Showing posts with label Tim Hall. Show all posts
Showing posts with label Tim Hall. Show all posts

Wednesday, December 10, 2008

Cloud Computing Means More Than Cost Savings: New Models Will Transform Business, Say HP and Capgemini

Transcript of BriefingsDirect podcast on cloud computing adoption, low-risk transitional strategies and innovative business opportunities.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Read the related white paper. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today, we present a sponsored podcast discussion on vision and strategy for cloud computing.

We'll be talking with executives from Capgemini and Hewlett-Packard (HP) on how they see the value and opportunity unfolding around cloud computing, and so-called private-cloud architectures. Many enterprises and service providers are now grappling with how cloud models and economics will impact them.

The specter of a challenging business climate may well hasten the need to seek IT resources that are supported through greater utility approaches to save money, as well as to reach Internet audiences and gain global Web efficiencies.

There are also a host of innovations around the various cloud models that are now just emerging and that we're only beginning to discover. These amount to being able to do business in new ways and using cloud models to accomplish things that simply could not be done before.

The goal is to take advantage of what cloud models offer, but to do so with low risk and in alignment with enterprise IT dictates and requirements around management, security, governance, and visibility.

Here now to provide an in-depth look how cloud models are changing our world is Andy Mulholland, global chief technology officer at Capgemini. Hi, Andy.

Andy Mulholland: Hi, there. Good to be on the call.

Gardner: We're also joined by Tim Hall, director of services-oriented architecture (SOA) products at HP Software and Solutions. Welcome, Tim.

Tim Hall: Thanks, Dana.

Gardner: And also we have Russ Daniels, vice president and CTO of cloud services strategy at HP. Good to have you with us, Russ.

Russ Daniels: Thanks, happy to be here.

Gardner: Russ, let's start with you. We've heard so much about cloud, grid and utility. There are so many different words in respect to these technologies, and these approaches have been around for quite some time, but we seem to be in a state of building excitement.

More opportunity is being associated with cloud computing. Why don't you help us and our audience understand, first and foremost, what is cloud -- and probably just as important -- what it is not?

Daniels: You can argue about what the technology industry is really good at, but I would say the one thing that we definitely excel at is hype. We can take any term and get very excited about it. We start redefining everything that we were already doing with the expectations associated with that new term. We certainly think of what's been happening with cloud in terms of two things that are going on. We think they are both incredibly important to our customers. They both provide great opportunities, but they are quite distinct.

What most hype is really about a year ago we would have described as utility computing. It's this concept of being able to treat all of your resources as pools that you can flexibly bind to the workloads to match up the demands and priorities of the business in a way that improves the agility of the business and also has a huge contribution to the cost structure.

That's important stuff. There is a lot going on there, but it's focused primarily on being able to improve the ability to deliver the workloads that exist in the business today.

We think there is also another thing going. That's what we focus on, when we talk about the cloud, and it's a new model for constructing software. It's a new design pattern, and it allows you to solve problems that really have been out of reach. You can take business needs, which if you tried to address them in the context of traditional IT design and delivery models, would tend to fail or under deliver.

The cloud allows you to go after those problems, to open new markets for the business, to allow it to reach out to customers that it hasn't been able to get to, to improve its differentiation in the market, and to contribute to the real goals of the business itself. That's what we think is exciting about the cloud.

Gardner: Is there something that the people should not confuse the cloud with, something that the people might be thinking it can do that that is really outside the scale of what we are really talking about?

Complexity won't go away

Daniels: There's this vision that's been painted by some in the industry that we're going to flip a switch in a year or so, and all of the existing data centers will just be shut down. There will be these few hyper-scale providers of compute capacity some place remote to the business, and businesses will just plug a wire into the wall and out will flow compute.

That's an incredibly naïve perspective -- that computing will become as fungible and undifferentiated as electrical power. It's certainly true that we can improve the effectiveness, cost efficiency, speed, and agility of IT by taking advantage of virtualization and automation technologies, but we shouldn't imagine that it means that all of the complexities of the world go away.

What's most important for our customers, when they think about this, is not to think of cloud as being an alternative delivery mechanism for everything that IT does today. It's much more an enabler to do things that IT really can't do successfully today.

Gardner: Let's go to Andy Mulholland at Capgemini. What has changed about the world we live in now that makes this cloud vision so appealing and so seductive?

Mulholland: I agree very strongly with Russ that when something new comes out, the industry does tend to get a little over-excited -- but cloud is more significant, because people are thinking again about what they are going to do over the next couple of years with very tough trading conditions.

On one side, there is this premise that it can help me look at how I manage and reduce my cost. Perhaps more importantly, we should say it the other way around. It enables me to address how I deal with a more variable business pattern and pay for what I need when I need it.

Many of the things a business does today are relatively fixed. The enterprise applications, the enterprise resource planning (ERP) systems, we know what they do. The systems they run on are very predictable in their load. Everything works, and that's to Russ's point about how [the cloud] doesn't change everything.

But, what we have is a growing desire and a growing need to find new things in the front office, about how we run our business more effectively, how we get into markets more effectively, and how we trade better. These tend to be small fast-moving projects. They make a very big difference, and we simply don't want the same time scale in provisioning for them.

Increasingly, probably over the next couple of years, people don't want to spend capital on them. They'll want to pay for them operationally. They represent a new market, a new technique, a new set of standards, and a new set of technologies. All of that comes together in where cloud is going to go and make the difference to businesses.

So, it's an interesting time, when what I want from technology in the business is shifting to more porous, across-the-firewall business on the Web, and at the same time I desire to manage how much I spend, how quickly I spend it, or whether I can attribute cost directly to how much I need when I need it. It's being driven by more care about the financial side.

Gardner: Let's go to Tim Hall. When we talk about this ability to have elastic resources, provisioning IT resources as they are needed, and reducing costs and waste as a result, we are really getting more toward an economic story. What are the root problems that we are trying to solve here? What is it about the way IT is done now that needs cloud?

Hall: There are a bunch of things, Dana. I can't tell you how many customers I've visited in the last 12 to 18 months who have told me they can't install another server in their data center, and the reason is that they are out of power and cooling.

There's been a lot of talk recently about energy efficiency and this trend toward painting the world green. A lot of the new hardware appliances and other things that are coming on the market are consuming lower power, offering better cooling technologies, and have advanced automation capabilities. We can do things with managing those systems.

There's where virtualization technology come to play. We can use these pieces of hardware more efficiently, and all of this is trying to contribute to lowering the complexity of what we've currently got. The two things that you continue to see IT wanting to do are reduce cost and reduce complexity. The ways in which they're doing that come at it from two different dimensions. One is an operational dimension, and the other is from this generation of applications. A technology refresh is happening in both of those areas.

Interest in 'private' cloud

Gardner: Andy, we have heard a quite a bit about private cloud, taking these architectural advantages and not necessarily going through an outsourced provider, but building them out on your own in your organization. What are you seeing in terms of the interest in the private cloud for enterprises among typical customers of Capgemini and HP? How does that differ from what they might want to do with the more public clouds? What's the breakout? How much interest in either public or private?

Mulholland: If you're going to do it internally, it's much more tied up with the way you're running your business and probably around the way you're adopting social software and collaboration tools. I often talk about it in the terms of a distributed business. If we look at what's happening to business today, the old adage was that we will sell more of less, we will reduce the numbers of lines, try to sell more of each line, and that will make us able to optimize the process, and do all the good things we know.

What's happening today in most markets is that businesses are seeing quite the reverse. They are selling less of more. They have to have more products, more variation and better tailoring for niches to win new business, new share, and better revenue -- at better margins.

