Transcript of BriefingsDirect Podcast on IBM's Upcoming Jazz Collaborative Development Framework

Edited transcript of BriefingsDirect[TM/SM] podcast with host Dana Gardner, recorded April 24, 2007.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today, a podcast discussion about application lifecycle management (ALM), collaboration, and the productivity of developers in teams. We are going to be discussing an upcoming product announcement -- perhaps maybe we should call it a community announcement -- by the IBM Rational Software division.

They are going to be announcing in June at their Rational Developer Conference in Orlando, Fla., a technology set called "Jazz." And here to tell us more about it and describe the benefits and issues around new collaborative approaches to development is Scott Hebner, the vice president for marketing and strategy for IBM Rational Software. Welcome to the show, Scott.

Scott Hebner: Thank you, Dana, glad to be here.

Gardner: First, collaboration has always been dicey issue with developers. There is a tension between individuals and small teams, and then groups of small teams, and then many groups of teams. What is the problem set that we are really addressing here with Jazz?

Hebner: Well, first of all, Jazz should be really thought of as a project to drive technology innovation in the whole space of collaborative, process-driven software engineering. It is a project that’s being managed by Rational in partnership with the IBM Research division to try some really deep innovation. We want to put some deep thought into the whole notion of how to help teams that are delivering software be more effective. And increasingly we will be opening up that technology project into an open community that more and more of our business partners and our customers and developers in general that can participate in.

In a nutshell, what Jazz is really all about is how to drive greater efficiencies, cost savings, and the ability to deliver software more effectively -- particularly in a world that’s becoming increasingly geographically diverse, increasingly modular. As customers move to things like services oriented architecture (SOA), it just drives the need to enhance the ability for teams to collaborate and gain access to the real-time information on the health of the project.

We're seeking to integrate the various services involved in managing the lifecycles of these projects. It's an evolution, but a profound one -- given where we are today.

Gardner: So we are describing this in terms of a community approach, a framework? Are there going to be contributions and plug-ins, something like Eclipse? Should we be looking at the Eclipse framework and foundation as a model for this?

Hebner: Yes, actually, I would. What is Jazz? I think maybe a good place to start would be there.

As I've said before, it is a major investment by IBM to create an innovative, collaborative software development technology base. It will not only will drive the evolution of our product for future years, but it’s also going to drive the evolution of many elements of the marketplace.

Another way of looking at it is Jazz is a market accelerator that will help customers implement some of the key trends that we see them moving toward. That includes the ability to manage software delivery more effectively, to leverage the supply chain, and to more effectively use software that’s being used to create and deliver software. You need a whole notion of community, modularity and empowerment to the path of a governance model.

To your point, I would think of Jazz as being the next big thing, if you will, beyond Eclipse in terms of shaping the IBM portfolio -- but also the marketplace. As you may know, Eclipse has more than two million users around the world. It's just had its fifth-year anniversary, and I think it's fair to say that the innovation behind Eclipse has really driven change in the marketplace. It has facilitated a lot of customer value in terms of the ability to integrate products within a lifecycle more effectively.

Eclipse did a lot on the client side, the user side, to integrate the desktop. You can think of Jazz as being a similar approach, but on the back end -- or the server side -- where the teams need to have the same ability to collaborate more effectively and to gain integration.

One of the more important things about Jazz is that it’s truly in the Eclipse way. In other words, if you think about Eclipse, it perhaps is one of the most successful software development projects in history. Over the last five years they have delivered really high-quality code. They have not missed a project milestone. They’ve been on time. It's a very efficient community that’s building and delivering software.

Jazz is being brought to us by the team that helped to lead Eclipse. What they are trying to do now is automate the lessons of this proven, open-collaborative model that Eclipse represents. And so I think we have learned a lot about how to facilitate collaboration. We have passive governance [to manage] a project that expands across multiple geographic locations and is always changing, is very dynamic. We are trying to "tool" that, if you will, to automate that, and take what we learned in that development project.

Gardner: Yes, we’d have to say that Eclipse has not only been successful on its own right, but has actually provided a great example, or model, for how community projects development should be done and governed.

Hebner: Exactly. I think many customers are looking at it and saying, "Well, there’s a lot of value in enhancing a community approach in how they develop and deliver the software. You can share skills more effectively, you can share assets, you can collaborate much more effectively around this model -- and gain a more open approach.

Right now such openness may be just within the company, or it may be within different departments in different locations. You know, we talk about globally diverse environments. But we should also talk about organizationally diverse environments, because more and more customers are outsourcing different elements of software delivery.

They may be testing in India. They may be outsourcing different parts of their project development. But ultimately you need to manage it all as one major project that needs to have some level of lifecycle management governance around it. And so, again, to go back to your original question, Jazz is being built from the team that brought us Eclipse. It is leveraging a lot of Eclipse technology as a foundation. If you think of Eclipse as sort of on the client, then Jazz is more on the team side of things.

Gardner: Okay. Now thinking about application lifecycle management as a topic, is that the large issue that we are addressing here? Is this really an application lifecycle management function, or is this more still of a development environment approach?

Hebner: I think it’s the broader notion of governance and lifecycle management -- service management, if you will. It focuses on how to help teams to be effective and to collaborate and to communicate more effectively. It also helps teams of teams. Right? And I think that’s where its ability to scale over time is going to be an important thing. I also think it’s something that Agile teams are really going to like. I mean it involves the whole notion of Agile development -- yet with the ability to scale.

So, in many ways, it is a lot more than software development. It’s really about team collaboration around the delivery of software. It's about lifecycle management, automating lifecycle management. It's about traceability of relationships between artifacts, automation of high-level processes, visibility into the processes and then reporting against it.

Jazz also helps to learn and deal with compliance issues, whether it's Capability Maturity Model® Integration (CMMI), or whether it's some regulatory issue like Sarbanes-Oxley compliance. I think it deals with the notion of integration -- of real-time access to information about the project in terms of collaboration and automation. Those are the kinds of buzz words that really starts to define what the next generation of a application lifecycle management platform needs to be.

Gardner: We are also starting to hear some things in the market around software development as a service. Are there any on-demand aspects to Jazz? Or is Jazz in a position to allow for more utilization of on-demand elements within a development lifecycle?

Hebner: Well, that’s a good question, and actually an intriguing one. I think as time rolls on much of what this technology base will do for products, and the ability to facilitate collaboration -- particularly in a geographically diverse environment -- will lend itself to doing things more effectively as software as a service (SaaS).

What I mean by that is that a part of the value of this technology is going to be greater collaboration and visibility into the process of software delivery. As I said before, you may have people that are part of broader teams in different time zones, different countries. They may be in different organizations in other companies that you are outsourcing to. And you want to be able to manage that as an integrated project, gain a lifecycle view of it. Then you will be able to manage it much more effectively, to get all those geographically distributed people in the projects to actually work together.

There is going to need to be some degree of hosting and Web access around Web 2.0 clients, or Eclipse clients, or whatever it may be. And if you think about that, in many ways it’s almost an internal software-as-a-service model.

For example, perhaps you’re providing a business partner with access to some of the key software development assets of your business so they can test against it. But you only want them to have access to certain aspects of it, and you don’t necessarily need to roll out to them all of your assets. And so how do you manage them? So I think an application of this technology over time will be the ability to better facilitate software as a service models for software development.

Gardner: Interesting. And at the same time, Scott, you mentioned a little earlier SOA. And as organizations are looking not to just create individual services, but to then aggregate, composite, and orchestrate these services, is this environment something that we could take to a higher process-level as well?

Hebner: Yes. I think SOA is a key driver behind the need for this. There is no doubt, at least in our minds, that we are seeing our customer base move to SOA. I think we’re beyond the hype-curve now. It’s just a degree of how much SOA, if you will. So I think more and more customers are moving to this notion of modularity, componentization, and reuse to align more effectively the IT investments with the business imperatives. They also want to lower costs and create greater efficiencies. And they want to address labor costs by automating things more effectively. So there are a lot of benefits to SOA.

What comes with that, though, is a lot of additional modularity in the components -- the notion of a supply chain of components -- that are then used to create applications, and then a lot more change. In the old days, it used to be quite straight forward. You built the applications from top to bottom as monolithic. You did everything from testing to requirements management, pretty much contained within your team.

Now you may have a component, a service, that’s being used in an application, and that’s also being used in 10 other applications. And then one of those applications has a change request against that one service. How do you ensure that that doesn’t adversely affect the other ones? And what governance model do you have in place to govern who makes decisions on requirements and changes?

So facilitating more and more modularity also drives more and more change. How do you manage all that? I think what it comes down to is you have to work effectively as a team. You need to be able to collaborate and communicate better. You need to be able to act as a team within these processes in ways that are flexible and actually take on the unique characteristics of how the team actually works. And I think you need to integrate the various elements of the lifecycle more effectively so that you have traceability of the artifacts; so that you have the ability to manage and gain access to the assets. You need to be able to have access to the real-time health of the project based on the real work that’s going on at that particular time.

Gardner: So developers are not only going to have to manage the creation of the code, but how that code behaves in production. But there are also going to be policies, rules, and governance set up around of variety of these services. And so they’re going to have to manage, in essence, those rules?

Hebner: Well, I think there’s really no way around it when you have a governance model, and a lifecycle management set of processes and policies in place. As you begin to componentize and reuse things, you’re setting up a situation where you can have quality problems.

Gardner: So we’re going to basically have governance lifecycle management?

Hebner: Yes, and I think the governance models, the procedures, and the decision rights are going to be the overriding definition of the lifecycle processes. But, you know, governance is one of those things that developers and development teams may not like the sound of.

Gardner: They usually thought about that as happening in the operational phase, after they’ve gotten rid of it right?

Hebner: Oh, Exactly. And we think this all can be a very empowering thing for the developers in the development teams. Because if you think about it, if you’re going to automate the governance model in the lifecycle policies -- in the actual infrastructure, so that the developers in the teams don’t actually have to do anything -- it’s all being done as part of the infrastructure. And then you operationalize it, and you automate it, and it then becomes what we call "passive governance."

That’s going to take a lot of paperwork off the developers’ backs, and they’re not going to have to really pay attention too much to it because the system is automated. If you want to make a change request, or you’re taking on a change request for a particular piece of software, the system will help keep track of the paperwork, the auditing, and who made the right decisions. We'll be able to do all that on behalf of the developer.

What we’re hearing from many of our customers is that the deeper we get into this notion of passive governance it actually empowers the teams to be more effective. It gives them more time to be able to really focus on applying their skills, which in most cases is building really good software. Where you don’t automate, it then becomes a burden.

