenthal, senior analyst at Burton Group.

JP Morgenthal: Good morning.

Gardner: And, Anne Thomas Manes, vice president and research director for application platform strategies at Burton Group. Welcome to the show, Anne.

Anne Thomas Manes: Thanks, Dana.

Gardner: As I mentioned, we’re welcoming our guest Todd Landry, vice president of NEC Sphere. Let’s go to you first, Todd. First of all, welcome to the show.

Todd Landry: Good morning, Dana. We’re joining you today from sunny Chicago, where it started out at minus 17 degrees.

Gardner: Many of us are at or under zero this morning.

Landry: We're looking forward to the balmy weather.

Gardner: I hope you get to move south soon. First, tell us what you mean by SOC and help our listeners, who might not be familiar, understand a little bit about NEC, which is based in Tokyo, and Sphere in particular within that larger organization.

Variety of Applications

Landry: Sounds great, Dana. With SOC, what we're really talking about here is the fact that organizations today use a variety of business applications to help them improve efficiency and drive productivity in their organizations.

But, if you look at any implementation and then what happens in the business, the real connective tissue between all of these includes people. The decisions and actions that take place in a business on a day-to-day basis are highly dependent on these people being effective.

Therefore, the manner in which we can help them with their communications and help them collaborate becomes a critical factor in how the workflows can be more effective and more efficient. We've looked at that and said the more you can make communications into business applications, the more you can make communications a more natural part of an SOA.

The workflow can naturally connect people, when they become part of that workflow process. It should streamline how those processes can be completed, and therefore the result is streamlining how businesses can be effective.

Gardner: Well, exactly what types of services are we talking about here? Is this simply mashing up instant messaging into some more applications? Is it more than that? What’s the scale that we are talking about?

Landry: The idea of being able to click-to-call has been around for quite some time. With the more recent technologies mashing up the directory listings, mashing up a call function inside of a business application, is much more achievable and can be done much easier manner than it has in the past.

Now, that said, we can go to the next step and to give you examples. In one view, we are reaching a human for an approval on a transaction. It can be instigated from the business application itself. So, notifications reaching out to individuals to get approvals, using voice technology for actual voice imprint signatures, is one method.

Another example of use is digital assets of the corporation. As we are all aware there are times when we unfortunately have to have organizations come in and collect a lot of emails and history to help the organization. As part of that, organizations are now looking at dialogues between humans, whether they were voice, text tool, conference calls, or exchanges via email. They become part of the digital assets of the corporation.

When we look at communications wrapping those dialogues with some metadata, bringing them back up into content management system so they become indexable, they may become part of the digital assets of the corporation and become uniquely valuable.

Gardner: Just quickly tell us about Sphere. You were acquired by NEC just a year or two ago, right?

Landry: That’s correct, Dana. Sphere Communications was founded in 1994 with a focus on a mission of turning communications hardware into software and, as a result of turning it into software, building it more like a business application.

About 18 months ago, we concluded a transaction with NEC Corp., headquartered in Tokyo. Our focus stays on the software aspect of building communications for the business environment, but we do that now in the context of a much larger organization.

Gardner: With this philosophy of converting the hardware to software as software services, these communications functions can now be brought into a wider variety of business processes, particularly if you're using SOA, mashups, or a variety of different development frameworks and types. The goal here is to bring people into process. Is that fair?

The SOC Ultimate Goal

Landry: That’s really the ultimate goal. On any given day in a business, do people care about doing the mashup or do they care about having their business be more effective, especially in these times? We believe that people will continue to look for more efficiency in their IT infrastructure. They'll continue to look for how people can be more connected, not only internally but with their customers. At the end of the day, you're right. It’s really about how people get more interconnected with the business process.

Gardner: How about this taxonomy? Why do we have to have another acronym, another three letter word, SOC? Wouldn’t this simply be part and parcel with SOA? Why do you see them as different?

Landry: Well, if there isn’t one born, and then it won’t ever die, right? We looked at it and had to communicate to the industry the concept of how communications integrates into frameworks in the IT infrastructure. SOA is a one term still used out there to define an approach. When we built our communications platform, we opened up all its services in a manner that we believe fit very naturally into the concept of a SOA. Therefore, our communications platform is really more service oriented than it is a closed and proprietary traditional PBX-oriented system.

Gardner: Lets go to our panel. Tony Baer, we've talked about this disconnect between processes and the business world, SOA architectural values, and people. I think we had a show devoted almost entirely to the BPEL for People spec when it came out.

