Sunday, October 15, 2006

Transcript of Dana Gardner's BriefingsDirect SOA Insights Edition Podcast with Analysts Steve Garone and Neil Macehiter

Edited transcript of weekly BriefingsDirect[TM] SOA Insights Edition, recorded Oct. 6, 2006.

Listen to the podcast here.

Dana Gardner: Hello, and welcome to the inaugural weekly BriefingsDirect SOA Insights Edition. This is a weekly discussion and dissection of Service Oriented Architecture (SOA) and related news and events with a panel of independent IT industry analysts and guests. I'm Dana Gardner, principal analyst at Interarbor Solutions and your host and moderator. This week joining me on our panel is Steve Garone. Welcome to the show, Steve.

Steve Garone:
Great to be here, Dana. Thank you.

Gardner: Steve is a research partner affiliated with Ideas International, and is a former program vice president at IDC responsible for web services, integration, middleware, application development, and software-enabling technologies. He has also founded his own market research and analysis firm, The Align IT Group, which is now part of TechTarget. Steve is also an independent industry analyst and I'm told weíll hear more about your plans on that front and your future, Steve.

Yes, you will.

Gardner: Terrific. Also joining us is Neil Macehiter. Neil is the research director at Macehiter Ward-Dutton, based in England. Welcome to the show, Neil.

Neil Macehiter: Thanks, Dana. Nice to be here.

Why don't you give me a quick rundown of your previous affiliations as an industry analyst?

Macehiter: Sure, before founding Macehiter Ward-Dutton at the beginning of 2005, I was a research director with a UK-based analyst company called Ovum, where I headed up a team of analysts looking at software infrastructure research. Before that I spent 17 years working for a variety of vendors and end-user organizations like Oracle, Sybase, Sun, and a few start ups.

Gardner: Excellent. Yes, I think we all have some background in software infrastructure and enterprise software. Before Interarbor Solutions I covered these subjects as well for the Yankee Group and the Aberdeen Group. So, just for the edification of our audience, we're creating a podcast show here that will include a transcript, and us prolific bloggers will be blogging on it as well.

The notion here is that the marketplace has some IT podcasts, we've got a lot of Web 2.0 and social networking discussion podcasts, but as far as I know, we don't have any SOA-focused shows. More and more SOA news, as well as trends, are emerging. This is not just a blip on the hype curve, although there is certainly some hype involved. This is a long-term (perhaps decades long) trend in IT. So, we're going to create our own podcast show on SOA and SOA governance and related subjects. We're going to have industry analysts joining the show as our panel contributors, and we're going to invite some guests; people that are newsmakers as well as other leaders in this emerging SOA space.

So, to start us off this week, there is some fairly big news from some of the biggest players in SOA: BEA, IBM, and Borland. We are going to start with an overview of what the BEA folks have done. I want to hand this off to Neil. I assume that you will look closely at the BEA 360 announcements that emerged from the BEA World Conference in California just in the last few days. Could you give us an overview of what BEA has come out with?

Macehiter: Yes, sure. What the BEA SOA 360 is, I think, is BEA putting a stake in the ground. They see their offerings around service-oriented infrastructure platforms evolving over the next two to three years. There are a number of aspects to it.

One is that they are applying SOA principles to the wave of actual architecture beyond the learning platform, and they refer to this as the micro services architecture. What this is really all about is providing enabling capabilities which are themselves delivered as services and exporting those within the overall platform. They talk about this as a notion of a service network which is actually nothing new in the SOA-based spenders like Blue Titan, which has been acquired by SOA Software. For example, they have been talking about the service network for a significant period of time. So, that's one element of this BEA SOA 360 announcement that really spans the three broad product families: the Tuxedo platform; WebLogic, which is an application platform for service-enabling applications; and AquaLogic, which is the micro-service platform they announced about a year-and-a-half ago.

They've also announced in this part of SOA 360 the WorkSpace 360. They are trying to facilitate a more collaborative approach to SOA that recognizes the roles of the different players in any SOA initiative. All the business analysts, the architects, developers, and the operation staff will be provided the means with which to collaborate. This is really oriented around their repository they acquired with Flashline which, to some extent, addresses the requirements.

I think are predominantly focusing on targeting a broader community with this notion of the WorkSpace. There are also a couple of other announcements. It is slightly tangential ... to the platform, some consulting offerings specifically oriented toward the executive community to develop a business case for SOA and to better understand the business value of SOA, and finally to offer some support services providing automated management capabilities so that you could, for example, detect a problem in the infrastructure and apply patches. It is that service that is really oriented around the infrastructure. That really captures the 360 announcements.

I'd like to add something before you get into the analysis on this. Just a week before, BEA came out with something they're calling SALT 1.1, which stands for Services Architecture Leveraging Tuxedo. This is a Web services stack built on Tuxedo, their transaction processing engine, and allows the users to take C and C++ and COBOL, which are long-term and costly application sets to maintain, and allows them to work within a service oriented architecture framework. I think this has clearly targeted IBM and its installed base of CICS and Z Series -- its mainframes legacy -- allowing you to expose those via Tuxedo as Web services, although you have to inject Tuxedo into this stack.

Now that we've seen a little bit of what BEA is up to, let's talk about IBM. I'll give an overview of this announcement. IBM came out with a series of five new products, a number of enhancements to existing products, and 11 service offerings. They are really focusing on giving their customers flexible entry points into service-oriented architecture through a series of initiatives.

One of the things that is rather daunting about IBM is when they come out with these announcements, it is a laundry list of things and is somewhat of a challenge to fully wrap your mind around them, but they've broken it down to four major categories on the way you would build out your architecture. They call this model, assembly, deploy, manage, govern strategy, or MADMG, and it really amounts to having a services fabric. The lingo here is quite similar to what we heard from BEA.

This is a process management capability infrastructure, and management and then governance overlay to this series of capabilities. In terms of products, they've had the IBM Information Server, the WebSphere Business Services Fabric that we mentioned. And new and not entirely unexpected is their WebSphere Service Registry and Repository product, playing catch-up with the other companies that have done this either internally or through acquisition.

IBM also produced the Tivoli Dynamic Workload Broker and the IBM Change and Configuration Management Database. Those are the new products, and there were also enhancements to IBM's WebSphere Process Server, the Rational Platform and the Workplace Dashboard Framework. They have also come out with a number of services around methodology, and the flexibility and growth of reuse to decrease costs. So, governance links to a service lifecycle management capability focused on the high-level business services framework and BPM, and then also to the underlying infrastructure, and the way to manage that.

Steve, now that Neil and I have gone over with BEA and IBM, two very big players in SOA, have come out with. From your vantage point, have they done a good job providing a "soup to nuts" or a holistic full-service SOA implementation? Or are we still looking at even the definition of what that would consist of? Do we have big holes here or are we almost complete?

Garone: Before I answer the question, let me just throw in one more little element of the IBM announcement which I don't believe you mentioned, and that is they put a lot of emphasis on business partners and on industry solutions.


It has always been very important for IBM to take a lead in that area or at least try to, and part of that comes from their recent acquisition of Webify. But it's part of this overall effort on the part of both vendors and other vendors to ease that transition into SOA. This specific case, looking at how to make specific industries with specific requirements with compliance issues, to make that transition easier. So, I just wanted to throw that in there.

Gardner: Absolutely.

Garone: Well, in order to answer your question, I'd like to step back for a moment and frame this in the concept of what I have traditionally called the platform. My definition of platform is a little bit different from what BEA and even IBM would say. To me, a platform is a piece of technology or functionality around which a vendor builds its community. So, for IBM it would be operating systems and hardware platforms, and for Oracle it would be their database.

The importance of understanding this is really two-fold: The first is from the adoption and sales perspective. Vendors tend to have people gravitate toward them for a solution because their infrastructure and their solutions are built on a major component or a platform that a particular vendor offers. Also, do you go best-of-breed or do you just say I've got an IBM-centric environment, Iíve got an Oracle-centric environment; I am just going to go with them for the solution?

Gardner: Yes, I think this is the big question we are now facing.

Garone: Right.

Gardner: Complete holistic, or best-of-breed -- and if you want to do both, how do you decide where to put what where?

Garone: Exactly, and in the case of BEA, they have been very strong over the last few years building a comprehensive SOA platform, either through its own development initiatives or through acquisitions.

Gardner: Right.

Garone: They have a very strong foundation and legacy in providing very good, if not the best, solutions for middleware and SOA from the technology perspective with any vendor of the industry. That is one of the ways BEA has been very successful and has overcome the platform tendency of people to gravitate toward the wrong platform and go to those vendors. BEA has been successful in fighting that because if you go with my definition of a platform, BEA does not have a platform. It is building what it calls a platform around SOA, but that's basically what it does.

Gardner: Well, doesn't SOA require a bit of a change in that definition of platform? We have design time and runtime issues, and then we have this governance or management that binds the two because of the unpredictable nature of SLAs and demands on these services in an open environment, and the ability for reuse. We are really tying together runtime and design time and the management, and then reinforcing the cycle of the feedback loop among these components. It looks different than the traditional notion of a platform.

Garone: Yes, it is, and that's where I was going with the conversation. I think ultimately there is going to be a line between the platform that is an infrastructure component like an operating system or a database, and the SOA fabric and stack that goes above it is going to be blurred. We are starting to see that now in some other cases and the best one that I can think of is the acquisition of JBoss by Red Hat.

Gardner: Right.

Garone: In this case, an open source platform that is going to incorporate the operating system components required to do SOA and the SOA stack itself, and you're not going to be able to tell the difference. That is ultimately where IBM has to go and that may put BEA at a disadvantage because it doesn't have those underlined components, it has to sit on top of someone else's.

Gardner: Okay. Let's go to Neil. Do you see this definition of platform? We have design time, runtime, and governance capabilities, among others. Do you see BEA and IBM approaching it that way? Are there major holes, and can we expect that the implementations of SOA will cherry-pick among these parts, or will they be forced to go holistic with one because there are very limited number of vendors?

Macehiter: I think BEA and IBM are definitely moving in that direction, and the reason the platform has to change is down to the notion of the service of service-oriented architecture. Service in the real world is something you experience, and in the IT terms and IT service it means the platform needs to extend from the development of the services to their deployment to their operation, and that changes the characteristics and the capability you need within the platform.

I think they are trying to move in that direction and, depending on where they are coming from, they have different strengths. IBM has strengths ... and capabilities you need from the development side. BEA has a slightly different emphasis and tends to focus more on the development and deployment, but undoubtedly we are trying to move in that direction.

The point that Steve raised was very interesting: the example of Red Hat acquiring JBoss, and the development and infrastructure platform becoming indistinguishable. Think about and pair that with where Microsoft has been coming from around service-oriented platform.

Gardner: That's a great point.

You know, .NET has distinguished Microsoft's historical struggle because people want to know where the applications server is, and the reply is that it is Windows; people would look blankly and say that is not an application server, but that's the way Microsoft has been pushing it. I definitely think that they have all moved in that direction.