So governance does not mean paperwork and policies. I think the goal is to automate it. And that’s what I think this Jazz technology is going to help us do more and more efficiently over time -- to automate and "operationalize" how processes in lifecycle management are made to work, and to do it in a way that facilitates collaboration and communications. It’s really nice when everyone in the project has the ability to get access to real-time information about the health of the project.

Gardner: It sounds like a strategic approach to governance -- about the relationship from design time to runtime, and perhaps a feedback loop between them.

Hebner: Yeah, it’s going to facilitate that, exactly. I think Jazz is fundamentally a technology investment around facilitating three things:

• Collaboration and communications among the development team.
• The ability to have customers enact business processes for the teams that can take on the unique characteristics of how those teams are operating and need to operate, so an Agile-kind of capability.
• And thirdly it’s about an infrastructure that will help customers better integrate the various services involved in managing the lifecycle to their assets and projects.

Then how you apply that is where we get into a lot of the questions that you have.

Gardner: One of the things that is also a concern to developers is that they like to use the tools they are familiar with. They don’t like to be told what to do. Is Jazz going to be inclusive of a variety of different tools and approaches? Is this going to support the Rational products, like ClearCase and ClearQuest and RequisitePro, and also be something that you can plug in other tools and approaches to? How open should we expect this to be?

Hebner: It’s going to be very open. Just as you would go out today and become part of a community with Eclipse, you’ll be able to join and become a part of a community with Jazz. What comes with that community is access to a software development platform for actually building products -- as well as extensions, plug-ins, and processes, all based on the technology. So over a period of time, people will be able to build with partners plug-ins and products based on the Jazz technology, just like they can build based on Eclipse.

Gardner: If you do have a commercial product that you want to allow to work within this framework, can you feel free to build the modules or connectors to them, or to use what’s available in the market?

Hebner: Yes, exactly. There’ll be different degrees of this. We’re still working that out. It’s not going to be completely an open source project like Eclipse, but there are going to be key elements of that. The idea is exactly as you just said. You’ll be able to open up the parts that make sense, those that have to do with adapters and interfaces and how you communicate. We want to bridge the ecosystem of developers and partners who are building plug-ins, extensions and products based on this technology base.

By doing that, a customer that starts to leverage any products -- including commercial products -- that are being delivered based on some of this technology will be able to integrate it with other services or products built by non-IBM companies. So that’s the whole idea of it being able to integrate. Think of it as an integration of a structure. Obviously you need to have an adaptor and a plug-in capability, otherwise why are you integrating?

Gardner: One of my industry colleagues, Carey Schwaber at Forrester Research, has coined the term "ALM 2.0." And a big part of that is to be able to be inclusive, to use many tools and components across a development process, or lifecycle. And you can then gain a larger value from coordinating and managing all of that.

Hebner: This is exactly right on. This is exactly what we are referring to here. ... This is middleware, if you will, for better integrating the various services involved with how you manage the lifecycle of your projects. The whole idea of the integration bus, in layman’s terms, is the ability to plug-in different products that you may want to use as a customer that make up your software development and delivery platforms, and all the lifecycle capabilities. That’s not all going to come from IBM. We would never think that.

Another part of your question was about the IBM Rational portfolio, and I think of Jazz as being a technology innovation that we are going to use to shape the direction of our products in our portfolio for years to come. It’s going to inspire and infuse new features and functions and technology capabilities into our portfolio. So Jazz is a reason to buy ClearCase and ClearQuest, for example. It’s not -- this isn’t about replacing anything, it’s about infusing new technology and innovation. It's about the collaborative, process-driven characteristics that we talked about. So it’s an extension of the value of our current product set, and doing what Eclipse did on the client, for the teams on the back end.

Gardner: I suppose another thing has been missing in the previous one-offs and smaller monolithic approaches is analytics across the entire process. Is this coordinating effect -- even coordinating at the governance and policy and services level -- going to give us more data, more insight, more metadata into how development works well, or not well? Will it help foster a constant, iterative improvement-based approach to development?

Hebner: Yes, absolutely. That’s what I meant by the process-enactment and the access to real-time help. The idea here is that you have visibility and gain collaboration into the software development process. And so what are some of the key value points that this technology will provide to customers?

I’ll tell you. The first one is that it will enable development teams to collaborate in real time, in the context of the work they are doing, and especially in globally diverse environments. The second thing is it enables projects to be managed more effectively by providing visibility into accurate, real-time project health information, effectively drawn from the actual work that’s going on. Obviously, there is a lot of reporting that goes around that.

Building on that, it automates traceability and auditibility my managing the artifacts and/or inter-relationships -- across the lifecycle, which, as I was saying before, empowers the teams to deliver more value. So you don’t have to worry about managing auditibility issues and traceability.

The system will do it for the development teams. And, finally, I think the final key piece of value here is that Jazz provides a customizable process design enactment, a kind of capability for rules-based process guidance. It becomes a lot easier to automate, to find check points. It allows you to enact processes that take on the unique characteristics of how a team has been operating. It kind of evolves and changes and learns from what works and what doesn’t work. This is a very Agile, real-time, collaborative kind of model.

I look at it sometimes and I think, Is this going to enable a developer portal? Is it going to enable a business-process engine for software delivery in lifecycle management? Or is it an integration infrastructure for the different products and services that make up what customers think of as lifecycle management?

The truth of the matter is that it’s all three. It’s not just a portal. It’s not just a process engine. And it’s not just integration infrastructure. I think it’s really all three integrated together, optimized for software delivery in helping development teams collaborate more effectively. Again, keep in mind that Jazz is a technology infrastructure. It’s a base of technology that will then be used to infuse new capabilities, new integration and new value into our current portfolio.

Gardner: Is Jazz a project name, a code name, or is this going to be the long-term nomenclature around this?

Hebner: It’s a project name. And whoever is listening to this can go out to www.jazz.net right now, and you can see the beginnings of the community. So, www.jazz.net will be the name of the community, which is already out there. And the key formal unveiling of this, where customers and you and others can get a lot more detail, will be at the Rational Software Development Conference, the first of which is in Orlando, Fla. on June 10-14, 2007.

If anyone is interested, go out to our website at www.ibm.com/rational and you’ll get information on the conference. We are also going to be having them in India, China and Israel. And there’s a bunch of other places where we will have these events throughout the year. But come June, that’s when we are going to focus a lot more on what we are doing around visibility and collaboration in the software development process. There will be a lot more detail about what we are talking about then.

Gardner: Is this going to be in beta until it comes out in an official sense later in the year? What’s the timetable for the full, official debut?

Hebner: Well, I think you are going to start to see a lot of that articulated at the conference. But in June there will be the ability for customers to begin to get involved and get their hands on this stuff. Not only the technology and the community, but it’s likely that there are going to be betas rolling out around other new products from IBM. And obviously the details of all that, and what that all really means, is part of what we are going to be talking about at the conference.

Gardner: So there will be a series of new IBM, and I assume Rational, products that debut in conjunction with the rollout of Jazz?

Hebner: Very likely. I’d go to conference and find out, but yes, we are doing this to really enrich the value of our portfolio. So clearly there will be new products. There will be new features and functions and capabilities infused into what we have today.

This is about enriching and involving our portfolio of products that make up the Rational Software delivery dlatform into this notion, as you said before, of ALM 2.0 and collaborative, process-driven software engineering. This is the next big thing, we would like to think, in software engineering -- beyond what Eclipse delivered five years ago.

Gardner: Will there be IBM products beyond the Rational portfolio involved with Jazz?

Hebner: I think it’s likely.

Gardner: WebSphere, perhaps?

Hebner: It’s point-to-point. Well, keep in mind you have Lotus, which is all about collaboration and people-productivity, and they have Lotus Designer. So some of those things will play in this, right?

Gardner: So this could be for scripting developers, Web developers, as well as C++ and Java developers?

Hebner: Yes, it’s a team environment for managing projects and assets in facilitating communications. Part of that may be building the portal applications that you may be using Lotus Designer to do. I think your point on WebSphere is right too. And already we have some pretty good integration with WebSphere Business Modeler, and the ability to leverage that to design processes. And then from there someone has to build an architecture that allows the delivery of services to implement those processes.

So I think those linkages get enhanced over time. I think Tivoli is another important element here, in that, when we talk about lifecycle management in governance, that doesn’t stop at the delivery of the software that flows into your operational state. And many of the change requests that get created actually occur in an operational setting -- from a user, for example. Right now there is a lot of labor cost associated with getting that change into the software development process, and to the requirements.

The more we can automate that and create collaboration that extends beyond just this core software development team, the more you can address labor costs and help customers in a broader notion of managing the lifecycle of their projects. And not only in delivering productions, but also in operations. Think of it as one massive lifecycle. This is the way it should be, right?

Gardner: Compress the time from development to deployment.

Hebner: Exactly. And the labor cost associated to that, too. There is a lot of labor that goes into that hand-off, in the communications between the operational team and the development team. And you have to have the testing in the middle there. There is a lot of automation that could be done in the communications and collaboration enhancements that really can drive the bottom line for customers in terms of cost.

Gardner: Sure. Now we talked earlier about how this compares interestingly to Eclipse. It also sounds like it compares interestingly to what Java was attempting to do 10 years ago. Is there some commonality between what Java accomplished as a development framework, and what now we are talking about with Jazz?

Hebner: I think at the very high level, yes. You are onto this notion of an open infrastructure.

Gardner: Sure, automating and bringing together elements that have been very disparate and difficult to manage.

Hebner: Exactly. So we had the idea of J2EE, for example, that was facilitating Web-based transactions and an enterprise platform for building enterprise applications that, by definition, integrate with other applications across an open world, right? And the more companies that would adopt that model, and build J2EE applications, the easier it was to share skills. And it was the whole idea of an open infrastructure model, right?

Gardner: A de facto industry standard.

Hebner: Exactly. Even though it wasn’t technically open in the sense that Sun Microsystems controlled a great deal of it. But Eclipse, conceptually, was the same kind of idea. Which is, if you really want to facilitate customer ability to integrate different tools at the desktop and enhance the ability to customize them and to build an ecosystem of all these tools that are more interchangeable -- then one company could not do that. You need to have an open model. I think the same would be true with Linux, and the same would be true of Apache.

Gardner: You need to have buy-in by the people who cooperate, as well as compete.

Hebner: Yes. Our thought here is learning from those experiences over the last 10 years -- going all the way back to Linux and Java, and even prior to that. The notion here is integration of a lifecycle, collaboration and communications, particularly in globally diverse and organizationally diverse environments. By definition, if you don’t take an open approach to that you are never going to be able to integrate all of that, and to automate it. It has to be open.

