Monday, October 16, 2006

Transcript of Dana Gardner's BriefingsDirect Podcast on Application Development Quality

Edited transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Oct. 2, 2006. Podcast sponsor: Borland Software.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today a sponsored podcast discussion about IT quality, and the importance of quality as an essential ingredient in any application development activity -- and not necessarily as an afterthought or an after-effect but quality throughout, from inception and requirements, right through production and then to lifecycle. Joining us in this discussion we have a representative from Borland Software, Brad Johnson, who is the director of product marketing. Welcome to the show, Brad.

Brad Johnson:
Thanks, Dana.

Gardner: Also joining us is a practitioner of quality in the application development process, Chris Meystrik, the vice president of software engineering at Jewelry Television in Knoxville, Tenn. Welcome to the show, Chris.

Chris Meystrik:
Good to be with you Dana and Brad.

Gardner: Okay, we’ve heard a lot over the years about software development, and we’ve seen study after study that shows abysmal rates of on-time performance, of being over-budget, of requirements that don’t seem to make sense once the application gets into production. Obviously, not the best track record, and yet increasingly -- because companies are online with their marketing, they are online with the way they actually produce and deliver services, they are online with the way they acquire their resources through a supply chain -- it seems that application development is more important than ever. What do you think we need to do here, Brad, to make this a high-quality process from start to finish? What's been missing?

Well, I think what's been missing is a real focus on quality -- essentially from day one, where organizations are thinking about building out complete requirements that include attributes of performance and functionality from the very beginning; when they start thinking about a project. As they move through the project lifecycle, they need to think about architecture and development. The testing organization, which very often is responsible for verifying quality at the tail end of a project, is actually involved earlier in the cycle. We need projects that essentially capture what the business users want, and also capture quality attributes so that as that development process flows across the whole software delivery lifecycle, quality is considered a priority from the very beginning.

So we’re not really just talking about the quality of the code itself. We’re talking about the quality of the process, the people, the organization, and the tools -- everything that lines up before the code. Is that the way to think about it?

That’s absolutely important. Thinking about the process, Borland looks at it in four dimensions, from managing the whole process to planning everything; from what the requirements of the project are, through to verification and validation, which as most people understand, is much bigger than just testing. It’s exactly as you stated. It’s looking at the process, it’s putting in gates and checks that include peer reviews, and making changes to the process -- iteratively if necessary. So you’re right, it’s looking at the holistic view of a project as it’s delivered, and quality is essentially built-in, but it’s not independent of testing.

Gardner: I suppose when you had an environment where all of your developers were within a stone’s throw of one another, and there was a single code base to work from, with centralized check in and check out, and you could manage component-by-component activities in a tight-knit group, that would be one issue. It's one problem to inject quality into that process.

But we have a much different environment today, where we’re seeing development teams that are dispersed geographically. We’re seeing much tighter timelines where code is getting checked in and checked out, and there are implications for how that impacts architecture and infrastructure earlier in the process.

We’re also seeing distributed computing environments where we’re going to have a heterogeneous runtime environment, most likely. Now that we’ve involved ourselves with the complexity of these distributed environments, is there a team approach to this? Should we think about it as check-in and checkout from a decentralized geographic standpoint, or do we still need to have a sort of a centralized approach? Is this a monolithic quality process for a distributed development process?

A centralized kind of quality control center is a great idea. In practice and reality, I think we're far away from that. But you hit on what's absolutely a significant pressure on organizations today. That is, we’ve actually queried prospects, customers, and partners over the last few months, and distributed development is not just coming, it’s here, and it’s one of the biggest challenges faced by development teams today.

So, what you really need is a centralization point, where everybody is getting the same view of quality throughout the whole process … whether code is being checked in by the teams over which we have very little control -- where they are either outsourced or off-shored. Or they are under our control as far as being part of the organization, but distributed geographically and across time zones. You need to be able to understand, from a development standpoint, what exactly is being checked in, and what type of quality gates have been put in. So that when code gets checked in, we know that it’s free of security risks.

We need to know that there is no open-source code, for example, that’s in there, which is going to cause problems later. Hopefully, we’ve done the right level of J unit or N unit, or even functional automation on that early-stage code, so that at least we know that when code is added to the build, that build is not at risk. So, if we’re looking at that from a worldwide perspective, it's very, very challenging.

Gardner: So a brittle sort of top-town quality approach doesn’t seem to be the right fit for today’s development environment. I suppose we need something that’s got multiple levels, multiple components with an ability to integrate, but also to pass the baton, if you will, from one aspect of development to another. I think we all refer to this sort of multifaceted, flexible, and yet controlled environment for production as Lifecycle Quality Management (LQM). Or am I missing the point of what LQM is about?

No, you haven’t missed the point, you’ve nailed it. Lifecycle Quality Management is about exactly that, looking across the software delivery lifecycle, and thinking about quality throughout the whole process. And that includes institutionalizing methods of assuring that requirements are correct, the code is complete, and as many defects have been as minimized as possible. Again, it’s looking across the lifecycle, and not just at one specific place in time, or one specific organization that’s contributing to any of those aspects.

All right. That sounds like it makes tremendous sense. Of course these things are easier said than done. Let’s talk to the practitioner here. Chris, tell us a little bit about Jewelry Television and what your role is there as vice president of software engineering?

Jewelry Television is based in Knoxville, Tenn. We are a multi-channel sales vehicle. Our biggest sales channel is our cable television programming. It’s in more than 50 million homes across the United States. We have an ecommerce-based Web sales channel also. The vast majority of our calls come into our call center here in Knoxville, and we offload a good percentage of that to the ecommerce Website, and through interactive voice response systems here at Jewelry Television.

When I came in here, my role was to basically rebuild the enterprise infrastructure, specifically around the business that Jewelry Television is in. They’ve had experiences looking at competitors, some of them they have bought -- others are still out there in the market. They believe we need a customized service-oriented solution to tackle the marketplace, and basically give Jewelry Television a strategic and tactical advantage, to be better than anybody else in our industry. And my job right now is to build that infrastructure for Jewelry Television.

So, IT is integral to your organization, not just for the ability to take in orders and deliver them, but you also acquire. And, if I understand it correctly, you’re also in the jewelry production business in terms of buying jewelry around the world and adding custom elements to these pieces. So, you’ve got a supply chain, and then you’ve got a distribution channel you've got to manage. Is that right?

That’s correct. And we have an inventory warehouse that we have to manage in the middle there, as well as customer relationships from an ecommerce perspective, a call center perspective, customer service, merchant services, the whole business. One of our biggest strengths is our buying channels. Some of the best buyers in this industry are here at Jewelry Television. Some of the best show hosts that know how to sell jewelry on the television are here at Jewelry Television. It’s a world-class environment; we need world-class systems that help this company keep growing.

Gardner: So you’ve got a jewelry lifecycle quality management problem, right?

It occurred to me, that while Brad and you were conversing about the code, and you made the comment that it really isn’t about the code -- to me it isn’t at all about the code. All the code is doing is saying, "Our buyer’s made some decision," or is potentially going to make a decision on some piece of jewelry or gemstone. And somehow that piece of jewelry, or that bulk-load jewelry, has to make it to Jewelry Television.

When it comes, I’ve got to account for it. When we account for it, we’ve got to put it away. When we put it away, we’ve got to be able to sell it, and tag it and picture it. And then we have to be able to manage it when somebody actually buys it, which might not be for another year, depending on what we bought it for. Maybe it's instantaneous, and we’re buying it out of bulk. All that stuff has to be managed, and the code just does that. In order for me to test the quality of my software, I have to prove that that process works; I have to do a real live end-to-end test.

Gardner: Give us a sense of the scale here. How many pieces of jewelry do you guys move in a typical month, or maybe even in the fast months, like just preceding the holiday shopping season?

Meystrik: Preceding the holiday seasons, we will do on the order of 40,000 orders a day. And those are previous numbers. It may get bigger. We’re anticipating a good holiday season.

Give our listeners a sense of the type of concern we have here. What are your annual revenues at this point?

Meystrik: We are a private company, but our annual revenues are somewhere around $500 million.

Gardner: So, how do you keep the trains running on time in your application development, and deployment IT infrastructure?

People are the key, it turns out here: Having high-quality engineers that really understand the landscape, and can think out a couple of years and understand where we’re trying to get to. We tried several solutions when we first got here. They didn’t have a lot of processes in place, and we went for a waterfall approach. We really wanted the business to define to us what it is they were trying to build.