Clearly, if SOA is not to wither and die on the vine, bringing people into the process, finding ways of creating new types of efficiencies and innovations, not just repaving cow paths but doing something quite new all becomes important. From your perspective, Tony, what’s the important deal here with bringing communications services into the play?

Baer: I hate to use a cliché, but it’s like the last mile of enterprise workflow and enterprise processes. The whole goal of workflows was trying to codify what we do with processes and trying to implement our best practices consistently. Yet, when it comes to verbal communications, we’re still basically using technology that began with the dawn of the human voice eons ago.

Gardner: I've seen people use sign language.

Baer: Well, that maybe too, and smoke signals.

Gardner: A certain finger comes up from time to time in some IT departments.

Kobielus: At least the use of a trusty index DTMS finger.

Gardner: There you go.

Baer: Exactly, and maybe some other fingers as well. But the fact is that in some cases, there's a huge gap. An example is in the area of compliance. It was a well-publicized case. I won't mention the name of the corporation, because I don’t want to get us into legal trouble here. But, there was a major case of cooking the books. The CEO went to jail, but his predecessor, under whom it was alleged these practices began, was never touched. Allegedly, it’s because he left no trail of breadcrumbs. He never used email. It was all spoken.

The idea of being able to manage and integrate spoken communications may actually be a critical gap in compliance strategy. I could see that as being an incredible justification for trying to integrate voice communications. Another instance would be with any type of real-time supply chain or with trading.

Very often, when I call my broker, the message says please do not leave voice messages on the phone. Provide trading instructions. We can now start to track all that. I'm not sure that it’s such a great idea to leave trading instructions in a voice mail, but there are lot of areas where you're integrating voice communications that could provide business value.

Gardner: Jim Kobielus, isn’t there more to this on the consumer side as well? We've got these hand-held devices that people are using more and more with full broadband connectivity for more types of activities, straddling their personal and business lives and activities. We know Microsoft has been talking about voice recognition as a new interface goal for, what, 10 years now. What’s the deal when it comes to user habits, interfaces, and having some input into these back-end processes?

An Important Extension

Kobielus: That’s a huge question. Let me just unpeel the onion here. I see SOC as very much an important extension of SOA or an application of SOA, where the service that you're trying to maximize, share, and use is the intelligence that’s in people’s heads -- the people in the organization, in your team. You have various ways in which you can get access to that knowledge and intelligence, one of which is by tapping into a common social networking environment.

In a consumer sphere, the thing is the intelligence you want to gain access to is intelligence sets residing in mobile assets -- human beings on the run. Human beings have various devices and applications through which they can get access to all manner of content and through which they can get access to each other.

So, in a consumer world, a lot of the SOC value proposition is in how it supports social networking. The Facebook environments provide an ever more service-oriented environment within which people can mash up not only their presence and profiles, but all of the content the human beings generate on the fly. Possibly, they can tag on the fly as well, and that might be relevant to other people.

There is a strong potential for SOC and that consumer Facebook-style paradigm of sharing everybody’s user-generated content that’s developed on the fly.

Gardner: Joe McKendrick, it seems that bringing communications into the stew really does add value. These are the areas that traditionally have been separate. People did voice activities, they did communications, and they also did data and application activities. Straddling the two was something you did with wetware, with your mind or your hands. Do you think that SOC is perhaps a catalyst to increase value in SOA?

McKendrick: Absolutely. There always have been two levels to this discussion. On the upper level, you’re looking at a lot of business traditionally driven by serendipity. That's the chance encounter in the hallway between two people. Or, it's a phone discussion that may evolve to, "By the way, did you hear about such and such a company laying off or such and such company moving to this market."

One challenge that’s always been out there is to figure out a way to capture this more informal transmission of knowledge that highlights business opportunities. If there's a way to at least capture even a segment of that, to digitize it, and put it into the knowledge base. I think that’s a great advance for companies.

Gardner: So it’s bringing tacit knowledge into play with business processes. Is that what you’re getting that?

McKendrick: Exactly. We heard a lot about artificial intelligence (AI) a couple of decades back, and that showed a lot of promise for capturing some of the knowledge. You had these Jedi Knights that seemed to know everything and had everything in their heads. Once they left the organization, that was it. They walked out of the door with the knowledge and moved to Florida or Arizona. That has been the challenge for AI. Now we refer to it as knowledge management, being able to capture this knowledge, this serendipity, and these informal channels the voice communications.