The second point is will it be better to be best-of-breed or will people gravitate to particular dominant platforms? I think the jury is still out on that. It entirely depends on the scope of an organization's SOA ambitions. For example, if they're looking to address some particular project-level server requirements, all departmental solutions and departmental requirements, and they are adopting a SOA approach, they might as well turn to a best-of-breed vendor.

Vendors like Sonic or SOA Software have been quite successful. When organizations start to consider more enterprise initiatives, who are they going to turn to? I think their natural inclination is going to be to gravitate to the big players and then look for the gaps. There are undoubtedly gaps; for example, products of the IBM announcement. Organizations would be looking for a combination of IBM and a Systinet (Now Mercury and HP) to provide registry and repository. Similarly, they will be looking at the BEA offering and looking for gaps there. How well do those BEA [products manage] identity and security? Well, only to a certain extent, so again they're going have to look for best-of-breed capabilities there.

The enterprises will gravitate to the big platform providers and then plug the gaps with best-of-breed capabilities. We will not see this sort of wholesale method of the best-of-breed solutions to implement, to support our SOA initiatives. If you are doing it at enterprise scale, potentially there are quite significant risks. The organizations will fight, plus many organizations are grappling with their sourcing strategies and looking to consolidate suppliers. If you have a massive, significant investment in SAP or ERP backbone, it is likely that you're going to at least consider SAP NetWeaver as part of the solution, and look at plugging the gaps that exist in NetWeaver around things like governance and identity and security.

If I can just interject something here, Neil. Your point about NetWeaver is well-taken, and if you could turn the original model I talked about, and say that for those people the SAP applications are the platform, that gives a lot more clarity to the notion of platform I originally presented. You are absolutely right; if you watch the big code and cross-platform vendors like IBM and Oracle, they try to walk this tightrope between -- we've got this comprehensive set for SOA that's going to make it really easy for you develop, deploy, manage, and govern your services-based implementation, but, by way, if you have a best-of-breed solution in-house, we can easily integrate that for you, and they will use an industry standard-based argument to make that point. End users really need to look carefully; just how easy and inexpensive is it to use that level of integration.

Macehiter: Absolutely. Oracle has been working with the idea of whole pluggable and BEA probably as micro service. The architectural announcement was the blended approach that BEA has been adopting primarily around the development platform.

Garone: Although that's mostly centered on open source.

Indeed. I think if you know how blendable or how pluggable or just luke-warm pluggable .... You know there are some important questions to ask because itís not just about having a list of WS.* specifications. You know we can interoperate with those things. It is how well the governance capabilities you have within your platform and to exploit them; can you manage those plugged-in components in the same way that you manage the rest of the infrastructure? There are a lot of other questions you need to be ask.

I'm developing an analysis of this I'd like to run by you. When it comes to deciding between best-of-breed and holistic-integrated stack -- and I agree that there are going to be cases where an installed base is going to have an influence on decision making. For example, if you are a big Oracle shop, if you are a big SAP shop, if you are a big Microsoft shop, those have implications on your decisions and strategy.

On a more general note, it seems that developers are really not going to give up on their need for best-of-breed. They like to cherry-pick their tools, they are increasingly involved with Eclipse, they like the idea of plug-ins. Shoving a new tool down the developer's throat is not going to work.

I'm developing this analysis that says best-of-breed is going to continue; in fact, it needs to be absolutely supported in the design-time phase and test-and-debug phase and those early lifecycle quality issues for SOA. But, when it comes to deployment, there is this move in the market for unification, for consolidation, for lowering total cost, reducing the number of data centers, modernizing your all legacy applications, taking advantage of Web services standards, moving toward SOA.

It seems it is in the runtime, the operations side, where there's that need for a single throat to choke -- this is where a large vendor can be there on a services support and maintenance capability front where it also has big ecology partners and a support infrastructure. That's where you need a single large vendor. But then there is the third component of the platform that we described for SOA, which is this governance and policy, which needs to be relayed back to the design time efforts.

We are seeing this land grab, this race, for governance capabilities. So if you have two out of these three components -- let's say you have governance and runtime -- you will be able to work with the best-of-breed approaches in design time. Governance becomes the large winner here, because it ties runtime back to design time. Hence, we've had a very fast series of acquisitions, and also announcements like the IBM Registry and Repository announcement this week, toward the governance play. Does that make sense to you all?

Yes. I think your analysis makes sense. I think you said that if you have the governance in runtime, then you will be able to accommodate the development side and the best-of-breed on that side. Well, there are a couple of things that I'd like to say about it. It is basically sound; the only thing I would say is the openness in terms of the governance in runtime is going to be a requirement. They are not going to be nice to have and they are not going to be something that allows you to do something. It's something that is going to be an absolute requirement in the eyes of users.

I absolutely agree with that. The sooner you bring the governance into a coordinated methodological role with the development, the better your quality will be in a lifecycle rather than just developing and then throwing over the wall and hoping that deployment people can work with that. I absolutely agree.

Garone: Yes. I just want to mention quickly that the actions over the last four or five years of the major vendors we talked about earlier in terms of reaching out to developers, making all their tools and development environments validates that the developer is the one you have to make happy on the development and deployment side. They are all reaching out to do that. The vendors are actually attempting to not only put a full core press on in terms of bringing in developers, but they are also trying to impress those developers so they think they are buying best-of-breed when they buy from an IBM or Oracle.

Gardner: Right. How about you, Neil? How do you see this view I've provided?

Though I think your analysis is on-point, I would emphasize that the organizations need to be thinking about governance more broadly than many of the vendors have been promoting. [Governance has been] primarily focused on the development ... side, and to some extent paying lip service to the fact that those governance assets -- the assets you have in your registry-repository -- need to be exploited throughout the entire lifecycle.

This is why the acquisition of Systinet by Mercury and then subsequently by HP is quite interesting. And thinking about the gap that needs to be plugged there. For example, how does SOA registry-repository compare to a configuration management database (CMDB), which is at the heart of their management and monitoring capabilities? I absolutely agree with the analysis in terms of interoperability that is needed from the development side, but I think you equally need interoperability at the management and runtime because it goes back to this point: A service is something you experience. You don't actually experience the service when it's being developed and deployed. You experience it when it's being run and operated.

That is the other angle of governance that we need to highlight. It was interesting, for example, when IBM announced the WebSphere Service Registry and Repository product that they did not talk too much about the integration, and how activity assets, activity complexity, and application manager are going to be exploited.

Gardner: All right, now let's get to some of the blogs that went back and forth this week. You and I were in it, Neil. Some folks were saying, and I believe were playing off of recent analyst reports, that Oracle and SAP will also be shopping for registry-repository product -- only there doesn't seem to be too many of those proven vendors left.

I wrote that I thought Oracle and SAP
would be more likely look to a home-grown effort, and that Oracle and SAP are probably well on their way to producing a registry-repository, or a governance capability, internally because it does need to play off of their previous or existing management, as well as their strengths and their logic and policy approaches. Now we can swing the conversation into the vendor politics, or vendor sports, side of things. Who is the demonstrating a top-ranked approach?

It seems that IBM and Microsoft are doing quite well, although that is closely tied to installed bases. We are seeing some action around these other players that are still putting together comprehensive SOA platforms. Neil, you mentioned earlier Red Hat-JBoss, and then the Mercury acquisition by HP. It seems to me that HP is coming into this rather aggressively because it has a large management capability with OpenView. It's adding on the quality assurance benefits in the early phase of the design time with the Mercury traditional products, and then with the governance from the Systinet part of Mercury. And then also there's a very close relationship (that doesn't get a lot of attention) between Red Hat-JBoss and HP. They become, in a sense, an open source software platform.

So, here's an open-ended question: Who's ahead in the SOA race here, and who is not doing so well in terms of putting this all together?

Well, I'll jump in. It is very difficult to say who is ahead. As an ex-IDC analyst, I tend to think of those things in terms of who produced the most revenue in a given year on SOA-related products, which, of course, always seems to exclude Microsoft, for the reasons that Neil stated earlier. But I don't think that's the right way to look at it -- in terms of revenue.

IBM certainly has done a lot to steal the thunder in terms of messaging around SOA. They have introduced a lot of products, acquired a lot of companies, and put together a what looks like a comprehensive solution. The "baggage" there, of course, is that a lot of this comes through legacy products that have to be brought up to date, up to speed, and relevant to SOA. The question for IBM is going to be just how well have they done that and I think the jury is still out on that. I have always been a fan of BEA, although they've always had challenges in terms of the platform issue I mentioned earlier, but also in terms of coming out of a very technology-based background and marketing itself better.

I think they are all doing a very good job in terms of filling out the platform. You positioned IBM earlier as introducing a registry-repository because everybody's got to have one, and now they do as well. One of things that you brought up was HP. One of the things that is interesting to me, and I am going to be spending some significant amount of time on in the near future, is the Venn diagram overlap between SOA and the virtualization space.

It popped into my head because you mentioned HP. HP, as we all know, left the middleware business a couple of years ago, so its relationship with Red Hat and JBoss (now that Red Hat has acquired JBoss) makes perfect sense in terms of filling that in. But when you combine the governance issues and the other issues around building and managing SOA -- and put it in the context of being able to virtualize assets, and therefore where services are deployed and how they are managed -- that gets to be an interesting problem, and one that both IBM and HP are going to be fairly well-positioned to be able to solve.

Gardner: I guess I should also toss out for the sake of our audience that the stakes here are enormous. Larry Ellison made a prescient observation a few years ago that there is only going to be three or four major IT vendors at the end of the day, in 10 years or so. I agree with that. There is going to be a fomenting level of small companies that are innovative, but when it comes to the large enterprise accounts, there is going to be a consolidation. At the same time, there are these large transitions to services in the architecture. The companies that nail this are in a position to have the continuance of their $20 billion to $80 billion a year revenue engines. For over a long period of time we're talking about a global market potential here of $40 billion to $60 billion a year when it comes to the full implementation of service oriented architecture. So the stakes here are enormous.

Neil, let's go back to you for one more take on ranking the big guys, and how they are doing.

I think, you know, I tend to agree with Steve. IBM has certainly done a good job of winning the mind share in terms of being perceived as a SOA leader, and has done a lot of work to promote the customer engagements it has had. On paper, it certainly has a lot of the components you need for a comprehensive SOA capability, and I use the word capability because of the services element, which I think is important to know. In fact, BEA made some specific announcements around services and ...

You mean professional services?

Yes, consulting services.

Gardner: Right.

Macehiter: So, I think IBM has done a good job. Microsoft is out there really addressing a slightly different audience and building from a different point of strength, which is out from its developer community.

With Oracle there is still some confusion around Fusion, especially for their applications and middleware strategy. They have actually done a pretty good job of building out their portfolio to address a broad set of the requirements. Perhaps some management pieces are missing. They have made some very small acquisitions. I think SAP is building from its point of strength around control of the business processes, and working at a high-level within the organization. It doesn't have so much of the core infrastructure capabilities you need.

