Transcript of Dana Gardner's BriefingsDirect Podcast on Application Modernization

Edited transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Aug. 21, 2006. Podcast sponsor: Hewlett-Packard.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to a sponsored BriefingsDirect podcast. With us today are two executives from Hewlett-Packard (HP) to discuss application modernization. The idea is to deeply analyze an enterprise's applications and legacy code base to determine what could -- and just as importantly, should -- be redeployed on modern, agile platforms.

We are told that there are some 10,000 mainframes operating worldwide, consisting of some 200 billion lines of code. These are mostly on older systems. Today’s modern architecture allows for a great deal of lower-cost standardization and agility. How do we bring these two trends together? With us to discuss this are Rick Slade, the America’s practice principal for HP’s Application Modernization Service. Welcome to the show, Rick.

Rick Slade: Hi, Dana.

Gardner: Also, joining us is Paul Evans, the worldwide practice leader for application modernization for HP Services. Welcome to the show, Paul.

Paul Evans: Hi, Dana. Pleased to meet you.

Gardner: As I mentioned in our set up, we have a vast amount of mainframe applications worldwide. There is also a move now toward some finalization of architecture benefits around Services Oriented Architecture (SOA). There is a need for companies to become agile and fleet.

So I am wondering, are we just talking about mainframe applications, or is there a larger set of applications inventory involved? What is the addressable resource or asset library, if you will, for what we’re discussing around application modernization?

What’s the inventory here? Why don’t you try to take that, Rick?

Slade: Sure, Dana. Inventory, it’s a big subject. It certainly is a lot more than just mainframe applications. You talk about the big number of mainframe installations in the world today, and it is a big number. But there are also a lot of applications that many would consider legacy, that are running on more modern platforms or other platforms -- even on our own platforms from HP.

And so, what we’re looking to do is to help our customers transition or transform those applications to platforms and to software architectures that allow them to respond to change quicker, and hopefully cheaper. As far as an appropriate application ... for us it is any applications that constrains your business -- by not allowing you to move as you quickly as you’d like, due to competitive pressures or regulatory requirement changes.

Our goal is to look at these older applications built on more linear monolithic architectures, and transform those onto platforms and server architectures that promote flexibility. Architectures that actually let an organization achieve the "Adaptive Enterprise" vision that HP has been talking about for years.

Gardner: This is a scary proposition for a mainframe CIO, for someone who has been living in the mainframe world for a long time, and [where the systems have] been actually performing quite well and living up to expectations. I suppose the old adage, “If it’s not broken, don’t fix it,” plays into their thinking. What do you tell someone who seems to be in the mainframe environment and is satisfied with it?

Slade: That’s a great question, Dana. Let me say this, the mainframe is a stable platform, it’s a solid platform. The problem is, it’s a very expensive platform on which to deliver business services. The problem that organizations are having today are not so much from a stability standpoint, their problems are their inability to respond to change fast enough.

I read an article recently from Gartner, and their contention, based on research that they’ve done, is that 80 percent of an information technology (IT) budget is typically spent in maintenance -- in just maintaining their existing application stacks. Our objective would be to reduce that maintenance cost. If we can take that down by 20 percent for an organization, that’s a substantial amount of money. And then resources that can be applied to new value creation by the IT organization.

I think these modern architectures will allow our customers to ... respond [better] to these competitive pressures, as well as regulatory requirement changes -- certainly faster than they are today. We recently had an instance where a customer took their time-to-market, regarding adding new customers to a particular system, from nine months down to six weeks. That’s real business value that IT can now deliver back to the business due to use of these more modern application architectures.

Gardner: Now, we’ve seen a tremendous improvement in the functionality of hardware. We’ve seen a wide embrace of open standards and open source approaches. What are we talking about when we look at targets?

We’ll talk about a little bit later about the "how," but we’re still into the "why" to do application modernization. In order to understand the benefits of this change, this disruption, what is it that we are going to take these applications and their logic to? What are the typical targets these days for application platform modernization?

Evans: I’ll answer that one, Dana. I think the point is that there are several forces out there. And I think that Rick has hit on some of them. But in addition to that, this whole emergence of the SOA is making customers look at what they’ve got, and begin to ask themselves the question, "If we like some or all of the aspects of SOA, are we ready for it? Can we embrace it? Can we move toward it easily?"

So for most customers that have legacy applications ... running a stable but costly environment called the mainframe, this becomes quite a complicated task. What we’ve been trying to do is work with customers to begin to understand where the biggest bang for the buck is. Where should you go first in order to start gaining improved agility, lower cost, and the reduction of the maintenance cost of the software.

A lot of organizations spend upward of 70 percent of their IT budget just keeping what they’ve got going, just doing the routine adds, moves, and changes that keep those applications delivering to the business. But the challenge is that a lot of those applications are written in COBOL. For a lot of those applications, we’re seeing that the actual amount of COBOL written is still going up by 10 percent a year. That’s not because people are writing new applications, it’s because they’re just amending the old ones.

And many senior-level IT people understand this is a one-way street. We just have to turn around at some stage and begin to identify the sort of applications that would respond well to a modernization approach, and that may well take them toward this sort of infrastructure Nirvana, as it were, called SOA.

But sometimes it's difficult to understand, "Where do I start?" Do I start with a simplistic application that would have limited business impact? Or do I go to the other end of the scale and choose very complicated applications that run the business, which could be viewed as risky.

So, what we’ve been trying to do is go with an approach that allows us to identify where you should move first, to gain an accepted service level. But more importantly, we believe in taking the essential step of actually modernizing the software architecture.

Gardner: All right. So perhaps I was not thinking of it in quite the right way. It's not so much about where I'm going in terms of a definitive destination, but how can I actually take these assets and resources and put them on an architecture journey -- perhaps a lifecycle journey -- that might end up on a number of different targets over a period of time. Is that the end goal here?

Evans: It is very much so. I think most people in IT would state that the systems they have today have been relatively organic. There was never a master plan. Most mature, large companies have grown their IT resources over 20, 30, or 40 years. They have seen enormous change in technology during that time -- especially in the hardware platforms. The amount of power we can put into a system today has just grown beyond anybody’s wildest dreams.

So, once we’ve been able to harness that power -- to produce systems that are smaller, faster, cheaper, and develop less heat output -- we can effectively shrink datacenters. I think the IT industry has responded extremely well in harnessing that capability and delivering it to customers. Users have similarly utilized virtualization or consolidation. But we see a lot of customers today reducing their datacenter footprint because they can harness a lot more power in a much smaller space.

The days when mainframes were run by people with white coats behind locked doors are gone. The point is, we have seen enormous growth on the hardware side, and software technologies have grown up and matured, too. The real benefits, we believe, for customers to really exploit that power comes when you apply a similar amount of focus and attention to the software environment; just as you’ve done in the past to the hardware environment.

Rather than take an organic approach, I think customers and companies and organizations are striving for a master plan. It doesn’t have an end date, but it's like a journey. They know where they’re going. They want to develop a system architecture that allows them to make the decisions of what am I going to include going forward, and what am I not going to include. And that will help them make the decisions about choice and moving forward.

Slade: I'd like to make a point. I believe that architectural-targeting decisions are driven by business requirements. I think you said it properly earlier, in that we don’t have pre-defined targeting solutions. Our attempt, our goal, is to look at the business requirements and to help the customer determine what is the right platform -- what is the right application architecture -- on which to deliver that business service.

That doesn’t mean we don’t take into account existing corporate standards or existing corporate policies. Those things are important, and they feed into the decision-making equation. But again, the belief is to let business requirements dictate technology solutions, so that the organization can respond as cost-effectively and as quickly as possible.

Gardner: And just expanding on that point about business requirements, what is the business rationale typically? Is this strictly a dollars-and-cents thing? Is it a bit more qualitative than that? Obviously we want to cut down the ongoing operating costs. When it comes to bringing the chief financial officer (CFO) and the chief executive officer (CEO) in on this to get the funding -- to get the go-ahead -- what typically are the business rationales for embarking on application modernization?

Slade: Cost is always a part of the discussions, but it's not strictly the only element. In fact, most organizations that are talking to us today have a need to be more responsive to their business users.

I was talking to a chief operating officer (COO) not long ago, and he made it very clear to me about the potential cost reductions that he could have by modernizing his application stack. His response was, "That’s good, Rick, and that’s certainly something we need to talk about. But my problem is more about time than cost." And that’s an important point.

It takes IT organizations too long to respond to business-change requirements today. We, as IT professionals, have to determine how we can be more responsive to the business. Quite often the only way to do that is to change the software architecture, to use more modern architectures that allow us to make changes fast.