If those projects were small, they were fairly successful. If they were medium-size, we could do them pretty well. In some of those bigger projects, time just ran on, and time ran on, and by the time we got to the end of them, we weren’t dealing with the same problem anymore.

When that happens, the software wasn’t necessarily satisfying the solution you intended for it. So, what we’ve done is to move to a very agile, iterative development process, where quality has got to be a part. At the very beginning of this process, from requirements even in pre-discovery, we have QA engineers, and QA managers onboard with the project to get an understanding of what the impacts are going to be. With this we can get the business thinking of quality in the very beginning, with our product managers, and project managers getting a bird’s eye-view of what a real-life project schedule might look like. From there on, our QA is heavily involved in the agile process, all the way to the end, measuring the quality of the product. It has to be that way.

What do you look for in a vendor, in the Application Lifecycle Management (ALM) space? What is that you need to make these multi-dimensional problems manageable?

Meystrik: We need the vendors to supply us with products that are open, products that will communicate with one another at every phase in the lifecycle of our product development. We have requirements engineers, product managers, and project managers -- both in the initial stages of the project together with the project charter -- trying to allocate resources, and then putting initial requirements together.

When the engineers finally get that, they’re not dealing with the same set of tools. The requirements engineer’s world is one of documentation and traceability, and being able to make sure that every requirement they’re writing is unambiguous and can be QAed at the end of the day. That’s their job at the beginning.

When that gets pushed off into engineering, they’re using their source code management (SCM) system, and their bug and issue tracking systems, and they’re using their IDEs. We don’t need them to get into other tools. All these tools need to coexist in one ALM framework that allows all these tools to communicate.

So, for example, within Eclipse, which is very, very popular here, you’re getting a glimpse of what those requirements look like right down to the engineers’ desktop, without having to open up some other tool, which we know nobody ever does. Without that, you have this barrier to entry that you just want to avoid. The communications are heavier.

When it comes to traceability, you want traceability all the way down to the source-code level, from those requirements into Subversion, which is the tools we’re using. All the way down into generating test plans out of requirements, our QA engineers are not using the requirements tool; they are using automated regression testing tools and automated performance testing tools. They want to write their test plans, and have bidirectional input in and out of the requirements tools, so they can maintain their traceability. So, all across, it has to be communicating and open.

Now, it sounds to me as though you’re asking for a lot here. You want openness, you want interchangeability, but you also want full visibility, soup-to-nuts. You want traceability, and in sense you want both integration and openness. Let’s bounce it back to Brad here. When your customers say that to you, how do you fulfill that sort of a need?

Well, it’s not an easy request, but the reality is that we live in a world today where development organizations have to put together a set of very heterogeneous tools. The core of LQM is our test management framework, which was developed was to be very open and to support many types of technologies.

Specifically, we realize that there are a lot of test automation tools out there, and many companies have made investments with other vendors, as well as open source vendors. So our objective around test management, therefore, is really to be able to support other vendors' test automation as well as our own.

We’ve brought in the Silk products from Segue, and certainly the integration between our test management and test automation tools with SilkTest and SilkPerformer is the best, right. But we realize again that there are many other types of testing out there. So test management needs to be the core harness of however organizations are doing their testing.

We’ve realized one thing that’s very important: That 80 to 95 percent of testing is still manual. So we’re spending a lot of time working on how we better enable and make more efficient the manual testing process, as well as the test automation process. From an openness standpoint, we are very focused on creating a platform that supports whatever customers are doing around testing.

Expanding that further, we also realize that as far as requirements management and source-code management, and so forth, there are other solutions in the market as well. So our integration strategy around those products is to support what’s out there, and what’s leading in the marketplace. But we really make sure our holistic platform includes requirements management and SCM, and test management and is seamless and deeply integrated from the beginning to the end.

Gardner: You’ve just come out with some announcements in early October -- the Borland Lifecycle Quality Management Solution -- and it’s a framework approach where you have interchangeability, but you’re also, of course, trying to toot your own horn about what you think are your best-of-breed components within that framework. Give us a rundown, if you would, of what this Lifecycle Quality Management Solution consists of, and how it helps folks like Chris at Jewelry Television manage their complexity, while also giving choice?

Sure. First I want to reiterate that recognizing that there’s a need for a lifecycle approach to quality is really the first step. Getting the right management buy-in across the organization, developers as well as business leaders, needs to be the first thing you do before you really think about changing the way you’ve approached this. The other thing is, as companies make decisions about going Agile, these issues need to be considered.

The process I’ve already defined is very important. We understand that, and we understand how to get there from where we are today.

From a technology standpoint, the platform that Borland is delivering allows business users, and business analysts to capture a requirement correctly from the very beginning. We use a workflow-based definition and elicitation tool within our LQM Solution that lets users do that very, very well -- and lets them write in the quality attributes of that requirement. And then they can even take that basic requirement and develop and generate -- automatically generate -- test cases to put into our test management harness. We also deliver a full enterprise-class requirements management framework that is now deeply integrated with our test management framework.

So, as Chris was mentioning, we’ve got bidirectional traceability now between a business requirement that’s driving the project, and the testing requirements for the whole QA process in organization. And then we’re integrated on the test management side with our SCM solution, so that all of the test assets that are created during the testing process can be versioned and source-controlled as well as providing a defect-management capability -- so defects are rooted out of the application throughout the whole process.

So, the technology stack is really a deeply integrated platform for traceability from the very beginning to the very end of the testing process.

Gardner: It sounds as if there is actually a continuum of suites here, right?

Johnson: There is. We have the Silk suite from the Segue acquisition, which is growing and blending into the Caliber suite for requirements definition, and management, as well as our StarTeam suite for software configuration management. Our strategy moving forward is just to continue to make the integrations more seamless, and more valuable.

Gardner: Okay, back to Chris in Knoxville. When you hear this -- and this is just been out, so I know you don’t have it in place necessarily -- does this sound like a good fit? I know you do use some of the Borland brands and products now. Does this give you a big impetus to then say, "I’ve got to have this framework in addition to these individual suites and products?"

Meystrik: It gives me an impetus to go check it out. I am not a very big monolithic purchaser or consumer of technology goods. I like very open frameworks, and to that end we bought Segue before we even thought Borland was in the picture. We thought Segue was the best tool on the market. We did a long evaluation on automated test suites, and now it’s a part of Borland.

We purchased a different requirements management tool that did not work out for us because it didn’t have the openness that Brad’s talking about. It didn’t have the integratibility of the CaliberRM product. It just turned out Caliber was Number 2 on our list. We didn’t do another evaluation. We picked the Borland product.

We had already purchased Together for IDE integration to Eclipse for all of our architects. So we are a fairly large Borland customer. But for all of the listeners out there saying, "Well this guy, he’s into Borland, so of course he is on the call," we kind of stumbled into the whole deal by making some really good decisions. And we believe that the integration between CaliberRM and Silk tool is going to be outstanding. We’ve seen it in action, and it keeps getting better. We’re installing the Caliber products very, very soon to overtake the product that we had in-house, and we’ve had the Silk tools for over a year and half now, and we love them.

And what about the use of this framework in conjunction with non-Borland products, I assume that you’ve got some of those too?

Meystrik: We do, and I’m hoping that really works out. We’re very big users of open-source products. We have Subversion as our source code management system, and we actually have made some open-source modifications to the Bugzilla tool for tracking; what we call action request, things that we do to our system. We have heavy traceability between Subversion and the Bugzilla implementation here at Jewelry Television. And we hope to move that traceability all the way up into CaliberRM, and thus all the way over into Silk.

I would like to know when somebody -- when some senior executive -- comes to me and says, "We’ve got this high-level requirement wrong," I want to understand the impact of that all the way down to my source code, and how much quality the QA team already put into uncovering SLAs, and things like that within the code. How much rework is it going to take? I think they’ve got a solution that’s going to do it.

Now, within Jewelry Television what group is your biggest problem? And I don’t mean that in a negative way, but I mean, if Monday morning comes around, and you go in the office, who are the people you don’t want to see? Who is your most troublesome internal constituency, and I don’t need names, but sort of a department level or something like that?

I think not in terms of trouble, because we just value our customers across Jewelry Television. This is an amazing place to work, and all the people here are brilliant.

But when I come in and I hear, for example, that we had a huge Saturday and that the call center had to go on paper tickets for an hour. What I know is I have 300 or so people that did not have a very fun hour on Saturday. I take it personally, and I want to fix that problem. That’s a big impact.