Landry: It’s human nature to use reference points, historical reference points of dialogs -- whether they’re written or wherever I find them -- to remind me of a topical discussion and bring me tighter into the fold of a particular thread. Think of how we use email. Often, there's a thread of email that helps us go back and look at the history of the dialog that occurred. This has happened in pseudo real time basis with instant messaging these days.

As you described, the natural tendency is a quick discussion at the water cooler. To the degree that we can capture that information, put it in a format that’s indexable, and in my day-to-day workflows as an individual be able to pull that up as I am having more and more dialogs, it becomes very useful referenceable information about why we made certain decisions in the business. That’s one aspect we look at there.

Text-Mining Capability

Kobielus: One of the services in the infrastructure of the SOC that will be critically needed in a consumer or a business environment is a text-mining capability within the cloud. That can go on the fly to all these unstructured texts that have been generated, and identify entities in relationships and sentiments to make that information quickly available. Or, it can make those relationships quickly available through search or through other means to people who are too busy to do a formal search or who are too busy to even do any manual tagging. We simply want the basic meanings to just bubble up out of the cloud.

Gardner: Dave Linthicum, it seems like we're just finding ways of joining different networks. There were the telephone networks. We have had IM networks that are still based on Internet protocols, but are doing their own thing. We've had all these disparate communications types and modes that have popped up over the years and now we are trying to bring them to some kind of harmony.

Do you agree that this is really what SOA, as an approach, should do, and that we don’t need a subset of SOC? And, what are your clients looking for in terms of how communications relates to business applications and processes?

Linthicum: Well, if you're going to take services like this, expose them as services, and make easier use of them, then it’s there. You have to create the integration yourself through very disparate mechanisms and things like that. People are always struggling, trying to figure how to aggregate this stuff and its solutions. This is definitely one approach and it’s viable on the market.

As SOA evolves, they are much more rudimentary. We'll talk about later about the whole "death of SOA" thing. The fact of the matter is that people are just getting their arms around exactly what a service is and how you take multiple services and turn them in solutions.

What's occurring, especially with the downturn in the economy, is that people are focused on more tactical and, what I call a shorter, SOA issues. They're trying to solve particular problems with particular instances of technology. Some organizations have the potential for doing that.

When you look at SOA, you talk about this whole big strategy around structuring services and aggregating those services into solutions. But, if you really look at what people want to do, they want to solve particular tactical problems in a very short period of time and show a very quick value proposition. The ability to take all these communications and actually turn them into services and leverage them is a wonderful use case within the context of SOA. It makes sense.

Gardner: Todd Landry, even though we're in such tight economic circumstances, cost savings obviously need to be part of just about any activity. Is there a clear return on investment (ROI) from your perspective in doing away with the hardware and the PBX-based infrastructure around telecom at least inside of enterprises and going to pure software?

Are you able to really demonstrate that going to software, not only for the purposes of extending it into business processes but just alone as replacement for the cost of a traditional PBX infrastructure, is a good story?

The Two Levels

Landry: There is, and there are two levels. I can put some examples around that. At the first level, remember the three large guys with tool belts who show up in a moving van. They roll some big thing that looks like a refrigerator into the secret room and everybody says, "Yeah, that’s the phone system." Nobody knows how it works, except for the specialist who's been through 10 months of training. These systems are very, very costly to maintain these days. They are specialty hardware, very proprietary, and the maintenance alone has become quite an issue now.

Imagine all that capability being delivered to you as part of a download. You run it on the same computing infrastructure that you use for many of your other business applications and you administrate and manage it in the same way. You don’t have to look very hard at that to imagine some significant efficiencies in IT infrastructure. If it’s built in a way where it opens up its services, you can look at some real examples in the business.

Suppose I have a customer who is a major distributor of airline parts. The issue with parts for aircraft is that they are under strict inspection. Once they are put into the distribution center and shipped to a mechanic, they can no longer be restocked without going through a very expensive, re-inspection process.

What happens with airline mechanics is they'll call in to get certain parts and not being sure what they really need, they'll order three or four different parts. The theory is they'll just send the one’s back that they didn’t need.

This has been a big problem for the distributor. What they've utilized is an actual recording of the dialog between the mechanic and the order entry as that order is posted. They can now go back and very easily pull up that transaction and pull forward the recording. Therefore, the mechanic and the airlines have to take those parts.