Gardner: One of the other things that’s been a bugaboo for developers is the whole complexity around check-in and check-out. And developer seats. And who is a simultaneous user and who isn’t. And how you charge for use. And how you audit for that, and license for it.

How are you going to charge for something like this? And does it perhaps have some impact on managing the whole process of the payments and usage of other aspects of development?

Hebner: Well, that’s a tricky question. And I don’t have all the answers for that.

I would say a couple of things here. One would be that -- keep in mind that a lot of this value, the incarnation of the value will be in our current product set to some degree. So if I am an IBM Rational ClearCase customer right now, this is going to add value to that installation. It’s going to add additional collaborative capabilities -- sort of a collaborative developer portal that allows you to get more value out of ClearCase.

In many ways there is already a model for how you buy and pay for ClearCase, right? As I was saying before, as new things come out, though, the pricing models for those and how they work ... Well, I just am not sure that we have all the answers ready to go out on that.

Gardner: How then would someone purchase or subscribe to Jazz, or how do you expect you’ll charge for it?

Hebner: We can say that Jazz is a technology project, right? So you will be able to get access to the www.jazz.net environment. How commercial entities -- whether they be IBM or some other company out there that chooses to use the technology -- how would they decide to deliver and price commercial products that leverage the Jazz innovation and the technology? By server, by user, or simultaneous -- all those things you brought up are legitimate questions. I don’t think we have all the answers on how Jazz is going to affect all that.

Gardner: But Jazz itself is not something that you are going to charge directly for?

Hebner: As far as the community?

Gardner: Yes.

Hebner: No. That’s not the current thought. We don’t want to announce anything that we haven’t gotten to the point of rolling out. But the idea is to facilitate open community and get access to the different elements of it. We want this to be an open, commercial development expression. We want our customers to share and participate. And how we evolve and develop our products, and the key way of doing this is through www.jazz.net.

Gardner: One last question, because we are about out of time. I suppose something this large, this impactful, this strategic, needs to appeal to a variety of different constituencies -- developers should probably be enticed to it and have a buy-in element. There should be architects enticed to it in some fashion, as well as the business side. Do you expect that you can address all of these constituencies? In a quick summation, what’s in it for each of them?

Hebner: I think each one of them should keep in mind that Jazz is an innovation technology project, and that innovation would get infused across the elements of our software delivery platform, which tends to be roles-based. In your requirements management, there’s going to be additional value in that, and that’s going to help you all collaborate and communicate more effectively with other parts of your software delivery team.

If you are a developer or an architect, you are going to be able to get better real-time information with different parts of the development team that are building different elements. You can have real-time access to who's doing what. And you can have traceability. You have the ability to better manage what’s actually going on.

If you are the project manager, or the executive in charge of the effort, you are going to have greater visibility, auditibility and traceability -- what’s actually going on in the project. You can then really predict more effectively, is it going to be a 12-month project or a 13-month or a 14-month one, right? And how are you progressing against those milestones? You are going to have more improved access to the real-time health of the project and where the milestones are, right?

So I think what it’s going to do is it's going to infuse these new capabilities into a variety of different parts of the portfolio that would then appeal to different roles at a customer. I think the overriding thing is that we have to better integrate, and have all those different roles work together and collaborate in delivering software. Because obviously they all are interdependent on each other. I think most customers would tell you today that they could always improve the ability for these people to work more effectively together, for different teams to work more effectively, and share assets, and make decisions more effectively, and not get into wars over which requirements, and so forth, and so on.

Gardner: It's really about communication, isn’t it?

Hebner: It’s about communication and collaboration in a real-time environment, so that you have real-time information to make better decisions. It’s really integrating and automating. I think these are the keywords here. So, automating how these people work with each other. It’s not just communications, but it’s automating how you work together with each other, and put a little bit more predictability and management into how it all comes together.

Gardner: It sounds very exciting, very impactful, and very ambitious. I'm glad we had a chance to talk about it.

We have been discussing the new Jazz approach to software development collaboration and application lifecycle management with Scott Hebner, the vice president of marketing and strategy for IBM Rational Software. We look forward to learning more about this in the coming months, and in June at the Rational Developer Conference. And for now, people can find out more about this at www.jazz.net.

Scott, thank you very much for your time and information. I'm sure this is a subject we’ll be discussing quite a bit over the next few years.

Hebner: You bet. Thank you very much, I appreciate it.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a BriefingsDirect podcast. Thanks for joining.

Listen to the podcast here.

If you'd like to learn more about BriefingsDirect B2B informational podcasts, or to become a sponsor of this or other B2B podcasts, contact Interarbor Solutions at 603-528-2435.

Transcript of the BriefingsDirect podcast on the IBM Jazz collaborative application development and deployment framework. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.

Transcript of BriefingsDirect Podcast on ALM 2.0 and Borland's Open ALM Approach to Development as a Business Process

Edited transcript of BriefingsDirect[TM/SM] podcast with Dana Gardner, recorded April 3, 2007. Podcast sponsor: Borland Software.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today, a sponsored podcast discussion about the development of software as a managed business process, about seeking to gain more insight, more data and metrics, and more overall visibility into application development -- regardless of the parts, the components, the platforms, or the legacy. It’s really about gaining an operational integrity view of development, from requirements through production, and bringing it all into a managed process.

To help us through this discussion of Application Lifecycle Management (ALM) and the future of ALM, we have with us Carey Schwaber, a senior analyst at Forrester Research. Welcome to the show, Carey.

Carey Schwaber: Thank you.

Gardner: We're also going to be talking with Brian Kilcourse. He is the CEO of the Retail Systems Alert Group, and a former senior vice-president and CIO of Longs Drug Stores. Thanks for joining, Brian.

Brian Kilcourse: Thanks, Dana.

Gardner: Also joining us, an executive from Borland Software, Marc Brown. He is the vice president of product marketing. Welcome, Marc.

Marc Brown: How are you?

Gardner: Doing well, thanks. We want to talk about the "professionalism" of development. Some people have defined software development as an art or a science -- sometimes even a dark art. And to me that means a lack of visibility and understanding. Many times the business side of the house in an organization that’s doing software is a little perplexed by the process. They see what goes in as requirements, and then they see what comes out. But they often don’t understand what takes place in between.

I want to start off with you, Marc. Tell us a little bit about ALM as a concept and what Borland Software, in particular, has been doing in terms of evolving this from mystery into clarity?

Brown: Dana, that’s a great question. What Borland has been doing over the last several years is really focusing on how to help organizations transform software delivery or software development into a more managed business process. We think this is critical. If you look at most businesses today, IT organizations are expected to have very managed processes for their supply-chain systems and for their human resources systems, but when it comes to software delivery or software development, as you mentioned, there is this sense that software is some sort of an art.

We would really like to demystify this and put some rigor to the process that individuals and organizations leverage and use around software delivery. This will allow organizations to get the same predictability when they are doing software as when they are doing the other aspects of the IT organization. So our focus is really about helping organizations improve the way they do software, leveraging some core solution areas and processes -- but also providing more holistic insight of what’s going on inside of the application lifecycle.

Gardner: In January of 2007, you came out with a new take on ALM. You call it "Open ALM." I am assuming that that is opposed to "closed." What is it that’s different about Open ALM from what folks may have been used to?

Brown: Well, getting back to helping organizations with software development, it's Borland’s assertion that we need to do it in the context of how organizations themselves have developed or invested their own technology stack over time. So for us the way that we can help organizations apply more management and process-rigor to the application lifecycle is to give them insight into what’s going on. We do that through providing metrics and measurements, but in the context of their technologies, their processes, and their platforms. That is versus proposing a new solution that causes them to do a rip-and-replace across each of the vertical slices of the software development lifecycle.

Gardner: It sounds like an attempt to give the developers what they want, which is more choice over tools, new technologies -- perhaps even open-source technologies. And at the same time you give the business more visibility into the ongoing production and refinement of software. Is that a fair characterization?

Brown: It sure is. What we are all about with Open ALM is providing a platform that provides the practitioners of ALM the tools, processes, and choices they need or are skilled in, and then provide the transparency across that lifecycle to be able to collect the metrics necessary for the management team to actually manage those resources more predictably.

Gardner: Okay. My sense is that there are more options for companies when it comes to the tools and the utilities that they bring into the software development process. Let’s take a look at the state of the art of ALM. Carey Schwaber, can you give us a bit of an overview about ALM? And am I correct in assuming that there are more parts and therefore the potential for more complexity?

Schwaber: You're right. There certainly are. ALM isn't just about developers. It’s really about all the roles that come together to ensure that software meets business requirements -- from business analyst, to the architect, to the developer, to the project manager, the tester.

It just goes on and on. And it feels like every year we end up with more specialized development teams than we had the year before. Specialization is great, because it means that we have more skilled people doing jobs, but it also means that we have more functional silos. ALM is really about making sure that every one of those silos is united, that people really are marching toward the same goal -- to the same drumbeat. ALM is about helping them do that by coordinating all of their efforts.

Gardner: Are there some mega trends going on? It seems to me that offshoring, globalization, outsourcing, and business process management (BPM) add yet another layer of complexity.

Schwaber: There aren't many trends that you can’t tie back to a greater need for ALM, where we have so many things going on that are increasing the degree to which our software is componentized. SOA is just one way in which our software is more componentized. Dynamic applications are also leading toward more componentized software, and that really means that we have more pieces to manage.

So in addition to functional silos, we've also got technology silos where we have a front-end in .NET, a back-end in Java, and maybe we're using a BPM tool to create the entire composite application. There are just so many ways that this gets more and more complex. Then, in addition to managing roles, you also have to manage all of these different components and their interdependencies.

Gardner: A major component of ALM is managing complexity. You came out with a report in August of 2006 that coined the term "ALM 2.O." What did you mean by that?

Schwaber: That’s actually about something that we see as a shift in the ALM marketplace. In the past, vendors have collected ALM solutions over time by acquiring support for each role. They’d acquire a tool that supported business analysts in the work that they do. Then, they’d acquire a tool that supported testers or test leads and the work that they do. They’d integrate the two, but that integration never ended up being very good. That integration is where ALM comes in. ALM lives in coordinating the work that the tester, the business analyst, and all the other roles involved really accomplish, to make sure that software meets business needs.

What we have seen is a trend where vendors are stopping the accumulation of piece-parts of ALM solutions, and starting to design platforms for ALM that really integrate any tool that the company happens to be using with something over the platform that provides ALM almost as a service to the tools. People have the option of choosing a tool for their business analysts from one vendor, a development environment from another vendor, and a testing tool from a third vendor. They are plugging into the same ALM platform, knowing that they'll all work together to ensure that those roles are in harmony -- even if the vendors that produced the tools that support them are not in harmony.