There are other areas too. You could have some backups in inventory that affect your customers. All this stuff is very customer-facing. I would say that right now, that’s the area we’re really, really focused. We’ve got a new order management system going out within the next 30 days.

And come Monday morning, you can’t go to those people who are doing the paper tickets, and explain to them that you didn’t have sufficient visibility into the requirements process due to a lack of integration between two disparate tools vendors, can you?

Meystrik: No, no. In fact I’m not even sure they would even know what that meant, just because they don’t know the IT world. They'll still say, "We still ran paper tickets."

They just want to know that it works, right?

Exactly. They want to know that it works, and they want to know the process is going to get better. They want to know their talk times and their queues are going to go down, and that their customers are going to be significantly happier. We’ve got a lot of repeat customers here, and we want to know we can take care of them quickly, and they can do more shopping on the phone because the systems are more efficient, because we’ve thought about quality from the very beginning. We understand the SLAs that have to happen.

Gardner: Let's look to the future a little bit. You mentioned early on, Chris, when you were describing what you do, that services orientation was important to you. It strikes me that quality, while important in a distributed environment, is absolutely critical in a Services Oriented Architecture (SOA), or distributed services environment. Do you concur with that, and where do you see the importance of quality going as you move more into these independently created services?

I absolutely concur with that. When you put out a SOA and you start doing B2C, and B2B, and business-to-vendor communications on a broad scale -- you basically open up the kimono and say, "You want to communicate with Jewelry Television? This is the service framework that you can use to talk with us. Have fun."

That means that any one of those components that you don’t even know about could be the centrally hit hot spot in the system. You’ve got to be able to uncover, first, what is that hot-spot going to be. And if that is a hot spot, what kind of SLAs do you have to put around that thing? You have to know as you scale up -- whether it’s a down-stream call, or an object, or a method that’s being called by more web services than you thought -- you’ve got to be able to uncover what that hot-spot is and test it, and you’ve to have SLAs around it.

Brad mentioned a little while ago that too many people are doing manual testing, and I concur. We do too much of it around here, too. If we’re doing an Agile method in iterative development cycle, we can’t replay manual testing stuff through every iteration. It doesn’t work. Our QA development step has to become iterative also, they have to be able to manually iterate the first step, and then payload that thing into a regression test in the Silk tool.

This quality becomes just paramount when you go to SOA, mainly because there is non-determinism involved. You don’t necessarily know what your customers or vendors or other businesses are going to think is the most valuable service until you deploy them and they use them.

Gardner: Okay, well, super, I think we’re about out of time. We’ve been talking about the importance of quality in application development, about the necessity for a framework that allows interchangeability, but also coordination management and visibility. And helping us along on this discussion journey has been Chris Meystrik, he's the vice president of software engineering at Jewelry Television. Thanks for joining us, Chris.

Meystrik: Thanks Dana, I appreciate it.

Gardner: And also joining us from Borland Software: Brad Johnson, the director of product marketing, and he’s been talking about the new Borland Lifecycle Quality Management Solution, and why this is relevant now. But it sounds like something that will be increasingly relevant in the near future. I want to thank you also, Brad.

Johnson: Thank you, Dana. It was my pleasure to be here.

This is Dana Gardner. I am principal analyst at Interarbor Solutions. You’ve been listening to BriefingsDirect. Thanks for joining us.

Podcast Sponsor: Borland Software.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect podcast on application development lifecycle quality. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Sunday, October 15, 2006

Transcript of Dana Gardner's BriefingsDirect SOA Insights Edition Podcast with Analysts Steve Garone and Neil Macehiter

Edited transcript of weekly BriefingsDirect[TM] SOA Insights Edition, recorded Oct. 6, 2006.

Listen to the podcast here.

Dana Gardner: Hello, and welcome to the inaugural weekly BriefingsDirect SOA Insights Edition. This is a weekly discussion and dissection of Service Oriented Architecture (SOA) and related news and events with a panel of independent IT industry analysts and guests. I'm Dana Gardner, principal analyst at Interarbor Solutions and your host and moderator. This week joining me on our panel is Steve Garone. Welcome to the show, Steve.

Steve Garone:
Great to be here, Dana. Thank you.

Gardner: Steve is a research partner affiliated with Ideas International, and is a former program vice president at IDC responsible for web services, integration, middleware, application development, and software-enabling technologies. He has also founded his own market research and analysis firm, The Align IT Group, which is now part of TechTarget. Steve is also an independent industry analyst and I'm told weíll hear more about your plans on that front and your future, Steve.

Yes, you will.

Gardner: Terrific. Also joining us is Neil Macehiter. Neil is the research director at Macehiter Ward-Dutton, based in England. Welcome to the show, Neil.

Neil Macehiter: Thanks, Dana. Nice to be here.

Why don't you give me a quick rundown of your previous affiliations as an industry analyst?

Macehiter: Sure, before founding Macehiter Ward-Dutton at the beginning of 2005, I was a research director with a UK-based analyst company called Ovum, where I headed up a team of analysts looking at software infrastructure research. Before that I spent 17 years working for a variety of vendors and end-user organizations like Oracle, Sybase, Sun, and a few start ups.

Gardner: Excellent. Yes, I think we all have some background in software infrastructure and enterprise software. Before Interarbor Solutions I covered these subjects as well for the Yankee Group and the Aberdeen Group. So, just for the edification of our audience, we're creating a podcast show here that will include a transcript, and us prolific bloggers will be blogging on it as well.

The notion here is that the marketplace has some IT podcasts, we've got a lot of Web 2.0 and social networking discussion podcasts, but as far as I know, we don't have any SOA-focused shows. More and more SOA news, as well as trends, are emerging. This is not just a blip on the hype curve, although there is certainly some hype involved. This is a long-term (perhaps decades long) trend in IT. So, we're going to create our own podcast show on SOA and SOA governance and related subjects. We're going to have industry analysts joining the show as our panel contributors, and we're going to invite some guests; people that are newsmakers as well as other leaders in this emerging SOA space.

So, to start us off this week, there is some fairly big news from some of the biggest players in SOA: BEA, IBM, and Borland. We are going to start with an overview of what the BEA folks have done. I want to hand this off to Neil. I assume that you will look closely at the BEA 360 announcements that emerged from the BEA World Conference in California just in the last few days. Could you give us an overview of what BEA has come out with?

Macehiter: Yes, sure. What the BEA SOA 360 is, I think, is BEA putting a stake in the ground. They see their offerings around service-oriented infrastructure platforms evolving over the next two to three years. There are a number of aspects to it.

One is that they are applying SOA principles to the wave of actual architecture beyond the learning platform, and they refer to this as the micro services architecture. What this is really all about is providing enabling capabilities which are themselves delivered as services and exporting those within the overall platform. They talk about this as a notion of a service network which is actually nothing new in the SOA-based spenders like Blue Titan, which has been acquired by SOA Software. For example, they have been talking about the service network for a significant period of time. So, that's one element of this BEA SOA 360 announcement that really spans the three broad product families: the Tuxedo platform; WebLogic, which is an application platform for service-enabling applications; and AquaLogic, which is the micro-service platform they announced about a year-and-a-half ago.

They've also announced in this part of SOA 360 the WorkSpace 360. They are trying to facilitate a more collaborative approach to SOA that recognizes the roles of the different players in any SOA initiative. All the business analysts, the architects, developers, and the operation staff will be provided the means with which to collaborate. This is really oriented around their repository they acquired with Flashline which, to some extent, addresses the requirements.

I think are predominantly focusing on targeting a broader community with this notion of the WorkSpace. There are also a couple of other announcements. It is slightly tangential ... to the platform, some consulting offerings specifically oriented toward the executive community to develop a business case for SOA and to better understand the business value of SOA, and finally to offer some support services providing automated management capabilities so that you could, for example, detect a problem in the infrastructure and apply patches. It is that service that is really oriented around the infrastructure. That really captures the 360 announcements.

I'd like to add something before you get into the analysis on this. Just a week before, BEA came out with something they're calling SALT 1.1, which stands for Services Architecture Leveraging Tuxedo. This is a Web services stack built on Tuxedo, their transaction processing engine, and allows the users to take C and C++ and COBOL, which are long-term and costly application sets to maintain, and allows them to work within a service oriented architecture framework. I think this has clearly targeted IBM and its installed base of CICS and Z Series -- its mainframes legacy -- allowing you to expose those via Tuxedo as Web services, although you have to inject Tuxedo into this stack.

Now that we've seen a little bit of what BEA is up to, let's talk about IBM. I'll give an overview of this announcement. IBM came out with a series of five new products, a number of enhancements to existing products, and 11 service offerings. They are really focusing on giving their customers flexible entry points into service-oriented architecture through a series of initiatives.