I think that is what this is all about. So cost certainly is an issue. I certainly believe that we can reduce the cost every time. I think that’s been proven time over time. But I think the big issue that is causing organizations to look at this today is through their inability to respond as fast as a business would like.

It’s been an age-old problem between the business users and the IT departments -- businesses always complain that IT can’t respond quickly enough. And the problem is that typically it takes so much time to do impact-analysis and impact-testing on these very monolithic and linear software applications. If we can reduce that time-of-maintenance, we can improve their time-to-market as an IT organization.

Gardner: Before we get into the "how," let’s probe a little bit into the "what" of application modernization.

It seems to me that we are going to have to look at identifying code, cleansing code, making logic extractible, looking at the data set and separating that out and allowing it to emerge into another environment. And then there’s presentation logic, and going from one type of user interface (UI) to other accepted standards. Can you give us a sense of what is required, what does the process boil down to? What do we have to do in order to extract and modernize some of these typical applications?

Evans: The first thing that we don’t do is look at code, because that just wouldn’t tell us anything. I think, as Rick said, it’s the alignment between IT and business that counts.

Today, any business manager will complain, "It takes IT too long to innovate or change anything." Business wants to innovate. Their idea of maintenance is that it’s sort of interesting, but not essential. What they are interested in is innovation: "I want to do something, I want to improve my business, and I expect IT to be right by my side."

In some instances, there is lag -- there is a significant lag -- from when innovation is sought and when it happens. It’s as Rick said, what we want to buy people is time. And what we want to do is synchronize to some degree where the business wants to be and where IT is. And in many instances that’s just not the same. Business asks for something, and then six, eight, 12 weeks -- whatever it is -- later there’s a response. And in some business managers’ minds, that’s not acceptable. So, the first thing we are trying to do is to align these two -- business and IT -- much better.

But in terms of responding to a modernization request, the first thing we have to do is to understand just what is in the applications portfolio. You would be surprised, there are a lot of large customers we work with who are more than happy to admit that they don’t actually know all of the applications they have, and what those applications do. Because they grow up organically, no one has kept track of all these things.

So the first thing we may have to do is to perform an inventory of the critical applications a customer has, and then determine how they constructed them. We perform an Applications Rationalization. And what we are looking at here is the intersect of the criticality of an application to the business, versus its technical quality. What we are looking for is applications that are critical to the business, but that their technical quality is below par, below standard, holding the company back.

A typical example would be a mainframe-based application running in COBOL, monolithic in nature, very difficult to make significant changes to, where the documentation may have been lost or may have been never been produced, in which maybe the original architect no longer works for the company. And therefore it becomes quite a challenge if you are going to make significant adds, moves, and changes to those applications.

We are looking initially for the applications that are critical, and yet the technical quality is not what the customer needs. There’s really no point spending time on an application that is well-written, well-documented, and is actually not in the mainstream. And that application could be running on a mainframe too. As Rick said, we are not going in there just to get things off the mainframe -- we are going in there to help a customer understand what is critical to their business, what we could improve for them, irrespective of the platform it is running on.

Gardner: Anything to offer on that, Rick?

Slade: I agree completely with Paul. The first thing to do is to identify where you have a problem. And then to attack it from a more technical perspective. We look at the application stack and categorize different components that make up that stack.

From our perspective, most applications are made up of three major categories or components. We have runtime, development, and management components. From a runtime standpoint, you’ve got source-code, you’ve got data, you’ve potentially got a third-party or utilities purchase. As Paul indicated, we have got to take inventory of all those components to understand what the mapping strategy will look like.

So before moving to a target environment ... we have to understand how are they maintaining those applications today, especially those custom applications. I think one of the problems in the industry today is not looking at those components. [We need to examine] the management components before making this type of move, transformation or modernization.

One of the things that we try to do is take a very holistic perspective of modernizing an application, by looking at what it's going to take to support and maintain all of the application. We want to understand what is being used today to manage a particular application, what are the tools that you going to use to monitor it in production, and to make sure that we have the same capabilities going to the new target environment. These are critical to being able to provide the reliability and the availability of the business customers’ needs and demands in their production application stacks.

Gardner: Now, this does not sound in anyway trivial. Not only are you talking about finding and auditing all of the applications, but weighing those applications in terms of their use -- and not just in terms of their quantitative use but also their qualitative value to the company. And not only now, but perhaps in the future.

So, this sounds pretty tricky. Is there a secret sauce? Is there a specific methodology? How do you go about searching for these applications and then rating them in such a way as to say, “Here are the sweet spots, here are the ones that are going to be important, here’s what’s going to bring business agility and reduced-time-to-market?" And, at the same time, then move these customers to platforms that will reduce the total cost of ownership.

What’s the secret sauce here?

Evans: We would look very silly in front of a customer if we said, "This was easy." Because he would say, "Well, if you think it’s easy, then you don't understand." So, the first thing: This is complicated.

That’s why customers turn to the outside of their own organizations, because they are then dealing with people who have done these things before. It’s like anything, you know. But in terms of what customers ask for, they are looking for a process. They are looking for methodologies. They are looking for experience. They are not looking to be the guinea pigs.

They are looking for organizations that have done it all before. But they also need a methodology that can be explained to them, and that makes them understand the steps in order to start extracting data. And also to understand the basis of how we are going to make a decision.

This is not just about coming in and saying, "You are running a mainframe in COBOL. You need get rid of it. We’ll do a rip-and-replace over the weekend. And by Monday morning, we are back online." That isn’t going to happen. Anybody who says that will be out of the door by any credible customer.

This is a process that we have to move quickly in order to demonstrate to the customer that there is money to be saved and money to be made. So, our whole approach is to get in and at least do an initial exploration that will define where are we going, and what we are going to do and not do. And then after that, we begin the deep-dive to look at the code. Then we can determine, “Hey, is this good code, is this bad code, is this dated code?” We can find out if the code hasn’t been used in years, whether it supports any form of business process, or whether it is just sitting there taking up space.

So, those are the things we have to demonstrate to a customer in order to give him confidence. Those are the things that help us with the application modernization decision-making process. Rick?

Slade: Oh, I absolutely agree. I think the key, Dana, in modernization efforts -- especially against these mission-critical production applications -- is a very systematic process. And we believe that we have put one together that is very robust. It's very disciplined. Quite honestly, a lot of engineering rigor is built into the system -- all for the purpose of mitigating risk.

Risk mitigation should be one of the key characteristics of modernization efforts. Again, we are talking about your production applications. Transitioning those, as Paul indicated, is a complex task. We believe we have built a rigorous approach based on our own experience. And we have implemented best practices from software engineering to our overall methodology to help us manage risk, and then to extrapolate the information we need to properly diagnose and determine what the targeting strategy should be.

The other key component in our solution -- and maybe a part of that secret sauce, as well -- is in the use of technology and tools to help us with the different phases of modernization and analysis. I think that to manually go through a lot of these systems is a complex, difficult, and expensive proposition. To do it manually is unacceptable.

So the use of the right technology is essential -- and we have spent a tremendous amount of resources, time, and money looking at this technology. We’ve developed in-house technology, as well as technology available in the market. And we are constantly looking at technologies to help us be more efficient in the analysis work that we do. Once that analysis step has been completed and a strategy developed in the proper use of technology, then we actually assist with the transformation process.

Again, it is not a simple exercise. It’s a very complex exercise. The use of technology allows us to minimize risk because we are working in an automated fashion, a consistent fashion. And I think that’s critical in transforming these applications. So, two major components that are key to our success: The proper use of process, and the proper use of technology -- both are needed to manage and mitigate risk.

Gardner: I would like to understand a little bit more about how you’ve applied this internally at HP. HP to me symbolizes a perfect organization for this sort of activity. You are decades old. You have gone through some massive mergers and acquisitions. There probably has been Digital mainframes, there’s a lot of HP UNIX platforms. You’ve been running a lot of systems. You are a global company.

How successful have you been at modernizing your own applications, and what have been some of the unanticipated consequences of going about this?

Evans: I think we would love to answer that with, "No, no, HP has never had this problem." [Laughter]

Unfortunately, you are absolutely right. I mean, mergers, acquisitions, etc. And therefore our internal IT folks are challenged just like everybody else’s. We may have a slight preference on supplier, but putting that to one side, the challenges faced in terms of an applications portfolio are no different than for any other organization.

So, we have seen significant gains. As I started off saying at the beginning of the chat, the situation is that we have seen significant gains when we have investigated our applications portfolio and then aligned that to the business need. This is especially true if you are in mergers and acquisitions -- and every major organization today is either been acquired or is being acquired.