Gardner: So even if we take a platform approach to ALM, it sounds like what you are saying is that heterogeneity -- when it comes to the moving parts of application and software development -- is no longer necessarily a liability, but if managed properly, can become an asset.

Schwaber: That is definitely one of the goals of ALM 2.0, to assume that integrating lots of different functional silos shouldn’t require that we go to a single vendor, because that’s not always possible. There may be a best-of-breed tool in a certain area that happens to be from a vendor that doesn’t have great support for the rest of the lifecycle. So the vision with ALM 2.0 is that you shouldn’t have to make that trade-off. You should be able to choose best-of-breed and integration.

Gardner: I assume then that this also affects people, IT, and process. How would an enterprise that buys into this vision get started? Do you have to attack this from all angles, or is there a more pragmatic starting point?

Schwaber: Hopefully the vendors will make it easy on you and you won’t have to buy everything in one fell swoop. The whole idea is that if you purchase one tool from a vendor that has an ALM 2.0 platform, the platform essentially comes with that. Any tools that happen to plug in to that are ones that also enable better and more flexible ALM, where the platform provides services like workflow, collaboration, reporting, and analytics. Maybe even some more infrastructure things like identity management or licensing could be in the platform, and those would be available to any tools that wanted to consume them and were designed to consume them.

Gardner: Let’s go to Brian Kilcourse. Brian, you have been in the field as a CIO. Is ALM 2.0 vision-creep or is this real-world, in terms of how you want to approach software development?

Kilcourse: It sounds very real-world to me. As most CIOs have done, I spent untold amounts of money trying to turn the software development process from an artistic activity to an engineering activity. There were a bunch of good reasons for that. One of them is that commercial computing is now over 60 years old. And one would think, at this point, that we would have figured out a way to commoditize it and make it more reliable.

But it still remains, even after this long period of time, that software development is easily the most unreliable part of the whole value delivery equation that the IT department brings to the organization. So in broad-brush strokes, it makes great sense. The other thing that is important to underline, as Carey already mentioned, is that people like me have already spent a lot of money on tools. And just because there’s a new and better definition of how to approach those tools doesn’t mean that I am going to throw everything away.

Organizations that had quite a bit of time to get these tools embedded into their practices may have silos of expertise that aren’t going to be easily displaced. All of these things argue against stopping your business while you figure out a better way to develop software. What is important is that we desperately need a way to be able to track a development from the initial conception of the requirements, all the way through to delivery, production, and beyond.

There has to be a way to do that, and it has to be an overarching process that we can observe, measure, and report on. To that end it requires that all of these tools, whatever they are, be kept in sync, so that we can understand it and we can make it evident to the business -- so that the business can know that they are getting the right value for the right dollars. That’s always one of the biggest challenges that any CIO has -- how to show value.

Gardner: I suppose there’s been a kind of tension between sufficient openness and sufficient integration, and that they play off of one another. Is there anything about the state of the art now, where reaching this balance between sufficient openness and the ability to integrate and manage, comes into some sort of a harmonic convergence? Is there anything different about ALM today?

Kilcourse: The fact that we are talking about ALM 2.0 is a big step in the right direction. In our business applications we need to be able to integrate at the information level and the data level, even if they are different code sets or physically different databases. From the business perspective we need to come up with one coherent answer to any kind of a business question. No matter what the toolsets are, we have one way to see them from a business perspective. I think that’s very encouraging.

We know from our business application stack that this is possible. So if it’s possible for the business, why isn’t it possible for the IT organization? You can call this a "cobbler’s children" problem. Why don’t we have for ourselves what we promise to deliver to our business associates?

Gardner: Let’s take that back to Marc Brown at Borland. I assume that your goals with Open ALM are similar to the goals envisioned in ALM 2.0, and that you want to help CIOs get that visibility to demonstrate value. Do you see something new and different in the marketplace now about reaching this balance between openness and integration?

Brown: You know, I do. To extend what we were just talking about, one of the core differences that organizations are talking about today versus 10 years ago is that in the past we talked a lot about making sure we had optimized role-based solutions. We talked a lot about supporting specific activities and specific roles in a lifecycle. What we are finding today when we talk about application lifecycle, and I think Carey brought this up, the real critical piece is understanding the core processes that drive the overall lifecycle activities and assets between the individuals that make up a software delivery team.

So for Borland one of the unique aspects in the way we are approaching this is that we are really focused on the process-driven integration from a technology perspective. We're really looking at the individual processes, such as portfolio and project management, where requirements definition management, understanding those processes, bringing the technologies to bear to support those processes, and providing the integrations between those individuals supports the horizontal software processes.

The other aspect is understanding that we need to do this, not just in a constrained set of tools that Borland brings to market, but also in the context of the tools that customers want to use and leverage. That means Borland technologies, other third-party technologies, and open-source technologies.

Gardner: I suppose one of the hurdles to getting this visibility in the past was that a lot of these components, tools, and testing environments have very different technologies and formats for how they apply and transfer data. What is it that Borland has done with Open ALM to allow the majority of these parts to work together? Is this about building modules and components? What does it take to get these things to actually be herded, if you can use the analogy of trying to herd cats?

Brown: The starting point is understanding that we need to deliver a platform based on an ALM meta-model, something that we can utilize and leverage to define all the various activities and assets that flow through the application lifecycle. Then we need to provide a set of core services that will use that meta-model and will support add-ons that are lacking today. One of the critical things is providing more comprehensive ALM-centric metrics and measurements that span the lifecycle -- versus being very vertically focused for a particular role and job. A lot of this is based on having an ALM data description that represents all the activities and data that are going to be passed through a lifecycle.

Gardner: So there’s an immediate tactical benefit of getting the data from the various parts, and there’s a larger strategic value of then analyzing that data, because you've got it in the holistic process-driven environment, a common environment. What sort of data and metrics do you expect companies to be able to derive from this, and how can they instantiate that back into the process?

Brown: The critical thing that businesses will be able to do is be able to demystify what software development really is. It's about removing the "black box," and having data consolidation or aggregation so they can in fact measure what’s going on. Then they can determine what areas of the processes are working, what areas potentially are bottlenecks or are deficiencies. They can utilize the data that’s being collected across the ALM, and filter that out to the broader business intelligence activities that the IT business is doing to see what’s actually working, and what’s not working, within the IT organization.

Gardner: We're going to be able to give non-IT people some real visibility into timetables, quality assurance curves, dates for completion, and that sort of thing, which to me seems essential. If you are putting a new product or a new service in the market, you are going to be ramping up your marketing, ramping up inventory and supply chain, and are going to be looking into manufacturing, if that's the basis of the product. You really need to coordinate all these things with development, and that has been haphazard.

Am I reading more into this, or do you really plan to be able to give non-IT people these dials, and this kind of a dashboard by which to run their entire business -- but with greater visibility?

Brown: That is exactly what we are proposing. Borland is very committed right now on Open ALM to deliver a platform that allows organizations to leverage their own configured processes and technologies to gain the insights necessary to really start having confidence in what they are doing. That confidence is going to be increased by providing them the tools and technologies so they can track, measure, and improve their processes.

Gardner: Let's take it back to Carey Schwaber. Carey, in your analysis of the market is there a potential for a significant productivity boost by bringing visibility into software development and activities into the larger context of business development and go-to-market campaigns?

Schwaber: I think there is. And there is a great degree of redundancy that happens to a lot of development efforts that have already been accomplished, or just redundancy of documentation. Even when it’s not redundancy, the problem is that people are pursuing different goals -- when you have testers who are testing against out-of-date requirements, and the business analyst wants them testing against the newer requirements. We've got the problem of an overlap of efforts. Then we've got the problem of misaligned efforts. Together those really eat away your productivity and waste precious development dollars.

There are a couple of ways you can use better ALM practices to improve productivity. The first is to get numbers about what you are really doing today to measure how often these things are happening. That is the first step that you need to take before you can take remedial action. The second one is just making sure that you have people working off of common data, that there is one way to represent the truth -- not just about one part of the lifecycle, but the entire lifecycle. You have to have the appropriate correlation between those disparate parts.

Gardner: Brian Kilcourse, to your point about CIOs trying to demonstrate value in real terms -- to be viewed as a productivity center and not a cost center -- do you think that this visibility into application development can give you, as a CIO, the tools you need to go to the CEO and say, “Here is what we are going to do, and when we are going to do it.”

Kilcourse: Certainly, if you as a CIO can map specific IT activities back to the business requirements that drive them, you have a much stronger set of metrics to indicate your alignment to the business than you have otherwise.

There is a huge disconnect between the front of a development process, which is always driven by business requirements, and the back-end of the process, which is always post-production maintenance. Between those two spaces there are a lot of things that go on. Somewhere along the line, in what I characterize as the business technology handoff, there is a big disconnect. Even with the best intentions, because of the complexity of the technology solutions available, the business really does lose track of what those guys down in IT are doing. The ability to overcome that chasm would go a long way toward solving the historical distrust between the two organizations.

Gardner: Do you sense that there are any particular vertical industries or even types of development projects that would benefit from an approach like Open ALM better or first? Where is the low-hanging fruit for this?

Kilcourse: That’s a great question. No business that I am aware of starts from scratch, either with a technology group or with the business that it supports. So any business that is trying to infuse the business process with the information asset in new ways is a candidate for this. I focus a lot on retail. And I can tell you from my experience in retail that those organizations are ripe for this kind of capability. There is a tremendous amount of distrust between the executive side of the house and the IT side of the house in that particular industry. I see it in other industries as well. But even in such obviously highly correlated industries like financial services there is still a tremendous room for improvement.

Gardner: Do you think Open ALM makes more sense for those organizations that are in fast-moving markets? Retail, of course, is like that because they have to anticipate, sometimes months in advance, the desires of a culture or a human fashion-driven impetus to buy. And then they have to act on that. Do you think that for those companies that are involved with fast time-to-market that this would be particularly important?

Kilcourse: Certainly fast time-to-market causes fast marketplace changes. The problem in IT across so many factors is that the IT organization cannot respond quickly enough to changes in the business environment. That's not particular to retail. It happens everywhere. To the extent that you can eliminate the friction that exists in the delivery process within the IT organization -- so that the company actually is getting the maximum amount of traction for their investment dollars -- it's going to help.

Carey pointed out, and I thought it was a really good point, that there is a lot of wasted activity that goes on because of rework and focusing on the wrong requirements that might not have the biggest benefit -- but might be the thorniest problem that somebody faces. We don’t always have visibility into that. We find out only at the end when we tally up the score and find out where the dollars really went and why we had to go to Phase 2, Phase 3 and Phase 9 of a project, because we couldn’t get it all done in the first shot.