These are just real, street-level business issues that I've dealt with. We have several of those scenarios, where once you look at inefficiencies in your business and look at how the human action makes that transaction occur, you can apply the technology to overcome it.

Gardner: JP Morgenthal, we've got cell phones, mobile Internet devices, netbooks, this notion of always on and multi-modality always on. Now just saying that you've got voice, text, and the ability to have two-way communications -- synchronous and asynchronous -- begs the necessity for bringing more communications into business processes. Do you agree with that?

Morgenthal: I definitely do. Clearly from an analyst perspective, you can talk about it and give it a very analytical representation, but the interesting thing is that I actually have real world experience in data behind this. Before coming back to being an analyst and joining Burton in November, I had my own software company, Avorcor, and we had developed supply-chain management as a service.

One things I did was integrate with an open-source communications project called StarPound, which is business-process management integrated with Asterisk, and we built a demonstration that really illustrated the value proposition in the warehouse.

I'd been working with a number of companies who had warehouse issues, and we were basically normalizing those issues by instituting a new services architecture and layering that on top of that legacy system, so they could build their business processes.

One of the biggest issue was they were still communicating exceptions that were happening in the warehouse because device limitations were scanners and text in a very noisy environment. Everyone agreed that the best communications tool in that environment was their cell phone because it vibrated. Well, the Blackberry now has vibration too. So, that’s also a valid form of communication.

If you tie this as a unified communications strategy to the business process, it’s very effective and not only is it very effective, but -- I hate to say it -- it begs only more constant information overload.

Years ago, we took it for granted. You didn't get things for a couple of days, because the communications pipeline took that long to complete. Now, we expect things in microseconds. So, it's enhancing the expectations of people in general because of that. But still, I think overall productivity goes up tremendously, and we move much more effectively toward a real-time event architecture across communications and systems and people. It’s really fascinating to watch and it’s very effective.

Gardner: Anne Thomas Manes, we think about crossing these gaps between what were traditionally telephony technologies, and now it can exercise the services and access the services, but there remains a cultural gap. Analysts, architects, and developers are not always thinking along the communications network line of reasoning. They don’t always look necessarily for these on-ramps and off-ramps to business processes. Do we need to try to encourage developers and architects to think differently around SOC capabilities, as they increase their business agility?

Change the Way We Talk

Manes: We’ll get into the "SOA is dead" discussions later. One thing that I have pushed is not that service orientation needs to go away, but that we need to change the way we talk about it. What we need to be focusing on are services that actually provide value to the developers who need access to capabilities and to the business guys who need the capabilities to be inherent inside their systems.

When we're talking about communications services, you want to make sure that those services are very easy to access. With communications services, when you start looking inside PBXs, voice over IP, and those kinds of things, that’s arcane and completely out of the realm of normal development skills that you would get in a Web developer.

Now, we do have some nice capabilities like click to call, and those are set up as drop-in components that people can now use inside their Web applications. Wouldn’t it be nice, if we actually had a much more powerful communications service that a developer can use to communicate with a customer, communicate with a shop manager, or communicate with whatever at this point in the application?

They can call out to a communications service and specify, "Here is who I want to talk to. Here is the information I want to send. And, here is the method through which I want send it." And, and then they can have the communications service completely take care of the whole processes associated with making that work.

I can guarantee that a developer is going to choose that over, "Oh, I have to write all kinds of arcane code in order to figure out how to send an email or how to launch a phone call." So, building these services that simplify a very complex process is extremely valuable from a productivity perspective.

You can also look at it from another perspective and that is that I can call out to this communications service. This goes back to the first conversation we were having about this topic, which is, "I need to make sure that I actually record this and capture this in my CRM system or I need to audit it for whatever reason."

You can apply policy to the service and have that be something that you can manage and maintain from a policy perspective, which is separate from the code that’s actually implemented in the application or in the communications service.

Gardner: How about that, Todd Landry? Do we still require developers to do arcane integrations, or are there application programming interfaces (APIs) and/or other means of automating and easing the ability for developers to exploit communications services?

Landry: I'm really glad you raised that point, because we know your example of click-to-dial has been around for a while, but the execution of that has been very complex. A lot of companies that have enabled that have done it using people who are rich in telecom protocol experience and things like that.

With SOC platforms, we see it as creating an abstraction to those telecom functions -- such as making a call, recording a call, or setting up media streams -- and hiding that all from the developer. You are welcome to a white paper that describes this approach of abstracting the communications complexity.