And the point being is, it can lead to massive duplication. And like I said, if you’re going to be spending 70 percent of your IT budget to stay exactly where you are, you are not innovating. You’ve to go to look around and start to understand where the lower-hanging grapes are, to address application duplication, and determine which applications are absolutely critical.

And inside of HP, one of the first things we’ve done, is to really have the dialogue with the businesses, to ask, "What do you need? And more importantly, what do you not need?" And that’s very difficult, because everybody is obviously keen to start new projects and to develop new applications.

It’s amazing what we have found internally, that applications have been identified as being redundant and not supporting the current business processes. It's amazing. As soon as you claim that an application is redundant, then overnight it becomes strategically important. But you’ve got to get through that. You’ve got to understand the business processes that you are really looking for. And, of course, the challenges here are with the older applications, those business processes that are embedded in COBOL.

They are not exposed. They are business processes that are just mired away in millions of lines of code. And in the market today there are tools that can bring to the surface these business process. So you can say to a business unit manager, "Do you need this, really? Do you want us to spend 500,000 pounds, dollars, Euros, or whatever, per year in keeping this alive? Is it necessary for your business?"

The more of these processes that they agree are no longer required, the less money is spent on modernizing and maintenance, and the more that can be spent on real innovation. And that is where we have seen some really significant strides forward internally. There is this rationalization of the portfolio and by retiring applications in a well-managed and graceful way.

You are not walking in on a Friday night and turning it off. This is communicating to people that as of a certain day, an application is going to be shut down, and that you’ll be using a new application that is probably centralized and that works across a group of organizations rather than in a siloed one. And that process also puts in place a strategy that takes the old data and the application and archives it. For many of our customers, it’s a legal requirement for them to do that. They just can’t throw it all away.

Gardner: Okay, Rick, any unintended consequences in terms of what HP has discovered internally in going about application modernization?

Slade: The learnings are great, Dana, from a practical standpoint. I think that most people are aware of the huge datacenter consolidation network project that’s under way at HP. It’s been in the press. We in the consulting side do work with our IT organization. Quite honestly, our IT organization provides a lot of information back to the consulting organization. So it’s been a very nice environment. We have learned a tremendous amount in our own experience in the consolidation and modernization work that’s still in progress. But I think that we have also been able to share with our own IT organization some of the best processes that we have incorporated into our methodology. That allows them to move a little faster. It’s been a good marriage, and the work continues.

Gardner: Now, in trying to then put this into a larger context, application modernization isn’t happening within a vacuum. There are other larger trends afoot in a simultaneous fashion, which perhaps leads to the notion of, "A whole greater than the sum of the parts." I am thinking of virtualization, SOA, IT shared services, portfolio management, application life cycle management.

Are there other payoffs to application modernization? When we look at application modernization and we put it in the context of these other trends, is this a cog in the gear that grinds toward the fruition of some of these other productivity trends?

Slade: Well, absolutely. I was involved in meetings just recently about work occurring at HP and with their architecture and strategy groups in helping transform IT organizations. Application modernization simply becomes a component of that overall IT transformation. All of the initiatives that you talked about are things that companies are looking to do to help them deliver services better and more cost-effectively.

IT transformation is a major issue right now with HP. It's something that we are looking at and, in fact, are proving out. What we are doing now is to take those different services and roll them up under a common IT transformation umbrella framework. The possibilities are very exciting. The Adaptive Enterprise vision that HP came up with a few years back is an incredible vision. I think what we are seeing now is the realization of that vision -- how to achieve that vision -- and we are helping our customers with the services to actually make that vision a reality.

Gardner: Are there some larger competitive economic issues here? For example, let's say you are an established enterprise, you have been around for decades, you’ve gone through mergers, you’ve built out geography after geography. And now, perhaps, you’re going to be competing against a greenfield company that has just sprung up. Perhaps a Web 2.0-type of concern, built of outside services, using SOA. And they can be fleet. They can also be run inexpensively.

It seems to me that to compete with some of the newer companies that application modernization becomes a bit more critical. Is that overstating it?

Evans: No, I think this is where the "agility" word comes in. I think that’s why large companies, or parts of large companies, understand why this term "agility" has resonated so well. It's not a marketing buzz word -- it's what people want to be like.

When each of us gets out of bed in the morning, goes in the bathroom and looks in the mirror, we would like to look and see agile, nimble, you know, people that can respond to change extremely well. Organizations are no different. Things happened that they can’t predict.

As you say, new, very fleet-of-foot, greenfield company startups -- they have no legacy. They could move extremely quickly into markets, and large organizations have appreciated that. You know that painfully from the past. I now understand that if there is one attribute that IT systems need to be, it is agile. I want to do something in the morning that’s going to effect something in the afternoon. I do not want to be told when I want to do something in the morning that it is going to take six months. Because that’s just not acceptable.

Gardner: Well, I think that’s a good closing point. I want to thank you both very much for sharing your thoughts on application modernization.

We’ve been discussing this topic in a sponsored BriefingsDirect podcast with two executives from Hewlett-Packard: Rick Slade, the America’s practice principal for HP’s Application Modernization Services, and also Paul Evans, who runs the worldwide practice for application modernization for HP Services. Thank you both for joining in.

Slade & Evans: Thank you.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening.

Listen to the podcast here.

Podcast sponsor: Hewlett-Packard.

Transcript of Dana Gardner’s BriefingsDirect podcast on IT shared services. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Transcript of Dana Gardner's BriefingsDirect SOA Insights Edition Vol. 2 Podcast with Analysts Steve Garone and Jon Collins

Edited transcript of weekly BriefingsDirect[TM] SOA Insights Edition, recorded Oct. 13, 2006.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner. I'm principal analyst at Interarbor Solutions, and you are listening to latest BriefingsDirect SOA Insights Edition. This is a weekly discussion and dissection of Services Oriented Architecture (SOA)-related news and events. We bring to this subject a panel of independent industry analysts and guests. Joining us this week, we have Steve Garone. Welcome to the show, Steve.

Steve Garone: Great to be here, Dana.

Gardner: Steve is an independent analyst, a former program vice president at IDC (responsible for software), and he is also founder of The AlignIT Group.

Also joining us today is Jon Collins, principal analyst at Macehiter Ward-Dutton. Jon comes with a number of years of experience with other research firms including Bloor and IDC, and has worked as a consultant, network manager, and software engineer for such companies at Admiral Management, Alcatel, Philips and Sun Microsystems. Welcome to the show, Jon.

Jon Collins: Hi, everyone, and good morning to you.

Gardner: Yes, we should mention that you’re joining us from the U.K. today. Well, the subject this week -- and we’re talking about the week of October 9, 2006 -- includes some interesting developments in SOA. Among them is the rising specter of SOA and virtualization. I don’t know about you guys, but I got an invite from Sun Microsystems to an announcement that apparently has quite a bit to do with virtualization and SOA. As we know, Sun has quite an offering in greater utility computing.

If you want to expand the definition of virtualization, they are able to create instances of operating systems as well as instances of Java virtual machines, I believe, and support of other operating systems through their Janus Project. And they're running applications in a closed individual environment that's secure and can exploit the power of the hardware, and threading in multicore, as well as to provide a high-performance series of instances of an operating system environment or an application environment. That is, I suppose, virtualization on the level of operating system and perhaps middleware as well.

So, let me go around our small table of three analysts here today and get your take on the role of virtualization in SOA. Are they distinct, do they crossover, and what do you expect you hear from Sun? Let’s start with you, Steve.

Garone: Thanks, Dana. This is a particularly interesting area, and one of the reasons is because many organizations are being confronted with these two new “paradigms” -- granted an overused word -- and they require adoption of two new ways of doing things pretty much at the same time. They are related in a lot of ways, and complementary in a lot of ways.

When you look at SOA, you look at high-level advantages in terms of greater business agility and flexibility, lowering costs, being able to interact and interoperate with others more easily through integration at a high-level of abstraction, and so on. Operationally, with SOA you have to deal with issues around deployment, provisioning, monitoring the environment, scaling -- sometimes virtually in real time -- meeting the requirements of service level agreements and so on.

When you think about it in terms of the operational aspects, the two paradigms really do share drivers in terms of lower costs and greater efficiency. You see, in fact, a lot of complementary relationships between the two. If you think about being able to flexibly deploy operating systems and virtualized environments on top of platforms and monitoring them and being able to manage them efficiently, that is really sort of a management and infrastructure underpinning for effectively doing SOA. You’re going to have to deploy services and understand where they are, and understand how to use them, within the context of a virtualized environment. To me they sort of go hand-in-hand. So it’s no surprise that both end-users and vendors, in response to end-users, are taking a great interest in the overlap between these two areas.