The ability to focus IT energy where it really matters most to the business is a big goal of most CIOs that I know.

Gardner: Carey, back to you. Do you concur that the fast time-to-market is a major impetus? If so, what other ones do you see in terms of where common views of practices and processes for application development are super-important?

Schwaber: I agree that fast time-to-market or any time-to-market pressure is definitely a reason you would need to have your ducks better aligned up front. But I don’t know any companies that don’t want to do a better job of satisfying their business customer’s demands for the same software in less time. That's a pretty universal desire, no matter whether you have a lot of time-to-market pressure in your industry or not.

So, I would say that we all want more for less. On top of that, I would add compliance requirements, where you need to confirm that the software you are developing does what the business wants it to, so that you know that you are producing accurate financial reports, or even that you have some kind of internal compliance requirement.

You know you are looking to get toward Capability Maturity Model® Integration (CMMI) Level 2 or Level 3, and you want some proof that you are actually going to do that. ALM capabilities can really help you in that area. So those kind of pressures really matter. But any time we get away from the old halcyon ideal of the business customer telling the developer what to write, and then the developer immediately implementing it, we have opportunities for miscommunication. The more people, geographies, and technologies we involve, the more complex it all gets, and the more we really need help keeping track of all the dependencies between the things that we are doing. That is really describing any project these days.

Gardner: Of course, software seems to be playing a larger role in how companies operate. The technology, in a sense, becomes the company.

Schwaber: How many business processes are there that aren’t automated by IT, either today, or plan to be automated by IT within the next five years? Business processes that we can’t even imagine will be embodied in software eventually.

Gardner: Let’s get back to Marc Brown. Marc, at Borland you have come out with this Open ALM approach and you have had a lot of experience in development over the years. Do you have any metrics? Do you have any sense of what the pay-off here is through some of your existing customers -- maybe some beta examples? Do you have any typically "blank" percentage of savings? What are the initial payoffs from embracing Open ALM?

Brown: We certainly have seen the benefits with many organizations, which see the value in a number of ways. First, many organizations, because they are trying to improve their overall process, are attacking their deficiencies incrementally. We've got some organizations that have found their key issue today is poor requirements definition and management. They simply can't get requirements written accurately and in a way that they are testable up-front. This creates a huge amount of rework downstream.

We've got some really good examples where we have gone in and helped organizations improve their requirements definition and management process, and we found really dramatic improvements. On one occasion, an organization was able to achieve a 66 percent improvement just on the analysis side -- when they were going through, looking at a legacy system, trying to define the "as-is" business processes, and then taking that work and collaborating with the business stake-holders to construct the "to-be" business process. That was typically taking the organization anywhere from 12 to 20 weeks. They saw a 66 percent decrease in that time by leveraging not only the process guidance we were giving them, but also other technologies that we could apply to that area of the process.

Gardner: So that’s a substantial opportunity, and that was only, I suppose, a partial embrace of Open ALM.

Brown: Yeah, and that’s the way a lot of people are looking at this. We are going out and helping organizations first of all pinpoint their largest areas of deficit or gap. That could fall into any of the four critical solution areas that we're helping organizations around project and portfolio management, or, as I mentioned, requirements definition and management, or lifecycle quality management. We are helping them understand where they have gaps or deficiencies today, and then incrementally improving that over time to embrace Open ALM as an incremental philosophy and approach.

Gardner: How has this so far impacted distributed types of development, where the organization has a number of development centers around the world, where perhaps you are outsourcing, and your outsourcing organizations are spread around the world? What’s the potential payback for those sorts of highly distributed development activities?

Brown: The real benefit we are seeing, and we will see more of this over time, is through the increased visibility. Again one of the biggest problems with organizations that are outsourcing today is the inability to aggregate or consolidate data from the outsourcer, the supplier, and the vendor, and to bring that together into a view, to have confidence that what’s happening from the outsourcer aligns with the overall business goals and original project plans. With our ability to help overlay our platform to bring together both the outsourcer’s technologies and data -- and then bring that together with the internal data -- we are able to bridge the gaps that they are having today, so that they have more confidence in the data they are seeing.

Gardner: How about Services Oriented Architecture (SOA)? It seems to me that as you break things down into services -- if we eradicate more of the silos around runtime environments -- we are at the same time knocking down silos in design-time. We might be able to get into some sort of a virtuous cycle, whereby we can adjust development to suit what’s going on in the field, which then is able to adapt to business requirements. That seems to be a big pay-off from SOA.

Let me throw that out to the crowd. What do you think is going to be the impact of SOA on development?

Brown: I'll take the first crack at this, Dana. I do think that SOA will certainly provide a lot of benefits, because it is one of the first practical approaches to help organizations realize the benefits of reuse. It's something that a lot of organizations had talked about time and time again. But there has been a lack of a common infrastructure or communications to bridge how that really happens over time. Many organizations simply said, “Look, my project’s not budgeted to create reusable code. We've got tight deadlines, and we have got a lot of work to do, and I am not going to have the time to do it in a reusable fashion.”

SOA gives people a good framework for how to actually structure applications to provide interoperability over time. I think this is a good approach for organizations to finally see the benefits of reuse, but it requires a lot of management and due-diligence when they are developing and deploying particular components. Because as they develop new versions or new components to supplement existing ones, they have to have more visibility in the usage levels, on who is using what, and so on.

Gardner: How about you, Brian? How do you see the evolution and maturation of ALM and the burgeoning ramp-up to SOA working either together, or perhaps at odds?

Kilcourse: Actually I don’t see them at odds at all. Because, first of all, SOA is an architectural concept, whereas Open ALM is a process concept or process model. In my company we just finished a piece of research on SOA and retail. What we found out is, if I could characterize something as a curiosity-understanding ratio, there is a lot of curiosity and very little understanding of what SOA really means in terms of how you get from "here" to "there."

As it relates to ALM -- going back to the original discussion that ALM covers everything from requirements all the way through post-production -- the notion of SOA breaking things down into reusable components or objects, business rules or metadata that can be redeployed almost at will as the business needs change, is a very powerful notion, especially in an environment such as the one that I service, where the business environment changes quite dramatically.

The challenge, of course, is taking something as broad as a business requirements and breaking them down into tiny service-level objects that then can be understood and implemented by the IT organization. If you don’t have some way to map that to the business requirements, you could have a worse bowl of spaghetti than you have now. In that context, these things are very tightly interwoven.

Gardner: How about you Carey? A last word on SOA and ALM?

Schwaber: Well, a lot of the great words have already been taken. But what I would add is that SOA introduces more dependencies among development projects then we are used to. It really requires us to have some way of coordinating our efforts across projects. In the past, projects often used completely different technologies for managing their lifecycles.

So this is yet another impetus for us to have a better way of connecting disparate tools from different vendors that use different technologies. Otherwise we end up not communicating the right data at the right time about services, about service levels, about service quality -- and we end up chasing our tails, trying to figure out what it is we have to do to build services that other people can reuse in effective ways that map to the business processes we are looking to automate.

Gardner: I suppose that quality and quality assurance are important when we go into these more componentized services. It seems to me that history has borne out that quality comes from getting it right the first time, and that really means business requirements.

Schwaber: SOA really does make quality that much more of an issue. We aren’t that good at it for basic, monolithic applications. Imagine how bad we’ll be at it with SOA?

I really see SOA giving us an opportunity to do better, because in every service a defect is propagated to every single application that consumes that service. But if the service is high-quality, that quality level is propagated, too. Essentially we have a mandate to do a much better job on quality in our services because the stakes are so much higher. We really need to bulletproof services that are built for reuse.

Gardner: Marc, to you now. As the stakes are getting higher, Borland has identified an important initiative. What is it that puts Borland into position to lead in this segment? Is it because of your heritage, acquisitions, the position you’ve taken on openness, or is it because of a "secret sauce?" What is it about Borland that makes you able to rise to this challenge?

Brown: It’s a couple of things. First, Borland in its overall business strategy is completely focused on helping organizations transform the way they do software, and we are not promoting any particular type of platform or development environment. We are all about helping people understand how to manage the actual processes that govern ALM. I think we have got a little bit of a secret sauce, because we are somewhat neutral from the platform or development-environment perspective. There are other vendors in this space who certainly have specific ties with a particular platform or development environment.

One thing that really distinguishes us from the others in the game is the fact that we are really focused on helping customers solve their true pains, which is giving them the metrics and measurements they need to be more successful at software. And at the same time, we support their current investments and future investments. So for us we’ve got full focus on ALM, and we are committed to supporting the platforms, the development environments, and the processes that organizations use today -- and those that they are going to use in the future.

Gardner: Great. Well, thanks very much. This has been a BriefingsDirect podcast discussion, a sponsored podcast about Application Lifecycle Management and the evolution of software development into a managed business process.

We’ve been joined by Carey Schwaber, a senior analyst at Forrester Research. Thanks, Carey.

Schwaber: My pleasure.

Gardner: Brian Kilcourse is the CEO of Retail Systems Alert Group, and a former senior vice president and CIO at Longs Drug Stores. Thanks, Brian.

Kilcourse: Thanks for having me.

Gardner: And Marc Brown is the vice president of product marketing at Borland. Thanks, Marc.

Brown: Thank you.

Gardner: This is Dana Gardner, your host and moderator, and the principal analyst at Interarbor Solutions. Thanks for listening.

Podcast Sponsor: Borland Software.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect podcast on Open ALM and ALM 2.0. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.

BriefingsDirect SOA Insights Analysts on SOA Mashups and the Oracle-Hyperion Deal

Edited transcript of weekly BriefingsDirect[TM/SM] SOA Insights Edition, recorded March 2, 2007.

Listen to the podcast here. If you'd like to learn more about BriefingsDirect B2B informational podcasts, or to become a sponsor of this or other B2B podcasts, contact Interarbor Solutions at 603-528-2435.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect SOA Insights Edition, Vol. 13, a weekly discussion and dissection of Services Oriented Architecture (SOA) related news and events with a panel of industry analysts and guests. I am your host and moderator Dana Gardner, principal analyst at Interarbor Solutions, ZDNet blogger and Redmond Developer News magazine columnist.

Our panel this week -- and that is the week of Feb. 26 2007 -- consists of Steve Garone, a former IDC group vice president, founder of the AlignIT Group, and an independent industry analyst. Welcome back to the show, Steve.

Steve Garone: Thanks, Dana. Great to be here.

Gardner: Also, joining us once again, Joe McKendrick, a research consultant, columnist at Database Trends and a blogger at ZDNet and ebizQ. Welcome back, Joe.

Joe McKendrick: Good morning, Dana.