When you move to that model, one of the challenges is how to support it. If I'm only going to have a few product lines, and I am going to run them for three years, I can train people, build knowledge, and operate in a different way. Instead, what we are seeing is, as I move to the other model, I need a lot more flexibility in the way I find the person who knows how we share and build information, etc.

The whole idea is social software. That means provisioning in a very different way, and that leads people to consider how to do that, particularly in distributed businesses. Is there a more effective way than having hundreds of different instances in different places, hundreds of appliances, or whatever you might think of?

So, in one direction, we see that trend. In the other direction, we see a trend where people want to sell or consume services from other people or sell to other people as businesses. It's a bit like with mashups. Everyone always points to the housing map, but the other one to point to is the number of people who use some version of Google Maps on which to build something. That's making it available to be used. Cloud services can be delivered in that manner, so people on the Internet can consume and buy services from you to blend in with what they want to do as well.

When you look at that argument and you look at what's happening, you start to recognize there are already a number of very well known brands that sell through the Internet and combine their services, which are effectively doing this already. The challenge in this is how it moves from being something that a handful of Web-based businesses are using. How do more businesses learn how to exploit that market and take their share of commercial revenue from that market?

Daniels: Can I just expand a little bit on what Andy said here, because it's probably the most important thing for people to work through? There are really these two things going on, and there is a relationship between them.

One is simply how do I deliver my existing workloads at lower cost by taking advantage of virtualization and automation? I might do that in my own data center, and many of our customers are in fact doing that. As I do that, it also gives me the flexibility to get those same kinds of resources externally, and that could be an advantage through some variable cost perspective.

But, there is this other thing going on that's really critical. It's not simply a matter of how infrastructures are architected. Whether you have an internal utility or external utility, it's much more how you design software and what kinds of problems you are solving.

When we think about the cloud, we don't think it's just a matter of how infrastructure is packaged, but it's really a combination of the impact of service oriented architecture (SOA) starting to break apart applications. We think more about the services to separate out the data from the applications, so that you can get at the data without having to go through complex application integrations.

That's one major piece. There's another piece around taking advantage of Web 2.0 innovations, which includes both how you can create rich user experiences in the context of browsers in these remote execution models, but also significantly it's the social dimension. How can you take advantage of the innovation that's occurred in the consumer space by understanding the importance of bringing people together?

Scaling up, scaling down

Finally, all of that is being enabled by a design pattern that allows these kinds of workloads to scale up, scale down, and be able to handle huge amounts of potential demand, but do it in a very flexible and economic way.

It's the combination of all those things together that allow businesses now to start to use technology to solve problems, to create advantages, and as Andy was saying -- particularly in these uncertain times -- to tackle these problems in a way that lets them move where the opportunities are. It lets them experiment readily and to try things, without finding themselves in huge, long-term commitments when some of those experiments fail.

Gardner: It sounds, Tim, as if cloud computing is getting an advantage from a psychological point of view. It's changing the way people think about IT and application development. It helps us understand how this thinking needs to move into the enterprise. Who at the enterprise level is in charge of making sure that cloud computing happens properly?

Hall: That's exactly where governance comes in. This can't be a free for all. The question is how you organize, govern, and provide guidance for what's available. What has been looked at? How do we handle issues of compliance, especially as you get into some more interesting regulatory requirements?

We're finding that certain data cannot exist outside the borders of a particular country, and so it can't be a free for all. You have to establish a culture of governance and build up processes and procedures within IT. How are you going to tackle the policy complaints issues and some of the consistency checking that are going to need to go on?

One thing Andy mentioned at the top, which is very interesting, is the charge-back model and the variable costs that go along with this. Are you sure you know what those costs are? Do you know where they break in terms of scale? Do you have control over who is gaining access to these resources, so it doesn't become a free for all?

If you have two organizations entering into a trading partner agreement for some kind of cloud-based services, and you're distributing the use of that service more broadly within your organization, who is responsible if somebody is violating the terms of use? As Russ said, it's establishing these policies and procedures and formalizing them in a way that IT can effectively be in control of them to take advantage of these opportunities. I think it's critical.

Mulholland: An interesting point you made there Tim is that you really stress the challenge that says we have a very variable business model. Everybody is getting more and more into the variable business model, and it's very difficult to stay in control. It's very difficult to attribute cost to the various diverse activities, and it's very difficult sometimes to look the auditor in the eye and say you actually knew how all of this worked.

These are new challenges. Let's get back to Russ's point. We've got new challenges here, and what's happening is that it's almost happening ad-hoc. In many companies, they're trying to exploit these things, but they are doing it with a complete lack of structure. By bringing in a cloud model successfully, you're actually introducing some structure to support the very activities that people are increasingly experimenting with in their businesses today.

Gardner: This notion of successfully implementing cloud models certainly seems top of mind for organizations. Russ Daniels, what's the first step? Is this an organizational shift, a mindset shift, technology, all the above? How do you get a handle on making this a successful transition?

Daniels: If you think in these two dimensions, every IT organization struggles with simply delivering on the commitments that they have today, and every organization struggles to free up money to innovate and deliver new business value. When you think about the opportunities to take advantage of infrastructure as a service, it's important to sort through those services that IT is delivering to the business and understand which ones are best suited and are most likely to be able to be moved into those forms to drive down cost.

What we find with our customers is that many workloads are important to the business, but they are not mission critical. In many of these workloads, good-enough delivery is good enough.

There are other workloads that are mission critical. They are the things that when they go down, the business goes down. Those things you have to put a huge amount of focus on and deliver at the highest possible quality. So, distinguishing between those types of workloads, identifying those where good-enough delivery is appropriate, and moving those into virtualized and automated delivery models, positions you to take advantage of external infrastructure capabilities as appropriate. That's one side.

The key challenge

The other side is one I think all of us have always realized. The key challenge for any IT organization is to understand what the business really needs, where the business value is, and how technology can help deliver that. This question of business-IT alignment is always the heart of the problem, and it will be certainly be true in terms of how the business chooses to go after cloud-based opportunities.

We think the cloud is great for connecting. It's great for connecting business to business. It's great for connecting business to its customers. It's great for connecting people to people. It's great for connecting the experiences that people have, as they move through their day and the changing circumstances they find themselves in.

All of that connecting is enabled in the cloud, because the cloud provides a persistence. It's a great place to capture state, because the services exist over long durations, and they have pervasive access, so you can get at that state and the context related to that state. It's those capabilities that make the cloud so great for connecting.

Where is connecting important to your business? That's ultimately a business question, not a technology question. The focus should be on having people who can map from what the business needs to understanding how to exploit this new expressiveness that the cloud brings to solve the most pressing challenges, or to exploit the most exciting opportunities that the business faces.

Gardner: Andy, as organizations on the business side recognize how to take advantage of these connections of doing business differently, vis-à-vis the cloud and other partners, they are going to come back to the IT department and say, "Now enable it."

Is there an advantage for those organizations that already have embraced and embarked on a SOA journey and who have implemented governance and managing services internally? Are they are going to be in a better position when those business people come and ask for them to get cloud oriented?

Mulholland: It's pretty logical, when you follow through what we've been talking about. If you're talking about connecting to and using an environment largely based on services, whether you put a big “S” or a small “s,” i.e., business services, or technology services in SOA, it's pretty obvious that if you have no way internally to relate to that, you're going to have a problem.

The good news about this conversation is that we've talked a lot about the new world and new challenges, and the things people are starting to do, which involves that new world. We carefully separated the idea that the old world is immediately going to jump into this.

The point about that is, if you have been doing new stuff, and you are building new stuff inside the organization, you really ought to have started doing that around SOA. If you're using services correctly internally, then of course, you can cross the firewall and start to use services outside, and blend them together.