When we looked at it in terms of how you would make it available to the applications developer, for example, our tools include Web services description language (WSDL) files that can be imported into your environment. So, you can take an IBM Rational environment, bring in functions available on the communications system and use application and Web-type technologies, without having to understand the complexities of underlying telecom protocols. That’s probably one of the most critical things that we need to do on the communications side to allow the developer community to benefit from this.

Gardner: Isn’t there another approach to this, in addition to trying to ease the actual development, to make these services all part of the same cloud? Perhaps salesforce.com or Google might start offering more telephony services within their cloud. Therefore, the integrations are being done within their infrastructure and it becomes easier for developers to create processes. Do you expect that SOC will have a role in how some of these cloud providers increase their value to developers and then therefore to end-users?

Distributed Cloud SOC Services

Landry: Yes, and in the way we deploy today in many of our customers, we would, in some respects, describe it as a private cloud, because of way it’s built and because of way it’s a distributed and shared service within the enterprise.

We've got a handful of cases where we deployed that in more of a service-provider approach and you could argue that, because the consumer, the enterprise, has some stuff on premises they can also overload that or use services from the local provider. It’s built on that kind of model.

There's is another piece of this that says these platforms are bringing together multiple forms of media, so that you can utilize text messaging, audio, or video communications. You can do screen-sharing data collaboration in a simpler and more consistent fashion and you can utilize one set of services to do that.

Whether they're deployed as a cloud and the enterprise is using those services from within a cloud or whether they've made the decision to do them on premises, both are very viable and, in many cases, both are being done today.

Gardner: Okay, last question on SOC. Dave Linthicum, with the emphasis on cloud nowadays, do you see bringing these communications services into a cloud portfolio as a way of enticing more enterprises to get involved, particularly if we're talking about reaching out to consumers through these communications channels? Where do you see SOC and cloud intersecting?

Linthicum: They already are, probably not as formal services and definitely not as integratable data into the enterprise, but anything that’s a value within enterprises, as we are finding, ultimately will be something that some start up or even some big company packages up as a set of services and sticks them up in the cloud.

If you look in ProgrammableWeb, you'll find that there are a ton of services that are very communications oriented. They're probably not as sophisticated as the ones we're talking about now, but as more and more people adopt that as a paradigm and need these things to build enterprise composites or even mashups, then you're going to see a lot of movement in that direction, because it’s a fairly simple thing ultimately to do.

It’s going to be a very high value service to sell. You're not competing with the guys who are giving the stuff away for ad share. And, it’s just going to be another value cloud out there that people can leverage and integrate within their enterprise.

Kobielus: I want to add one last observation before we go to the "SOA is dead" topic. In order for this integration to happen in the cloud, the cloud providers need to federate their new registries with those of their enterprise customers. But, humans are reachable through a different type of registry called a directory, lightweight directory access protocol (LDAP) and other means.

Cloud providers need to federate their identity management in a directory environment with those of their customers. I don’t think the industry has really thought through all the federation issues to really make this service oriented, business communications in the cloud scenario a reality any time soon.

Gardner: So we need an open Wiki-like phone book in the sky.

Kobielus: Exactly.

SOA: Dead or Alive?

Gardner: All right. Let’s move on to our next subject -- "SOA: dead or alive?" Anne, you created a little bit of stir with a recent blog or around declaring SOA under significant pressure, particularly as a result of the economic climate, because people are not going to spend money without that verifiable ROI.

These large-scale SOA implementations are too complex and taking too much time. The economic climate is going to postpone, if not kill them outright. Did I get it right, and what’s been your position since the blog, in terms of the viability of SOA?

Manes: Certainly, lots of people have refuted my claim. At the same time, I've had at least as many people, and probably more, I am dead-on right. My goal with the blog post was to at least get the conversation going, and I think I managed to do that effectively.

I still believe that if you go before a funding board this year -- if you are an IT group and you are trying to get funding for some projects -- and you go forward with a proposal that says we need to do SOA, because SOA is good, it’s going to get shot down. Instead, what you have to go forward with is very specific value-add projects that say we need to do this, we need to do that, and we need to do that.

You need to talk about what services you're going to provide. In the example of communications services, there's a really strong value proposition associated with creating communications services. Likewise, going forward with a request to say, "We need to build a billing service which replaces the 27 different billing capabilities that we have in each of our product applications out there."