So, I think it's interesting to watch the dynamic. A lot of it depends on the comparative strengths of the vendors historically. I think there is a tier of players below that like webMethods, SOA Software, Progress-Sonic that, if you like the known big vendor alternative, I think will primarily appeal initially around this whole project level deployment. I think it's an interesting space.

If we look at those second tier players through this taxonomy of best-of-breed in design time, completeness in run time, and then linking that together with governance and policy -- how do you see those second tier players being able to operate within that sort of framework?

Macehiter: They had seen some initial success, which is not unusual in an emerging market. But it is more about addressing the customer concerns around viability, around the longevity of that vendor. Are they going to be around? Do they have the vertical market expertise? It is going to be interesting as these markets evolve and you see the tier-one players gradually emerge as they did with client/server and client/server development tools. They gradually subsumed the mind share there, and there were a small number of players left.

Yes, we saw the same thing with distributed Java.

Exactly, I think that it will be the same. This will probably allow for one of those mid-size players to really have a significant play, not at the same level as the big players, but to be recognized. You can see the companies I've mentioned, SOA Software, Progress, webMethods all vying for that place.

Yes, another announcement this week was from Borland Software. They came out with their Lifecycle Quality Management (LQM) solution, which is a series of suites really, focused primarily on design time but with implications for working on an open basis with governance and policy. I wanted to bring that up because this has cast a new light on Borland, particularly when HP bought Mercury. Having this design time quality assurance capability, all a sudden, is much more prominent in SOA. Even though we might not put Borland in the category of a second-tier SOA provider, I think we can look at them now with more interest as a best-of-breed player within SOA nonetheless.

Garone: Yes, I think that makes sense, Dana. You know if I look at the announcement and I look at what Borland has done here. It is something that is obviously needed and necessary, and plays well in the context of a governance model. It also makes sense for Borland, given the kind of vendor they are and what their history has been. It really builds on this notation of giving developers what they need to build effective solutions but not only bringing it all the way through the entire development lifecycle in terms of quality assurance, but also bringing things back all the way and bringing the notion of governance and quality back to the requirements themselves.

Gardner: Yes, right.

Garone: I think that's really a very positive thing for Borland to do. It was probably something Borland needed to do, given the fact that everybody around them is building comprehensive SOA stacks. We all remember five or six years ago they were playing to the middleware space, which didn't go very well. So, this makes sense. There is somebody to watch. My sense is that the result from this is less a move into other areas of comprehensive stacks, and more in terms of partnerships and relationships with other vendors.

Gardner: Okay, gentlemen, I really appreciate your frankness and insights. I think we've had a really nice discussion.

As part of the BriefingsDirect SOA Insights Edition format we're going to do something different than you might get from your traditional IT industry analyst. We are going to have a little pause for disclosure here. It will be interesting to know who, for transparency purposes, we are working with on a revenue basis. I'll go first. We've mentioned a number of companies during this discussion, but I just want our listeners to know that I have a business relationship, in fact a sponsorship for my BriefingsDirect podcasts, with Borland, HP, Cape Clear and Eclipse Foundation.

So just to come clean, I wonder if you other guys want to mention the companies that you work with as well, so people better trust us.

Macehiter: Yes, I'll just quickly dive in here. In terms of the vendors that I've mentioned off the top of my head, once we had consulting engagements with and a revenue relationship with BEA, IBM, Microsoft, Systinet and Mercury.

Of the ones we've talked about today, the only two are IBM and HP.

Terrific. Okay, I would also like to point out to our listeners that if you'd like to learn more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, feel free to contact me, Dana Gardner, at 603-528-2435.

I want to thank our panelists today. We have been discussing service oriented architecture and the SOA news of the week with Steve Garone. He is a research partner affiliated with Ideas International, a former IDC vice president, a founder of the Align IT Group, and is now an independent industry analyst working toward some other interesting goals. I hope youíll come back soon to tell us about them, Steve.

Garone: You can count on it.

Gardner: Thank you. We've also been talking with Neil Macehiter. He is the research director at Macehiter Ward-Dutton, an analysis and consulting firm in England. Thank you, Neil.

Macehiter: You are welcome, and thanks a lot, Dana. Thanks Steve.

Garone: Thank you.

Gardner: So, let me remind our listeners to come back again next week for another version of BriefingsDirect SOA Insights Edition. Thanks.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Wednesday, September 27, 2006

Full Transcript of Dana Gardner's BriefingsDirect Podcast on Calendar Interoperability with Scott Mace

Transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Sept. 19, 2006.

Listen to the podcast here.

Dana Gardner:
Hi, this is Dana Gardner, principal analyst at Interarbor Solutions and you're listening to yet another edition of BriefingsDirect. Today, an overview discussion on calendar interoperability and how open calendars are increasing productivity. Joining us is Scott Mace, editor of Calendar Swamp. Welcome to the show again, Scott.

Scott Mace: Hi, Dana.

You are an aficionado and an expert looking into the issues around calendar and calendar interoperability.

Mace: Yes, I have used a whole bunch of them but I’m mostly interested in getting them all to talk to each other.

Gardner: Right. Well, let’s just dive in and talk about a couple of things on a level-set basis happening in the industry, such the pending drop of the final version of Microsoft Office 2007 -- about three four months from now. People are monkeying around with the betas, developers are getting used to what they can do with their tool set and Office 2007 and the burgeoning chorus of Microsoft Live products. Why don’t you give us a quick overview and a catch-up on the Microsoft stuff?

Well, Microsoft has made progress on iCalendar support, which will be very useful for getting the information in and out of Office 2007. As you know, the current version of Office hasn’t always been very friendly as far as getting your calendar data out to some other format. So, this support is going to be very solid.

The only challenge facing Microsoft is that the bar is moving. It has not stayed still while they have been finishing Office 2007. The new standard to watch is called CalDAV, which is an iCalendar extension that kind of makes iCalendar into a more of a service -- a Web service, if you will. And it’s easier to publish and subscribe to, as opposed to just import and export.

What do you mean by publish and subscribe? How does that relate to interoperability in calendars?

The same way that you can subscribe to an RSS feed today -- such as this podcast -- you will soon be able to subscribe to a particular calendar. There is a mechanism to do this in iCalendar but it’s often not fully integrated, and so what you end up with is that you pull down an iCalendar file and it comes to you as a file. You don’t have a sense of flow.

If a new event is added, you might have to go pull it down again. In a way, CalDAV makes it a more "pushy" kind of phenomenon. It’s a way of more fully automating and integrating the flow of calendar information back and forth, especially when we start talking about specialized extensions like free-busy information. CalDAV is really the cutting-edge, and we are seeing that become a focus of great interest.

Gardner: Who is behind this particular standard? Is this a neutral third-party body? How does this standard become ushered into the mainstream?

Mace: The group that’s championing it is called the Calendaring and Scheduling Consortium, or CalConnect for short. Dave Thewlis is the executive director. I recently interviewed him at my Opening Move podcast over at, and there you have a variety of interesting participants. Most recently, Apple Computer joined CalConnect and announced that their Leopard server would include a full implementation -- in open source -- of CalDAV. So, they are promising to do an iCal server that will be open source that will support CalDAV fully.

Gardner: Just for the edification of our listeners, Leopard is the next version of the OS X Macintosh operating system that’s due, I believe, in April of 2007.

That sounds right.

Gardner: As an OS X user myself, I am somewhat familiar with calendar subscription and publishing. In fact, my wife and I trade calendars; I can see her calendar and she can see mine, because we both subscribe to each other’s. We can also get the Red Sox calendar, which you know has game times, which is kind of neat -- and also U.S. holidays, which get embedded into your calendar. So, there is some of this already going on. Now, what’s going on within OS X in this calendar? Is that the same as the standard-based iCal, or is that something that Apple did on it’s own?

No, Apple is implementing the standard as currently defined by CalConnect. We have work to do on other clients to support CalDAV. One of the most famous clients that’s supposed to support CalDAV out of the box is the long-awaited Chandler client from the Open Software Application Foundation, which is Mitch Kapor’s project to reinvent the personal information manager (PIM).

Gardner: So, now back to Microsoft and Office 2007. With the Outlook client within Office 2007, we’re going to see iCalendar supported, but not CalDAV. Is that right?

Mace: Not at first -- at least as far as I can tell. We may see some support forced in Microsoft Exchange. It seems like whenever Microsoft can go no further, they at least begin to throw support for such things into Exchange, which is fine if you are a corporate customer and an Exchange shop. As far as the more standalone Outlook client, I wouldn’t be surprised if it takes some amount of time for Microsoft to support iCalendar. It's still the case that they support some of these standards somewhat grudgingly and somewhat later in the game than others, and now iCalendar is a good example.

Gardner: I certainly would find the use of iCalendar in Outlook productive because there are folks that I work with who are using Outlook -- that’s your calendar -- and I am using Mac OS X, and, as I said, I can subscribe to my wife’s calendar because she is an OS X user too. But when it comes to some of my contract workers and other friends, I can’t do that. I think that will be an important productivity boost if we could get that level of interoperability. Or am I overstating the case?

Mace: No, I think you are stating it correctly. Here is the other problem: Microsoft is not as focused anymore on following Apple’s lead on every little thing. I think you know this. The participant that needs to embrace some of these standards more fully is Google. I’ve heard it said by various knowledgeable people that if Google supported CalDAV in their calendar tomorrow, you’d very quickly see a response from Microsoft -- at least a commitment or a statement of direction -- because they’re simply so much more competitive with Google on the whole Office suite.

I believe that it probably would be less challenging for someone like Google to support CalDAV than for Microsoft, just because they don’t have all that legacy to pull behind them. But so far, Google has not committed to supporting CalDAV. I recently for the first time met Carl Sjogreen who runs Google Calendar and I asked him if they were going to join CalConnect and support CalDAV, and he was noncommittal. So, they have a lot of different things on their plate and won't get around to all of them, but I think that would be the ultimate leverage on Microsoft -- for Google to embrace it.

Gardner: Okay, I suppose another pivot point in terms of leverage with Microsoft -- in terms of their going to more standards -- would be from the other big player in enterprise messaging and calendar, and that would be IBM Lotus with Sametime and Notes/Domino. What’s the status of what IBM is doing vis-à-vis calendar?

IBM is a participant in CalConnect and, unless I am mistaken, they were involved in the interoperability demonstration this summer, where a variety of different vendors demonstrated interoperable calendar free-busy information between various calendars. I believe that the IBM Lotus offering was one of those participants. So, they are staying up with the standards.

I suppose another interesting aspect of Sametime and Notes is the increased usage of RCP, the Rich Client Platform -- the Eclipse Foundation project -- as a basis for more and more of their client architecture. Does that have a relationship to calendar interoperability that you are aware of?