The big question is how people think about deploying SOA internally. Some months ago, Russ and I were discussing this. We felt that there was a serious disconnect in people's understanding. For some, it's "Oh, let's try this project with SOA. I'm not actually recognizing it as more than a project, or recognizing it as a significant move inside the business, addressing this new generation of fast moving, fast changing things which are much more in the front office, much more likely to involve the Internet and the Web in some way or other."

Most of the SOA people were thinking about what I called "EAI 2.0." It's just a better way of doing technology integration. Some companies have grasped the idea that it's about doing better business and putting the business costs together in a different way. But, it's still quite a tough issue to address. I'm sure Tim would have some pretty good war stories about how that issue has played out with the things he's seen, as well as some things I have seen in that space.

Gardner: How about that, Tim? How well are organizations that have not necessarily embarked meaningfully on SOA positioned to take advantage of cloud?

Hall: The really interesting point is who is driving the initiative. So some of the things that Andy mentioned are being driven from the bottom up. Folks are looking at this as an integration technology, instead of a complete transformation of how they deliver service orientation or business services more comprehensively and more flexibly to address some of the unique challenges that the business is facing. And of course, they're asking IT to do more with less and better faster.

Four important things

You're not going to do it using the same old technologies that you had in your bag. There are four important things that we're learning about how to do things better as we move forward in the IT landscape. SOA adoption, as a transformational agenda, is a microcosm of some concepts that apply very specifically to cloud and preparing people for cloud adoption.

The four things are, first, once you start to move into these loosely coupled technologies, you have the opportunity to do intermediation, and that intermediation can largely be transparent. What that means is that you have an opportunity to do things like compliance checking for such things as information that shouldn't be leaving the firewall, for example.

The second thing is that you have the opportunity to invest in and capture significant amount of metadata about the things that you are using, be it things that you built or things that you are consuming from a third party. That leads to the ability for you to do more in terms of automation.

The third thing is the notion of formalizing the relationships between the consumers and providers of these capabilities. I think of this as a volume control, if you will, where you do want to capture, at a minimum, the fact that somebody is using some service, be it inside or outside the four walls of your data center. Depending on the relationship you have with that person, you may want more structure. You may want more formalization and structure in that agreement, all the way up to what Andy and Russ mentioned around charge back.

Finally, it's just the whole notion of moving away from capability centric IT and moving more towards service orientation. We shouldn't be worried about fan speed and CPU power. We should be looking at whether we have a capability and how flexible is it for us to deliver that at any sort of scale.

This goes to Russ's comments about how we identify effectively, from the top down, what's really core to the business and what's going to drive and fuel the business activities, versus what is contextual and can be delivered at some level of quality, but simply isn't core to the central focus of the organization.

Gardner: Being involved with social media, I encounter lots of comments. There is plenty of dialog going around, but it seems clear to me that there are still plenty of naysayers out there about cloud, particularly for companies that are considering putting certain applications and services or data up in the cloud.

Time and time again, I hear people saying they will never do that. It's not secure. Russ Daniels, what are some of the boundaries here as to what should or shouldn't be brought into the cloud, at least in a medium or short term, in terms of IT functions and application set?

Daniels There is a set of low-level concerns, when you think about a workload that an enterprise depends upon. There's a set of requirements associated with that workload that includes things like security, which is an obvious one. There's a need for compliance, so can you satisfy your auditors that, in fact, you are managing your proprietary information appropriately. Those kinds of things you can understand as being requirements for any delivery method that you would consider for that workload.

We have to saw through that. Certainly, many of the infrastructures of the service offerings that exist on the market today are relatively simple and can't satisfy many of those demands that enterprises have. That's one of the reasons why you see the uptake for these things frequently happening at the level of the department in an enterprise, where either they don't have the sensitivities, or they lack the awareness of those business risks.

That's one piece of it. There is a different angle, though. The cloud allows us to go after problems that we haven't been successful in addressing before. To be successful doing that, we have to design things. We have to get the design right, as Andy was saying, because service orientation is at the heart of this. It's around how I understand the services that facilitate the goals and objectives of my business. Understanding those services in the context of the business is absolutely critical.

Too much of what's happened in the SOA space has been limited to technical enablement. That's absolutely critical, but isn't sufficient. You have to also understand from the business concerns how to capture the key roles and responsibilities of the business. How do I understand the information that's necessary for those roles to fulfill those responsibilities and where that information needs to be exchanged? That's what I can model as the service. Then, I'm modeling those services in the context of business concerns about implementation.

Getting that picture in your head, and then taking advantage of the cloud, allows you to solve these problems in a way that isn't limited simply to what you can do within your own business. It can be extended across your supply chain. It can be extended across your channels and customers, so you can address more broadly the ecosystem in which you operate. The cloud lets you do that.

Interactions and transactions

Mulholland: Can I pick up on this note? As you can probably tell, we've all worked together on this and share it. One of the keys in this, when we have talked about it with people -- to pick up some of Russ's point -- is the difference between interactions which is a lot of this new market, and transactions which was the old IT market.

When you look at any IT system, it's fundamentally about getting a safe transaction to record what you have done. But, if you think about someone trying to decide what they're going to buy from you, like buying an airline ticket, deciding which flight and how much money they're going to pay and which extras they're going to have, it's a lot of interactions. The speed at which interactions go back and forth isn't that critical if it takes a half second longer.

To get back to Russ's point that he made very clearly, it's something different. State is a big issue in it. Data is not the same issue in the same way, as we are used to seeing with applications. When you start to see it that way, you start to understand why we are using a cloud-based service in this way. It's a perfectly acceptable commercial risk-reward, or whatever word you want to think of in terms of, "Is the service-level agreement (SLA) good enough to choreograph this?" We are trying to just put something different here.

Gardner: Andy, here's a follow up. The cloud naysayers, have they got some things wrong?

Mulholland: I'm not sure they've got things wrong. There's a huge temptation -- I have to avoid it personally, and I am sure everyone else does -- that when you're shown something new, you try and apply it to what you have already, and you try and bend it to fit. Much of what I hear from the naysayers is the assumption that the cloud is about applying it to the current generation of IT, and some of the issues that we touched on earlier.

Actually, it's also about understanding that you have a new set of challenges, a new set of requirements from the business, and therefore, these are not easily addressed in the old way. You need to change what you are doing. It's not so much that they’re wrong, but that they're looking at the wrong thing as the target for where they should be applying the idea of how to use cloud computing.

Daniels Andy hit it exactly right. Frequently, when people think about what they are trying to do, they think in the context of those existing services that they deliver to the business, and many of those are, in fact, transactional. We don't think the cloud is great for “transactionality,” for deep, technical reasons.

In the cloud, you need to be able to scale arbitrarily and you need to be able to do that where you get linear increase in throughput, as you scale out horizontally, which says there is a huge dependency on being able to work concurrently and to work in parallel. Transactional workloads don't lend themselves to that.

It's very difficult to fan out the transactional workloads, because ultimately that item can only be taken out of inventory once, and so you have to bring everything back together. The two-phase commit design pattern isn't very well suited to horizontal scaling. So, the place where the cloud is great is where you're not focused on supporting transactions, but interactions, where you are connecting. It's being able to take state from participants in an extended supply chain and propagate that information up through data feeds, up into a cloud service.

For example, that information might be related to the carbon footprint related to material flowing through an extended supply chain. Each of the participants in an extended supply chain can simply publish a data stream that captures the carbon footprint of the materials that they will be producing. Now, you can run analytics in the cloud, using search-like algorithms, to answer questions about the carbon footprint for some end products. You don't have to do the detailed process integrations. You don't have to provide detailed transactional integrations across the supply chain system to support it.