That’s a very strong, financially rich, good ROI type of proposal that’s going to win. But, it's not going to work, if you go forward and just say, "Oh, we need to go get an ESB. We need to go get some registry and repository technologies. We need to invest in all the SOA infrastructure. We need to do SOA just because SOA is what everybody is telling me we need to do."

Just talk about the services and talk about the practices that are going to help improve the architecture of your systems. Talk about doing application rationalization and talk about reducing the redundancy within your environment.

Talk about dismantling the 47 data warehouses you have that contain customer information and create a set of data services instead that actually gives you a richer, cleaner and more complete information about your customers. Those are things that are going to win.

Gardner: Does that mean that we're really still heading toward SOA, but we're just going to do it through a variety of tactical measures, and ultimately, without even realizing it, you're going to be doing SOA and that, at some point, you might need to rationalize that at a higher architectural abstraction with such things as ESBs and wider governance? Does that sound right?

Manes: Yes and no. It’s absolutely critical that you still have a strong architectural group. One of my favorite comments that came back from the blog post were the number of people who said, "Basically, we just really suck at doing architecture."

One of the primary reasons that a lot of SOA initiatives are failing is because people don’t actually do the architecture. Instead, what they do is service-oriented integration, as opposed to SOA. If you're truly doing architecture, then you're doing an analysis of your applications architecture, figuring out why you have so much extra garbage in your environment, and figuring out what you should actually start to get rid of.

You still need to have that planning group which is very strongly focused on setting the priorities. But then, what you go forward with in terms of funding are the projects that are actually going to help you achieve your architectural goals.

Bunker Mentality

Gardner: Another observation I had from watching the discussion that you helped create is that there seems to be quite a bunker mentality out there right now. A lot of people in IT are saying, "Listen, we're not going to do anything. We are going to just hunker down and keep it the way it is. We don’t need to innovate now. Wait until we get through this terrible crisis and then we will figure out how to be modern or agile."

On the other hand, I am seeing people saying, "No, now is the time to get innovative, to leapfrog, to take advantage of the pressure to reduce waste and look for efficiencies which ultimately will allow us to be more competitive not only in the short-term but over the long-term." Are we really looking at a typical, conservative-liberal breakdown in terms of the philosophy inside of IT department?

Manes: I suspect that you're going to have a lot of organizations that don’t have a lot of architectural maturity following the first camp, which is, "We're going to cut out everything. We’re just going to focus on tactical projects."

But, the folks who have a little more architectural maturity recognize the value of taking this opportunity, when lots and lots of projects are no longer going forward. They can say, "Well, now is a great time for us to start focusing on architecture and figure out how we can position ourselves to take advantage of the economy, when it does finally turn around."

Gardner: Okay. Tony Baer, we're heading into this deep depression, recession, whatever you want to call it. Those companies that aren’t very good at architecture will probably, if they hunker down, fall even further behind. Those organizations that have some budget to play with, that are not in survival mode alone, and are looking to be something bigger and better on the other side of the recession, they move further ahead. Are we coming into a bifurcation of who does IT better or worse, based on this recession?

Baer: I don’t think there is any question about that. I'd call that the Walmart strategy. Take a look at the previous recession. To some extent, the same thing is happening now that happened back in the recession of 2001-2002. Walmart actually increased its spending for expansion with the expectation that its low-price strategy was sound. In other words, its marketing architecture was sound for that period, but that it would be better prepared for the upswing, when the recovery happened.

I think what Anne is saying right now is that organizations that did get ahead of the curve with SOA, that thoughtfully began the architecture process and rationalized it, will go ahead, because there will be real economies at some point compared to traditional application development.

Those that have been basically doing what Joe McKendrick has called "just a bunch of web services" are just going to essentially retrench and say, "We just can’t afford to create more spaghetti right now. We are just going to do it a lot of break fixes." So, I would totally agree with Anne there.

Gardner: Joe McKendrick, are we going through an acceleration of winners and losers in IT, particularly at a sort of company-strategy level and core-competency level?

McKendrick: Yeah, Dana, absolutely. I've always said that the companies that have gravitated towards SOA are the companies that will probably do well anyway. Those are the companies with more visionary management and more tightly integrated approaches to business. Those are the companies that we've seen in all the case studies that over recent years that have gravitated towards SOA. Let’s face it, if they didn’t have SOA, they probably would have been doing okay anyway, because they're well-managed companies.