Gardner: It sounds like a very efficient way to deploy services instead of having a monolithic approach of full stack infrastructure. You can put underneath that service just the amount of infrastructure that's required by virtualizing it; and therefore creating a data center or an application services environment that uses less electricity, smaller foot prints, and -- as the demand on that service increases -- the provisioning of additional resources beneath it should happen at a fairly automated basis, along with the clustering and other virtualization benefits.

Garone: I agree, and, in fact, one of the potential end-points of this is a scenario in which vendors will create a virtual environment that includes the required operating system functionality needed to make it work and basically be sort of bare-bones and tailored to the specific application type being deployed. VMware (Oct. 12, 2006) actually had a pretty interesting announcement around virtual appliances that addresses just that.

Gardner: So you can approach this from an appliance perspective or virtualized instance of an operating system environment, and either way you’d be basically approaching this from the same value proposition -- just doing it in a different way.

Garone: Right, and again, all of this sort of forms the underpinnings for where you build, deploy, and manage the services that are part of an SOA environment.

Gardner: Okay, Jon, over to you. If you can do virtualization for an operating system and/or a business application, why not do it for services?

Collins: Absolutely. I can only agree with everything that Steve said. I think one of the complications comes when you start thinking in terms of software services rather than in terms of software applications. They have a little different life cycle and a different approach to traditional -- let's call them siloed -- software applications. If you've got virtualization managing the infrastructure and helping you actually serve up the right type of the infrastructure in the right way, the right size and scale, and so on, to run the services, then you’ve got SOA. That’s managing the demand side, if you like, that can consume those resources and allocate what runs where, and how things communicate with each other. There is a definite fit.

Gardner: I suppose what’s less clear at this point is the relationship between SOA governance and the provisioning and resource allocation that will be taking place as part of the virtualization. Are these going to be going off in their own orbits with no relationship? Or will there be an opportunity to bring them together somehow?

Collins: Well there's the rub. But there is also a difficulty, because of the way they traditionally have been done. SOA governance has been the evolution of software development and application development, and people working together to procure and deploy applications. The whole IT operational governance side traditionally has been two very different parts of the organization. So, while it's easy to say, yes, let's do it in a service life cycle approach -- where the service starts in one place and goes from development to operations very smoothly -- we’ve got to get two sides of the organization talking to each other.

Gardner: Now, we mentioned Sun Microsystems having an announcement around this, and that makes great deal of sense, given where they are coming from. But the other big vendor in this space, in my thinking, is IBM. They’ve been talking about the virtualized corporation for sometime, and they take this even further than Sun in terms of conceptualizing the virtualization of data, the virtualization of applications, the virtualization of infrastructure -- and now increasingly the virtualization of services. And if you look at the total picture, what you start to see is a highly increased productivity and agility around how IT is consumed, but also perhaps significantly reducing the operating and maintenance costs for these services. How do you understand the IBM virtualized corporation?

Garone: If you just a step back for a moment, you talked about two vendors, Sun and IBM. You’d expect Sun to be playing to some extent in this sandbox that brings together virtualization and SOA because they are obviously an important SOA player, at least in terms of their support for technologies that are going to be used to build SOA-type implementations. But there are all sorts of system vendors, and all system vendors are going to have to deal with this some time or another. And, of course, they are also storage vendors. You didn’t mention storage in your list although that could be considered that part of the infrastructure.

Gardner: Yeah, that would be certainly virtualized as well.

Garone: Yes, and so you’d expect Sun to be there. IBM, if you ask me, based on what I’ve seen from them, as it has done with SOA, is probably going to be sort of a champion in this area. I’ve spoken to them, and they pretty much get it. Are their products there yet? Probably not.

IBM is burdened -- as it usually is, when it tries to put these comprehensive strategies together -- with the fact that it's got a lot of legacy products that it should, and it does, want to integrate into this strategy. But its legacy products need to be adapted for it. So, they IBM has a ways to go in terms of giving a comprehensive vision. I think you're going to hear more and more from them in a leadership sense in terms of defining what the space looks like.

Gardner: Jon, who are the vendors to be keeping an eye on in terms of the intersection of virtualization and SOA?

Collins: All of the big players obviously -- meaning IBM, Microsoft, and HP -- who are talking about their virtualization offerings.

Interestingly, if you are taking IBM as an example, virtualization can mean very different things, depending on which part of the organization you're talking to. If you are talking about, for example, virtualization of information access, that’s almost a middleware question of how to access multiple types of structured data.

But, if you're talking about virtualization as infrastructure, then it’s very much about the resource management question. So, any one of the organization may have different virtualizations. And I can credit Steve in this case, it's a question of how you bring those together. One company that’s probably coming up alongside -- it’s trying to get as far up as it can before people stop it -- is EMC.

And, yes, obviously EMC has VMware, so they have done a great deal in virtualization on the server side, but equally with their nLayer acquisition, and other management-type acquisitions, they're putting in place a lot of the pieces they need to be able to manage the virtualized infrastructure they end up with. I think they're doing that quietly and hoping that no one sees they're trying solve that problem.

Gardner: I'm actually a little bit surprised we haven’t seen even more acquisitions out of EMC moving up toward this SOA deployment capability. Perhaps they are not interested in going into it for design-time, but clearly they seem to be heading in that way for the runtime. Does anybody have any quick, blue-sky thought about who EMC might look at in that regard?

Collins: That’s a good question. Why did I just think of BEA?

Gardner: A BEA-EMC fit?

Collins: That does make EMC a very different company.

Garone: I'm not sure if that’s a likely scenario, but from the functionality and product standpoint, maybe.

Gardner: Yeah, technical fit but not cultural or geographic one -- and I don’t think Wall Street will look at it as a whole greater than the sum of the parts; probably as a whole less than some of the parts.

Garone: Well, for every acquisition that EMC makes, it's constantly having a battle with Wall Street, which wants it to remain a storage company.

Collins: And that’s another reason I think it’s acquiring its portfolio by stealth, buying a company like RSA to say, yes, we need to get into the security space, which is partially true. But then look at what it’s doing with Smarts and the potential incomes between RSA and Smarts from the identity management side and on the event’s profiling and behavioral analysis sides. There’s a lot more to its acquisition than it's letting on.

Gardner: I think Documentum was the first big signal that they are moving aggressively outside of just storage.

Collins: Absolutely.

Garone: There's another nuance to this company relationship issue, getting back to the question you asked earlier about other players. There are some, and I’ll call them pure play, although I am not sure it really applies to all of them. We mentioned one before -- VMware. There’s also Intel, which is doing a lot work in the virtualization area, given the fact that it makes a large number of the processes that are out there. While they are focused on virtualization, in some cases they have a narrow view in terms of platform coverage, but they also are not necessarily expert on things like SOA. So, I think you’ll find a lot by way of partnering between companies like those and some of the large vendors who are providing parts of those solutions.

Collins: I’ll just make one more point on the virtualization and the SOA thing. I’m reminded of when Microsoft stood up and said: "Of course we’ve always been a virtualization company." They tend to say that they've always been a "this" company, they’ve always been a "that" company. The reason they said they’ve always been a virtualization company is, of course, virtual file systems -- caching and paging and swapping all these mechanisms inside the operating system.

I think extreme virtualization ... will succeed ... (and) ... we’ll stop talking about it, and it will become parts of the distributed platform of the future. And it will just be an expectation -- SOA will run and run because it’s a way of doing things. Virtualization should just become part of the standard, if you like.

Gardner: One of the things we haven’t gotten into with virtualization is the impact it has on how a vendor would price. Per-processor, per-seat, per-client access license, perpetual enterprise license? It gets rather murky. And I don't think that the high-margin approach to up-front licensing for software will hold up in the virtualized world. Therefore, some companies might actually be interested in dragging their feet on this trend to preserve some of their fat profit margins.

Collins: It’s a huge problem for Oracle and companies like that who have charged for everything in the past.

Garone: I agree. I think it is a huge problem for them. In fact, there are a couple of problems. One is virtualization, and the other is just how many processors, given the multi-core designs that are coming out today, are you actually deploying on?

Gardner: What’s Intel talking about now? It's 64 cores on a chip, right?

Garone: Yeah. So, it is a big problem. Whether or not they’ll have a choice of dragging their feet is really debatable at this point. I think there are going to be other factors that are going to affect just how fast or slow they go into that area.