Well, it’s interesting. I went to OSCON this summer and it wasn’t clear to me whether Eclipse was going to embrace within some their own projects any of the calendaring standards, or whether perhaps there would be some further effort at Eclipse. I think maybe there is interest there, and the Eclipse folks are watching this, but right now I haven’t heard vis-à-vis RCP anything about calendar support per se.

Gardner: It certainly sounds like a powerful and interesting thing to bring a publish-and-subscribe calendar function into a rich client standard. Even if it doesn’t become your main PIM, it could be something that would be of value, as well as an embedded RSS capability into some of these clients. Do you agree with that?

Yes, and the thing is, if people don’t go whole-hog for standard support, what they will sometimes do is create a plug-in. I don’t know if that exists yet, but I could speculate that there could be an Eclipse plug-in that supports the Google Calendar API. This wouldn’t be the hardest thing in the world to build, and you are seeing a lot of effort and lot of activity around standards like the Google Calendar API, which is it’s own de-facto standard. It reaches out into lots of different communities: the Java community, the .NET community. Those kinds of things are going to be built every day.

So to look at the current landscape a little, we’ve got IBM and Apple in the CalDAV camp; we’ve got Google apparently assessing this, and we have Microsoft as recalcitrant in terms of adoption on a leading-edge basis. It seems, though, that Google is the important player. Is that how you view it?

Mace: That’s how I view it. But Google still has a lot of other things on its plate. Again, I talked to Carl Sjogreen at Google, and one of the things that they are most focused on is creating a great user experience for groups of people trying to arrange get-togethers. And so, this might mean -- I am guessing -- maybe half a dozen or a dozen people trying to coordinate a calendar, which is one particular kind of calendar interoperability problem.

I think, knowing what I know about Google and the whole social dynamic that it’s been responsible for, I can see very well that they might be focused on that. My particular focus tends to be on two people -- or bilateral kinds of calendar communication -- where you might really just want to have everything very closely in synchronization. The problem of getting a dozen people in the same place at the same time -- it’s a different problem. So, because Google is trying to solve the problems that they see their users having, they may not get around to solving these other problems until later. It’s just a prioritization issue, and even at Google they have to prioritize.

Gardner: When we last spoke, Scott -- probably three or four months ago, when we did a podcast on some of these issues -- we were both intrigued by the prospect of Google becoming a focal point for calendar interoperability. They might be able to draw inferences from what people do with their calendars in order to augment their existing business model around contextual advertisements. Do you still think that they are heading in that direction, and wouldn’t their being somewhat neutral vis-à-vis the standards help them toward that goal?

Well, I think they are heading in that direction. Whether they are making the kind of progress that people expected to make by now is an open question. There’s certainly lot of developer interest around this. Every day I see something interesting. There has been a recent thread about implementing the Google Calendar API on pocket PCs, which really gets my interest, but this isn’t quite a panacea because what they are really trying to do is just properly display Google Calendar on their device.

Once you have got something like that, then people start trying to make it sync with what’s already on the device. So, there is lots of developer interest and more so, with the Google community than Yahoo! or any of the other online calendars. I have gotten some flak for not talking about other online calendars, but they are all good. It's really just a question of who’s got the momentum in terms of the developer interest -- how many developers are poking around with any particular calendar.

It seems to me there might be some parallel here between what went on in the instant messaging space, where we had a lot of different companies with unique instant messaging clients, and perhaps their own service. But it wasn't until Jabber came along, and people had to eventually go in with that [as an interoperability standard]. Do you see a similar path or progression with calendar interoperability?

Mace: I don’t know. I think there are different characteristics. For example, the way Apple has come out with such a wonderfully elegant solution early on. In a way, I think they outdid what AIM [AOL Instant Messenger] was able to do.

I mean, iCalendar on the Mac is just a truly wonderful solution. The problem is, it hasn’t been openly adopted. I think that we also don’t have the kind of phenomenon in calendaring that we did with Jabber. A lot of people are wondering just how long it really is going to take, because it's already been several years. I’m still waiting for something to come out that’s as viral as Jabber and that just completely starts to spread. You can find Jabber on all sorts of devices.

That’s still not the case with any open source or open standards type of calendar. I also would like to throw a rock back at the mobile phone people, who really have been behind the curve here. If you manage to get any data out of your mobile phone calendar, it's probably going to be in vCal, which is essentially an extinct format at this point. You may be able to pull it into something else but it’s really the lowest common possible denominator of calendar interoperability.

Gardner: I've solved that problem. I stopped using the calendar and address book in my mobile phone altogether, and I usually take my iPod with me wherever I go. So, I have my iPod in one pocket and my cell phone in the other. And whenever I want to look for my calendar or my addresses or phone numbers, I use my iPod, which of course, syncs back to iCal and the address book on OS X. Then I simply punch in the number on the cell phone. Now, I'm using wet-ware -- or sneaker-ware or thumb-ware, whatever you want to call it -- to go from my iPod to my cell phone, but it’s the best solution.

Yeah, I think that is a great solution for a lot of people. Also there are just people who are going to use a browser. For them, any browser-based online calendar will do. They often don’t care that when they are away from the Internet, their calendar is something they have to print out or remember -- whatever. There are still a lot of people in the final analysis who will want it in the palm of their hand, even in an offline mode. I’m just going to continue to probe and press the industry for solutions that can work in every possible situation. So, really I deal with that as a no-compromise solution.

Speaking of mobile, what about what Dave Winer has done with his Web content readability benefit on mobile devices? Does that have any impact on someone who has got a Web-based calendar? Would they be able to use his approach to reading that on a mobile device?

You know, I don’t think so. I haven’t read anything about what he is doing that has any impact on calendaring. It sounds like great technology, though.

It might be an interesting thing to look into. Going back to Google, I recently began receiving emails from people using Google Calendar, and the email consists of nothing but an attachment or two that look like little hash boxes but that end up automatically populating my OS X calendar with events that were taken out of a Google Calendar. Is it because of iCal? What is allowing this to happen, and what is going on here?

Yeah, there is some iCalendar support. It’s very encouraging to hear that people are using it. It doesn’t synchronize anything necessarily, and I wonder what happens if that same person then sends you an email or to change the time of that appointment. You might end up with two different appointments in your iCal and have to remember to delete the first one you got. But, every little bit helps.

I mean, what we are all trying to get away from is the kind of wet-ware, where you just get an email and you have to laboriously cut and paste from that email into your calendar. So, any kind of structure helps. It’s not that I begrudge the things that are low-structured. It’s just that I think we can do better. And it’s also a cultural thing when somebody gets something like that and it’s an attachment. How acclimated are people to knowing what to do with that? I think on the Mac, people are more acclimated to it. I work with a learning curve, because I am sure when people first get Outlook 12 [part of Office 2007], they don’t quite know what that is, and have to learn how to deal with it.

Gardner: Now, let's look toward the opportunity for doing commerce and new business activities through this calendar interoperability function. I am thinking about what Skype, as a division of eBay, has been doing with the equivalent of Yellow Pages and click-to-talk when it comes to ecommerce, or mobile commerce, or looking for new retail types of commerce.

It certainly seems to me that having a calendar function is an important element within this move toward automated commerce -- one that joins the element of the temporal, of the time and space, to sort of a virtual commerce activity online. And it would seem to me that people like Amazon, eBay and Yahoo!, among others, would be significantly advantaged in a progression toward this vision, if there was this level of calendar interoperability. Therefore, they should be somewhat of an impetus or force to make this happen sooner. Why is it that folks like Yahoo!, Apple, Amazon, and eBay are not moving the big players like the Googles and Microsoft on calendar interoperability?

Mace: Well, Yahoo did make a move. They bought, which does provide this sort of public-facing calendar service that you are talking about. And there is a player, which has not been acquired yet, and as far as I know is not for sale. It is EVDB, which provides the Eventful service.

I had a nice chat this summer with Brian Dear, who runs that. They’ve cracked the code for TicketMaster, so all the TicketMaster events have been exposed as calendar objects within the Eventful Service. I think that’s the beginning of something that can be much, much bigger. I totally agree that some of the players involved haven’t really stepped up to the bar. I can see Amazon doing lots of interesting things with calendar information, but so far I don’t see any movement there. eBay -- I have no real idea what their consciousness level is about calendaring, but Yahoo certainly gets it. I think eventually, probably somebody is going to snap up EVDB and then that will probably represent some of the cutting-edge on this.

Gardner: The migration path for this could be on local commerce. For example, it’s nice that I can go and locate a pizza parlor in my neighborhood and I can click on a button and get into a VOIP discussion with them to order a pizza. What I’d really like to do is click on an icon that would get me into the calendar of a plumber or a landscaper, or even a doctor or a veterinarian, so that I can shop and do errands. If someone can take my dog for a haircut next Wednesday at 2 p.m., when I am available, and there are three vets in town -- the one that’s open to me on my time gets the business. I know that’s a little bit of a pie-in-the-sky idea, but the technology certainly seems capable of that. On a local level, it could it be really a much more automated way for local small businesses to generate additional sales.

Sure, and when you think about all the junk mail you get saying, "Come to our sale for one week only," or, "This coupon expires on such and such date," that information ought to be able to be fed right into a calendar. We have to worry about calendar spam, of course, so that’s something to be thinking about. But why shouldn’t the consumer of this information, if they so desire, have all that flow right into their calendar in the appropriate way, instead of forgetting about it.

Not to mention the travel industry -- when it comes times to be booking things while you are on the road, another interesting aspect of time-oriented commerce.

Yeah. Did you notice -- I think the company was called FareChaser -- and what they do is they’ll predict when the sale for particular sites can be lowest based on a bunch of information they collect. And so that would enable people not only to get the best price, but to know when to get that best price. It’s kind of fascinating.

I think I may have stumbled upon an interesting acronym here, Scott. When I said, "time-oriented commerce" -- well that comes out to “TOC.” So maybe we could also do “TIC,” which could be "the interoperable calendar, " which would give us TIC TOC. What do you think?

Okay. Sure.

Gardner: Sorry. All right, Scott, I appreciate your time and your depth of knowledge and for updating us on calendar interoperability. And I certainly hope that more of the capital “I” in interoperability becomes apparent among these major players. And if not, then that some of these other smaller players that you mentioned start to increase the adoption of these standards.

Well, tell you what. When Office 2007 ships and I install it, we’ll arrange one of our future phone calls by spinning calendar objects back and forth rather than emails.

Gardner: That will be a very nice thing. Okay, we have been talking with Scott Mace, the editor of Calendar Swamp and an expert on calendar interoperability and standards. You can find out more information on Scott and his services at You have been listening to BriefingsDirect. I'm Dana Gardner, principal analyst at Interarbor Solutions. Thanks so much for listening.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect podcast on calendar interoperability. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Sunday, September 10, 2006

Full Transcript of Dana Gardner's BriefingsDirect Podcast on Network Services and SOA Convergence with Cisco's Bill Ruh

Transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Aug. 23, 2006.

Listen to the podcast here.