Gardner: Also joining us, Tony Baer, principal at OnStrategies, and blogger at Sandhill.com and ebizQ. Thanks for joining, Tony

Tony Baer: Hi, Dana.

Gardner: And also once again, joining us is Jim Kobielus. He is a principal analyst at Current Analysis.

Jim Kobielus: Hi, Dana. Hi, everybody

Gardner: Joining us for the first time, and we welcome him, Dave Linthicum. He is CEO at the Linthicum Group, an SOA advisory consulting firm. Dave also writes the Real World SOA blog for InfoWorld and is the host of the SOA Report podcast, now in its third year. He is also a software as a service (SaaS) blogger for Intelligent Enterprise, and has a column on SOA topics for Web Services Journal. Welcome, Dave.

Dave Linthicum: It is great to be here.

Gardner: We are going to have a couple of meaty, beefy topics today on the SOA and, interestingly enough, Enterprise 2.0 arena. We are going to be discussing and defining the concept around "mashup governance." We are also going to discuss some merger and acquisition news this week, with a deal announced between Hyperion and Oracle, whereby Oracle will acquire Hyperion for $3.3 billion.

First off, let's go to this subject of "mashup governance." Dave, I believe you defined this to a certain extent in a recent blog, and I wanted to give you the opportunity to help us understand what you mean by "mashup governance" -- and why it’s important in an Enterprise 2.0 environment, and perhaps what the larger implications may be for SOA.

Linthicum: Sure. Thank you very much. That was a feature article, by the way, that InfoWorld sponsored, and it’s still up on their website. It basically talked about how mashups and SOA are coming together, since they are mashing up. As people are becoming very active in creating these ad-hoc applications within the enterprise, using their core systems as well as things like Google Maps and the Google APIs, some of the things that are being sent up by Yahoo!, Salesforce.com, and all these other things that are mashable. There's a vacuum and a need to create a governance infrastructure to not only monitor-track, but also learn to use them as a legitimate resource within the enterprise.

Right now, there doesn’t seem to be a lot of thinking or products in that space. The mashup seems to be very much like a Wild West, almost like rapid application development (RAD) was 15 years ago. As people are mashing these things up, the SOA guys, the enterprise architecture guys within these organizations are coming behind them and trying to figure out how to control it.

Gardner: An element of control to an otherwise ad hoc and loosey-goosey approach to creating Web services-based UIs and portal interfaces?

Linthicum: That’s absolutely right. Ultimately these things can become legitimate and very valuable applications within the enterprise. I have a client, for example, that has done a really good job in mashing up their existing sales tracking system, inventory control system, and also delivery system with the Google Maps API. Of course everybody and their brother uses that as a mashup example, but it's extremely valuable.

We are able to not only provide maps to do the best routing for delivery, but also Google Maps right now has traffic reports. So, they can give these to the truck drivers and delivery agents at beginning of the day, and productivity has gone up 25 percent. Over a year, that is going to save them more than $1.5 million. And, that’s just a simple mashup that was done in a week by a junior developer there. Now, they are trying to legitimize that and put it back into their SOA project, as well as other external API’s. They are in there trying to figure it out.

Gardner: So perhaps through this notion of combining what is available on an internal basis -- either as a Web service or moving toward SOA -- the enterprises can also start tapping into what is available on the Web, perhaps even through a software-as-a-service relationship or license, and put together the best of internal data content process as well as some of these assets coming off of the Web, whether it is a map, an API, or even some communications, groupware, or messaging types of functions.

Linthicum: I think you put it best that I have ever heard it. Absolutely. That’s the way it’s coming forward, as we are building these SOAs within these enterprises today. We have the added value of being able to see these remote services, deal with these remote APIs, and bring that value into the organization -- and that’s typically free stuff. So, we are using applications that we are gaining access to, either through a subscription basis in the case of Salesforce.com -- and they are, by the way, hugely into the mashups that are coming down the pipe -- free services that we are getting from Google, or even services that cost very little.

Putting those together with the existing enterprise systems breathes new life into them, and we can basically do a lot of things faster and get applications up and running much faster than we could in the past. Ultimately, there is a tremendous amount of value for people who are using the applications within these environments. Typically, it’s the mid-market or the mid-sized companies that are doing this.

Gardner: Or even department levels in larger companies that don’t need to go through IT to do this, right?

Linthicum: That’s right. Absolutely. That’s how Salesforce.com got started. In other words, people were buying Saleforce.com with their credit cards and expensing it, and they were wiring it around IT. We are seeing the same movement here. It's happening at the grassroots level within the department and it's moving up strategically within the IT hierarchy.

Gardner: Okay, so it sounds straightforward: a good productivity boost, moving toward the paradigm of mashable services. Why do we need governance?

Linthicum: Well, you really need a rudimentary notion of governance when you deal with any kind of application or service that works within the organization. Governance is a loaded word. If you go to the Enterprise Architecture Conference -- and I am speaking at it the end of this month in New Orleans -- they consider governance as a management practice. It’s running around knocking people on their heads, if they are not using the correct operating systems, databases, those sorts of things. In the SOA world, as Joe McKendrick can tell you, it's about a technical infrastructure to monitor-control the use of services. Not only is it about control, but it is about productivity. I can find services. I can leverage services, and they are managed and controlled on my behalf. So, I know I am not using something that’s going to hurt me.

The same thing needs to occur within the mashup environment. For mashing up, there are lots of services that we don’t control or that exist outside on the Internet. It's extremely important that we monitor these services in a governance environment, that we catalogue them, understand when they are changed, and have security systems around them, so they don’t end up hurting productivity or our existing IT infrastructure. We don’t want to take one step forward and two steps back.

Gardner: I read your blog in response to this, Jim Kobielus, and you seem to think that bringing too much governance to this might short-circuit its value -- that it’s the loosey-goosey, ad-hoc nature that brings innovation and productivity. Do you think that what we think of as traditional SOA governance is too rigid and strict and requires some interaction with IT? Or are we talking about some other kind of governance, when it comes to mashups?

Kobielus: Well, Dave made that same point in his article, which is that the whole notion of mashups is half-way to anarchy, as it were, creative anarchy. In other words, empowering end-users, subject-matter experts, or those who simply have a great idea. They typically slap together something from found resources, both internal and external, and provision it out so that others can use it -- the creative synthesis.

This implies that governance in the command-and-control sense of the term might strangle the loosey-goosey that laid the golden egg. So, there is that danger of over-structuring the design-time side of mashups to the point where it becomes yet another professional discipline that needs to be rigidly controlled. You want to encourage creativity, but you don’t want the mashers to color too far outside the lines.

Dave hit the important points here. When you look at mashup governance, you consider both the design-time governance and the run-time governance. Both are very important. In other words, if these mashups are business assets, then yes, there needs to be a degree of control, oversight, or monitoring. At the design-time level, how do you empower the end-users, the creative people, and those who are motivated to build these mashups without alienating them by saying, "Well, you've got to go to a three-week course, you've got to use these tools, and you've got to read this book and follow these exact procedures in order to mashup something that you want to do?" That would have clearly stifled creativity.

I did a special section on SOA for Network World back in late 2005. I talked to lots of best practice or use cases of SOA governance on design time, and the ones that I found most interesting were companies like Standard Life Assurance of Scotland. What they do is provide typical command-and-control governance on design time, but they also provide and disseminate through the development teams a standard SOA development framework, a set of tools and templates, that their developers are instructed to use. It's simply the broad framework within which they will then develop SOA applications.

What I am getting at here is that when you are dealing with the end users who build the mashups, you need to think in terms of, “Okay. Tell them in your organization that we want you to very much be creative in putting things together, but here is a tool, an environment, or enabling technology that you can use to quickly get up to speed and begin to do mashing up of various resources. We, the organization that employs you, want you, and strongly urge you, to use these particular tools if you wish your mashups to be used far and wide within the organization.

"If you wish to freelance it internally, go ahead, but doesn’t mean we are necessarily going to publish out those mashups so that anybody can see them. It means we are not necessarily going to support those mashups over time. So, you may build something really cool and stick it out there, but nobody will use it and ultimately it won’t be supported. Ultimately, it will be a failure, unless you use this general framework that we are providing."

Gardner: I think we need to re-examine some of these definitions. I'm not sure what we are talking about with mashup governance is either "run time" or "design time." It strikes me as "aggregation time." Perhaps we don’t even need to use existing governance and/or even federate to existing governance. Perhaps it's something in the spirit of Web 2.0 and Enterprise 2.0, as simple as a wiki that everyone can see and contribute to, saying, “Here is how we are going to do our mashups for this particular process."

Let’s say, it is a transportation process, "Here are the outside services that we think are worthwhile. Here are the APIs, and here is a quick tutorial on how to bring them into this UI." Wouldn’t that be sufficient? Let us take that over to Steve Garone.

Garone: I am going to push back on that a little bit. What we are wrestling with here is achieving a balance between encouraging creativity and creating new and interesting functionality that can benefit business, and keeping things under control. The best way to look at that balance is to understand what the true risks are.

The way I see it, there are several major areas. The first has to do with what I call external liability, meaning that if you, for example, publish a mashup to a customer base that has a piece of functionality you got off the web, and for some reason that has wrong information and does the customers some harm, who is responsible for that? How are you going to control whether that happens or not? The second has to do with what I call internal risk, which has to do with making available to the outside world information that is sensitive to your organization. In that case, a little more than what you described is going to be necessary, and can also leverage some of the governance infrastructure that people are building generally and relative to SOA.

Gardner: So, you are thinking that these mashups would be available not only to an internal constituency in the organization but across its users, its visitors, and the public?

Garone: Absolutely. Well, I think they can be, and I think there will be organizations and groups within organizations who will want to do that, driven primarily by the business opportunities that it can afford.

Gardner: But, if this is the general public accessing some of these mashups, wouldn’t the risk that they would take accessing the individual services on the web on their own be sufficient? Why would you need to be concerned about liability or other risk issues when these are already publicly facing APIs and services and so forth?

Garone: Conceptually, you wouldn’t, but we all know that in this world anybody can sue for anything, and the reality is that if I go to a company’s website and use a function that incorporates something that they grabbed off the web, and it does me harm, the first place I am going to look is the site that I went to in the first place.

Gardner: Well, you might have stumbled upon the category here that will warm the cockles of many lawyers’ hearts -- mashup risk and assessment.

Garone: Exactly. And, it's one of the problems that governance in general attempts to solve. So, it is relevant here. My bottom-line point is that achieving balance is going to involve some careful consideration of what the true risks are. Maybe resolving that involves a combination of the kinds of solution that you just talked about in some cases. In other cases, they are going to have to leverage the governance infrastructure that exists in other areas within a company.