One of the things that is rather daunting about IBM is when they come out with these announcements, it is a laundry list of things and is somewhat of a challenge to fully wrap your mind around them, but they've broken it down to four major categories on the way you would build out your architecture. They call this model, assembly, deploy, manage, govern strategy, or MADMG, and it really amounts to having a services fabric. The lingo here is quite similar to what we heard from BEA.

This is a process management capability infrastructure, and management and then governance overlay to this series of capabilities. In terms of products, they've had the IBM Information Server, the WebSphere Business Services Fabric that we mentioned. And new and not entirely unexpected is their WebSphere Service Registry and Repository product, playing catch-up with the other companies that have done this either internally or through acquisition.

IBM also produced the Tivoli Dynamic Workload Broker and the IBM Change and Configuration Management Database. Those are the new products, and there were also enhancements to IBM's WebSphere Process Server, the Rational Platform and the Workplace Dashboard Framework. They have also come out with a number of services around methodology, and the flexibility and growth of reuse to decrease costs. So, governance links to a service lifecycle management capability focused on the high-level business services framework and BPM, and then also to the underlying infrastructure, and the way to manage that.

Steve, now that Neil and I have gone over with BEA and IBM, two very big players in SOA, have come out with. From your vantage point, have they done a good job providing a "soup to nuts" or a holistic full-service SOA implementation? Or are we still looking at even the definition of what that would consist of? Do we have big holes here or are we almost complete?

Garone: Before I answer the question, let me just throw in one more little element of the IBM announcement which I don't believe you mentioned, and that is they put a lot of emphasis on business partners and on industry solutions.


It has always been very important for IBM to take a lead in that area or at least try to, and part of that comes from their recent acquisition of Webify. But it's part of this overall effort on the part of both vendors and other vendors to ease that transition into SOA. This specific case, looking at how to make specific industries with specific requirements with compliance issues, to make that transition easier. So, I just wanted to throw that in there.

Gardner: Absolutely.

Garone: Well, in order to answer your question, I'd like to step back for a moment and frame this in the concept of what I have traditionally called the platform. My definition of platform is a little bit different from what BEA and even IBM would say. To me, a platform is a piece of technology or functionality around which a vendor builds its community. So, for IBM it would be operating systems and hardware platforms, and for Oracle it would be their database.

The importance of understanding this is really two-fold: The first is from the adoption and sales perspective. Vendors tend to have people gravitate toward them for a solution because their infrastructure and their solutions are built on a major component or a platform that a particular vendor offers. Also, do you go best-of-breed or do you just say I've got an IBM-centric environment, Iíve got an Oracle-centric environment; I am just going to go with them for the solution?

Gardner: Yes, I think this is the big question we are now facing.

Garone: Right.

Gardner: Complete holistic, or best-of-breed -- and if you want to do both, how do you decide where to put what where?

Garone: Exactly, and in the case of BEA, they have been very strong over the last few years building a comprehensive SOA platform, either through its own development initiatives or through acquisitions.

Gardner: Right.

Garone: They have a very strong foundation and legacy in providing very good, if not the best, solutions for middleware and SOA from the technology perspective with any vendor of the industry. That is one of the ways BEA has been very successful and has overcome the platform tendency of people to gravitate toward the wrong platform and go to those vendors. BEA has been successful in fighting that because if you go with my definition of a platform, BEA does not have a platform. It is building what it calls a platform around SOA, but that's basically what it does.

Gardner: Well, doesn't SOA require a bit of a change in that definition of platform? We have design time and runtime issues, and then we have this governance or management that binds the two because of the unpredictable nature of SLAs and demands on these services in an open environment, and the ability for reuse. We are really tying together runtime and design time and the management, and then reinforcing the cycle of the feedback loop among these components. It looks different than the traditional notion of a platform.

Garone: Yes, it is, and that's where I was going with the conversation. I think ultimately there is going to be a line between the platform that is an infrastructure component like an operating system or a database, and the SOA fabric and stack that goes above it is going to be blurred. We are starting to see that now in some other cases and the best one that I can think of is the acquisition of JBoss by Red Hat.

Gardner: Right.

Garone: In this case, an open source platform that is going to incorporate the operating system components required to do SOA and the SOA stack itself, and you're not going to be able to tell the difference. That is ultimately where IBM has to go and that may put BEA at a disadvantage because it doesn't have those underlined components, it has to sit on top of someone else's.

Gardner: Okay. Let's go to Neil. Do you see this definition of platform? We have design time, runtime, and governance capabilities, among others. Do you see BEA and IBM approaching it that way? Are there major holes, and can we expect that the implementations of SOA will cherry-pick among these parts, or will they be forced to go holistic with one because there are very limited number of vendors?

Macehiter: I think BEA and IBM are definitely moving in that direction, and the reason the platform has to change is down to the notion of the service of service-oriented architecture. Service in the real world is something you experience, and in the IT terms and IT service it means the platform needs to extend from the development of the services to their deployment to their operation, and that changes the characteristics and the capability you need within the platform.

I think they are trying to move in that direction and, depending on where they are coming from, they have different strengths. IBM has strengths ... and capabilities you need from the development side. BEA has a slightly different emphasis and tends to focus more on the development and deployment, but undoubtedly we are trying to move in that direction.

The point that Steve raised was very interesting: the example of Red Hat acquiring JBoss, and the development and infrastructure platform becoming indistinguishable. Think about and pair that with where Microsoft has been coming from around service-oriented platform.

Gardner: That's a great point.

You know, .NET has distinguished Microsoft's historical struggle because people want to know where the applications server is, and the reply is that it is Windows; people would look blankly and say that is not an application server, but that's the way Microsoft has been pushing it. I definitely think that they have all moved in that direction.

The second point is will it be better to be best-of-breed or will people gravitate to particular dominant platforms? I think the jury is still out on that. It entirely depends on the scope of an organization's SOA ambitions. For example, if they're looking to address some particular project-level server requirements, all departmental solutions and departmental requirements, and they are adopting a SOA approach, they might as well turn to a best-of-breed vendor.

Vendors like Sonic or SOA Software have been quite successful. When organizations start to consider more enterprise initiatives, who are they going to turn to? I think their natural inclination is going to be to gravitate to the big players and then look for the gaps. There are undoubtedly gaps; for example, products of the IBM announcement. Organizations would be looking for a combination of IBM and a Systinet (Now Mercury and HP) to provide registry and repository. Similarly, they will be looking at the BEA offering and looking for gaps there. How well do those BEA [products manage] identity and security? Well, only to a certain extent, so again they're going have to look for best-of-breed capabilities there.

The enterprises will gravitate to the big platform providers and then plug the gaps with best-of-breed capabilities. We will not see this sort of wholesale method of the best-of-breed solutions to implement, to support our SOA initiatives. If you are doing it at enterprise scale, potentially there are quite significant risks. The organizations will fight, plus many organizations are grappling with their sourcing strategies and looking to consolidate suppliers. If you have a massive, significant investment in SAP or ERP backbone, it is likely that you're going to at least consider SAP NetWeaver as part of the solution, and look at plugging the gaps that exist in NetWeaver around things like governance and identity and security.

If I can just interject something here, Neil. Your point about NetWeaver is well-taken, and if you could turn the original model I talked about, and say that for those people the SAP applications are the platform, that gives a lot more clarity to the notion of platform I originally presented. You are absolutely right; if you watch the big code and cross-platform vendors like IBM and Oracle, they try to walk this tightrope between -- we've got this comprehensive set for SOA that's going to make it really easy for you develop, deploy, manage, and govern your services-based implementation, but, by way, if you have a best-of-breed solution in-house, we can easily integrate that for you, and they will use an industry standard-based argument to make that point. End users really need to look carefully; just how easy and inexpensive is it to use that level of integration.

Macehiter: Absolutely. Oracle has been working with the idea of whole pluggable and BEA probably as micro service. The architectural announcement was the blended approach that BEA has been adopting primarily around the development platform.

Garone: Although that's mostly centered on open source.

Indeed. I think if you know how blendable or how pluggable or just luke-warm pluggable .... You know there are some important questions to ask because itís not just about having a list of WS.* specifications. You know we can interoperate with those things. It is how well the governance capabilities you have within your platform and to exploit them; can you manage those plugged-in components in the same way that you manage the rest of the infrastructure? There are a lot of other questions you need to be ask.