Dana Gardner:
Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect. Today, a podcast discussion on a mega convergence point, the intersection of advanced intelligent network services and applications as services, otherwise known as Services Oriented Architecture (SOA). And joining us to discuss this rather weighty topic is Bill Ruh, the vice president of Advanced Services at Cisco Systems. Welcome to the show, Bill.

Bill Ruh:
Dana, thank you very much.

Let me provide some more background on you and what you do at Cisco. You've been 20 years plus working in enterprise middleware and integration, and you are currently leading the Services Oriented Network Architecture (SONA), as well as the Application Oriented Networking (AON) services teams worldwide at Cisco. Previous to that, you were a senior vice president and CTO at Software AG, and you’ve worked at Mitre and IBM.

Furthermore, you’re an author, and in July of 2004 published a book called, "Enterprise Integration: the Essential Guide to Integrations and Solutions." Previous to that came, "Enterprise Application Integration, " as well as "Inside CORBA" and previous to that, "IIOP Complete. " So it sounds like you’ve got a pretty good handle on integration, Bill.

I’ve seen a lot of the trends and a lot of the technologies come and go over the last 25 years to help us solve this problem.

Based on some of the presentations I’ve seen you deliver, we are at this mega-tipping point -- not something that is just a continuum of what’s happened in the past, but something that seems quite different. This is largely due to SOA, virtualization, network convergence, intelligent network services, a higher level of standardization and open source. This all seems to imply a bit more than the typical roadmap, something that is quite new. I think you called it "integration for everyone." I wonder if you could start our discussion by sort of explaining what you mean by "integration for everyone."

Ruh: It certainly does feel like we’re about ready to enter and move up to another plateau in technology. In my experience it’s like client-server, or certainly like the Internet age. Then, we went up to a new plateau with the technology, and this has that same feel. I call it "integration for everyone" in that previously when we have talked about integration, it has been very much technical, the very technical integration of tying together systems.

But, when we start to look at where we’re going now -- in both the number of things and the kinds of things -- what we’re trying to do with those things in tying them together now is very different. In fact, we’ve got a movement from where we used to just have a few devices to where we have the Internet. We’re tying together RFID tags. We’re tying together sensors. So we’ve got a real change in the kinds of things that we’re tying together, where it’s not just technology things. It’s things that are going to be more business-oriented.

The idea of sensors, the idea of tags, the idea of "what is the device on the network" -- that is changing. We also see that the kind of things we want to do with integration is changing. It used to be that integration was really about taking information from one system and integrating it with information from another system. The kinds of integration we’re talking about now is also fundamentally changing, because what people want to do now is more about interactions than about production and transactions.

Now that I know that a temperature gauge in a refrigeration unit has gone off, well, what do I want to do with that? I want to not only sense it, but I want to respond to it. I want to tell somebody about it. This idea of collaboration means that I’m not just integrating applications in a technology sense. I’m integrating people and processes into this. So, when you look about "integration for everyone,” what we’re really talking about is not just technology integration. We’re now integrating all these devices and all these sensors and all these people and all these cell phones.

We’re now taking those integrations and its not just transferring information. We want to collaborate. We want to bring in this idea of communication. When I talk about "integration for everyone," it means that it’s integration for me. It’s integration for my son or daughter. It’s integration for everyone so that they get all the services and capabilities they need through whatever device or channel or whatever they’re interacting through. And that’s a fundamental re-definition of what integration is about.

Okay, it sounds like this portends a great deal of opportunity, albeit with quite a bit of complexity. So, if I’m a CIO in a corporation and I’m trying to be strategic, work with the business side of the house in formulating how we’re going to take advantage of these trends and this new plateau of integration, how do we manage the complexity? What are some of the priorities that you see facing today’s CIO?

I think you hit on the major challenge here. Software is always complex, and systems are complex, so it’s great for me to say, "Wow, we’re going to take all these sensors and plug them in, and you’re going to be told when some sensor goes off in your house or some sensor goes off in your business, and your business processes are going to be suddenly kicked off and you’re going to respond to things much quicker." But the fact is that we all know that trying to do that in real time is difficult.

The CIO is the one who is going to bear the brunt of why we can’t do this. The last time I remember, "Why can’t I do this," was in the PC era. You remember everybody had dumb terminals, and suddenly it was easy for people to go buy PCs through the finance department, etc. The CIOs suddenly had all this complexity and they had to tie it all together. Suddenly, they had networks showing up everywhere, all different flavors of networks, all different kinds of protocols -- and that became a nightmare to manage. Cisco was actually born out of that era in solving the problem of how to integrate and network together all these different PCs into different applications.

We’ve moved up that stack and the CIO is going to see that people are going to be building sensors and cell phones, and people are going to be saying in their businesses, "Why can’t you do this? I can go buy this capability." This will happen in the same way we saw the PC coming in the back door 20 years ago. Fortunately -- and maybe it’s really driven by this complexity -- the dialogue has turned to SOA.

SOA isn't really new. I was involved in Smalltalk and CORBA and the object-oriented movement back in the mid-1980s. A lot of these techniques and approaches have been talked about for a long time. What makes it different is that we’re now starting to get where the protocols are being made that allow standardization to occur. This idea of protocols is the same thing we saw with Internet protocol (IP). What we’re seeing is a movement up the stack to things that ride on top of IP that allow services to actually communicate, coordinate, and collaborate better -- in the same way it used to be hard to connect two things together and send data from one device to another, which is less of a problem today.

We’re going to see that protocols and services in the network are really going to allow us to communicate easier and reduce some of the complexity. So, the network’s going to tie into this movement of SOA. It’s going to provide services, infrastructure-level services, to take some of the complexity away from CIOs in terms of the infrastructure and allow them to focus on the business processes.

Gardner: We’ve discussed some of the technical integration issues, but it seems to me that in a typical enterprise today, there also is going to be the need for a cultural or organizational integration. For example, the application development and deployment folks are in one group or one culture. Network services and administration in another, and then voice telephony (VOIP) and communications in another. It seems to me that that won’t stand, that disintermediation between these different groups is not conducive to this larger integration proposition that we’re discussing. How do we bring application and network services together? How do Cisco’s AON, the Application Oriented Networking, and SOA relate, both technically and organizationally?

You know, I think you hit the nail on the head. I don’t think this is necessarily being driven by Cisco. This is being driven by this larger services-oriented trend. When you look at it, we’ve organized our IT and our businesses that integrate with IT around the Internet model and the client-server model.

When you move to a service-oriented model and you start to move more intelligence in the network, certainly you’ve got the need for the networking person to become more cognizant of how they play and support the applications -- and it’s no longer a black box. We see the need for the networking folks to take on a larger responsibility in that intelligence, and provide services that may have been more traditionally built into our applications -- duplicated in many instances -- so people have multiple identity services, instead of one that logically probably fits in the network.

What we see is that the networking folks have to come up and deal with some of the complexity of the services being put in the network. At the same time, the applications folks within an IT organization have to think of the network not as plumbing. They can't just say: "I’ve opened up a socket," or "I open up some communication mechanism and the network takes care of getting the bits from here to there." They have to realize that there are services inside the network. We’re going to see that the organizational dynamics that you suggest are going to change because of that.

I’d add one other thing. As we get to more services or other organizational dynamics, we’re going to see that the end users are going to want the tools that they have on their desktops to allow them to quickly and easily utilize those services in the network as well as on our servers, so that they can apply them and connect them into their desktop applications. We see this in the case of Google, which has done mash ups and other things out there.

It’s not just the networking administrator or the networking person. It’s not just the applications person. The end user is going to start taking advantage of services and that changes the dynamics entirely. So, we’re going to see a real change in the dynamics between these organizations. And that’s why the network is so important. It’s the one thing that connects them all -- and those services have to be there to reduce that complexity.

Another trend that’s afoot today that we haven’t mentioned, but has an impact, is the social networking phenomena, characterized often as Web 2.0, where we're seeing communities and collaboration and particularly interactivity. This back-and-forth nature of a discussion, of sharing of knowledge, is growing prominent, not only in blogging, but more mainstream in enterprises and in how people do business. Given that interactivity is a buzzword, and I don’t think just a short-term one, how does the network play in a modern, advanced sense in supporting interactivity solutions?

Ruh: Within Cisco, we talk about unified communications -- all the different mechanisms that people use to communicate and collaborate, and that communication is certainly changing. You just outlined that. We go from Voice-over-IP (VOIP), to instant messaging, to collaborative applications, sharing documents, and then we get into blogging.

This whole idea of communication is fundamentally being re-written overnight. Unified communications is going to be the focus for these next-generation applications that are going to support that environment. When you really look at the vision for where unified communications will go in the next five years, it includes the idea: "Why can't I take my blogs, and why can’t I take something like Google Earth and then plot where the blogs are?" Maybe I want to look at blogs that are from a certain part of the world, or that talk about a certain part of the world.

Communication is fundamentally changing to be IP-based. So, the network has provided services to allow those individuals to integrate with everybody. If I’m on a blog and I want to talk to someone and I want to collaborate with someone, I can bring up my collaboration tools. I can bring up my VOIP capability -- all of these things that are integrated. Those services allow me to take all of the services like Google Earth and start to use those tools as a part of the collaboration.

The idea that services can get integrated to the communications is important, and the network becomes the focal point for the services that support that infrastructure, as well as IP being the basis for all these different tools working together.

It sounds like what we’re gaining here is the opportunity to not just view communications, applications, and data as separate, but that we need to pull together with our own brains -- with our wet-ware. How do we take this intelligent information network and manage it? It sounds like we have this opportunity, but I think people are still stuck thinking about these things as separate and unrelated.

That’s obviously going to take some time, in the same way the Internet took time. I remember in 1994 and 1995 putting up Web sites. At the time I was with the Mitre Corp., and we did a lot of early work there. A lot of folks looked at this and asked, "What use was it?" and, "Who is going to manage it?"

Between 1994 or 1995 and 2000, organizations suddenly had a change, and now they have Web administrators and Web servers and everything else coming in. The organization had to morph to support that, so there’s always this chicken-and-egg relationship. What do you do first?

The important thing is that you don't decide to put the organization in place and then the technology. What happens is that the business begins to be driven by some of these external forces. So, external forces -- sensors, unified communications, and moving to VOIP -- and all these IP services -- are starting to come together, and they’re coming into the organization. With the PC, the user said, “Well, I’ve got this spreadsheet, and this is how I want to interact with things.” People start to focus on what the application is.

"If I can go home and do all the things I’m doing at home, well, when I go to work, I want to have exactly the same thing." That’s the thinking that drove the PC. That’s what drove the Internet, and that’s what’s going to drive this whole era. People can do this at home, and they’re going to say, "Well, why can’t I do that at work, and why can’t I have that same capability?" And they start bringing it in the back door. What happens then, of course, is that the IT world has to respond to that.

What we’ll see is that organizations are going to have to decide whether they want to get a little ahead of the power curve here. They know this is all happening, and that means they have to look at their network, look at their systems and say, "I’m going to do services-oriented here. I’m going to do SOA, and I’m going to do services-oriented infrastructure. Let me figure out a few of the core elements I need to put in. Security is a network service. That’s great, and I’ve got to put that in there. I’ve got to start looking at what kind of services go where."