Gardner: Your point is well taken. This is business, it is serious, and it needs to be considered and vetted seriously -- if it is going to be something that you are using for your internal employees’ use, as well as if it becomes public-facing. How would you come down on this, Joe McKendrick? Do you see the balance between something as unstructured as a blog or wiki being sufficient, or do we need to bake this into IT, get policies and governance, and take six years to get a best practices manifesto on it?

Garone: I did not recommend that, Dana.

Gardner: I know. I'm going from one extreme to the other.

McKendrick: If we do it in two years, that would be fine. But what I’d love to know is, what exactly is the difference between a mashup and a composite application that we have been addressing these past few years within the SOA sphere? The composite application is a service-level application or component that draws in data from various sources, usually internal to the organization, and presents that through a dashboard, a portal, or some type of an environment. It could be drawn from eight mainframes running across the organization.

Obviously, the governance that we have been working so hard on in recent years to achieve in SOA is being applied very thoroughly to the idea of composite applications. Now, what is the difference between that and a mashup? Other than the fact that mashups may be introducing external sources of data, I really don’t see a difference. Therefore, it may be inconsistent to "let a thousand flowers bloom" on the mashup side and have these strict controls on the composite application as we have defined in recent years.

Linthicum: The reality is that there is no difference. You are correct, Joe, and I point that out in the article as well. There are really two kinds of mashups out there: the visual mashups, which are what we are seeing today, where people are taking basically all of these interface APIs and using the notions of AJAX and other rich, dynamic clients, and then binding them together to form something that is new.

The emerging mashups are non-visual. It's basically analogous, and is not exactly the same, as traditional composite applications that are -- if you can call them traditional -- in the SOA realm today. They have to be controlled, managed, governed, and developed in much the same way.

Kobielus: There is a difference here. I agree with what Dave just said that mashups are not qualitatively different from composite apps, but there is a sort of difference in emphasis, in the sense that a mashup is regarded as being more of a user-centric paradigm. The end-user is empowered to mash these things up from found resources.

It relates to this notion that I am developing for a piece on user-centric identity as a theme in the identity management space. The whole Web 2.0 paradigm is user-centric -- users reaching out to each other and building communities, and sharing the files and so on. Mashing up stuff and then posting that all to their personal sites is very much a user-centric paradigm.

There's another observation I want to make. I agree that the intellectual property lawyers are starting to salivate by mashups invading their clients or encroaching on their clients’ rights. Actionable mashups are good from a litigator’s point of view. In terms of governance then, organizations need to define different mashup realms that they will allow. There might be intra-mashes within their Intranet -- "Hey, employee, you can mash up all manner of internal resources that we own to your heart’s delight. We will allow intra-mashes, even extra-mashes within the extranet, with our trusted partners. You can mash up some of their resources as well, whatever they choose to expose within the extranet. And then, in terms of inter-mash or Internet wide mashing, we’ll allow some of it. You can mash Google. You can mash the other stuff of the folks who are more than happy to let you mash. But, as an organization, your employer, we will monitor and block and keep you from mashing up stuff that conceivably we might be sued for."

Gardner: So you could take six years and require a manifesto. Thank you, Jim Kobielus. Tony Baer, let's take it to you. Do you see this as a problem in terms of the governance, or should we keep it loosey-goosey? Should we not get into the structure, and do you think that -- to Jim’s point -- a mashup is conceptually different from a composite application because of the user-centric, user-driven, keep-IT-out-of-it aspect?

Baer: We've got a couple of questions there. I’ll deal first with the technical one, which is that composite apps and mashups are basically trying to do the same thing, but they're doing it in different ways. Composite apps, at least as I've understood the definition, came out of an SOA environment. That implies some structure there, whereas mashups essentially merged to Web 2.0 with the emergence of AJAX-style programming, which lets anybody do anything anywhere with this very loosely structured scripting language. There are practically no standards in terms of any type of vocabulary.

So, there is a bit of a "Wild West" atmosphere there. As somebody else said, you really need to take a two-tiered approach. On one hand, you don’t want to stifle the base of innovation, a kind of a skunk works approach. Having a walled garden there, where you're not going to be doing any damage to the outside but you are going to promote collaboration internally, probably makes some sense. On the other hand, even if the information did not originate from your site, if you're retransmitting it there is going to be some implication that you are endorsing it, at least by virtue of it coming under your logo or your website.

Gardner: Yeah, the perception of the user is going to be on you, regardless of the origins of the service.

Baer: Exactly. So, you need a tiered approach. I was taking a note here earlier. You really need to exert control on the sources of information. Therefore, for the types of information that are exposed internally -- for example something from an internal financial statement -- you need to start applying some of the rules that you've already developed around internal databases. Different classes of users have a right to know and to see it and, in some cases, some read-write privileges.

You need to apply similar types of principles at the source of information. Therefore, if I have access to this, this means implicitly that I can then mash it up, but you have to really govern it at the original point of access to that information, at least with regard to internal information. With external information, it probably needs to go to the same type to clearance that you would exert for anything that goes out on the corporate website, the external website.

Gardner: So, your existing policies and access privileges, your federated ID management brought up into a policy level, that will all play into this and it could help mitigate this concern around the right balance.

Baer: Well, put it this way, it’s a step toward that direction.

Gardner: I want to offer another possibility here. I was thinking about the adage that nobody was fired for using IBM, which was a common saying not that long ago. What if we were to take that same mentality and apply it here -- that if you're going to do mashups, make sure they are Windows Live mashups, or Google mashup services for mashup; or maybe Salesforce.com? So, is there is an opportunity on the service provider side to come up with a trusted set of brands that the IT people and the loosey-goosey ad-hoc mashup developers could agree on to use widely? They could all rally around a particular set of de-facto industry standard services? That would be perhaps the balance we're looking for.

What do you think about that, Steve?

Garone: That can certainly be a realistic part of how it’s done, and it gets back to something someone mentioned earlier about composite applications. We talked about the similarities and the differences. One of the differences I see is when I think back to when people started building applications from software components. There was a flood of products put on the market to manage that process in terms of cataloguing and putting into libraries trusted components with descriptions and APIs that conform to standards, to try to sort of reign in people’s ability to go all over the place and pick software from the sky to build into an application that could be used in a business context.

What you're saying sort of conforms to that, in that you come up with a trusted set of applications or a trusted set of vendors or sources from where you can get application functionality, and an attempt to enforce that.

Gardner: It strikes me that this is a slippery slope, if people start using mashups. That includes the more defined and traditional developer using it through governance and vetting it properly with command and control, as well as across a spectrum of project-level, third-party developers, and even into department-level folks who are not developers per se. The slippery slope is that, suddenly more of the functionality of what we consider an application would be coming through these mashups and services, and perhaps increasingly from outside the organization.

Therefore, the people who are providing the current set of internal services and/or traditional application functionality need to be thinking, "Shouldn’t I be out there on the wire with a trusted set?" We're already seeing Microsoft move in this direction with its Windows Live. We're seeing Google now putting packaging around business-level functionality for services. Salesforce.com is building an ecology, not only of its own services, but creating the opportunity for many others to get involved -- you could call them SaaS ISV’s, I suppose.

And I don’t think it’s beyond the realm of guesswork that Oracle and SAP might need to come up with similar levels of business application services that create what would be used as mashups that can be trusted to be used in conjunction with their more on-premises, traditional business applications. Does anyone else see any likelihood in this sort of a progression? I’ll throw it out.

Linthicum: There's a huge likelihood of that coming up. People are moving to use interface-based applications through software-as-a-service. All you have to do is look at the sales of Salesforce.com to monitor how that thing is exploding. And, they are migrating over to leveraging services to basically mix-and-match things at a more granular level, instead of taking the whole application interface and leveraging those within your enterprise. This is what I call "outside-in" services. I wrote about that three years ago.

People are going to focus on that going forward, because it just makes sense from an economic standpoint that we leverage the best-of-breed services, which typically aren’t going to be built within our firewall. We don’t want to pay for those services to be built, but they're going to be built by the larger guys like Salesforce.com, Google, and Microsoft. It's going to be a slow evolution over time, but I think we are going to hit that inflection point, where suddenly people see the value. It’s very much like we saw the value in the web in the early '90s -- that it really makes sense not only to distribute content that way, but distribute functional application behavior that way.

Gardner: Thanks, Dave. Any contrarians out there? Does anyone think that this back-to-the-future, in terms of the major players stepping up and providing best-of-breed services, is not likely?

Kobielus: Well, I think it's likely. But the fact is that, given the accessibility of this technology, it will encourage independence to startups, and provide unique new services too that may fall between the cracks. It’s the classic long tail here.

Gardner: I’ll be contrarian in this, because I don’t think that these sets of players, with the possible exception of Google and Salesforce.com, are going to be interested in having this occur sooner. They would rather have it come later, because their on-premises, licensed software businesses are far more profitable, and it gives them a more entrenched position with the client and the account than these mashups. Those can be switched in or out quite easily, and are either free or monetized through advertising or in a subscription fee format that is still not nearly as profitable for them in the long run as an on-premises, licensed affair.

Does this notion of the business model, rather than the technology model or the branding model, change anyone’s opinion on the speed in which this happens? Do we need to have a small group of interlopers that comes in and actually forces the hands of the larger players into this mode?

Garone: Dana, I’ll take that. There clearly has to be a business reason for these major players to do it, and the two that I see are, one, that the functionality that they're making lots of money off of is suddenly available as a mashup at little or no cost, in which case they have got to deal with that. The other is to be able to add interesting functionality to their existing products in order to be more competitive with the other enterprise app players out there. Other than that, you're right. There has to be a stimulus from the business standpoint to get them to actually jump into this.

Gardner: Any other thoughts on the pressure in the marketplace and in terms of business and cost?

Linthicum: If they don’t do it, somebody else is going to come up and do it for them. Look at the pressures that Salesforce.com has put on the CRM players in the marketplace. It’s a similar type of market transition. Salesforce.com was never an internal enterprise player, and yet look at their revenues in contrast to the other CRM guys that are out there. The same thing is going to occur in this space. They are either going to step up and provide the new model, or they're just going to get stomped as people run over them to get to the players that will do it.

Gardner: Yeah, Dave, I agree, especially with Google. They’ve got a market cap of $144 billion, and a portion of that market cap depends on how well Google can sell business services to businesses. That’s going to put pressure on the traditional players, right?

Linthicum: Yeah. Google is moving aggressively in that space, and I think they're going to not only provide their own services, but they're going to broker services that they validate and basically recast.

Gardner: And that’s governance isn’t it?