It's exactly that new expressiveness that allows us to go after problems that we really couldn't have done affordably in the past. Because we couldn't do them that way, we ended up doing things manually and in emergencies. If you think about product traceability, it's the same problem, very difficult to deal with from a technology integration perspective in the traditional ways. As a result, when there's a problem, we have people pawing through information spreadsheets manually and providing the answers too late to be helpful.

Gardner: Given that we're dramatically changing the way we're doing things in order to take advantage of these efficiencies and new capabilities, do we need to create a new hierarchy or metric organizationally?

That is to say, the role of architect now needs to include someone who sees this all through a cloud perspective. Do we need a higher order architect, perhaps at a services level? I guess the question is, how does IT and/or that intersection between business and IT change in order to take advantage of this properly?

Mulholland: I'll have a shot at this. It's something that we've been tracking with some interest, because we focus much more strongly on the business and to how the technology is used. We rely on HP to give us the products to be able to marry up to that business requirement.

If you track backward through this, in 2006, Tim O'Reilly tidied up his views on what Web 2.0 is and how it works. He started to add to it ideas of a business model of how business using it might be different.

About three months after that, Andrew McAfee at Harvard coined the term Enterprise 2.0 in Harvard Business Review Online, and started to build the idea of a business-model innovation. In other words, your business model could be different to present products, deal in markets, do supply chains, and the kind of things Russ was just mentioning.

About three months after that, Forrester Research produced a viewpoint, which said that this should be treated as a different branch of technology, and they called it business technology. Their argument was that, at the time when the mini computers existed around the late 1980s, and PCs and networks were just appearing, the term "information technology (IT)" was first coined to separate off a new cluster of technology that was used in a different way, i.e. around personal computing, centered on information, not on big mini systems, and transactions, and so on.

The term IT was used to describe a change, which if you think it through and remember those times -- and some of us still do -- brought us to the viewpoint that we had a different set of technologies. Applying those technologies led people to coin the term business process re-engineering, let's rethink how it works. We developed a whole new model of client-server, and finally and not least a whole new generation of ways of managing and controlling the business through enterprise resource planning.

The argument that we're extending is this: the topic we're talking about -- the cluster technologies, the role they play in a business, how you build, and deliver, and maintain them -- is a different branch with different skills and activities and therefore it should be called “business technology.” Whether you believe the argument or not is a different question, but it's very interesting that one of the foremost industry analysts actually came up with that proposal about 18 or 20 months ago.

Gardner: It sounds as if we have a transformation that needs to take place at multiple levels within these organizations. Let's focus for a second on for those companies that get it right. They can make the transformation, take advantage of these newer models, extend their boundaries, and be more into interactions, and what that entails. What's in it for them? Let's go first to Tim. For organizations that get this right, what's the payoff?

Hall: Go back to the three basic things that we've been talking about, which are decreased complexity, increased agility, and lower cost. They're the fundamentals of a business. As technologists sometimes we get too enamored with the buzzwords and the hype that Russ Daniels was mentioning at the top. We forget why we are doing this in the first place, and it's very simple. It's to take advantage of and use this business technology as a strategic weapon, while at the same time lowering cost, lowering complexity, and increasing your new business agility.

Gardner: Russ Daniels, same question. For those that get it right, what are the payoffs?

Daniels Tim's list is exactly where the focus is, but I would say again that the cloud allows you to deliver the business results that matter. In other words, it really has to be thought of in the context of IT’s technology for business, and the key business challenges that we see our customers facing today are how to develop new markets? How do they take advantage of the abilities they have and deliver them to new customers? How can they understand better what their customers need, and how can they fit in and connect with them?

The cloud provides great capabilities for that. We think that it's still early, and you can see the promise in things like the recommendation engines that you find at online shopping sites. You're searching for something, and, based on your buying history, your demographics, your search behaviors, and then comparing that to the behaviors of others, the site can provide you with suggestions about other things that might be of interest to you as well. The technology helps identify your intentions and then offers suggestions to help you find things better suited for your needs than what you could have expressed or identified yourself.

That's a wonderful opportunity, and to be able to expand that approach into more and more of the ways that a business connects has huge implications. So, it's an upside opportunity. It's enabled by the agility and by the lower cost, but the key thing is that it allows you to open the markets, to differentiate your offerings, and it allows you to improve profits or gain market share. Those are the things that businesses get.

Gardner: Andy, the last word to you.

Mulholland: Relatively speaking, [cloud computing] is unstoppable. The question is whether you'll crash into it or migrate into it. Why is it unstoppable? Because we're watching a business shift, people have to find ways to compete better in the market. Much of that is around. "How do I add smart services? How do I make products more available? How do I communicate directly and intimately with people, so they know what they want to buy from me?" All of those things are already developing in many businesses today, and people are building solutions to do that, sometimes gracefully, and sometimes not at all gracefully.

In other words, just as we had with the PC, where we basically were driven into it, some companies got there in a very ungraceful way and had to figure out afterward how to sort out the mess. Others did have a strategy, and emerged in a very graceful way. I think we're in the same situation. Users wanting social software have taken us there to run and do things better. We've been taken there by businesses needing to get into new markets.

The challenge for the CIO and the IT department is, "How will I enable that to be a graceful migration," not "How will I wait until it becomes a real issue, and then do something about it?"

Daniels: The opportunity that exists is for those people who break out of their traditional mindset around transactions and really start thinking about what this opportunity is in front of them, and how to use this innovation as a weapon. Those are the ones who are going to see the biggest benefit, because they will be able to take advantage of it more quickly. We've seen this with lots of the technology waves that have come before. Those early movers, who can break out of that traditional mindset -- whatever it was at the time -- to the next technology disruption, are the ones who see the biggest benefit.

Gardner: I'm afraid we have to leave it there. We've been discussing cloud models, impact, direction, and strategy. Andy Mulholland, the global chief technology officer at Capgemini, has joined us. Thanks so much, Andy.

Mulholland: Thank you, too, for inviting me.

Gardner: We were also were joined by Tim Hall, director of SOA products at HP Software and Solutions. Thank you, Tim.

Hall: Thank you, Dana.

Gardner: And also, Russ Daniels, vice president and CTO of cloud services strategy at HP. Thank you, Russ.

Daniels Thanks again.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You've been listening to a sponsored BriefingsDirect podcast. Thanks for listening, and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Read the related white paper. Sponsor: Hewlett-Packard.

Transcript of BriefingsDirect podcast on clouds computing adoption, low-risk transitional strategies and innovative business opportunities. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.

Monday, December 01, 2008

Interview: HP’s Tim Hall on Heightened Role of Governance in SOA, Cloud and Dynamic Business

Transcript of BriefingsDirect podcast with Hewlett-Packard on the expanding role that SOA governance plays across IT and business agility.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect. Today, we present a sponsored podcast discussion on services-oriented architecture (SOA) and the insurance that proper governance is providing as enterprises scale up of their use of SOA.

This insurance effect comes through deploying governance alongside and in sync with SOA development and deployment capabilities. The goal is to allow governance to give IT leaders a comprehensive ability to monitor, adjust, and enforce SOA best practices -- so that the productivity, agility, and business process refinements that SOA entails can be realized early.

Perhaps more important, proper governance ensures that SOA will grow without stumbling -- allowing companies to “crawl, walk, and run” to SOA without ever losing control. Done properly, SOA governance heightens the business benefits of services, increases IT efficiency returns, and reduces the risk that complexity could undermine the services lifecycle and hamper the adoption in large organizations.

To provide an in-depth look at how governance and SOA work in concert to empower SOA at scale, we welcome Tim Hall, Director of SOA Products for HP Software and Solutions. Welcome back to the show, Tim.

Tim Hall: Thank you, Dana.