The companies that really could have used SOA, the companies not likely to be adopting SOA, or not likely be looking at SOA, as Anne and Tony discussed, those are the hunker-down companies, the companies that have fairly unsatisfactory architectures or no architectural approach. We're going to be seeing that going forward as well.

Gardner: To further refine this, Dave Linthicum, are we talking about companies that are good at IT, regardless of what’s in their quiver whether it’s SOA, Web oriented architecture (WOA), or communications and SOC? Regardless of the tools that you have at your disposal, it’s how well you use them that defines you, and if you fall further behind and you don’t adopt more tools, that’s a bad thing. Is that oversimplifying it?

IT Talent Shortage

Linthicum: Not really. The point that I made is the same point I have been making for a long period of time. We have talent shortage in the world of SOA. There are companies out there that have some very good IT talent, and they can take SOA, WOA, or cloud computing, look at the business problems, make some very nice systems, and automate the business nicely.

However, the majority of people out there who are wrestling around with architecture are ill equipped to solve some of the issues. They have a tendency to focus in wrong areas. Anne hit this in her blog as well. It was brilliant.

In the area of, "Let’s do quick tactical things, and look at this as a big systemic issue we are looking to solve," it just becomes too big, too complex. They try to solve it with things that are too tactical and just don’t have enough value. There are no free lunches with SOA or any kind of an architectural approach or any thing we have to improve the business.

You're going to have to break things down to their functional primitive and build them up again. You're going to have to think long and hard about how your architecture relates and links back to the business and how that’s going to work.

I wish there were something you could buy in a box or something you could download or some cloud you can connect to, but at the end of the day it’s the talent of the people who are doing the job. That’s where people have been falling down. Over and over again, in the last three years, we have identified this. I don’t think anybody has taken steps to improve it. In fact, I think it’s gotten worse.

Gardner: JP Morgenthal, without trying to be derogatory, it sounds like those people who do just tactical things, who are not evolving to a larger culture at a business-process level, at a agility level are kind of like Neanderthals. They were walking around Europe 25,000-100,000 years ago. Then, these Homo sapiens come on the scene and maybe have a little higher abstraction of skills, competency, look strategically at IT, much more services-oriented that eventually will overtake the landscape. Does that sound right?

Morgenthal: It's a great question. To say that you are going to be successful in business because you focused on IT architecture is a stretch. When we did our 2009 predictions, one of my predictions was the rise of disposable computing. For a certain class of businesses, it’s going to be okay to have "good enough" software and not worry about, "Am I going to be using the same application 20 years out," -- really moving the thought processes from 3-5 year plans to 5-9 month plans.

When you talk about things in that range, SOA falls apart as a requirement, because that’s something that you definitely want to engage in where you have longevity or a long-term strategy to apply. Including cloud computing and the rise of start ups in the cloud, or at least their IT infrastructure in the cloud, versus building data centers, is going to introduce an opportunity for that to occur.

There is a class of organizations that hears SOA. They're going to get IT staff that come from an environment where people did SOA. There's going to be a little culture clash, because the executives there are going to be saying, "I don’t get this. I don’t get you. Who are you? I want my cell phone to do this, this and that, and I can make it do that by looking at it sideways. You’re telling me I've got to go spend all this money. Are you nuts?"

So, you have that going on, and then you have organizations that are involved in some very complex business opportunities in the financial sector or in the manufacturing sector. If they don’t look at their business and model it in a way that their systems mirror what they are doing one for one, they’re going to continue to fight that impedance mismatch that’s been going on since the early days of computing.

Then, the mismatch made sense, because the costs of computing were so expensive that we had to take small bites, chew on it, and make it work. Now, with the cost of computing where it’s at, we should be disregarding that notion, reexamining our systems, and saying our systems should meet our business requirements one for one. We shouldn’t have this discrepancy that when I talk business, it needs to be translated for IT purposes.

Gardner: Todd Landry, for some organizations, SOA is dead, at least during the economic downturn. For other organizations, it could be alive and well. From your perspective, what differentiates these organizations? How do you separate the innovator class from the "let’s just keep it simple and do our jobs and hope for the best" class?

Landry: Finding them and separating them is probably an arduous task. During tough economic times, the question of what projects should be worked on becomes more of a financial question than just it’s a cool technology question. During better times, we do many different projects and don’t spend time looking at the business benefit.