Gardner: Let's move on to another subject. We’re certainly going to be revisiting the notion and the concept of the intersection of virtualization and SOA. But there’s been another topic in discussion around SOA recently, and that's about the impact of SOA on ERP, and CRM, and other packaged business applications.

On one side of the fence, we have people saying that SOA is going to be the death-knell, if you will, or certainly diminish the role and impact of packaged applications. We’ve had some large analyst firms come out with reports and some sensational headlines to that effect. And, yet, when I speak to people in the field they say, "No way"; that SAP and Oracle and other packaged application vendors are in for the long haul, and that they’re entrenched.

And, they say that SOA might become a layer above those packaged applications in order to create a data services layer and perhaps a transactional and logic services layer above those. But that doesn’t mean you’ve ripped them out. And, like the mainframe, they'll be there in 20 years. Let’s talk a little bit about the impact of SOA on the packaged business applications field.

Jon, let's go to you first over in the U.K. Should SAP and Oracle be very worried, vis-à-vis SOA?

Collins: I think they’ve been worried for years, but not because they’re worried about the impact of other people coming and stealing their markets. You can only sell these things once, and once you’ve got it in place, you put it under consultancy. The massive number of man-hours that went into implementing things like ERP in enterprise companies then becomes an issue.

What you are going to make money from this year? Yes, of course, we've got the Computer Associate scenario with repeat licensing of old software, but the real revenue streams and increases come from how you get people to do newer and more innovative things with your products. So, I know that probably three, four, or five years ago SAP started to talk about how it’s going to componentize it’s platforms. We’ve seen NetWeaver. We've seen MySAP port. We've seen a whole number of different ways of essentially adding a level of distribution to SAP.

Now, to be honest with you, with your initial preamble, I actually find I can read the line from my notes, which says pretty much exactly the same thing. When I’ve spoken to actual customers of these things, no one is looking to go and replace them. And if they are, that it's not because they are thinking about SOA. What I’ve written here is that at the bottom line, you’ve got a database, you’ve got a rules engine, you’ve got a workflow engine, and it's been crafted and customized for that organization. Why on earth would they want to rip it out and put something else in place? Probably other analysts think about it in terms of market segments and products, and so on. But that’s not the way that we need to think about this.

Gardner: What I think has been happening is that some analysts are confusing a will or a desire to rip them out with an intention.

Garone: That may be part of it, but I'm not even sure there’s a will at this point. First of all, I have a lot of faith in end-users. The more I talk to them, the more I believe that they worked very, very hard to make the right decisions. And in fact, with the AlignIT Group, the company you mentioned earlier, my goal was to be able to help them do the massive amount of work that they need to do to get to a short list of vendors and products they look at as quickly and as inexpensively as possible.

But they do a lot of work. And so, I am confident that, generally speaking, they do make the right decision. It’s not always trendy, and it's not always what the analysts say. And, I think that when you’ve got something that really works for you, there’s a lot of inertia there that says, “Stick with it and see how you can adapt the new paradigms that exist, that will help you do your business better, to what you currently have.”

There is a little bit of that deja vu all over again. We talked earlier about SAP and components. I remember discussions like this back when software components started to appear in the mid 1990s, and even before then, when people were talking objects and CORBA and how we're going to get all this stuff to work. If you go by those kinds of predictions and supposed trends, SAP and PeopleSoft -- well, PeopleSoft isn’t independent now -- but an Oracle and the other enterprise app vendors would have been out of business a long time ago.

The fact is that people will want to stay with their current solutions, especially in the case of the ERP, where that high level of integration that brings a lot of the benefits of ERP, has been established and is working for you. And then, tack on to that the technologies that will allow you to say, “Manage the supply chain better,” "Bring your supply chain in better contact and better integration with the systems that you currently have."

Gardner: All right. Let me just push back a little bit on this. If you look at a lot of large organizations, they're spending somewhere between 60 and 80 percent of their total IT budget just keeping these systems up and running. They're spinning their wheels, not really adding anything new or innovative. That leaves them with a very small section of their budget for discretionary spending, to be innovative, to get out in front with some alternatives and to try to be a competitive in their environments and their markets. If they can somehow get out of this vise of being 60-80 percent in maintenance of a monolithic business packaged applications, back office and front office, wouldn't they want to do that?

Garone: Well, it’s hard to say "no" to that question. The question is, what's the trade-off, what’s the ROI, and to what degree does the business has to be upended and set on its ear to get that accomplished? And if the cost-benefit case can be made, then certainly, they’re going to look seriously at it. My suspicion is that the trade-off is not all that clear cut and, at least for the time being, many enterprise application vendors are going to be able to sort of buy time in convincing their customers that the short term is not the right time to make that move.

Gardner: Okay.

Collins: Absolutely. I think we’ve seen in the past two or three years that infrastructure consolidation projects were very popular. And now, we’re seeing a lot of application rationalization and consolidation projects. People are trying to reduce the number of processor cycles they are using, looking for legacy applications that not many people are using anymore, and seeing how they can merge the data from those into other applications. And, that’s all well and good -- that’s all about, giving them more flexibility in the budgets.

But I admit it doesn’t necessarily mean that they are putting up lots of money for innovation. It might just mean that they’re making the place more efficient, just so that they can cut costs, but that doesn’t mean that they are going to go out of their way to remove the large amount of investment they’ve put into ERP system, or the CRM applications.

Gardner: So, perhaps the way to look at SOA is not what we’ve been hearing a little bit of lately, which is SOA kills ERP. It's not rip and replace. It's not either-or. It's both. From my perspective, SOA’s main value proposition in the short- and medium-term is about risk reduction.

If you can put in some buffer around your legacy systems -- if you can use SOA for more greenfield development, too -- if you can use it for extended enterprise opportunities where you can share services in a close-knit trading or supply chain environments, or a business ecology environment -- then you’re reducing your risk for being backward compatible because your services can continue to be modernized. That is to say, your legacy can be modernized into services and the investments can be exploited. You can reduce your risk in terms of flexibility by being fast to business process development in the current day, and you can reduce your risk in terms of being ready to accept what’s going to be new and interesting, innovative, and productive in the future. What’s wrong with this logic about SOA, as a risk reducer and not a displacer of packaged applications?

Collins: I’ve got the phrase written down here, "augmentation not replacement." I think that you're absolutely right to see everything in terms of reduced risk. I would say that companies are always looking for reduced risks, but they are not necessarily saying that they’ve got high levels of risk, and need to reduce them. But, maybe I would re-phrase it to, “Increase flexibility without increasing risk.” With the idea of replacing something and starting from scratch, there’s an inordinate amount of risk involved, because potentially you go through the same problems you went through last time. Whereas if you create an interface to the tried and tested, you can develop new ways of using that tried-and-tested business logic and tried-and-tested the data management logic without being held back.

Gardner: Okay, Steve, what’s the risk in looking at SOA as risk reduction?

Garone: No, that's a great point. What I was alluding to earlier is that the core enterprise application functionality that organizations have trusted and have used for some time -- and that's well integrated and working for them -- is something that they’re going to want to keep. On the fringes of that, if you will, is the use of SOA-type scenarios and implementations that will allow them to increase their flexibility, keep up-to-date on new technologies, and integrate with those that are outside the realm of that ERP application. And, I think that, in the short term, is what’s going to happen over time. In fact, I think SOA will become the new way to do applications and deploy and manage applications. Then, they will gradually move in that direction, and be either followed by or pushed by the enterprise. Apps vendors are going to move in that direction as well.

Gardner: Okay, we have been looking at ERP versus SOA through the lens of the enterprise. What if you're a software as a service (SaaS) provider? What if you're an ISV who is moving from packaged apps to services? Wouldn’t you want to build that for the way you are going to go to market -- on an SOA -- and therefore it might be a rip-and-replace; if you are providing your services, your business services as a service?

Garone: It’s certainly a desirable option for all the reasons that all of us talk about when we talk about using an SOA-based approach. Again, they’ve got decisions around, being able to make sure that the services to their customers are not interrupted and, once that migration has occurred, that they are as good, if not better, than they were before. But, certainly they can take advantage of all the benefits that end-users can, when moving toward SOA.

Gardner: I think this is the "dark horse" trend here, around the SaaS provider. If they can start delivering solid business services for something along the lines of $20-$40 per user per month, and mid-sized companies can latch onto this -- probably quicker and easier than a large enterprise where they’ve got entrenched monolithic applications and large investments in them -- then, suddenly, a company that has 200 to 2,000 seats of users can start doing business processes far more fleet and productively than a big, lumbering enterprise (that's) locked into some older paradigm of development and applications. Wouldn’t that perhaps provoke a tipping point, whereby there could be a move towards rip-and-replace?