Gardner: Tim, let's look at the context. Things have certainly changed rapidly in the world. We're seeing some uptake in the adoption of SOA. We have some reports and research that indicate that companies recognize the benefits. We're also seeing more economic concern, given the macro-economic situation across the world. At this point, both at the tactical and the strategic level, what makes SOA and its governance increasingly important in the top-of-mind for architects?

Hall: There are a few things, but first and foremost the adoption of services as a fundamental unit of commerce, if you will, within IT does something very fundamental to the way that people work together, and not so much technology. It runs counter to the way that we've been developing systems in the past.

Since the beginning, one of the purposes of SOA governance has been to set the architectural vision and direction, lay the ground rules under which those activities are going to take place, and then foster collaboration between architects, and other people who engage in the processes of building solutions for companies, be they consumer focused, or be they within enterprise IT.

The challenge is that the way that we have been taught to build systems for so many years is really about eliminating dependencies on other teams and other groups. Unfortunately, that's led us into the situation we have now with vast complexity, monolithic solutions and, in many cases, monolithic systems and stacks or silos. SOA is trying to undo all of that.

While, technologically speaking, it's very easy for us to undo some of that, culturally speaking, with the people who are involved, it's much harder to undo that dynamic. That's one of the key game changers about moving to SOA. Do you have the right kind of collaboration solutions fit underneath to support it, breaking down some of the these cultural barriers, or organizational dynamics that may exist within different companies?

Gardner: In addition to this economic climate, we're also hearing a lot more about services coming from a variety of sources and from hybrid scenarios. It sounds like that's even more important, when that's taken into consideration.

Mergers and Acquisitions

Hall: Absolutely. One of the driving use cases that we focus on, since the very early days of SOA, was about mergers and acquisitions. Many of the large financial institutions were already undergoing an SOA transformation internally. The proof of those investments is to see how rapidly some of these systems, teams, and organizations can come together to actually integrate.

They were originally independent organizations, but now, as they are coming together through consolidation, either forced or otherwise, those investments should start to pay off. It should be fairly easy for them to take a quick inventory of what capabilities they expose to services and then determine either how to rapidly assemble those or which ones are going to win out, as they continue down that path.

Gardner: As I mentioned, governance seems to imply more insurance against not only failure, but insurance that, at each stage along the way -- that crawl, walk and run scenario -- the pay offs are there, the return on value is there, and the ability to manage the people and the process is there. Tell us how governance works -- the technology and the people issues.

Hall: The whole thing is tracking your progress, where are you in this journey. It's not about installing a new pack of middleware and then declaring victory. You really have to measure along the way what you are doing, and how far you have gotten. Some measures that people start off looking at are things like reuse.

We have one particular company that has been engaged in an SOA transformation for about a year or a year-and-a-half. They've identified a particular function within their organization that they turned into a service. And now it's being reused by 11 different groups within their organization. They estimate that they have saved over a million dollars in redevelopment cost, or duplicate development costs. It's avoiding those costs by having them capitalize on the service that they've offered. And, they're able to measure that through their governance activities.

Further, they're able to have a single service catalog, where they can look and see what SOA-based services have been published by these different groups. They're able to review ownership to make sure that people aren't creating kingdoms of services that they shouldn't be responsible for and distributing that functionality based on their actual roles and responsibilities within the organization.

They're also able to apply architectural policies that they can use both to inspect the services and service artifacts for compliance against the architectural vision where they are going, as well as checking for best practices. This can be done in an automated fashion, which then frees up resources from having to desk check or to manually check those artifacts one-by-one.

Gardner: I suppose with any large scale and complex undertaking like SOA there might be a tendency to say, "Well, let's wait on certain things and let's test on a pilot basis or iterative basis." What's the rationale for bringing governance in early, part and parcel with just about any other SOA activities?

Hall: There's a real spectrum of responses to that question. We certainly had customers say, "You know what. I'm not going to be ready for this, until I have X number of services under my belt." And, we certainly have had other customers that say, "I don't even want to get started on this until I have the appropriate infrastructure put in place, because I know how my organization works, and without that supporting element, I fear for chaos on day one."

It's really a matter of mapping your organizational maturity and what you're trying to achieve with the appropriate tools. People shouldn't be running out and buying tools, unless they really understand what problems those tools are going to solve, and the fact that certain organizations can introspect what they have done in the past and say what problems they want us to solve and or avoid. With zero services, it's great.

Other organizations need to try it out within their four walls and get some hands-on experience, some organizational or collective learning, to project how they want to take things forward from there in a way that works for them.

HP is here to help either customer take those steps, but the key thing is looking at the organizational dynamics, the types of questions that you'd like to answer, the type of activities you'd like to automate, and then coming and working with the vendors to see how products can help mix and match to meet their specific needs.

Gardner: Now, you've done some research looking into how companies are actually putting these into practice -- these methods, technologies, and organizational approaches. Was there anything that surprised you, and was there anything that stood out that reinforces some of this "governance first and center" mentality?

Standards Drive Adoption

Hall: The thing that's surprising to me is that the adoption of SOA is kind of spread out. It's going on its eighth year, and I am not talking about just WS-*, Web services set of interoperable standards. In general, the concept has been around for a long time, but the current wave that we are talking about was really driven by these sets of standards.

What's interesting about it is that we're learning lots of interesting things about IT, and in particular, the ways that we can do things better. The whole notion of instilling an architectural vision to support change and flexibility; to give tools to the folks who are building composite systems, so they can better manage the roles and responsibilities for the various people that are participating in that; and better communicate with operations is something that we haven’t done very well.

So, the surprising thing for me is that the lessons that we're learning, that are specifically being applied to SOA right now, have more far-reaching implications. As we look at things, like the different compositional patterns for systems that are coming -- Web 2.0 technologies, Ajax, rich Internet applications (RIAs), putting front ends on some of these things, or cloud computing -- all of these things are interrelated. My question is, should we not be applying these fantastic concepts and activities that we have been establishing through SOA governance more broadly to support all of these different types of next-generation composition?

From HP's perspective the answer is absolutely. The question is at what point are we going to be talking about next-generation application lifecycle management, or next-generation application composition and stop talking about SOA by itself as an island.

Gardner: It really sounds as if we're not just talking about governing the SOA transition, but about governing IT transformation fundamentally.

Hall: That's right. The big issue is that we seem to be reaching this point of event sustainability, where IT has been focused on what we call "capability-centric IT." It's focused on servers, storage, CPUs, fan speeds, and all these things.

That's just not the language of business. The challenge is, when we have all this complexity we have to deal with, how do we hide it? How do we tune it, so that it's working in an appropriate manner, and aligned with what the business is trying to do? The answer is that the lessons are coming out of services.

The whole notion of providing a service is to hide the layers of abstraction and to hide the complexity behind layers of abstraction, so that we can make changes behind the scenes that don't necessarily disrupt or alter the offering of the service. There are a lot of examples of this in the real world. Why hasn't IT been able to do a better job of capitalizing on those things?

This is one of those transformation opportunities. We're not just talking about Web services. We're talking about different ways in which we need to be able to flexibly compose and offer capabilities back to the business through a channel called a service.

Gardner: So, the tools, technologies, and methods that we have in place and that we're starting to scale out for governance can cross some boundaries, right? For example, "development and deployment," not just "development and then throwing it over to deployment."

There needs to be more coordination there among architects, but also those focused on business processes, and those focused on the agility of the business, and how that relates. Tell us how what HP sees as SOA governance is able to cross these boundaries.

Hall: One of the things that we are seeing more and more of, as we're going deeper into the end of 2008 and looking forward into 2009 and the spread of adoption over the last seven years, is that new constituents come to the table. They ask, "What's the lifecycle of this service?” We've got this group of people who are now testing the service. How does that relate to its status for promotion into production environment? Shouldn't they get a say as to whether the service should or should not be promoted, based on the results, be it functional, performance, or security testing? They absolutely should.