I'm developing an analysis of this I'd like to run by you. When it comes to deciding between best-of-breed and holistic-integrated stack -- and I agree that there are going to be cases where an installed base is going to have an influence on decision making. For example, if you are a big Oracle shop, if you are a big SAP shop, if you are a big Microsoft shop, those have implications on your decisions and strategy.

On a more general note, it seems that developers are really not going to give up on their need for best-of-breed. They like to cherry-pick their tools, they are increasingly involved with Eclipse, they like the idea of plug-ins. Shoving a new tool down the developer's throat is not going to work.

I'm developing this analysis that says best-of-breed is going to continue; in fact, it needs to be absolutely supported in the design-time phase and test-and-debug phase and those early lifecycle quality issues for SOA. But, when it comes to deployment, there is this move in the market for unification, for consolidation, for lowering total cost, reducing the number of data centers, modernizing your all legacy applications, taking advantage of Web services standards, moving toward SOA.

It seems it is in the runtime, the operations side, where there's that need for a single throat to choke -- this is where a large vendor can be there on a services support and maintenance capability front where it also has big ecology partners and a support infrastructure. That's where you need a single large vendor. But then there is the third component of the platform that we described for SOA, which is this governance and policy, which needs to be relayed back to the design time efforts.

We are seeing this land grab, this race, for governance capabilities. So if you have two out of these three components -- let's say you have governance and runtime -- you will be able to work with the best-of-breed approaches in design time. Governance becomes the large winner here, because it ties runtime back to design time. Hence, we've had a very fast series of acquisitions, and also announcements like the IBM Registry and Repository announcement this week, toward the governance play. Does that make sense to you all?

Yes. I think your analysis makes sense. I think you said that if you have the governance in runtime, then you will be able to accommodate the development side and the best-of-breed on that side. Well, there are a couple of things that I'd like to say about it. It is basically sound; the only thing I would say is the openness in terms of the governance in runtime is going to be a requirement. They are not going to be nice to have and they are not going to be something that allows you to do something. It's something that is going to be an absolute requirement in the eyes of users.

I absolutely agree with that. The sooner you bring the governance into a coordinated methodological role with the development, the better your quality will be in a lifecycle rather than just developing and then throwing over the wall and hoping that deployment people can work with that. I absolutely agree.

Garone: Yes. I just want to mention quickly that the actions over the last four or five years of the major vendors we talked about earlier in terms of reaching out to developers, making all their tools and development environments validates that the developer is the one you have to make happy on the development and deployment side. They are all reaching out to do that. The vendors are actually attempting to not only put a full core press on in terms of bringing in developers, but they are also trying to impress those developers so they think they are buying best-of-breed when they buy from an IBM or Oracle.

Gardner: Right. How about you, Neil? How do you see this view I've provided?

Though I think your analysis is on-point, I would emphasize that the organizations need to be thinking about governance more broadly than many of the vendors have been promoting. [Governance has been] primarily focused on the development ... side, and to some extent paying lip service to the fact that those governance assets -- the assets you have in your registry-repository -- need to be exploited throughout the entire lifecycle.

This is why the acquisition of Systinet by Mercury and then subsequently by HP is quite interesting. And thinking about the gap that needs to be plugged there. For example, how does SOA registry-repository compare to a configuration management database (CMDB), which is at the heart of their management and monitoring capabilities? I absolutely agree with the analysis in terms of interoperability that is needed from the development side, but I think you equally need interoperability at the management and runtime because it goes back to this point: A service is something you experience. You don't actually experience the service when it's being developed and deployed. You experience it when it's being run and operated.

That is the other angle of governance that we need to highlight. It was interesting, for example, when IBM announced the WebSphere Service Registry and Repository product that they did not talk too much about the integration, and how activity assets, activity complexity, and application manager are going to be exploited.

Gardner: All right, now let's get to some of the blogs that went back and forth this week. You and I were in it, Neil. Some folks were saying, and I believe were playing off of recent analyst reports, that Oracle and SAP will also be shopping for registry-repository product -- only there doesn't seem to be too many of those proven vendors left.

I wrote that I thought Oracle and SAP
would be more likely look to a home-grown effort, and that Oracle and SAP are probably well on their way to producing a registry-repository, or a governance capability, internally because it does need to play off of their previous or existing management, as well as their strengths and their logic and policy approaches. Now we can swing the conversation into the vendor politics, or vendor sports, side of things. Who is the demonstrating a top-ranked approach?

It seems that IBM and Microsoft are doing quite well, although that is closely tied to installed bases. We are seeing some action around these other players that are still putting together comprehensive SOA platforms. Neil, you mentioned earlier Red Hat-JBoss, and then the Mercury acquisition by HP. It seems to me that HP is coming into this rather aggressively because it has a large management capability with OpenView. It's adding on the quality assurance benefits in the early phase of the design time with the Mercury traditional products, and then with the governance from the Systinet part of Mercury. And then also there's a very close relationship (that doesn't get a lot of attention) between Red Hat-JBoss and HP. They become, in a sense, an open source software platform.

So, here's an open-ended question: Who's ahead in the SOA race here, and who is not doing so well in terms of putting this all together?

Well, I'll jump in. It is very difficult to say who is ahead. As an ex-IDC analyst, I tend to think of those things in terms of who produced the most revenue in a given year on SOA-related products, which, of course, always seems to exclude Microsoft, for the reasons that Neil stated earlier. But I don't think that's the right way to look at it -- in terms of revenue.

IBM certainly has done a lot to steal the thunder in terms of messaging around SOA. They have introduced a lot of products, acquired a lot of companies, and put together a what looks like a comprehensive solution. The "baggage" there, of course, is that a lot of this comes through legacy products that have to be brought up to date, up to speed, and relevant to SOA. The question for IBM is going to be just how well have they done that and I think the jury is still out on that. I have always been a fan of BEA, although they've always had challenges in terms of the platform issue I mentioned earlier, but also in terms of coming out of a very technology-based background and marketing itself better.

I think they are all doing a very good job in terms of filling out the platform. You positioned IBM earlier as introducing a registry-repository because everybody's got to have one, and now they do as well. One of things that you brought up was HP. One of the things that is interesting to me, and I am going to be spending some significant amount of time on in the near future, is the Venn diagram overlap between SOA and the virtualization space.

It popped into my head because you mentioned HP. HP, as we all know, left the middleware business a couple of years ago, so its relationship with Red Hat and JBoss (now that Red Hat has acquired JBoss) makes perfect sense in terms of filling that in. But when you combine the governance issues and the other issues around building and managing SOA -- and put it in the context of being able to virtualize assets, and therefore where services are deployed and how they are managed -- that gets to be an interesting problem, and one that both IBM and HP are going to be fairly well-positioned to be able to solve.

Gardner: I guess I should also toss out for the sake of our audience that the stakes here are enormous. Larry Ellison made a prescient observation a few years ago that there is only going to be three or four major IT vendors at the end of the day, in 10 years or so. I agree with that. There is going to be a fomenting level of small companies that are innovative, but when it comes to the large enterprise accounts, there is going to be a consolidation. At the same time, there are these large transitions to services in the architecture. The companies that nail this are in a position to have the continuance of their $20 billion to $80 billion a year revenue engines. For over a long period of time we're talking about a global market potential here of $40 billion to $60 billion a year when it comes to the full implementation of service oriented architecture. So the stakes here are enormous.

Neil, let's go back to you for one more take on ranking the big guys, and how they are doing.

I think, you know, I tend to agree with Steve. IBM has certainly done a good job of winning the mind share in terms of being perceived as a SOA leader, and has done a lot of work to promote the customer engagements it has had. On paper, it certainly has a lot of the components you need for a comprehensive SOA capability, and I use the word capability because of the services element, which I think is important to know. In fact, BEA made some specific announcements around services and ...

You mean professional services?

Yes, consulting services.

Gardner: Right.

Macehiter: So, I think IBM has done a good job. Microsoft is out there really addressing a slightly different audience and building from a different point of strength, which is out from its developer community.

With Oracle there is still some confusion around Fusion, especially for their applications and middleware strategy. They have actually done a pretty good job of building out their portfolio to address a broad set of the requirements. Perhaps some management pieces are missing. They have made some very small acquisitions. I think SAP is building from its point of strength around control of the business processes, and working at a high-level within the organization. It doesn't have so much of the core infrastructure capabilities you need.

So, I think it's interesting to watch the dynamic. A lot of it depends on the comparative strengths of the vendors historically. I think there is a tier of players below that like webMethods, SOA Software, Progress-Sonic that, if you like the known big vendor alternative, I think will primarily appeal initially around this whole project level deployment. I think it's an interesting space.