JP’s point of, "if you do technology architecture, your business will get better" is not real. There are hundreds of different projects you can look at in any IT infrastructure, and, especially today, people are spending more time looking at which ones will help the business operate in a more streamlined fashion.

They’re questioning what it’s going to cost to do that, how I can do that without spending outrageous dollars, and is it going to make a difference for my business? Again, the observation of cost associated with those projects becomes more heightened during these kinds of economic times.

We're looking for people who are investing in new initiatives, because they see this as an opportunity to optimize, an opportunity to streamline, and it will help them longer term. We look for those kind of people that realize that this can be seen as an opportunity, as much as a tough situation to deal with the economy.

Kobielus: The whole "SOA is dead" theme struck a responsive chord in the industry, because there's a lot of fatigue, not only with the buzzword, but the very concept. It’s been too grandiose and nebulous. It’s been oversold, expectations have been built up too high, and governance is a bear.

We all know the real-world implementation problems with SOA, the way it’s been developed and presented and discussed in the industry. The core of it is services. As Anne indicated, services are the unit of governance that SOA begot.

We all now focus on services. Now, we’re moving into the world of cloud computing and, you know what, a nebulous environment has gotten even more nebulous. The issues with governance, services, and the cloud -- everything is a service in the cloud. So, how do you govern everything? How do you federate public and private clouds? How do you control mashups and so forth? How do you deal with the issues like virtual machine sprawl?

The range of issues now being thrown into the big SOA hopper under the cloud paradigm is just growing, and the fatigue is going to grow, and the disillusionment is going to grow with the very concept of SOA. I just want to point that out as a background condition that I’m sensing everywhere.

Gardner: Anne, is there a hedge on this somehow? That is to say, can you continue to be tactical, can you avoid some of the larger cost issues around SOA, but, at the same time, not put yourself at a disadvantage 18, 24, or 36 months down the road for moving closer to SOA at that time?

Manes: My core recommendation is to think big and take small steps.

You need to do the planning, and your architecture team should be able to do that, without having to go get permission from your funding organization to do planning, because that’s what they’re supposed to be doing. But then, they have to identify quick, short, tactical projects that will actually deliver value.

That’s what they should do and are designed to do to improve the architecture as a whole. It can't be just, "Oh I have to integrate this system with that system." They really should be focusing on identifying projects that will, in fact, improve the architecture. In that way, you’ll be in a better position when things are over.

Gardner: Just to pull our two discussions together, do you think that SOC forms one of those tactical benefits that demonstrates ROI, improves productivity, but that also sets you up for larger benefits later?

Manes: Communications services, as a general rule, are valuable because having your applications integrate with communications is often challenging. But, you need to take a look at your individual corporate priorities to determine whether that actually is a higher priority this year than something else.

Gardner: Does anybody else want to chime in quickly on SOC as a tactical benefit to SOA? Todd, you must have something to say on that.

Landry: The tactical benefit we’re seeing is a lot of very specific cases already in the end-customer areas, where people have made the decision that this is important. We talk about the economy, but security concern is at an all-time high, and there is a lot of sensitivity there.

In most government organizations, they’ve now assigned a geo spatial officer, someone to go look at how the communications system is better used across the different emergency organizations, and how first responders can come together and communicate and collaborate in emergency situations.

We’ve recently demonstrated some multidimensional collaboration tools that bring together the identity of vehicles and simplify the manner in which you tie radio IP-based communications across different emergency entities. You’ve got real cases here that people are addressing today. There are some tactical activities out there related to that.

I think the point made about think big and pick small projects is really important, because it is a big ocean out there and you’ve got to pick the things that makes sense for your business.

Gardner: Great. I want to thank the panel for this week, we had Tony Baer, senior analyst at Ovum. We had Jim Kobielus, senior analyst at Forrester Research. Joe McKendrick, independent analyst and blogger. David Linthicum, founder of Linthicum Group. JP Morgenthal, senior analyst Burton Group, and Anne Thomas Manes, vice president and research director of Burton Group.

We also thank our guest, Todd Landry, vice president of NEC Sphere. I want to also thank our charter sponsor for the BriefingsDirect Analyst Insights Edition podcast series, Active Endpoints, maker of the Active VOS visual orchestration system.

We’re also coming to you through the support of TIBCO Software. This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Charter Sponsor: Active Endpoints. Additional underwriting by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 36, on communications as a service and the future of SOA in light of hard economic times. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.