Garone: I think you are pretty much right on. In fact, I think you are making a very important point in terms of the type of end-user organization that will go for that initially, and will start that ball rolling. And, yes, I think when you are talking about a solution provider -- software as a service provider in terms of enterprise applications -- then absolutely pricing is going to be an issue. The business model is going to be an issue, but if they can get that together -- it has been proven in the case of companies like Salesforce.com -- then, yes, they are going to be on to something, and that will, I think, push larger organizations and providers to start thinking in those terms as well.

Gardner: Do you buy into that, Jon? Do you think that SaaS could actually be a catalyst to SOA and create a tipping point that changes of the dynamics of packaged business applications business?

Garone: I think it can, and it should in certain domains. If you look at when Salesforce.com saw its initial success, it was delivering a very generic, what I usually call a CRM application, to the widest possible audience and lowest common denominator. And, it did it very well.

So, despite everyone saying, "ASPs are dead and so on and so forth," Salesforce.com kind of rose like a phoenix from the ashes of the ASP, and it's done very well ever since. I’ve just finished a consultancy with an ISV that is looking directly these issues, and it seems to me that there are companies like that. They're having to balance and manage the risks from two sides. The first is that, for example, they do have a lot of, let’s call it "legacy business logic."

So, let’s say, if you had health care, for example, you’ve already developed some quite complex logic in terms of how you are going to manage in terms of compliance regulations and so on and so forth. We don’t want to just throw that out and start again, because you’ve already put a lot of work into that. At the same time, if you do take an existing system and you try to open it up to much a wider user base, you could be very likely to have issues with scalability. So, you can’t necessarily just take your existing application and say, "There you go -- everyone come in" because you'll all just get jammed in the door.

So, it’s about balancing the risks of both sides. It’s not going to be a tipping point, but it's definitely going to be a route toward the tipping point. And the [accelerant] will come from something -- as typically the tipping point starts from -- that no one expects. At the moment, we're seeing that there's a whole mash-up. Everyone is trying out stuff like that -- everyday things that actually encourage and capitalize on these more old-fashioned applications.

Gardner: So, if we consider that Rich Internet Applications (RIAs) have the front end, allowed for a mashing up, if you will, of services from an entrenched internal enterprise packaged application infrastructure, as well as using SaaS provider services, as well as some greenfield customized SOA services internally -- then you get the best of all worlds, and that probably would be very attractive to a lot of companies.

Collins: To an extent. I think Steve very early on made a good point about, when it comes down to operational management, service management, and service delivery and so on. In India, you’ve got a scenario where you just have all of these things available to you and you can pick and choose -- decide which ones you’re going to need. Then how are businesses going to differentiate themselves?

They’re going to differentiate themselves by being able to make very fast decisions about what’s best for them as a company, or what’s going to best serve their business activities and their customer relationships. And how to do that faster than the competition is largely going to come down to how well they’ll manage their IT and how well they’ll manage that process of change and ongoing adoption.

So, that’s why most companies still have to wait. Most companies still are very slow in terms of adoption and adaption of big technologies. So, that’s where the battleground's going to be.

Gardner: If I read you correctly then, the companies that will do well in terms of their competitive advantage in their fields are not necessarily the ones that master a particular technology, but master the ability of picking and choosing and moving among these technological innovations in a way that benefits them and their particular situation. That reduces their risk but gives them more choice and agility. I am afraid that, of course, these things are much easier said then done. But clearly the intersect between ERP packaged applications, SOA, SaaS and the ability to manage all of them and keep the plates spinning -- this will be an issue of great importance in the next decade. I don’t think we can say too much more with a 90-percent authority, but we’re getting closer.

We're out of time, but we’ve hit on two major subjects today that affect SOA. We’ve discussed the virtualization issue and SOA, as well as this notion of business applications and the effect on that market and industry. Joining us to discuss these have been two noted industry analysts, independent Industry analysts: Steve Garone, a former VP at IDC and a founder of the AlignIT group. Steve, I want you to give us your disclosure at this time. We’ve discussed a lot of companies. Would you just list the ones that you had a business relationship with, so they we're all, on the up-and-up here?

Garone: Great. Yes, currently, based on the ones we talked about, it's IBM and Sun.

Gardner: Superb. And also helping us weed through these issues, has been Jon Collins, of Macehiter Ward-Dutton. He is the principal analyst there. And I wonder if you could do your disclosure exercise as well, please?

Collins: Sure, I’ve been working recently with IBM, and I think I mentioned Mercury. And Microsoft, we’ve done some work with them.

Gardner: All right, and for me on disclosure, I’d been doing work basically through sponsorships of podcasts with HP and, I think that’s perhaps the only one that we’ve mentioned right now.

Thanks for joining us. I would also like to point out to our listeners that if you'd like to learn more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, feel free to contact me, Dana Gardner, at 603-528-2435. This is Dana Gardner, the principal analyst at Interarbor Solutions, and you’ve been listening to Briefings Direct SOA Insights Edition. Come back and listen next week too. Thanks.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition, Vol. 2. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Transcript of Dana Gardner's BriefingsDirect Podcast on Application Development Quality

Edited transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Oct. 2, 2006. Podcast sponsor: Borland Software.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today a sponsored podcast discussion about IT quality, and the importance of quality as an essential ingredient in any application development activity -- and not necessarily as an afterthought or an after-effect but quality throughout, from inception and requirements, right through production and then to lifecycle. Joining us in this discussion we have a representative from Borland Software, Brad Johnson, who is the director of product marketing. Welcome to the show, Brad.

Brad Johnson: Thanks, Dana.

Gardner: Also joining us is a practitioner of quality in the application development process, Chris Meystrik, the vice president of software engineering at Jewelry Television in Knoxville, Tenn. Welcome to the show, Chris.

Chris Meystrik: Good to be with you Dana and Brad.

Gardner: Okay, we’ve heard a lot over the years about software development, and we’ve seen study after study that shows abysmal rates of on-time performance, of being over-budget, of requirements that don’t seem to make sense once the application gets into production. Obviously, not the best track record, and yet increasingly -- because companies are online with their marketing, they are online with the way they actually produce and deliver services, they are online with the way they acquire their resources through a supply chain -- it seems that application development is more important than ever. What do you think we need to do here, Brad, to make this a high-quality process from start to finish? What's been missing?

Johnson: Well, I think what's been missing is a real focus on quality -- essentially from day one, where organizations are thinking about building out complete requirements that include attributes of performance and functionality from the very beginning; when they start thinking about a project. As they move through the project lifecycle, they need to think about architecture and development. The testing organization, which very often is responsible for verifying quality at the tail end of a project, is actually involved earlier in the cycle. We need projects that essentially capture what the business users want, and also capture quality attributes so that as that development process flows across the whole software delivery lifecycle, quality is considered a priority from the very beginning.

Gardner: So we’re not really just talking about the quality of the code itself. We’re talking about the quality of the process, the people, the organization, and the tools -- everything that lines up before the code. Is that the way to think about it?

Johnson: That’s absolutely important. Thinking about the process, Borland looks at it in four dimensions, from managing the whole process to planning everything; from what the requirements of the project are, through to verification and validation, which as most people understand, is much bigger than just testing. It’s exactly as you stated. It’s looking at the process, it’s putting in gates and checks that include peer reviews, and making changes to the process -- iteratively if necessary. So you’re right, it’s looking at the holistic view of a project as it’s delivered, and quality is essentially built-in, but it’s not independent of testing.

Gardner: I suppose when you had an environment where all of your developers were within a stone’s throw of one another, and there was a single code base to work from, with centralized check in and check out, and you could manage component-by-component activities in a tight-knit group, that would be one issue. It's one problem to inject quality into that process.

But we have a much different environment today, where we’re seeing development teams that are dispersed geographically. We’re seeing much tighter timelines where code is getting checked in and checked out, and there are implications for how that impacts architecture and infrastructure earlier in the process.

We’re also seeing distributed computing environments where we’re going to have a heterogeneous runtime environment, most likely. Now that we’ve involved ourselves with the complexity of these distributed environments, is there a team approach to this? Should we think about it as check-in and checkout from a decentralized geographic standpoint, or do we still need to have a sort of a centralized approach? Is this a monolithic quality process for a distributed development process?

Johnson: A centralized kind of quality control center is a great idea. In practice and reality, I think we're far away from that. But you hit on what's absolutely a significant pressure on organizations today. That is, we’ve actually queried prospects, customers, and partners over the last few months, and distributed development is not just coming, it’s here, and it’s one of the biggest challenges faced by development teams today.