If we look at those second tier players through this taxonomy of best-of-breed in design time, completeness in run time, and then linking that together with governance and policy -- how do you see those second tier players being able to operate within that sort of framework?

Macehiter: They had seen some initial success, which is not unusual in an emerging market. But it is more about addressing the customer concerns around viability, around the longevity of that vendor. Are they going to be around? Do they have the vertical market expertise? It is going to be interesting as these markets evolve and you see the tier-one players gradually emerge as they did with client/server and client/server development tools. They gradually subsumed the mind share there, and there were a small number of players left.

Yes, we saw the same thing with distributed Java.

Exactly, I think that it will be the same. This will probably allow for one of those mid-size players to really have a significant play, not at the same level as the big players, but to be recognized. You can see the companies I've mentioned, SOA Software, Progress, webMethods all vying for that place.

Yes, another announcement this week was from Borland Software. They came out with their Lifecycle Quality Management (LQM) solution, which is a series of suites really, focused primarily on design time but with implications for working on an open basis with governance and policy. I wanted to bring that up because this has cast a new light on Borland, particularly when HP bought Mercury. Having this design time quality assurance capability, all a sudden, is much more prominent in SOA. Even though we might not put Borland in the category of a second-tier SOA provider, I think we can look at them now with more interest as a best-of-breed player within SOA nonetheless.

Garone: Yes, I think that makes sense, Dana. You know if I look at the announcement and I look at what Borland has done here. It is something that is obviously needed and necessary, and plays well in the context of a governance model. It also makes sense for Borland, given the kind of vendor they are and what their history has been. It really builds on this notation of giving developers what they need to build effective solutions but not only bringing it all the way through the entire development lifecycle in terms of quality assurance, but also bringing things back all the way and bringing the notion of governance and quality back to the requirements themselves.

Gardner: Yes, right.

Garone: I think that's really a very positive thing for Borland to do. It was probably something Borland needed to do, given the fact that everybody around them is building comprehensive SOA stacks. We all remember five or six years ago they were playing to the middleware space, which didn't go very well. So, this makes sense. There is somebody to watch. My sense is that the result from this is less a move into other areas of comprehensive stacks, and more in terms of partnerships and relationships with other vendors.

Gardner: Okay, gentlemen, I really appreciate your frankness and insights. I think we've had a really nice discussion.

As part of the BriefingsDirect SOA Insights Edition format we're going to do something different than you might get from your traditional IT industry analyst. We are going to have a little pause for disclosure here. It will be interesting to know who, for transparency purposes, we are working with on a revenue basis. I'll go first. We've mentioned a number of companies during this discussion, but I just want our listeners to know that I have a business relationship, in fact a sponsorship for my BriefingsDirect podcasts, with Borland, HP, Cape Clear and Eclipse Foundation.

So just to come clean, I wonder if you other guys want to mention the companies that you work with as well, so people better trust us.

Macehiter: Yes, I'll just quickly dive in here. In terms of the vendors that I've mentioned off the top of my head, once we had consulting engagements with and a revenue relationship with BEA, IBM, Microsoft, Systinet and Mercury.

Of the ones we've talked about today, the only two are IBM and HP.

Terrific. Okay, I would also like to point out to our listeners that if you'd like to learn more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, feel free to contact me, Dana Gardner, at 603-528-2435.

I want to thank our panelists today. We have been discussing service oriented architecture and the SOA news of the week with Steve Garone. He is a research partner affiliated with Ideas International, a former IDC vice president, a founder of the Align IT Group, and is now an independent industry analyst working toward some other interesting goals. I hope youíll come back soon to tell us about them, Steve.

Garone: You can count on it.

Gardner: Thank you. We've also been talking with Neil Macehiter. He is the research director at Macehiter Ward-Dutton, an analysis and consulting firm in England. Thank you, Neil.

Macehiter: You are welcome, and thanks a lot, Dana. Thanks Steve.

Garone: Thank you.

Gardner: So, let me remind our listeners to come back again next week for another version of BriefingsDirect SOA Insights Edition. Thanks.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Wednesday, September 27, 2006

Full Transcript of Dana Gardner's BriefingsDirect Podcast on Calendar Interoperability with Scott Mace

Transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Sept. 19, 2006.

Listen to the podcast here.

Dana Gardner:
Hi, this is Dana Gardner, principal analyst at Interarbor Solutions and you're listening to yet another edition of BriefingsDirect. Today, an overview discussion on calendar interoperability and how open calendars are increasing productivity. Joining us is Scott Mace, editor of Calendar Swamp. Welcome to the show again, Scott.

Scott Mace: Hi, Dana.

You are an aficionado and an expert looking into the issues around calendar and calendar interoperability.

Mace: Yes, I have used a whole bunch of them but I’m mostly interested in getting them all to talk to each other.

Gardner: Right. Well, let’s just dive in and talk about a couple of things on a level-set basis happening in the industry, such the pending drop of the final version of Microsoft Office 2007 -- about three four months from now. People are monkeying around with the betas, developers are getting used to what they can do with their tool set and Office 2007 and the burgeoning chorus of Microsoft Live products. Why don’t you give us a quick overview and a catch-up on the Microsoft stuff?

Well, Microsoft has made progress on iCalendar support, which will be very useful for getting the information in and out of Office 2007. As you know, the current version of Office hasn’t always been very friendly as far as getting your calendar data out to some other format. So, this support is going to be very solid.

The only challenge facing Microsoft is that the bar is moving. It has not stayed still while they have been finishing Office 2007. The new standard to watch is called CalDAV, which is an iCalendar extension that kind of makes iCalendar into a more of a service -- a Web service, if you will. And it’s easier to publish and subscribe to, as opposed to just import and export.

What do you mean by publish and subscribe? How does that relate to interoperability in calendars?

The same way that you can subscribe to an RSS feed today -- such as this podcast -- you will soon be able to subscribe to a particular calendar. There is a mechanism to do this in iCalendar but it’s often not fully integrated, and so what you end up with is that you pull down an iCalendar file and it comes to you as a file. You don’t have a sense of flow.

If a new event is added, you might have to go pull it down again. In a way, CalDAV makes it a more "pushy" kind of phenomenon. It’s a way of more fully automating and integrating the flow of calendar information back and forth, especially when we start talking about specialized extensions like free-busy information. CalDAV is really the cutting-edge, and we are seeing that become a focus of great interest.

Gardner: Who is behind this particular standard? Is this a neutral third-party body? How does this standard become ushered into the mainstream?

Mace: The group that’s championing it is called the Calendaring and Scheduling Consortium, or CalConnect for short. Dave Thewlis is the executive director. I recently interviewed him at my Opening Move podcast over at, and there you have a variety of interesting participants. Most recently, Apple Computer joined CalConnect and announced that their Leopard server would include a full implementation -- in open source -- of CalDAV. So, they are promising to do an iCal server that will be open source that will support CalDAV fully.

Gardner: Just for the edification of our listeners, Leopard is the next version of the OS X Macintosh operating system that’s due, I believe, in April of 2007.

That sounds right.

Gardner: As an OS X user myself, I am somewhat familiar with calendar subscription and publishing. In fact, my wife and I trade calendars; I can see her calendar and she can see mine, because we both subscribe to each other’s. We can also get the Red Sox calendar, which you know has game times, which is kind of neat -- and also U.S. holidays, which get embedded into your calendar. So, there is some of this already going on. Now, what’s going on within OS X in this calendar? Is that the same as the standard-based iCal, or is that something that Apple did on it’s own?

No, Apple is implementing the standard as currently defined by CalConnect. We have work to do on other clients to support CalDAV. One of the most famous clients that’s supposed to support CalDAV out of the box is the long-awaited Chandler client from the Open Software Application Foundation, which is Mitch Kapor’s project to reinvent the personal information manager (PIM).

Gardner: So, now back to Microsoft and Office 2007. With the Outlook client within Office 2007, we’re going to see iCalendar supported, but not CalDAV. Is that right?

Mace: Not at first -- at least as far as I can tell. We may see some support forced in Microsoft Exchange. It seems like whenever Microsoft can go no further, they at least begin to throw support for such things into Exchange, which is fine if you are a corporate customer and an Exchange shop. As far as the more standalone Outlook client, I wouldn’t be surprised if it takes some amount of time for Microsoft to support iCalendar. It's still the case that they support some of these standards somewhat grudgingly and somewhat later in the game than others, and now iCalendar is a good example.