On the flip side, maybe earlier upstream, you've got a group of business analysts, who are being told, "We need to offer a new product to the market. Go figure out how we are going to do that. What are the different channels of distribution? What does it mean in terms of the supply chain? What does it mean in terms of ordering off of the Website, and how can we facilitate that as rapidly as possible?"

And they're like, "Oh, gee, what do I have in my toolkit to be able to pull this off?" The first things they want to do are: A, understand the business requirements, but then B, look at what's available to them. Then, can they reasonably compose something out of what already exists. Or, can they work with folks in IT to say, “Hey, there is a gap here. We've got 80 percent of the parts we need, but we need somebody to fill in this 20 percent. How quickly can we get there?”

So, there are more people coming to the table, more constituents coming to say, “How can I connect to these governance activities that are going on for services, but really for the purpose of generating some new business outcomes?” That, to me, is tremendously exciting.

They want to link in to the control points for the service lifecycle, and clearly we can offer up where that happens. From HP's perspective, we are definitely trying to make sure that the collaboration between architects, quality assurance professionals, and operations personnel are there. That's kind of announcing that the various solution offerings that we're bringing to market are to make sure that none of these is an island. Those control points can reasonably be connected and allow for collaboration across all the different participants.

Gardner: That's what quite different about the SOA governance, compared to traditional IT management. It's, "Bring more people to the table, but get them there in a way that these inputs can be accepted, balances can be found and adjusted, and then automated over time." Those are the balances between too much control over what people can do, versus too little, but on a dynamic basis.

Tell us how the touch points for these different folks who have an impact, or role, and should have an ability to contribute and collaborate as to how these services evolve. Tell us how they relate to governance, at least in HP's philosophy. How do they engage with these tools? Is this a series of different inputs? Is there a methodological professional services approach?

Individual Tools

Hall: Everybody has their own set of tools currently. When you look across the IT landscape, are you going to try to drag people out of the tool set that they are currently using into something new, or you are going to keep them in their existing tool set and find the plug points that allow them to collaborate a little more naturally?

Gardner: I suppose we're at a point now, where we don't need to be a SQL-programmer, or a C++ programmer. Now, more of the folks who are involved with the business process are able to have the inputs into these governance functions.

Hall: That's exactly right. That's exactly right, and so everybody, whether they're using a modeling tool to define business-level artifacts, or whether it's an architect who is in an integrated development environment (IDE) looking at a particular artifact, they need to be able, in some way, shape or form, to plug that back into the system of record, or a system of record, that then helps facilitate communication across the various other teams.

One of the strategies that we have employed is to build specific plug-ins for the IDEs or the modeling tools. Then, the other portion of the strategy is to ask what standardized application programming interfaces (APIs) we can start to offer that allow us to connect to third-party systems that are responsible for quality assurance or establishing a configuration management database and operations, so that we can understand how to start connecting to these other systems and to systems that might exist within organizations that may not come from HP.

Gardner: I suppose that payoffs and return on investment are important. They always have been, but they're particularly important now. What examples do we have? How have companies benefited from governance and recognize that governance is part and parcel of SOA? If you have some companies, some anecdotes, or some case studies, I think that would help.

Hall: I mentioned one. This company recognizes that they saved a million dollars in the first 12 months, simply by having and establishing a service catalog and publicizing it. Before folks went down the path of building something custom, they looked to the catalog first, and saw that something existed that they could utilize immediately. They've got this particular capability now consumed 11 or so times now within their organization. That was huge.

We have another large telecommunication company in Europe that has had a 320-odd percent return on investment (ROI) in establishing their SOA governance and management solution and integrated solutions that include both of those parts. It crosses the spectrum of everything from customer retention, to time to market, to decreased downtime and increased availability. They did a fairly comprehensive job of looking at what they had before and what they were trying to get to, and they were pretty pleased with the results.

Gardner: Are there any other payoffs from governance that people might not be aware of that some of these organizations are finding as it become a bit more mature and a bit more scaled out when it comes to the SOA use?

Hall: A lot of it has to do with the cultural aspects. People are surprised to find that it's so difficult to change the people who are engaged in the activity of building systems. So, it's better that you can provide the tooling underneath them, so they have a standardized mechanism that they can utilize to understand what other people are doing. There is a huge benefit to that.

We have teams of architects that are plotting out what needs to be built and when. There are certain synergies that you can get from that by identifying, “Hey, wait a minute. We're about to start this project, and it looks like somebody has identified this particular service should exist in our lexicon, our enterprise architecture if you will. We should go and talk with them, and get joint requirements built out on this, and we could both take advantage of this more quickly." I think that's a huge hurdle to overcome, when most organizations operate on the “Not-Invented-Here” mentality.

Gardner: Let's look at the future. We mentioned earlier that the cloud and services from a hybrid or variety of sources seem to be appealing to more people for a variety of reasons. We're also seeing why it makes sense to balance governance across more than just IT functions, involving business process, management, and organizational issues. What's your take on the future when it comes to governance in SOA? Do we start to think about governance more broadly in SOA, in the sense that it becomes the underlying fabric of how companies balance IT innovation and management?

Hall: Absolutely. That's something that the SOA governance activities are teaching us. Establishing the vision for where you want to get to, and then trying to automate the checking of how you are doing towards that is definitely a desirable goal. But, I think one of the things you're going to see -- I'm not sure how far in the future, it's coming up more and more these days -- is an emphasis on understanding the business-to-business connections, or what some folks will call "federation."

I want to be very specific when I say "federation," because it is one of those overloaded terms that creates a lot of mystery. If we can take the wraps off of federation, what we're talking about is a pattern for how to expose the capabilities that I own within my domain to other domains. Those other domains could be within my organization, they could be elsewhere, or they could be third parties.

The good news is that SOA fundamentally supports that type of activity. The question is how well the tools support that activity today. HP has been at the forefront of this through the establishment of UDDI, a standardized protocol for sharing metadata across multiple environments, whether that's through the use of private UDDI, which is the most widely used UDDI registry today, or even in the early days of the public UDDI.

What you're going to see, especially because of the merger and acquisition activity we talked about, is the emergence of software-as-a-service (SaaS) offerings. As we move into a more comprehensive cloud set of offerings, we're going to need to federate the different instances of services, metadata, their ownership, the consumption of those pieces, and really formalizing the relationships of using tools between the consumers and providers of those things.

When I say establishing relationships, I think about trading-partner agreements that get put in place, or supply chain agreements. They get put between supply chain partners about what information they're going to share and in what context they can use that. We're really talking about doing the same kind of formalization with the consumption and providing of these various capabilities, in order for models like SaaS and cloud to scale up to the level that they need to in order to make a significant impact.

Gardner: It almost sounds as if the boundaries between the internal organizations inside companies, as well as between partners, supply chains, and other ecologies are becoming more permeable. That's important and that's good for a business reason, but it also needs to be managed, It needs to be balanced across risks, privacy, security, access, identity governance, and those sorts of things. So, governance really seems to be again at the forefront, not just of SOA, but of how companies will redefine themselves as not just a brick wall between them and the rest of the world, but as the sort of managed permeable membrane -- for lack of a better analogy.

Internal Governance is Necessary

Hall: That's absolutely the case, and I think the concern that everybody should have, is that you don't treat people outside your organization the same way that you treat people inside. In some ways, that's a good thing, and in some ways, it's a bad thing. As a specific example, you go through a lot of headache and heartache to put those trading partner agreements in place. There are lawyers and stacks of documents that go back and forth. The good news is, you have established the ground rules for who does what to whom, when, and where, including the worst case situations.