So, what you really need is a centralization point, where everybody is getting the same view of quality throughout the whole process … whether code is being checked in by the teams over which we have very little control -- where they are either outsourced or off-shored. Or they are under our control as far as being part of the organization, but distributed geographically and across time zones. You need to be able to understand, from a development standpoint, what exactly is being checked in, and what type of quality gates have been put in. So that when code gets checked in, we know that it’s free of security risks.

We need to know that there is no open-source code, for example, that’s in there, which is going to cause problems later. Hopefully, we’ve done the right level of J unit or N unit, or even functional automation on that early-stage code, so that at least we know that when code is added to the build, that build is not at risk. So, if we’re looking at that from a worldwide perspective, it's very, very challenging.

Gardner: So a brittle sort of top-town quality approach doesn’t seem to be the right fit for today’s development environment. I suppose we need something that’s got multiple levels, multiple components with an ability to integrate, but also to pass the baton, if you will, from one aspect of development to another. I think we all refer to this sort of multifaceted, flexible, and yet controlled environment for production as Lifecycle Quality Management (LQM). Or am I missing the point of what LQM is about?

Johnson: No, you haven’t missed the point, you’ve nailed it. Lifecycle Quality Management is about exactly that, looking across the software delivery lifecycle, and thinking about quality throughout the whole process. And that includes institutionalizing methods of assuring that requirements are correct, the code is complete, and as many defects have been as minimized as possible. Again, it’s looking across the lifecycle, and not just at one specific place in time, or one specific organization that’s contributing to any of those aspects.

Gardner: All right. That sounds like it makes tremendous sense. Of course these things are easier said than done. Let’s talk to the practitioner here. Chris, tell us a little bit about Jewelry Television and what your role is there as vice president of software engineering?

Meystrik: Jewelry Television is based in Knoxville, Tenn. We are a multi-channel sales vehicle. Our biggest sales channel is our cable television programming. It’s in more than 50 million homes across the United States. We have an ecommerce-based Web sales channel also. The vast majority of our calls come into our call center here in Knoxville, and we offload a good percentage of that to the ecommerce Website, and through interactive voice response systems here at Jewelry Television.

When I came in here, my role was to basically rebuild the enterprise infrastructure, specifically around the business that Jewelry Television is in. They’ve had experiences looking at competitors, some of them they have bought -- others are still out there in the market. They believe we need a customized service-oriented solution to tackle the marketplace, and basically give Jewelry Television a strategic and tactical advantage, to be better than anybody else in our industry. And my job right now is to build that infrastructure for Jewelry Television.

Gardner: So, IT is integral to your organization, not just for the ability to take in orders and deliver them, but you also acquire. And, if I understand it correctly, you’re also in the jewelry production business in terms of buying jewelry around the world and adding custom elements to these pieces. So, you’ve got a supply chain, and then you’ve got a distribution channel you've got to manage. Is that right?

Meystrik: That’s correct. And we have an inventory warehouse that we have to manage in the middle there, as well as customer relationships from an ecommerce perspective, a call center perspective, customer service, merchant services, the whole business. One of our biggest strengths is our buying channels. Some of the best buyers in this industry are here at Jewelry Television. Some of the best show hosts that know how to sell jewelry on the television are here at Jewelry Television. It’s a world-class environment; we need world-class systems that help this company keep growing.

Gardner: So you’ve got a jewelry lifecycle quality management problem, right?

Meystrik: It occurred to me, that while Brad and you were conversing about the code, and you made the comment that it really isn’t about the code -- to me it isn’t at all about the code. All the code is doing is saying, "Our buyer’s made some decision," or is potentially going to make a decision on some piece of jewelry or gemstone. And somehow that piece of jewelry, or that bulk-load jewelry, has to make it to Jewelry Television.

When it comes, I’ve got to account for it. When we account for it, we’ve got to put it away. When we put it away, we’ve got to be able to sell it, and tag it and picture it. And then we have to be able to manage it when somebody actually buys it, which might not be for another year, depending on what we bought it for. Maybe it's instantaneous, and we’re buying it out of bulk. All that stuff has to be managed, and the code just does that. In order for me to test the quality of my software, I have to prove that that process works; I have to do a real live end-to-end test.

Gardner: Give us a sense of the scale here. How many pieces of jewelry do you guys move in a typical month, or maybe even in the fast months, like just preceding the holiday shopping season?

Meystrik: Preceding the holiday seasons, we will do on the order of 40,000 orders a day. And those are previous numbers. It may get bigger. We’re anticipating a good holiday season.

Gardner: Give our listeners a sense of the type of concern we have here. What are your annual revenues at this point?

Meystrik: We are a private company, but our annual revenues are somewhere around $500 million.

Gardner: So, how do you keep the trains running on time in your application development, and deployment IT infrastructure?

Meystrik: People are the key, it turns out here: Having high-quality engineers that really understand the landscape, and can think out a couple of years and understand where we’re trying to get to. We tried several solutions when we first got here. They didn’t have a lot of processes in place, and we went for a waterfall approach. We really wanted the business to define to us what it is they were trying to build.

If those projects were small, they were fairly successful. If they were medium-size, we could do them pretty well. In some of those bigger projects, time just ran on, and time ran on, and by the time we got to the end of them, we weren’t dealing with the same problem anymore.

When that happens, the software wasn’t necessarily satisfying the solution you intended for it. So, what we’ve done is to move to a very agile, iterative development process, where quality has got to be a part. At the very beginning of this process, from requirements even in pre-discovery, we have QA engineers, and QA managers onboard with the project to get an understanding of what the impacts are going to be. With this we can get the business thinking of quality in the very beginning, with our product managers, and project managers getting a bird’s eye-view of what a real-life project schedule might look like. From there on, our QA is heavily involved in the agile process, all the way to the end, measuring the quality of the product. It has to be that way.

Gardner: What do you look for in a vendor, in the Application Lifecycle Management (ALM) space? What is that you need to make these multi-dimensional problems manageable?

Meystrik: We need the vendors to supply us with products that are open, products that will communicate with one another at every phase in the lifecycle of our product development. We have requirements engineers, product managers, and project managers -- both in the initial stages of the project together with the project charter -- trying to allocate resources, and then putting initial requirements together.

When the engineers finally get that, they’re not dealing with the same set of tools. The requirements engineer’s world is one of documentation and traceability, and being able to make sure that every requirement they’re writing is unambiguous and can be QAed at the end of the day. That’s their job at the beginning.

When that gets pushed off into engineering, they’re using their source code management (SCM) system, and their bug and issue tracking systems, and they’re using their IDEs. We don’t need them to get into other tools. All these tools need to coexist in one ALM framework that allows all these tools to communicate.

So, for example, within Eclipse, which is very, very popular here, you’re getting a glimpse of what those requirements look like right down to the engineers’ desktop, without having to open up some other tool, which we know nobody ever does. Without that, you have this barrier to entry that you just want to avoid. The communications are heavier.

When it comes to traceability, you want traceability all the way down to the source-code level, from those requirements into Subversion, which is the tools we’re using. All the way down into generating test plans out of requirements, our QA engineers are not using the requirements tool; they are using automated regression testing tools and automated performance testing tools. They want to write their test plans, and have bidirectional input in and out of the requirements tools, so they can maintain their traceability. So, all across, it has to be communicating and open.

Gardner: Now, it sounds to me as though you’re asking for a lot here. You want openness, you want interchangeability, but you also want full visibility, soup-to-nuts. You want traceability, and in sense you want both integration and openness. Let’s bounce it back to Brad here. When your customers say that to you, how do you fulfill that sort of a need?

Johnson: Well, it’s not an easy request, but the reality is that we live in a world today where development organizations have to put together a set of very heterogeneous tools. The core of LQM is our test management framework, which was developed was to be very open and to support many types of technologies.

Specifically, we realize that there are a lot of test automation tools out there, and many companies have made investments with other vendors, as well as open source vendors. So our objective around test management, therefore, is really to be able to support other vendors' test automation as well as our own.

We’ve brought in the Silk products from Segue, and certainly the integration between our test management and test automation tools with SilkTest and SilkPerformer is the best, right. But we realize again that there are many other types of testing out there. So test management needs to be the core harness of however organizations are doing their testing.

We’ve realized one thing that’s very important: That 80 to 95 percent of testing is still manual. So we’re spending a lot of time working on how we better enable and make more efficient the manual testing process, as well as the test automation process. From an openness standpoint, we are very focused on creating a platform that supports whatever customers are doing around testing.