Gardner: I certainly would find the use of iCalendar in Outlook productive because there are folks that I work with who are using Outlook -- that’s your calendar -- and I am using Mac OS X, and, as I said, I can subscribe to my wife’s calendar because she is an OS X user too. But when it comes to some of my contract workers and other friends, I can’t do that. I think that will be an important productivity boost if we could get that level of interoperability. Or am I overstating the case?

Mace: No, I think you are stating it correctly. Here is the other problem: Microsoft is not as focused anymore on following Apple’s lead on every little thing. I think you know this. The participant that needs to embrace some of these standards more fully is Google. I’ve heard it said by various knowledgeable people that if Google supported CalDAV in their calendar tomorrow, you’d very quickly see a response from Microsoft -- at least a commitment or a statement of direction -- because they’re simply so much more competitive with Google on the whole Office suite.

I believe that it probably would be less challenging for someone like Google to support CalDAV than for Microsoft, just because they don’t have all that legacy to pull behind them. But so far, Google has not committed to supporting CalDAV. I recently for the first time met Carl Sjogreen who runs Google Calendar and I asked him if they were going to join CalConnect and support CalDAV, and he was noncommittal. So, they have a lot of different things on their plate and won't get around to all of them, but I think that would be the ultimate leverage on Microsoft -- for Google to embrace it.

Gardner: Okay, I suppose another pivot point in terms of leverage with Microsoft -- in terms of their going to more standards -- would be from the other big player in enterprise messaging and calendar, and that would be IBM Lotus with Sametime and Notes/Domino. What’s the status of what IBM is doing vis-à-vis calendar?

IBM is a participant in CalConnect and, unless I am mistaken, they were involved in the interoperability demonstration this summer, where a variety of different vendors demonstrated interoperable calendar free-busy information between various calendars. I believe that the IBM Lotus offering was one of those participants. So, they are staying up with the standards.

I suppose another interesting aspect of Sametime and Notes is the increased usage of RCP, the Rich Client Platform -- the Eclipse Foundation project -- as a basis for more and more of their client architecture. Does that have a relationship to calendar interoperability that you are aware of?

Well, it’s interesting. I went to OSCON this summer and it wasn’t clear to me whether Eclipse was going to embrace within some their own projects any of the calendaring standards, or whether perhaps there would be some further effort at Eclipse. I think maybe there is interest there, and the Eclipse folks are watching this, but right now I haven’t heard vis-à-vis RCP anything about calendar support per se.

Gardner: It certainly sounds like a powerful and interesting thing to bring a publish-and-subscribe calendar function into a rich client standard. Even if it doesn’t become your main PIM, it could be something that would be of value, as well as an embedded RSS capability into some of these clients. Do you agree with that?

Yes, and the thing is, if people don’t go whole-hog for standard support, what they will sometimes do is create a plug-in. I don’t know if that exists yet, but I could speculate that there could be an Eclipse plug-in that supports the Google Calendar API. This wouldn’t be the hardest thing in the world to build, and you are seeing a lot of effort and lot of activity around standards like the Google Calendar API, which is it’s own de-facto standard. It reaches out into lots of different communities: the Java community, the .NET community. Those kinds of things are going to be built every day.

So to look at the current landscape a little, we’ve got IBM and Apple in the CalDAV camp; we’ve got Google apparently assessing this, and we have Microsoft as recalcitrant in terms of adoption on a leading-edge basis. It seems, though, that Google is the important player. Is that how you view it?

Mace: That’s how I view it. But Google still has a lot of other things on its plate. Again, I talked to Carl Sjogreen at Google, and one of the things that they are most focused on is creating a great user experience for groups of people trying to arrange get-togethers. And so, this might mean -- I am guessing -- maybe half a dozen or a dozen people trying to coordinate a calendar, which is one particular kind of calendar interoperability problem.

I think, knowing what I know about Google and the whole social dynamic that it’s been responsible for, I can see very well that they might be focused on that. My particular focus tends to be on two people -- or bilateral kinds of calendar communication -- where you might really just want to have everything very closely in synchronization. The problem of getting a dozen people in the same place at the same time -- it’s a different problem. So, because Google is trying to solve the problems that they see their users having, they may not get around to solving these other problems until later. It’s just a prioritization issue, and even at Google they have to prioritize.

Gardner: When we last spoke, Scott -- probably three or four months ago, when we did a podcast on some of these issues -- we were both intrigued by the prospect of Google becoming a focal point for calendar interoperability. They might be able to draw inferences from what people do with their calendars in order to augment their existing business model around contextual advertisements. Do you still think that they are heading in that direction, and wouldn’t their being somewhat neutral vis-à-vis the standards help them toward that goal?

Well, I think they are heading in that direction. Whether they are making the kind of progress that people expected to make by now is an open question. There’s certainly lot of developer interest around this. Every day I see something interesting. There has been a recent thread about implementing the Google Calendar API on pocket PCs, which really gets my interest, but this isn’t quite a panacea because what they are really trying to do is just properly display Google Calendar on their device.

Once you have got something like that, then people start trying to make it sync with what’s already on the device. So, there is lots of developer interest and more so, with the Google community than Yahoo! or any of the other online calendars. I have gotten some flak for not talking about other online calendars, but they are all good. It's really just a question of who’s got the momentum in terms of the developer interest -- how many developers are poking around with any particular calendar.

It seems to me there might be some parallel here between what went on in the instant messaging space, where we had a lot of different companies with unique instant messaging clients, and perhaps their own service. But it wasn't until Jabber came along, and people had to eventually go in with that [as an interoperability standard]. Do you see a similar path or progression with calendar interoperability?

Mace: I don’t know. I think there are different characteristics. For example, the way Apple has come out with such a wonderfully elegant solution early on. In a way, I think they outdid what AIM [AOL Instant Messenger] was able to do.

I mean, iCalendar on the Mac is just a truly wonderful solution. The problem is, it hasn’t been openly adopted. I think that we also don’t have the kind of phenomenon in calendaring that we did with Jabber. A lot of people are wondering just how long it really is going to take, because it's already been several years. I’m still waiting for something to come out that’s as viral as Jabber and that just completely starts to spread. You can find Jabber on all sorts of devices.

That’s still not the case with any open source or open standards type of calendar. I also would like to throw a rock back at the mobile phone people, who really have been behind the curve here. If you manage to get any data out of your mobile phone calendar, it's probably going to be in vCal, which is essentially an extinct format at this point. You may be able to pull it into something else but it’s really the lowest common possible denominator of calendar interoperability.

Gardner: I've solved that problem. I stopped using the calendar and address book in my mobile phone altogether, and I usually take my iPod with me wherever I go. So, I have my iPod in one pocket and my cell phone in the other. And whenever I want to look for my calendar or my addresses or phone numbers, I use my iPod, which of course, syncs back to iCal and the address book on OS X. Then I simply punch in the number on the cell phone. Now, I'm using wet-ware -- or sneaker-ware or thumb-ware, whatever you want to call it -- to go from my iPod to my cell phone, but it’s the best solution.

Yeah, I think that is a great solution for a lot of people. Also there are just people who are going to use a browser. For them, any browser-based online calendar will do. They often don’t care that when they are away from the Internet, their calendar is something they have to print out or remember -- whatever. There are still a lot of people in the final analysis who will want it in the palm of their hand, even in an offline mode. I’m just going to continue to probe and press the industry for solutions that can work in every possible situation. So, really I deal with that as a no-compromise solution.

Speaking of mobile, what about what Dave Winer has done with his Web content readability benefit on mobile devices? Does that have any impact on someone who has got a Web-based calendar? Would they be able to use his approach to reading that on a mobile device?

You know, I don’t think so. I haven’t read anything about what he is doing that has any impact on calendaring. It sounds like great technology, though.

It might be an interesting thing to look into. Going back to Google, I recently began receiving emails from people using Google Calendar, and the email consists of nothing but an attachment or two that look like little hash boxes but that end up automatically populating my OS X calendar with events that were taken out of a Google Calendar. Is it because of iCal? What is allowing this to happen, and what is going on here?

Yeah, there is some iCalendar support. It’s very encouraging to hear that people are using it. It doesn’t synchronize anything necessarily, and I wonder what happens if that same person then sends you an email or to change the time of that appointment. You might end up with two different appointments in your iCal and have to remember to delete the first one you got. But, every little bit helps.