Linthicum: It is going to be governance. You are going to see some aggregators out there. Right now, you’re seeing guys like StrikeIron, which is a small company, but they aggregate services. They are basically a brokerage house for services they control, validate, and make sure they are not malicious. Then, you rent the services from them, and they in turn pay the service provider for providing the service. I think Google is going to go for the same model.

Gardner: It’s about trust ultimately, right?

Linthicum: It’s about trust ultimately. If I were a consultant with an organization and my career was dependent on this thing being a success, I'd be more likely to trust StrikeIron and Google than some kind of a one-off player who has a single service which is maintained in someone’s garage.

Gardner: So that notion of a cottage industry for some little developer out there creating their own widget probably still isn’t going to happen, huh?

Linthicum: It will. What’s going to happen is that they are going to do so through brokerage -- guys like Google. I don’t think Google is going to take a whole lot of money. They're going to take the normal pennies per transaction, and you will see millionaires that are made in a few months -- people who are able to send up killer services that Google and guys like StrikeIron are able to broker out to those who are setting up SOAs. Then, suddenly, they are going to find themselves a hit, very much like we’re seeing the Web 2.0 hits today.

Gardner: We have Google AdWords and AdSense. So, soon we should have "ServicesSense"?

Linthicum: Right, and everybody in that space, whether they say it or not, is building that in the back room right now. They know that’s coming.

Baer: I was just going to add that StrikeIron really has an interesting business model. I have spoken with Bob Brauer, the CEO of StrikeIron, several times. Their message is that there is going to be this marketplace out there. They are looking at SOA and services, perhaps Web 2.0 and mashups may come into play as well, but it’s a notion that rather having corporations worry about building their own internal functionality, they can go out to some kind of marketplace and get the best deal for the functions they need and the types of services they need. Your typical corporation may be run on a combination of internally built services and externally brokered services.

Linthicum: When I was CTO at Grand Central, we had a few companies that were run entirely on external services -- these new startups. They did all their accounting, their sales management, and everything else through external services. That’s probably too much for the larger Global 2000 to bite off right now, but there is going to be a functional changeover. As time goes on, they are going to use more external services than ever before.

Gardner: "Free" is a compelling rationale. All you have to do is look at a little text ad associated with the service and that page for the service and the provisioning and governance of the service becomes fairly compelling, right?

Linthicum: Absolutely.

Gardner: Well, thanks very much. That was an interesting discourse on this whole notion of mashups, SOA, and how it might evolve in the marketplace. For the last 10 minutes today, let’s discuss the deal announced this week whereby Oracle is going to acquire Hyperion for $3.3 billion, bringing the possibility of more analytics and business dashboard functionality into the growing Oracle stable. I believe this must be their tenth or twelfth acquisition since 2002.

Jim Kobielus, you’re data-centric in your studies and research. Does the fit between Hyperion and Oracle make sense to you?

Kobielus: It makes sense knowing Oracle. First of all, because [Oracle Chairman and CEO] Larry Ellison has been very willing in the past to grab huge amounts of market share by buying direct competitors like PeopleSoft, Siebel, and so forth, and managing multiple competing brands under the same umbrella -- and he is doing it here. A lot of the announcement from Oracle regarding this acquisition glossed over the fact that there are huge overlaps between Oracle’s existing product lines and Hyperion’s in pretty much every category, including the core area that Hyperion is best known for, which is financial analytics or Corporate Performance Management (CPM). Oracle itself provides CPM products for CFOs that do planning, budgeting, consolidation, the whole thing.

Hyperion is a big business intelligence (BI) vendor as well, and Oracle has just released an upgrade to its BI suite. You can go down the line. They compete in master data management (MDM) and data integration, and so forth. The thing that Oracle is buying here first and foremost is market share to keep on catapulting itself up into one of the unchallenged best-of-breed players in business intelligence, CPM and so forth. Oracle bought the number one player in that particular strategic niche, financial CPM , which is really the core of CPM -- the CFOs managing the money and the profitability.

It’s a great move for Oracle, and it definitely was an inevitable move. There will be continuing consolidation between the best-of-breed, pure-play data management players, such as Hyperion and a few others in this space, which are Business Objects and Cognos. They will increasingly be acquired by the leading SOA vendors. Look at the SOA vendors right now that don’t have strong BI or strong CPM, and look at the pure-plays that have those tools. The SOA vendors that definitely need to make some strategic fill-in acquisitions are IBM, Microsoft to a lesser degree, BEA definitely, and a few others, possibly webMethods. And, look at the leading candidates. In terms of CPM and BI and a comprehensive offering, they are down to three: Business Objects, Cognos, and SAS.

Now, SAS's Jim Goodnight has been doing it for over 30 years. It’s a great company, growing fast, with very loyal customers. Those product lines are very private, very stubbornly private, and I think they want to stay that way. So, I don’t think they are on the blocks in terms of being an acquisition candidate. But Business Objects and Cognos definitely are in play. So, it’s just a matter of time before both of those vendors are scooped up by some of the leading SOA vendors.

Gardner: So, Oracle has created a little bit of an auction atmosphere? Joe McKendrick, what's your take on this? You’re also a data personage.

McKendrick: Either Neil Macehiter or Neil Ward-Dutton, one of the Neil’s, mentioned on a couple of occasions that Oracle really isn’t playing up its database strengths. Lately, a lot of the activity, a lot of its announcements, and a lot of its acquisitions have been focused on the fusion, the middleware. And this [Hyperion buy] is definitely a play to its strength in the database market. Jim made some great observations, and there are a lot of overlaps. My sense is that Oracle is buying a huge, prominent customer base as part of the acquisition.

Gardner: Even though there is overlap in customer base and in some functionality, isn’t there the ability to integrate on an analytics basis by extracting value from data, rather than providing the data services themselves and/or a business application set? Doesn’t that make for an integrated approach that they could bring these two perhaps overlapping product categories together easier in this category, than they would either in database or business applications?

Garone: Yeah, Dana, I think that’s correct; and I also agree that this is less about database and more about middleware and fusion and building up that software stack. Oracle has clearly got an eye on doing that. This kind of an acquisition in the short term is always a double-edged sword, for Oracle especially. If any of you have been to some of their events as an analyst, you've seen what they’ve gone through in convincing the analyst community that they're going be able to both support all the customer bases of representing the products they acquire and integrate things well into their stack ...

Gardner: And they did seem to do a pretty good job at that between J.D. Edwards, PeopleSoft and Siebel, right? There wasn’t the big brouhaha in the installed base that some people were expecting.

Garone: Right. And that turned out to be true in those cases. It remains to be seen, of course, what will happen here, but it’s always a short-term hurdle that Oracle has to get over, both in terms of perception as well as the actual integration process and business model process. Again, this is really very promising, if Oracle pulls it off. But to me it’s really about their bigger picture of taking what they call Fusion middleware out beyond just middleware to the applications themselves, and essentially creating an entire integrated stack of software.

Gardner: How about you, Dave Linthicum? Do you believe that these services and analytics and creating business insight into operations are an essential part of SOA, as Jim Kobielus believes?

Linthicum: Absolutely. In fact, if you look at my stack, which is actually on Wikipedia right now, one of the things I have on top is Business Activity Monitoring (BAM) and analysis, because once you have those points of service -- both the behavioral visibility and also information visibility into all these different points, and you create these abstraction layers on top of it -- you have a great opportunity to actually monitor your business in real-time. And you have the ability not only to monitor it in real-time, but you can actually go back historically to see how what you are doing now relates to what you did in the past.

A lot of businesses can benefit from that. It's key technology. Oracle did the right thing strategically, and I think this stuff is going to be a necessity going forward for SOA, and it’s a necessity for business going forward as well. It’s one of the things where, if you look at the business, it’s just so huge, but you just don’t hear about it anymore.

Gardner: So, we're saying that the feedback loop becomes more essential for SOA, and that these BI tools are essential ingredients in creating a near real-time feedback loop, as well as a historical perspective feedback opportunity to then fine-tune your SOA, perhaps through a policy-driven governance capability?

Linthicum: Right. Fine-tune your SOA by fine-tuning your processes. I can imagine the potential here. I can see not only the health of my business, but also how my business produced things in the past, or how things were done in the past and how that relates to what I'm doing right now. I even have a rules engine, which is part of my SOA to make adjustments automatically to things that I know will have a positive effect on my business processes. You can get this automatic state which is hugely valuable for these large-product-intensive companies.

Gardner: The last word from Tony Baer, Do you see the analytics as important as some of our other guests?

Baer: Well, put it this way. Analytics is the necessary icing on the cake. All the other pieces tell you what you are doing, and the classic question of analytics tells you why. A lot of folks look at this as an extension to the database business. I see this as an extension of the applications business.

SAP, for example, has had BI for a number of years. Oracle has had some limited analytics starting back with the acquisition almost a decade ago of, I think it was, IRI Express as an OLAP database. Now, that was merely an extension to the database business, but if you look at how this is really going to end up playing out, it’s not that customers are looking for another database to just slice-and-dice their data. They are looking for a way to look at their business processes, which are represented through their application stacks and think, "How are we doing?" So, it’s a logical add-on to that.

In terms of worries about or concerns about a customer -- I guess customers getting dissatisfied when Oracle comes in -- the fact is that in ERP, just as in database, it’s a foundation buy. The fact is that regardless of what your personal feelings are about Larry Ellison, that technology is entrenched in the organization. The pain of migrating from it is greater than just sticking with it. Oracle has also improved its track record in terms of trying to be a little more customer friendly. It still has plenty of work to do. So, in the long run, I don’t see a lot of migration here, and I see this as being a very logical add-on in the apps business.

Gardner: Yeah, I agree. Strategically, this has a lot to do with the business applications. Do you think that this puts significant pressure on SAP?

Baer: It puts some pressure on SAP. I wouldn’t be surprised to see them make the play for one or the other two big ones. I also expect IBM to play in there, because even though IBM says it’s not in the apps business, the fact is that they do have products like master data management.

Gardner: And a lot of BI, too.

Baer: Exactly. And actually what's really ironic about all this is that years ago, IBM and Hyperion had actually had a very close relationship, and it was bordering almost on acquisition. I'm surprised that IBM actually never went the last mile and acquired them. It would make sense for them to make a move with one of the other players today.

Gardner: Interesting. Well, thanks very much. I want to go through our group for today, and we appreciate all your input. There’s Steve Garone, Joe McKendrick, Jim Kobielus, Tony Baer, and Dave Linthicum. We appreciate your joining us. I hope you come back. This is Dana Gardner, your producer, host and moderator here at BriefingsDirect SOA Insights Edition. Please come back and join us again next week.

If any of our listeners are interested in learning more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, please fill free to contact Interarbor Solutions at 603-528-2435.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition, Vol. 13. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.