You get a few core elements in and from that what is going to happen is that IT organizations are going to learn what they need to do to really fit into this wave or this trend. Number two, is that they are going to be viewed as being responsive to the business side of things. This is the approach that people have to look at. "What are some of these core services that I can put in the network? What are some of the core services that I’ve got within my servers and how can take advantage of this trend and support what is certainly going to be a wave that is going to hit?"

We’ve had quite a few acronyms in our discussion, and we could probably come up with a couple of hundred more. Help me out with Services Oriented Network Architecture (SONA). I’ve got a pretty good handle on SOA, and I’ve got a pretty good handle on AON, but I’m a little bit less clear on SONA. What do you all mean by that?

Ruh: SONA is a Cisco-defined architecture. We recognize that we have a very diverse product set, and those products fit together. So part of SONA is to show how all of our products that we bring to market fit together into an overall network. And rather than the network as just the transport, it's the network as a platform.

With that you can understand how unified communications fits with mobility, data center, networking, and security. How does all this fit on top of your network infrastructure and work together? One piece of this is to show how the entirety of what we’re doing in terms of our products fits together as a single, integrated platform.

In addition, what SONA is about is for us to show how these are not only just products with features and functions, but that they provide specific services in the network -- identity services, VPN services, presence services from mobility -- so that the applications people can begin to understand it. If they're going to use a presence service within the SONA architecture, when the networking people provide those mobility services, and there is a presence service in there, they can take advantage of that presence service for their application.

SONA is about how the entire Cisco product line fits together. It’s also about how those products then provide services and how those services fit with the application. Finally, it really lays out the vision for how we’re taking our portfolio going forward and how these things are going to continue to evolve, how they’re going to continue to work together. As an architecture, we show how we can create an infrastructure that can improve your overall SOA investment.

As you invest in SOA, the infrastructure through SONA is there to allow you to scale. How are you going to do bandwidth and manage bandwidth and quality of service? How are you going to provide a converged network? How are security and mobility going to fit in? Which standards and protocols are going to be used? How do you get the ability to virtualize your storage and your compute environments and other devices? SONA really is an architecture, and it’s a way for the customer to see how the network plays in their overall service-oriented architecture and what services we believe really belong in the network going forward.

Help me understand, if I put myself in the role of the developer. Traditionally as a developer I probably haven’t been too concerned with the network and I probably feel that’s up to the operations people to deal with. I’m focused on the logic, on the presentation, on the access and integration. But it sounds to me as a developer that I may have a palette of different objects and services to choose from as I’m crafting my application. And increasingly I’m going to have more on that palette in the form of network services.

Is that the way I should be thinking as a developer -- that I should be looking toward network services as part of my typical library of resources when I’m putting together an application? Or is there some other intercept where these network services as you described them will come into play with applications?

Ruh: We don’t want developers to look and say, "Oh, I’m programming the network." Obviously that’s not the intent here. In fact, to them, these services should just exist and be available to them as part of their overall palette, as you described.

The issue that we’re trying to educate people on is that some of these services do belong in the network. From a developer’s perspective today they may think about identity services or mobility services. They need to be aware that decisions need to be made about it. Maybe this ought to be in the network, and they need to work with networking folks and architecture folks. If we need these as common services, hopefully they’ll also say, "Yeah, we know that they should be in the network."

And this has happened before. VPN used to be in application code -- and it has migrated down to the network. Multi-cast is another great example: Programmers used to build multi-cast and now they know it’s in the network, and they expect it to be there. Firewalls used to be at the application layer. It's the same with quality of service, replication, back-up, and encryption -- all these things. We’re really continuing down the path of educating developers that these services belong in the network.

From a programmer’s standpoint, it either just happens, which is the best case, or they can configure it as a service. The way we’re moving is to open up and provide some of our functionality to services that a system’s architect or an application person can take advantage of as they build out their applications.

Perhaps I had it a little bit backward. Instead of my seeing more items on my palette, perhaps I should expect to see fewer, as components that have perhaps traditionally been part of an application or middleware layer, migrate to the network layer. Then, I really don’t have to worry about them, and so perhaps the reuse and integration of these services into a platform reduces my options as a developer. Do you think that’s right?

Ruh: I think it's absolutely right, and I think you’ve got the point there, which is: Should every application implement virus detection and virus management? No. Should it be implemented for them? Yes. Should there be some ability for the applications to control other set policies? Those are things that should happen, but the fact is that there are a lot of things that are infrastructure that should just happen, where programmers don’t have to worry about them as they do today.

In wrapping up, why don’t we try to get into some more of the reality side of this in terms of implementation? If I’m a CIO, or if I’m a developer, or architect beginning to see the logic of bringing services from middleware and from a siloed basis onto a more ubiquitous platform for reuse, how do I get started, where do I put the pencil on the paper first to start in this direction?

What we’ve been doing in working with customers down this path is, and -- as strange as this is going to sound -- it really does start with a strategy and roadmap. The IT organization really needs to make sure that they have their strategy for their IT environment laid out, as well as the kind of roadmap they have to get there. That's what allows the dialogue to take place at the next level.

What you don’t want to do is to say, "Okay, I need services. Let me go buy services, put them in;" to do the Field of Dreams thing ... and they will come. In the past, as we’ve learned from object oriented, building common services, and having the Field of Dreams approach doesn’t work.

What does work is if you’ve got your strategy and your roadmap for your IT organization, such as where your investments are going to be made, what applications you’re going to be building. The best strategy is to come in and say, "Okay what is the best approach -- architectural approach -- to get there?" Now you can begin to integrate with the architectural group to say, "We know that we want to start to put in place certain B-to-B capabilities or certain other applications."

Maybe the best place to start is with identity services within the network or maybe the best place to start is with mobility services in the network. Or maybe really, I want to improve the data center. If I take a retail operation, if my strategy and roadmap is really that, I’m going to invest in the store operations in the stores. I may really focus on identity management and wireless services in the network. Maybe I’m going to move to wireless POS (point of sales).

Maybe I’m going to do e-learning. Maybe I’m just going to just change the nature of the store. If I've already invested in the stores, what I really want to do is I want to save money in my back-ends and I want to improve my data center operations. Then, it may be that putting in storage networking services, putting in a compute services in the network to virtualized storage and servers, maybe those are much better approaches.

The fact is you want to tie bringing in new services to the investments you plan to make that will be tied to the business problems that are out there. Then, very naturally, over the course of three years, as you execute that strategy and roadmap, you end up with these services being built in and being paid for as a part of that natural investment. Where we have been coming in, interestingly enough, is we are now getting involved with those strategies and roadmaps by doing a lot of workshops and planning with them, and then bringing in what SONA can provide in tying down to a real ROI analysis. Then, you get into the architecture and the technology and how it fits in. And, the part everybody really loves-- you finally get down to buying specific products that implement that capability.

So I guess two takeaways from that would be: The good news is that I can do this incrementally; that I don’t have to build it all and then throw a switch one day. It can start on a crawl-walk-run basis. But, in order to make that plausible, there also has to be a top-down mandate for these cultural silos. And all of these different parts need to act in some concert toward an iterative build-out and adoption. There has to be some word from on high that this is our strategy, this is the roadmap, and this is what we’re going to do. Does that sound about right?

Ruh: That sounds about right, and it’s getting people to realize that this can be done incrementally. It makes the most sense to have the discussion around a business problem that you’re going to invest in anyway. And then very naturally the network folks, the app folks, and the architecture folks are sitting around the table and having the right discussions -- which is: which services really belong in the network, which services are going to give us the biggest bang for the buck, and which services quite naturally belong in the other parts of the IT infrastructure? So, it really starts the dialogue down the right path.

Gardner: Well, thanks very much. We’ve been discussing mega-trends and convergence, network services, application services, and SOA. Joining us has been Bill Ruh, the vice president of Advanced Services at Cisco Systems. This is Dana Gardner, principal analyst at Interarbor Solutions for BriefingsDirect. Thanks for joining us.

Ruh: Thanks a lot.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect podcast on network services and SOA convergence. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Thursday, August 17, 2006

Full Transcript of Dana Gardner's BriefingsDirect Podcast on IT Shared Services

Transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded July 28, 2006. Podcast sponsor: Hewlett-Packard.

Listen to the podcast here.

Dana Gardner:
Hi, this is Dana Gardner, principal analyst at Interarbor Solutions and you’re listening to a sponsored podcast, BriefingsDirect. Today a discussion about IT shared services. This is a trend that has cropped up in back-office applications and processes over the last few years and is now being increasingly used for IT productivity, within the IT departments at large organizations.

Joining us to discuss this topic, and dive deeply into its implications for such other trends as services oriented architecture (SOA), are two executives from Hewlett-Packard (HP). Joining us are Peg Ofstead, the worldwide solution lead for HP’s IT Shared Services and IT Consolidation Services unit within HP Consulting and Integration. Welcome to the show, Peg.

Peg Ofstead: Hi, thank you.

Also, joining us is Ewald Comhaire. Ewald is the director of the global practice for Next Generation Infrastructure and Technology at HP. Welcome, Ewald.

Ewald Comhaire: Hello.

Gardner: Well, let’s dig right into this subject. Because it’s a bit esoteric for those who are from a variety of backgrounds. Let’s define IT shared services and perhaps also offer a brief history of how this came to be applied generally -- and then perhaps more specifically -- to information technology (IT). Why don’t we start with you, Peg?

Ofstead: Great, thank you. Shared services have been around for 15 to 20 years, but they really were more popular with back-office functions like HR and finance. Some companies also called their mainframe data centers shared services over the years. But now that there’s really a resurgence of shared services, there is also more of a centralization of IT -- in many cases going in to try and save money. One of the problems we see is that often companies have centralized their IT, and they are calling it shared services, but they haven’t moved to what’s traditionally a shared-services model where IT is acting like a supplier to the line of business with much more flexible models.

Gardner: So it’s not just centralizing from a decentralized perspective. It’s really changing the role of IT from responsive to perhaps filling the role of a supplier and service-provider to the larger organization.

Ofstead: Absolutely, the whole idea is that centralization can save money and that’s why a lot of people are doing it. It also provides some standardization and other benefits. It takes control away from the line of business, and that typically is the rub. That’s where the line of business pushes back about centralization. Because when they have their own IT, they obviously can ask it to do whatever they want when they want.

Once you centralize, if you are merely managing to an annual cost budget, as a cost-center you’ll lose a lot of flexibility and responsiveness. The shared services model is trying to get the benefits of centralization, yet using a number of techniques that give a measure of control back to the line of business. If they act as a supplier, where they charge based on usage or subscription for services, they are much more flexible in terms of being able to respond to changes that the business needs.