Expanding that further, we also realize that as far as requirements management and source-code management, and so forth, there are other solutions in the market as well. So our integration strategy around those products is to support what’s out there, and what’s leading in the marketplace. But we really make sure our holistic platform includes requirements management and SCM, and test management and is seamless and deeply integrated from the beginning to the end.

Gardner: You’ve just come out with some announcements in early October -- the Borland Lifecycle Quality Management Solution -- and it’s a framework approach where you have interchangeability, but you’re also, of course, trying to toot your own horn about what you think are your best-of-breed components within that framework. Give us a rundown, if you would, of what this Lifecycle Quality Management Solution consists of, and how it helps folks like Chris at Jewelry Television manage their complexity, while also giving choice?

Johnson: Sure. First I want to reiterate that recognizing that there’s a need for a lifecycle approach to quality is really the first step. Getting the right management buy-in across the organization, developers as well as business leaders, needs to be the first thing you do before you really think about changing the way you’ve approached this. The other thing is, as companies make decisions about going Agile, these issues need to be considered.

The process I’ve already defined is very important. We understand that, and we understand how to get there from where we are today.

From a technology standpoint, the platform that Borland is delivering allows business users, and business analysts to capture a requirement correctly from the very beginning. We use a workflow-based definition and elicitation tool within our LQM Solution that lets users do that very, very well -- and lets them write in the quality attributes of that requirement. And then they can even take that basic requirement and develop and generate -- automatically generate -- test cases to put into our test management harness. We also deliver a full enterprise-class requirements management framework that is now deeply integrated with our test management framework.

So, as Chris was mentioning, we’ve got bidirectional traceability now between a business requirement that’s driving the project, and the testing requirements for the whole QA process in organization. And then we’re integrated on the test management side with our SCM solution, so that all of the test assets that are created during the testing process can be versioned and source-controlled as well as providing a defect-management capability -- so defects are rooted out of the application throughout the whole process.

So, the technology stack is really a deeply integrated platform for traceability from the very beginning to the very end of the testing process.

Gardner: It sounds as if there is actually a continuum of suites here, right?

Johnson: There is. We have the Silk suite from the Segue acquisition, which is growing and blending into the Caliber suite for requirements definition, and management, as well as our StarTeam suite for software configuration management. Our strategy moving forward is just to continue to make the integrations more seamless, and more valuable.

Gardner: Okay, back to Chris in Knoxville. When you hear this -- and this is just been out, so I know you don’t have it in place necessarily -- does this sound like a good fit? I know you do use some of the Borland brands and products now. Does this give you a big impetus to then say, "I’ve got to have this framework in addition to these individual suites and products?"

Meystrik: It gives me an impetus to go check it out. I am not a very big monolithic purchaser or consumer of technology goods. I like very open frameworks, and to that end we bought Segue before we even thought Borland was in the picture. We thought Segue was the best tool on the market. We did a long evaluation on automated test suites, and now it’s a part of Borland.

We purchased a different requirements management tool that did not work out for us because it didn’t have the openness that Brad’s talking about. It didn’t have the integratibility of the CaliberRM product. It just turned out Caliber was Number 2 on our list. We didn’t do another evaluation. We picked the Borland product.

We had already purchased Together for IDE integration to Eclipse for all of our architects. So we are a fairly large Borland customer. But for all of the listeners out there saying, "Well this guy, he’s into Borland, so of course he is on the call," we kind of stumbled into the whole deal by making some really good decisions. And we believe that the integration between CaliberRM and Silk tool is going to be outstanding. We’ve seen it in action, and it keeps getting better. We’re installing the Caliber products very, very soon to overtake the product that we had in-house, and we’ve had the Silk tools for over a year and half now, and we love them.

Gardner: And what about the use of this framework in conjunction with non-Borland products, I assume that you’ve got some of those too?

Meystrik: We do, and I’m hoping that really works out. We’re very big users of open-source products. We have Subversion as our source code management system, and we actually have made some open-source modifications to the Bugzilla tool for tracking; what we call action request, things that we do to our system. We have heavy traceability between Subversion and the Bugzilla implementation here at Jewelry Television. And we hope to move that traceability all the way up into CaliberRM, and thus all the way over into Silk.

I would like to know when somebody -- when some senior executive -- comes to me and says, "We’ve got this high-level requirement wrong," I want to understand the impact of that all the way down to my source code, and how much quality the QA team already put into uncovering SLAs, and things like that within the code. How much rework is it going to take? I think they’ve got a solution that’s going to do it.

Gardner: Now, within Jewelry Television what group is your biggest problem? And I don’t mean that in a negative way, but I mean, if Monday morning comes around, and you go in the office, who are the people you don’t want to see? Who is your most troublesome internal constituency, and I don’t need names, but sort of a department level or something like that?

Meystrik: I think not in terms of trouble, because we just value our customers across Jewelry Television. This is an amazing place to work, and all the people here are brilliant.

But when I come in and I hear, for example, that we had a huge Saturday and that the call center had to go on paper tickets for an hour. What I know is I have 300 or so people that did not have a very fun hour on Saturday. I take it personally, and I want to fix that problem. That’s a big impact.

There are other areas too. You could have some backups in inventory that affect your customers. All this stuff is very customer-facing. I would say that right now, that’s the area we’re really, really focused. We’ve got a new order management system going out within the next 30 days.

Gardner: And come Monday morning, you can’t go to those people who are doing the paper tickets, and explain to them that you didn’t have sufficient visibility into the requirements process due to a lack of integration between two disparate tools vendors, can you?

Meystrik: No, no. In fact I’m not even sure they would even know what that meant, just because they don’t know the IT world. They'll still say, "We still ran paper tickets."

Gardner: They just want to know that it works, right?

Meystrik: Exactly. They want to know that it works, and they want to know the process is going to get better. They want to know their talk times and their queues are going to go down, and that their customers are going to be significantly happier. We’ve got a lot of repeat customers here, and we want to know we can take care of them quickly, and they can do more shopping on the phone because the systems are more efficient, because we’ve thought about quality from the very beginning. We understand the SLAs that have to happen.

Gardner: Let's look to the future a little bit. You mentioned early on, Chris, when you were describing what you do, that services orientation was important to you. It strikes me that quality, while important in a distributed environment, is absolutely critical in a Services Oriented Architecture (SOA), or distributed services environment. Do you concur with that, and where do you see the importance of quality going as you move more into these independently created services?

Meystrik: I absolutely concur with that. When you put out a SOA and you start doing B2C, and B2B, and business-to-vendor communications on a broad scale -- you basically open up the kimono and say, "You want to communicate with Jewelry Television? This is the service framework that you can use to talk with us. Have fun."

That means that any one of those components that you don’t even know about could be the centrally hit hot spot in the system. You’ve got to be able to uncover, first, what is that hot-spot going to be. And if that is a hot spot, what kind of SLAs do you have to put around that thing? You have to know as you scale up -- whether it’s a down-stream call, or an object, or a method that’s being called by more web services than you thought -- you’ve got to be able to uncover what that hot-spot is and test it, and you’ve to have SLAs around it.

Brad mentioned a little while ago that too many people are doing manual testing, and I concur. We do too much of it around here, too. If we’re doing an Agile method in iterative development cycle, we can’t replay manual testing stuff through every iteration. It doesn’t work. Our QA development step has to become iterative also, they have to be able to manually iterate the first step, and then payload that thing into a regression test in the Silk tool.

This quality becomes just paramount when you go to SOA, mainly because there is non-determinism involved. You don’t necessarily know what your customers or vendors or other businesses are going to think is the most valuable service until you deploy them and they use them.

Gardner: Okay, well, super, I think we’re about out of time. We’ve been talking about the importance of quality in application development, about the necessity for a framework that allows interchangeability, but also coordination management and visibility. And helping us along on this discussion journey has been Chris Meystrik, he's the vice president of software engineering at Jewelry Television. Thanks for joining us, Chris.

Meystrik: Thanks Dana, I appreciate it.

Gardner: And also joining us from Borland Software: Brad Johnson, the director of product marketing, and he’s been talking about the new Borland Lifecycle Quality Management Solution, and why this is relevant now. But it sounds like something that will be increasingly relevant in the near future. I want to thank you also, Brad.

Johnson: Thank you, Dana. It was my pleasure to be here.

Gardner: This is Dana Gardner. I am principal analyst at Interarbor Solutions. You’ve been listening to BriefingsDirect. Thanks for joining us.

Podcast Sponsor: Borland Software.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect podcast on application development lifecycle quality. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.