That's great, except that you don't treat the people within your organization the same way. Then what happens is that you're running on a set of informal agreements. When there's a problem, what happens? If that permeable membrane example is going to play out and be effective, we'd better start doing some formalization of those relationships internally, because you never know how long that relationship is going to last. It maybe internal today, and it maybe external tomorrow. You'd like to have the ground rules be relatively consistent, as you move from one model to the next.

Gardner: So, we'll need to have the ability to identify the rules, house the rules, share the rules, enforce the rules across these business activities, and SOA governance seems to be the best candidate at the moment, right?

Hall: Absolutely. The big deal is looking at how we can foster better collaboration through the formalization of these agreements. For example, a service provider needs to declare what roles and responsibilities they have to fill, as well as setting the expectations of what the consumer is responsible for doing, and do that in a flexible way that can be negotiated using the tools.

Gardner: And, importantly, the visibility is there because people need to examine whether these relationships are working or not, what may or may not be right or wrong with them, with the proper access that they would get by overseeing an SOA or services lifecycle? They get that into these business relationships, and it's "trust but verify" basically, when it comes to this level of governance.

Hall: That's exactly what I'm saying. At what point are we going to stop talking just the SOA aspects of this, and broaden this discussion and say, “Look what we learned from SOA governance. This can actually apply more broadly to a whole range of relationships, including application composition, be it internal, external, etc.”

Gardner: We can probably go on for another hour just talking about the data sharing implications of all this.

Hall: That's actually a really interesting one from a regulatory perspective. You start hearing different government organizations popping up and saying that we cannot put our medical records on a server in India, China, or anywhere other than within our borders. Those are going to be regulatory requirements that all customers have to operate under, and so they're going to need to look at those relationships. Even these SaaS and cloud providers may need to develop distributed mechanisms and instances of their technology, to ensure that they are able to do business and comply with those regulations as well.

Gardner: Just to toot your horn, I suppose HP has a number of these technologies, and areas of expertise in its quiver, be it IT management, SOA governance, or SOA infrastructure. There is the business technology optimization (BTO) through the lifecycle of development and deployment. There are the professional services, the understanding of these businesses. So you're seemingly in a pretty good position, given what we've been discussing.

Hall: HP has become the largest technology company on the planet by revenue, and there is a reason behind that. It's not just printers and ink. We're aggressively continuing to move forward on a number of these fronts, from investments that we make through our HP labs, which is the kind of the deep research that we see paying off between the five- to 10-year time horizon, to how do those things transition into specific product offerings and capabilities that come out of our hardware, software, and services groups.

Obviously, the acquisition of EDS allows us to scale up our service offerings as well. We have a big quiver, and we definitely pull all those pieces together to deliver comprehensive solutions to customers.

Gardner: I think we will leave it there. Obviously, it's a very large opportunity, but not without pitfalls. For those companies that do get governance right and can expand it beyond just Web services at a department level, and bring it from a tactical, strategic, and then extended-enterprise basis, there are perhaps some very important business benefits.

Hall: Absolutely, and it's critically important to look for trusted guides, people who have seen the last seven or eight years, and also have a vision for how to take this forward.

Gardner: Well, great. We've been discussing the importance of SOA governance and how it helps heighten business benefits. It can return higher efficiency and reduce risk of the complexity that can undermine services across the lifecycle. Helping us to understand these issues today has been Tim Hall, director for SOA products for HP Software and Solutions. Thanks for joining, Tim.

Hall: Thanks again, Dana.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You've been listening to a sponsored BriefingsDirect podcast. Thanks, and come back again next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Transcript of a BriefingsDirect podcast with Hewlett-Packard on the expanding role that SOA governance plays across IT and business agility. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.

Tuesday, July 08, 2008

HP SOA Products Director Tim Hall on New Business Drivers and Efficiency Benefits From SOA

Transcript of BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe Conference in Las Vegas, Nevada the week of June 16, 2008.

Listen to the podcast here. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to a special BriefingsDirect podcast recorded live at the Hewlett-Packard Software Universe Conference in Las Vegas. We are here in the week of June 16, 2008. This sponsored HP Software Universe live podcast is distributed by BriefingsDirect Network.

We now welcome to the show Tim Hall. He is the director of HP's SOA Center products. Welcome to the show.

Tim Hall: Thanks, Dana.

Gardner: We are going to talk about, fittingly enough, service-oriented architecture (SOA), the products, the market, some of the underlying trends, both from the business viewpoint and technologies that are driving SOA adoption.

I suppose SOA is at somewhat of a crossroad. We have seen a lot of pilot and project-based adoption. People were expecting to see more holistic, deep and wide SOA methodologies brought into play, but there has been an awful lot on the plate of CIOs and architects these days.

They are now thinking about data-center transformation and next-generation adoption for virtualization, higher utilization, and lower costs. They are also dealing with some of the issues around energy and power. They are being asked to modernize legacy applications. There's an awful lot going on, but SOA can be an enabler and an aid to that. Why don’t you tell us a little bit about, how you see SOA moving into the mainstream?

Hall: From our perspective, we think SOA is an application-development philosophy, and that philosophy is really the backplane, or an enabler, of lots of different and interesting trends.

You mentioned that modernization is a key one. Lots of old mainframe programmers like myself are retiring, and we've got lots of customers now looking to migrate to more modern architectures, Java platforms, Microsoft technologies, and maybe replacing with updated packaged apps from Oracle or SAP -- those are the two major package players these days. You know, both of those vendors, are building custom software, and SOA is the way in which they are doing this.

It also is an enabler for things like Web2.0 or mashups that are created from the information and the capabilities that are exposed through those services. SOA is, as I said, a philosophy about how we are building applications. We want to be service-oriented in those services that are consumed across a wide variety of composite applications that can be built. So, when you think about things like virtualization at the hardware level, SOA allows you to do that at the software level.

Other trends that are intersecting here include software-as-a-service (SaaS). They have service in the name. The question is how much of it are you consuming. And, are they also exposing services that you can actually integrate with things you have in house. All of these things are connected, but I think SOA is really this backplane to enable all of these pieces. Whether we are talking about it as a first-class citizen, or just the way in which the work is being done now, is the point of view about it coming into the mainstream.

Gardner: A lot of the discussion here at Software Universe has centered around the need to bring together what happens in design time, with what happens on the operation side, in run time, and in production. And, it seems to be one of the key assets of SOA methodology in adoption is a creation of registry/repository, a really powerful information source for policies, SLAs, and use patterns.

When you start looking what they are doing with federated configuration management database (CMDB) on the ops side, when you look at policy engines, you start to see how some of these federated data sources can be brought together to create more of that lifecycle approach. Tell us a little about the registry/repository, and how key it is for people in a IT role, not just for SOA, but perhaps for more?

Hall: I think that's a great topic, especially from HP's perspective. You know, there are lots of different information sources that you have in IT. There isn't just one, and if you think you are only going to have one, we think that's the wrong approach, and customers have played this out.

I think what you are getting at to a certain degree is to looking at the adoption of two different trends that are going on. One trend that's impacting the operation teams is the establishment of configuration management database, and the adoption of the Information Technology Infrastructure Library (ITIL), and IT service management on top of that information. That's one trend.

By the way with ITIL version 3, all of those processes now are oriented around the notion of service delivery, which now fits very nicely with the notion of the application teams building these next-generation applications that are also service oriented.

And, you know what? Most enterprise architects and most operations folks don't normally get along. But, maybe with these two converging trends, we have an opportunity for these folks to understand each others' motivation. We are talking about the same kinds of terminology. Suddenly, there is this shared understanding that we might actually get some work done.

So, there are these different authoritative sources of information that we see being established, some within ops, some within app development, quality management repositories, enterprise directories with identities, and they are all related, all stitched together.