Gardner: I can testify -- from personal experience at the number of companies that I have worked at over the last 10 or 15 years -- that relating to and getting satisfaction from IT can be a difficult process. Sometimes you get the run-around. Sometimes you get a nameless help desk; sometimes if you are in an application development mode you get put in a line that’s long and takes months for seemingly easy things to get done.

That fosters the notion that people won’t even go to IT, and start doing these sorts of things on their own -- almost on a loose cannon basis, department by department -- all of which is highly inefficient and expensive. How big a problem is the issue about companies getting satisfaction from their IT departments? And how much progress do you think IT shared services is going to bring to this issue?

Ofstead: I think you've put your finger on a major problem especially as IT is centralized. The key here is really two things: if IT is managing to an annual budget that they are handed, and that budget keeps getting cut every year (which has been the case for the past five years or so in many organizations), then basically all the requests from the lines of business get prioritized.

IT looks at their budget, they fund the items at the top of the list and everything else isn’t done. That’s one major problem. So, moving away from a cost-center model addresses that, because basically it comes down to the fact that if the line of business wants something, and if they can pay for it, IT can do it. That becomes a significant change.

The other key is really a cultural change, and a lot of people get caught up in looking at the technology aspects of shared services. Quite frankly it’s all these other things that are major transformations that need to be made in terms of governance, the operating model, culture, and staff. For example, in a shared-services environment the whole thing is about service, customer service. It’s a much more of a focus on treating the line of business as if it were a real customer, and customer satisfaction, as you know, is really, really important. Ewald, Do you have something to add?

Comhaire: A couple of things, but I think you already hit on them more or less. One, we see still quite a few surveys that show that IT has some issues with showing its value to the business. That's typically a clear sign. We also still see companies that choose to outsource their IT, which also means that they are not at the right level of maturity or cost effectiveness that the business would like. And, finally there are also complaints on the transparency of the costs. Why does IT charge me this amount of money and what does that money give me as a value, are still often questions. IT shared services provides a framework or a model to help answer these questions in a better way.

Ofstead: Those were wonderful points. The other thing about transparency is on service levels, which goes somewhat to Dana’s point that if you have specific service levels that you’ve agreed upon with the lines of business, you can measure those. You can be transparent about how well you’re meeting those service levels -- whether they are about help desk responsiveness or availability or response time -- all those things help build trust and show the value of IT.

Gardner: Clearly there are some imperatives internally for how IT can improve and project itself as more of a solutions provider, making customers satisfied internally, rather than being viewed as a bureaucratic cost center. What about external trends? Is there anything going on in the business world vis-à-vis globalization or vis-à-vis the technology itself that makes this a particularly auspicious time to begin embarking on IT shared services? Ewald, why don’t you take this one?

Comhaire: First of all, the service providers -- and HP is a good example of this – are modularizing our services offerings. For example, in the past we used to offer much more all-or-nothing outsourcing. Today, it's a very modular portfolio of what we call "managed services" offerings to our customers. This also makes it obvious that the customers have a lot of choice points, whether they want to run a service inside of their own company or eventually acquire it from the larger market. That’s definitely a trend that forces customers to modularize their offerings and make them more comparative to what the industry can offer.

Gardner: Do you mean that there’s more of an opportunity now for a hybrid approach, in which you can have some services provided internally, some provided externally, some as a service, or some as simply an off-premises technology infrastructure benefit? Do we have a spectrum of choices now in order to approach this problem flexibly?

Comhaire: Exactly, and it’s also easier for the businesses to compare, because in the past it was all-or-nothing. You would outsource all of IT. Today, for example, they can look selectively at one service and see that there’s a capability outside.

Let me give you a practical example. Let’s say in the oil and gas businesses they need to do bid on an oil field. In order to get the price as close as possible to the value of that oil field they need to a reservoir modeling. In the past, obviously they would need to buy all the equipment and all the software, bring it inside their own house, run the whole model and when the money is used up, then the modeling is basically done. Today, they can look at different offerings on the market -- and HP offers some of these -- where they can do the modeling on a per-week or per-day basis. They don’t need to own the equipment and they don’t need to pay for the software for the whole year. They can just rent it for a smaller period of time. So, there are a lot of choices. And as you have choice, you can compare. This drives the modularization of the services offering into shared, modular-type services.

Gardner: Are there any other global or mega trends that are underpinning the value and momentum toward IT shared services?

Ofstead: I think that the cost issues of the past years have forced a lot of companies to look at their models. They've been in a situation where lines of business would have a new application and they would buy servers dedicated to development and testing of that application, and then another set of servers for production. That tended to be a very constrained and ineffective approach. Utilization tended to be low on a lot of those servers. So, with new virtualization capabilities, companies are looking at models where servers are shared and virtualized. The only problem is: What does that do with the model where the line of business is buying the servers for specific application? They are at a point where in order to take advantage of technology, they have to look at different governance model anyway. I think that has led a lot of them to explore these kinds of alternatives.

Comhaire: I would just like to add one more -- the agility angle. Now that we're seeing business up-tick a little bit in the market, the need for greater agility is coming up again. We have been able to show both internally and externally that shared services provides a very agile environment in which the time-to-service is much shorter in a shared services environment.

Gardner: If you have a variety of services from a variety of sources, you can do a cost-benefit analysis on how to best go about them but also you can move them in and out with some speed and flexibility. Peg, you have mentioned governance. Are there any regulatory imperatives -- perhaps Sarbanes-Oxley -- that make shared services something to consider?

Comhaire: There are two ways to look at it. First, they could be an inhibitor. We often see that in the pharmaceuticals industry where they say, "Well, our environment is heavily regulated, so we cannot touch IT. It can never be shared."

Sometimes that is an excuse; other times, there is some validity in it. But often, there not a willingness to go through some of the procedures again, because then they need to re-document some of the procedures to meet regulations. On the other hand, if you take a look at Sarbanes-Oxley, it’s sometimes easier in a shared services environment because actually at the end of the day you have fewer environments. They are more shared and standardized -- and fewer things to therefore make Sarbanes Oxley-compliant at the end of the day. It saves you time and effort, and you can be compliant better. I can give an example: Often you can have some shared services that support some of the financial applications that need to produce Sarbanes-compliant reports. If they’re running on shared services most often, they have a better disaster recovery mechanism behind it, and thus helps you get more quickly compliant with Sarbanes-Oxley regulations.

Gardner: It seems to me that going to a shared services approach also provides the so-called "one-throat-to-choke" benefit. [Under shared services] there is a hierarchy within the IT organization, so you can go and get action [from the top]. The leadership can take the role of triage and prioritization -- and therefore provide satisfaction -- on a high-priority issue … more quickly.

Comhaire: Yeah! And with the clear accountability that shared services offers, this is adding to the point you just made.

Gardner: Okay. So, we’ve looked at some of the issues internally, we’ve looked at some of the major trends that are affecting this. What’s the pay off? How do we get people to make the plunge and say, “Wow! This is going to be disruptive; this is going to cause me to almost have to do a complete audit. And, you know what, I can’t transform what I don’t know.” It’s going to take quite a bit of activity, energy, and probably some cost up-front in order to take on this IT shared services benefits issue. What’s the pay off? What are the incentives that break through inertia against such change?

Ofstead: Well, there’s definitely cost savings. However lots of companies may say that they could make lots of those cost savings through mere centralization -- and that's the question that one constantly has to come back to.

But, the other side is, as Ewald mentioned before, as CIOs struggle to prove the value that IT has for the business, what value do they add other than being a back-office function? It’s proven through surveys that CIOs who have moved to a real shared-services model, where they are treating the line of business as a customer, are moving away from this cost-centric model. They are seen as adding significantly more value to the business. So, that’s a huge win for IT and it removes CIOs from being in this situation of constantly having their budget squeezed and putting them more into a partnership with the business.

Comhaire: I would like to add three others to the ones Peg mentioned. I think she mentioned the value and cost, which are clearly there in almost all the cases. Agility we've already mentioned. We can prove that a lot of customers value that tremendously, as well as quality-of-service improvements, because shared services typically are managed as a true service with end-to-end service management and a service-level agreements. That's a clear benefit to the business users, and sometimes if it’s implemented, it also reduces risk through better security combinations with the service. For example, compliance to regulations or a business continuity element added to the shared services also helps to reduce the business risk in general.

Gardner: There are obviously some qualitative and quantitative ways of viewing this. One would certainly be the IT budget, going up or going down year to year. At the same time, there would be a qualitative view -- what’s the level of satisfaction and productivity from the perspective of the internal constituents? Are you familiar with any company that has undergone such a transformation and has been able to see its budget decreasing and, at the same time, seeing general satisfaction and productivity increasing? Are there some proof points that we can look to here?

Comhair: Unfortunately, I can't mention the name of the customer, but we have started a complete IT shared-services transformation with a customer in Europe. In fact, it was started more than three years ago -- and it's really important that it’s already that long, because the customer could measure the before- and the end-states, and obviously understand the budgetary differences. And, so we do have those numbers, which are pretty spectacular from an operational cost-saving perspective. In the meantime it has also been really good for the overall profitability of the company -- or at least that large unit of the company has done really well in the subsequent years. So, we can see the reflection, not just on the cost side, but also on the overall health of the business in question.

Gardner: You mentioned something important there and that was the operational cost. It’s my understanding that in many organizations it’s not the up-front investment in technology or even acquisition of skills, but it’s in the long-term operational cost -- making up somewhere between 70 and 80 percent of the total IT budget -- that is the major cost center and therefore the place to look for the best return on efficiency. Is that your understanding as well?

Ofstead: Yes, and the other really keen thing -- and Ewald has mentioned this before -- is that this allows people to spend less money keeping the lights on, as it were, in the operational costs, and spend more of their budget on innovation. So, IT can actually do more of the things that the lines of business want it to.

Gardner: So, even if the budget doesn’t go down, there is an opportunity to reduce the routine ongoing costs and then apply those funds to a new initiative that will offer even higher productivity benefits.

Ofstead: Right -- and higher value.

Gardner: Where does this work best first? Are there any particular types of company -- by culture, by organization, perhaps ones that are either more decentralized or centralized -- that work better than others? Are there particular verticals that this makes sense in? Where are you seeing the sweet-spot in the market for where IT shared services is accepted first and then has the biggest return?

Ofstead: Well, we're seeing broad-based interest across the industries. However, in terms of a broad transformation of all of IT to a shared-services model, I’d say that the financial services sector is particularly active in that approach, and also the public sector. However, other industries, such as manufacturing, seem to be very interested in implementing selected shared services.

Gardner: Is that because of low margins -- because they're in a tight and competitive environment?

Ofstead: That could a part of it. There’s a lot of change in financial services right now. The public sector obviously has a lot of pressure in terms of transforming itself to be able to provide information to the public, and there are other changes going on with manufacturing. I see them interested in implementing individual utilities, such as the shared infrastructure utility or shared database utility; Ewald, is that also what you are seeing?

Comhaire: Absolutely, I just would like to add the interest from the telecommunications and service-provider markets and what’s typically driving them. Traditionally, in a telco you had the network operations site, which was very much customer focused with an outside portfolio. Then you had the internal IT, and they were very different, because you had telco protocols and you had enterprise IT protocols and standards, all of which were different.

Today, there’s a significant convergence of these protocols. Mainly the enterprise IT protocols now become the telco ones with some additional flavors, and that means that those CIOs of the internal IT become now very active as well in adopting the more service provider-type of operations that their external colleagues were doing for a long time. So, we also see service-provider market telcos being very, very active in shared services.

Gardner: Let me move to the conversation a little bit to what I mentioned at the outset, the interesting intersection of IT shared services and services oriented architecture, or SOA. It seems to me that this is something that has a potential to be a whole greater than the sum of its parts -- that IT shared services is approaching a productivity issue set from one perspective, and then SOA enters from a more technological perspective. Can you perhaps delve in a little bit and help me understand the harmonious relationship between IT shared services and SOA -- and what this potentially means in terms of the magnitude of the transformation potential?

Comhaire: I would be happy to take this first, and, Peg, if you want to add something, go ahead. First of all, there are a lot of commonalities, but there are also clear differences. IT shared services is more of an operating model, a concept of how IT can provide services to the business. SOA is actually more an architectural approach and there are clear differences from that perspective.

But, there are also many things in common. For example, what’s definitely in common with SOA is a model of a consumer and a producer of a certain service. Obviously, the same applies to shared services where the service in this case is an IT-type service -- not an application but an IT-type service. That’s one place in common. The other area that’s in common and that is maybe a little bit more unique for our approach to shared services is that we have architected a typical IT shared services portfolio that the IT organization would offer to the business using SOA principles.

What does that mean? That means that services can be reused together, or architected in such a way that one shared service can be applied next to another -- to solve a bigger problem. That is something that not necessarily IT shared services mandates as a concept but it is something that, if you do a clever combination of both IT shared services and SOA you can get a lot of business value.

And the third location is as we implement individual shared services we also try to expose that functionality under a web services format, which means that again the service would be reusable at a higher level in a transparent way, which is another SOA concept applied to shared services.

Gardner: So, do you view this that SOA provides a new set of tools that can enable IT shared services? And then provides this larger benefit from productivity and agility? Is that how you see it?

Comhaire: Yes, absolutely. SOA is an enabling concept and enabling architecture for shared services, and if you apply those concepts of SOA to IT shared services you can get a lot of additional benefit over and above what the normal shared services model already would offer to you.

Gardner: Is it too much to ask of any organization to try to do these both at the same time? It seems that if you could do them simultaneously there would be a huge payoff, but it also sounds almost daunting.

Comhaire: That is absolutely true, and that’s why we are definitely helping the customer by doing some of that work for them. For example, we have our own internal templates -- starting points -- of an IT shared services catalog, and the way we architected those services is already SOA-compliant. So, in a way it may be too much to ask of a customer who doesn’t do this as a business all the time. Typically those customer do this once, but for us as a provider of IT shared services it’s kind of a must-do, and we need to spend just a little bit more time as we architect and build these shared services to make sure they are SOA-compliant.

Gardner: And, Peg, it seems to me that if you were to take two similar organizations -- perhaps operating in similar markets, of similar size, with similar resources -- and one takes the plunge and does SOA and IT shared services in some combination over a period of time -- and the other doesn’t. Well, the company that does would have a huge competitive advantage and a productivity advantage. Is that grasping at straws?

Ofstead: No, absolutely not. Again, the financial services market is very competitive at the moment and I think that’s one reason we’re seeing so much motion in that area. Obviously, we've talked about a cost advantage and an agility advantage, and the combination of two really could make a huge difference for a company.

Gardner: Do you have anything else to offer in terms of how companies should conceptualize of SOA and IT shared services as sort of top-down? That is, would the “C”-class executive work down from the CIO with an IT shared-services mandate? And is SOA perhaps more organic and needs to happen down in the developer ranks and really change the way in which the development takes place? Can we simplify it to that level, that one is sort of bottom-up and the other top-down?

Ofstead: Well, the concepts are extremely synergistic, and I think you want to do a good job of explaining that. But, both transformations are not small. There is a lot involved and so an organization would really need a strong commitment from the top to embark on these. They would need to understand that the full implementation probably takes a number of years.

So, a clear road map with specific projects and short-term demonstrable results, I think, is important. Having a clear vision of where you’ll be after nine to 12 months, where you’ll be after the second year or the third year, and understanding that this is not a small change that you are embarking on – these are key things for either one of these transformations.

Comhaire: But, just to add to what Peg already said, in our approach -- and that’s actually true for SOA as well -- we do offer top-down and bottom-up approaches. For example, a bottom-up approach in shared services would be when we help customers build out just one shared service. And, we try to do it well, guide them through the whole concept of what it takes to build out a shared service that reduces the scope to one.

In fact, you can do this for SOA as well. You can apply it to one application or a small set of applications that you redesign using SOA concepts. At the same time, you can have the strategic approach top-down to say, "I have decided to move to a shared services model,” or “I’m going to transform my whole application portfolio over the period of time to all SOA-compliant applications." For both, you can walk this continuum from totally strategic to a more tactical, and play-it-small, try-it-first, and then see which works and extend it to the more strategic direction.

Gardner: Well that brings up an interesting question. What do you see happening in the field? How do people do this crawl, walk, run approach? What do you recommend and perhaps what is HP doing in terms of putting some structure around that process?

Ofstead: Well, as Ewald said, we have customers who prefer a more broad-based transformation, and we have other customers who prefer to implement selected shared-service utilities one at a time. We have a methodology and process around both.

We’re helping customers with both of those approaches. Our methodologies are consistent. So, if you start, for example, from the bottom-up, as Ewald was saying, implementing one or more selected shared service utilities -- for example assured infrastructure utility or a shared database utility -- you can ultimately go through the transformation. But that’s a decision the organization will make, based on benefits they saw of implementing just selected utility.

On the other hand, for companies that have really looked at shared services carefully and have decided to take the plunge and do a broad-based strategic transformation, we have a reference architecture and the tools and methodology to help them with that process. We have a clear vision of exactly what’s needed, and we can help them assess where they are today, set their goal of how much of shared services they want to implement, in terms of the level of maturity they aspire to, and give them a clear road map on how to get there.

Gardner: Are there any lessons from other folks that have undertaken this sort of activity in terms of how to get started and not necessarily implement the shared services, but how to get yourself ready to begin implementing? Are there any first steps in preparation that you‘ve seen?

Ofstead: In working with our clients and also at the Shared Services Conference that was held in the U.S. this year, I heard all of the people who have embarked on this road say that it’s very important to have an external partner to help guide you through this -- a change agent. That was consistent among all the presentations: You need someone to help guide you through this kind of a change. Obviously, a key thing is helping people understand why you’re making the change, and that’s your people within the IT organization as well as in the lines of business.

Comhaire: I think you said something that’s really valid: It’s a people, process, technology change. So, that’s definitely a key. Depending on which level we talk to, some of our customers see this just as a technology problem, "How do we move multiple workloads on a shared platform?"

They forget about the fact there is a whole impact on process and, as Peg mentioned, a management of change on the people, on the staffing side that they need to take into account to guarantee success. That’s a lesson we have definitely learned: We have to make sure that we correctly value the interdependencies between the people, the process, and the technology. And even if you get those three right, at the end of the day it’s also about designing and building your services. Does your service meet the requirements of your business consumers? Is it well aligned with where your company wants to go? So, there are some additional elements besides just people, process, and technology that are also key elements for doing it right.

Ofstead: And long-term, one of the key things is that customers need to start is to begin benchmarking themselves. That means really comparing the cost of their service and the quality of their service to what’s available from external service providers. This means actually implementing continuous process improvements around their shared services. So, it’s very important that people understand all these things and they not just view the shared-pool of technology that they are using.

Gardner: Well, we are almost out of time. I think this has been a fascinating discussion. Let’s look to the future briefly. What are the implications for IT shared services, particularly in concert with SOA? It seems to me that we have an opportunity for a marketplace effect on a number of different levels. IT organizations that have this agility can shop around, can swap sourcing options in and out, based on the performance and payoff. And then, in a sense this sets companies and enterprises up for an even larger set of productivity goals, when they can bring competition in marketplace forces into IT -- how they source it, how they deploy it themselves internally, and also in providing a much more market-oriented approach to the internal customer. And, as we mentioned the public sector -- government for example -- how they actually provide services to their constituencies, or voters, or taxpayers. Can you elaborate a little bit on what is the potential, the future road map is for all of this?

Ofstead: I think for the CIO who does this properly and just doesn’t centralize, but actually changes the model from a cost-centric model to a service-provider model, it’s what makes them an entrepreneur within their organization.

Instead of being constrained by their annual budget, they’re able to really work as a partner with the line of business. It certainly puts them in a position where they can help be an innovator with the line of business, which is huge. There’s the cost savings we talked about, and the agility.

For companies that do this properly not only will the IT organization be seen as very successful, but the organization as a whole will too. They would be much more competitive, much more successful. It could make a tremendous difference in the success of a corporation. Ewald?

Comhaire: Yes, and to add to some of the things you’ve already mentioned, I think it will also bring IT closer to the business; because within IT you start to think like a business. “What do I offer? How do I price, not just on what costs I have [but on] planning for my demand and my supply?”

So, a whole series of notions that typically only business units within a company would think about -- now have IT thinking in same terms as the business. This typically will bring them much closer together because they start talking the same language, and so on.

And another aspect I think for the future is that IT organizations will become a little bit more like service brokers. I think you described this really well. That means they have to in-source, outsource, and combine these things much more dynamically than today -- and I think that will change the IT landscape over the next years.

Ofstead: To build on that, one kind of hidden benefit that a CIO would have is really true visibility into his cost, and an organization that’s much more service-centric than technology-centric.

Today, many IT organizations are organized around technology. They may know what technologies cost. They may know what that they spend on servers every year, for example -- they may not even know that. But they certainly don’t know what it costs to provide a service. For example, what does it cost for each SAP transaction?

Once they move to this new model, there’s lot of benefits in terms of knowing what their true costs are, knowing the quality of their services, really understanding that well, and being able to really make very sound business decisions about what they in-source and what they either outsource or out-task.

Gardner: Well great. Thanks very much. I think we need to wrap this up. It’s been a discussion about IT shared services, how it’s developing as a productivity and agility benefit and as a business alignment and transformation benefit. It really does encompass a lot in the modern corporation and enterprise.

Joining us for this discussion, have been two Hewlett-Packard executives: Peg Ofstead, the worldwide solution lead for HP’s IT Shared Services and IT Consulting Services organization, as well as Ewald Comhaire, the director of the global practice for Next Generation Infrastructure and Technology within HP services. Thank you very much both for joining us.

Listen to the podcast here.

Podcast sponsor: Hewlett-Packard.

Transcript of Dana Gardner’s BriefingsDirect podcast on IT shared services. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.