The point on the application side is the more and more structured information that we are creating and putting around applications, the more automation that you can drive through the entire lifecycle. This includes enriching information like what's in the CMDB, by providing federated access to all of these different information sources. So from the SOA perspective, having a SOA-centric artifact repository as an authoritative source for those documents, is absolutely critical.

The registry is yet another place to discover and point you to where those two different authoritative sources actually live. So, in some respects, the registry can become the federation master, if you will, telling me, if I want to find the configuration management database, where is that? If I want to find the SOA artifact repository, where is that? They can point you in all those different directions.

Gardner: I suppose also, in aligning with SOA, approaches and methodologies, the enterprise service bus (ESB) becomes a way in which some of these policies can be instantiated. A messaging bus is not only the way in which the information is available. There is federation. There is a relationship between these different repositories, but then the actual execution of that can happen.

I think the point what we are trying to get to here is that SOA may have been given short shrift in terms of its role for cost efficiency and productivity, if you think it only in terms of application services reuse and compositing. When you look at in the context of IT lifecycle, and the full opportunity to create much more efficiency in the IT operations, it looks a little bit prettier.

Hall: Absolutely right, and I think if you look at what HP is assembling in terms of our software portfolio, there are some logical connections you can draw. First, as you are building more of these structured artifacts and linking them together in terms of the lifecycle, what can we do in terms of things like automated deployment? And, if I've captured information about the environment that the service is going to deploy in, the policy, the run time policies and the associated policy enforcement points are going to be responsible for executing those policies, be they hardware or software based.

Clearly, we have a leg up in understanding all of those elements, bringing Opsware into the fold and looking at how we can take the whole stack soup to nuts and automate both the deployment, as well as enriching the information in CMDB. Those are sort of the conclusions that you can draw from all the different elements that we have in the portfolio.

I actually think it's a discussion you can have about application architecture in general. You can say, "What are the best practices that we are learning out of the SOA approach that we might want to apply to other types of applications that we are deploying? What other structured artifacts shall we will we be creating to help us drive that kind of automation?"

Gardner: And, of course, the major trend that people are talking about and starting to move toward is virtualization. It's another layer of complexity, but if you've got those assets in place, the backplane ESB is doing management on a automated basis through policies and governance criteria that are already embedded in these data repositories. The whole notion of scaling virtualization for very dramatic cost savings becomes a bit more or less scary.

Hall: That's absolutely right, and, again, these trends are all collected, they support each other, and they can be composited and built on each other. I mean, virtualization is not a new topic. I was having a conversation with some folks yesterday about shouldn't we take the OSI seven-layer stack and talk about each layer of that stack. Put the word virtualization next to it, and then describe at that layer, network layer, application layer, operating system layers, what does this mean? What capabilities you are getting out?

I think, what you are alluding to is that customers have some confusion about what am I virtualizing at what layer and what do I get as a result of doing that? But I think it would be a very powerful discussion topic or a discussion slide to have with customers as they are trying to decide what the benefits are in each one of those layers?

Gardner: As we started out saying, there is an awful lot for IT departments to bite off and chew these days. A few years ago, I had customers come and say, "Okay, what we do first to get ready for SOA?" The big thing to do is get your data act together. Get a data service's layer, because it's data services that will be probably most important and beneficial to consume through your SOA infrastructure.

Well, now I am thinking that at even higher abstraction, you've got to get your whole SOA infrastructure and approach going, so that you can then be in a position to take advantage of this larger IT lifecycle.

Hall: I'll be a little controversial. We actually don't think that that's the right approach -- for SOA adoption, at least. After seven years of kind of playing in the space, we have seen most customers be successful, when the first thing they do is decompose their business, and not worry about the technology.

Actually for most customers that we talk to their first problem in terms of SOA adoption is when they've driven it from the bottom up, meaning, they try to have the technologists drag the decisions about data services or selecting ESB without even understanding the requirements to drive that kind of decision.

The most successful adoption that we have seen and the highest number of benefits is when they take a business-focused approach. Let's decompose a business. Do we really understand what it means in the IT world to be a service provider? When I say service provider, I mean in the classic sense of a telecom. Somebody once asked me if you are successful with SOA, what is my IT shop going to look like? I said, you are going to look a lot like a telecom provider, and they looked at me very puzzled. Then I said, you are becoming the dial tone of the business by providing all of these services, and that means you have to be available 24X7.

Think about what that means to be a truly carrier-grade IT service provider and that's a catchphrase that I like to use to get that conversation going.

Gardner: Sure, and then to bring that into some of the newer hype curve of activity lately around cloud computing. What you are describing is where people are beginning to identify as a private cloud.

Hall: Yes, that's absolutely correct.

Gardner: Tell us a little bit about what you think a private cloud and SOA do together?

Hall: Cloud is the next new, new thing. There was a blog I was reading the other day, that said, SOA was the boring cousin of Web 2.0. Now, I am thinking, after seven years, of doing this for the boring cousin. Very interesting, but cloud is the next new thing that people are talking about.

How can I get these compute resources and how can I get access to them from wherever I am in the world? I think there is some very interesting models being put together, such as Amazon's S3 model, and now I see businesses tapping into that, and using that as the means for scaling up and scaling out their environment, without ever having to have touched the hardware infrastructure operating systems.

Gardner: And, developers using it to put their apps through their paces on a performance-testing basis before they ever put in production. They try it on Amazon Web Services.

Hall: Absolutely, and performance validation, by the way, is one of those things for SOA, which I believe is absolutely critical, and yet, who is involved in that? Is it architects? Is it your quality management professionals?

Normally, there is a performance validation team that's absolutely world class within organizations to understand how to do that kind of scale up of individual apps? Now they are applying those means and methods to services. So, cloud is really one of those cool, new buzz words that we are hearing about. Private cloud? Sure. I definitely see that it's an evolution of how do we turn all of the assets in IT into services, and now we are saying, hardware is a service.

Gardner: Okay, so what's interesting is the relationship between these trends and how it really starts to point to a larger goal for business transformation and IT service management in the transformative implications with that. It seems that IT is becoming more a fabric of a company, rather than a second thought or a supplier. It's not really a supplier -- it doesn't really do IT justice anymore.

How do IT professional in these IT departments begin to think of themselves, actually recast their role and their position, their culture, to take on perhaps a much larger role in these companies?

Hall: I think one of the messages you see from HP software is that we are not talking about information technologies any more. You know, back in the day, it was data processing, right? We are now talking about business technology, and we are saying, "How do we optimize the outcomes of applying technologies in the context of business?" And, our message is, IT is a strategic weapon. The folks that were in IT, we are transforming them to be in BT now, and the more their companies are able to look at applying technologies in new and unique ways, this is absolutely their strategic differentiator in the market.

Gardner: Well great. I think we have covered quite a bit, and all the pieces are not quite in place, but once people see the vision, and they've got a stake in the ground. It really helps rally the troops and put together your requirements of how to get to where you want to be. So, we are going to thank Tim Hall, he is the director of HP's SOA Center Products. We appreciate your time.

Hall: Thanks very much, Dana.

Gardner: This comes to you as a sponsored HP Software Universe live podcast recorded at the Venetian Resort in Las Vegas. Look for other podcast from this HP event at, under "Software Universe Live Podcasts," as well as, through the BriefingsDirect Network. I would like to thank our producers on today’s show, Fred Bals and Kate Whalen, and also our sponsor Hewlett-Packard.

I'm Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening, and come back next time for more in-depth podcasts on enterprise software infrastructure and strategies. Bye for now.

Listen to the podcast. Sponsor: Hewlett-Packard.

Transcript of BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe Conference in Las Vegas. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.