I mean, what we are all trying to get away from is the kind of wet-ware, where you just get an email and you have to laboriously cut and paste from that email into your calendar. So, any kind of structure helps. It’s not that I begrudge the things that are low-structured. It’s just that I think we can do better. And it’s also a cultural thing when somebody gets something like that and it’s an attachment. How acclimated are people to knowing what to do with that? I think on the Mac, people are more acclimated to it. I work with a learning curve, because I am sure when people first get Outlook 12 [part of Office 2007], they don’t quite know what that is, and have to learn how to deal with it.

Gardner: Now, let's look toward the opportunity for doing commerce and new business activities through this calendar interoperability function. I am thinking about what Skype, as a division of eBay, has been doing with the equivalent of Yellow Pages and click-to-talk when it comes to ecommerce, or mobile commerce, or looking for new retail types of commerce.

It certainly seems to me that having a calendar function is an important element within this move toward automated commerce -- one that joins the element of the temporal, of the time and space, to sort of a virtual commerce activity online. And it would seem to me that people like Amazon, eBay and Yahoo!, among others, would be significantly advantaged in a progression toward this vision, if there was this level of calendar interoperability. Therefore, they should be somewhat of an impetus or force to make this happen sooner. Why is it that folks like Yahoo!, Apple, Amazon, and eBay are not moving the big players like the Googles and Microsoft on calendar interoperability?

Mace: Well, Yahoo did make a move. They bought, which does provide this sort of public-facing calendar service that you are talking about. And there is a player, which has not been acquired yet, and as far as I know is not for sale. It is EVDB, which provides the Eventful service.

I had a nice chat this summer with Brian Dear, who runs that. They’ve cracked the code for TicketMaster, so all the TicketMaster events have been exposed as calendar objects within the Eventful Service. I think that’s the beginning of something that can be much, much bigger. I totally agree that some of the players involved haven’t really stepped up to the bar. I can see Amazon doing lots of interesting things with calendar information, but so far I don’t see any movement there. eBay -- I have no real idea what their consciousness level is about calendaring, but Yahoo certainly gets it. I think eventually, probably somebody is going to snap up EVDB and then that will probably represent some of the cutting-edge on this.

Gardner: The migration path for this could be on local commerce. For example, it’s nice that I can go and locate a pizza parlor in my neighborhood and I can click on a button and get into a VOIP discussion with them to order a pizza. What I’d really like to do is click on an icon that would get me into the calendar of a plumber or a landscaper, or even a doctor or a veterinarian, so that I can shop and do errands. If someone can take my dog for a haircut next Wednesday at 2 p.m., when I am available, and there are three vets in town -- the one that’s open to me on my time gets the business. I know that’s a little bit of a pie-in-the-sky idea, but the technology certainly seems capable of that. On a local level, it could it be really a much more automated way for local small businesses to generate additional sales.

Sure, and when you think about all the junk mail you get saying, "Come to our sale for one week only," or, "This coupon expires on such and such date," that information ought to be able to be fed right into a calendar. We have to worry about calendar spam, of course, so that’s something to be thinking about. But why shouldn’t the consumer of this information, if they so desire, have all that flow right into their calendar in the appropriate way, instead of forgetting about it.

Not to mention the travel industry -- when it comes times to be booking things while you are on the road, another interesting aspect of time-oriented commerce.

Yeah. Did you notice -- I think the company was called FareChaser -- and what they do is they’ll predict when the sale for particular sites can be lowest based on a bunch of information they collect. And so that would enable people not only to get the best price, but to know when to get that best price. It’s kind of fascinating.

I think I may have stumbled upon an interesting acronym here, Scott. When I said, "time-oriented commerce" -- well that comes out to “TOC.” So maybe we could also do “TIC,” which could be "the interoperable calendar, " which would give us TIC TOC. What do you think?

Okay. Sure.

Gardner: Sorry. All right, Scott, I appreciate your time and your depth of knowledge and for updating us on calendar interoperability. And I certainly hope that more of the capital “I” in interoperability becomes apparent among these major players. And if not, then that some of these other smaller players that you mentioned start to increase the adoption of these standards.

Well, tell you what. When Office 2007 ships and I install it, we’ll arrange one of our future phone calls by spinning calendar objects back and forth rather than emails.

Gardner: That will be a very nice thing. Okay, we have been talking with Scott Mace, the editor of Calendar Swamp and an expert on calendar interoperability and standards. You can find out more information on Scott and his services at You have been listening to BriefingsDirect. I'm Dana Gardner, principal analyst at Interarbor Solutions. Thanks so much for listening.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect podcast on calendar interoperability. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.

Sunday, September 10, 2006

Full Transcript of Dana Gardner's BriefingsDirect Podcast on Network Services and SOA Convergence with Cisco's Bill Ruh

Transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Aug. 23, 2006.

Listen to the podcast here.

Dana Gardner:
Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect. Today, a podcast discussion on a mega convergence point, the intersection of advanced intelligent network services and applications as services, otherwise known as Services Oriented Architecture (SOA). And joining us to discuss this rather weighty topic is Bill Ruh, the vice president of Advanced Services at Cisco Systems. Welcome to the show, Bill.

Bill Ruh:
Dana, thank you very much.

Let me provide some more background on you and what you do at Cisco. You've been 20 years plus working in enterprise middleware and integration, and you are currently leading the Services Oriented Network Architecture (SONA), as well as the Application Oriented Networking (AON) services teams worldwide at Cisco. Previous to that, you were a senior vice president and CTO at Software AG, and you’ve worked at Mitre and IBM.

Furthermore, you’re an author, and in July of 2004 published a book called, "Enterprise Integration: the Essential Guide to Integrations and Solutions." Previous to that came, "Enterprise Application Integration, " as well as "Inside CORBA" and previous to that, "IIOP Complete. " So it sounds like you’ve got a pretty good handle on integration, Bill.

I’ve seen a lot of the trends and a lot of the technologies come and go over the last 25 years to help us solve this problem.

Based on some of the presentations I’ve seen you deliver, we are at this mega-tipping point -- not something that is just a continuum of what’s happened in the past, but something that seems quite different. This is largely due to SOA, virtualization, network convergence, intelligent network services, a higher level of standardization and open source. This all seems to imply a bit more than the typical roadmap, something that is quite new. I think you called it "integration for everyone." I wonder if you could start our discussion by sort of explaining what you mean by "integration for everyone."

Ruh: It certainly does feel like we’re about ready to enter and move up to another plateau in technology. In my experience it’s like client-server, or certainly like the Internet age. Then, we went up to a new plateau with the technology, and this has that same feel. I call it "integration for everyone" in that previously when we have talked about integration, it has been very much technical, the very technical integration of tying together systems.

But, when we start to look at where we’re going now -- in both the number of things and the kinds of things -- what we’re trying to do with those things in tying them together now is very different. In fact, we’ve got a movement from where we used to just have a few devices to where we have the Internet. We’re tying together RFID tags. We’re tying together sensors. So we’ve got a real change in the kinds of things that we’re tying together, where it’s not just technology things. It’s things that are going to be more business-oriented.

The idea of sensors, the idea of tags, the idea of "what is the device on the network" -- that is changing. We also see that the kind of things we want to do with integration is changing. It used to be that integration was really about taking information from one system and integrating it with information from another system. The kinds of integration we’re talking about now is also fundamentally changing, because what people want to do now is more about interactions than about production and transactions.

Now that I know that a temperature gauge in a refrigeration unit has gone off, well, what do I want to do with that? I want to not only sense it, but I want to respond to it. I want to tell somebody about it. This idea of collaboration means that I’m not just integrating applications in a technology sense. I’m integrating people and processes into this. So, when you look about "integration for everyone,” what we’re really talking about is not just technology integration. We’re now integrating all these devices and all these sensors and all these people and all these cell phones.

We’re now taking those integrations and its not just transferring information. We want to collaborate. We want to bring in this idea of communication. When I talk about "integration for everyone," it means that it’s integration for me. It’s integration for my son or daughter. It’s integration for everyone so that they get all the services and capabilities they need through whatever device or channel or whatever they’re interacting through. And that’s a fundamental re-definition of what integration is about.

Okay, it sounds like this portends a great deal of opportunity, albeit with quite a bit of complexity. So, if I’m a CIO in a corporation and I’m trying to be strategic, work with the business side of the house in formulating how we’re going to take advantage of these trends and this new plateau of integration, how do we manage the complexity? What are some of the priorities that you see facing today’s CIO?

I think you hit on the major challenge here. Software is always complex, and systems are complex, so it’s great for me to say, "Wow, we’re going to take all these sensors and plug them in, and you’re going to be told when some sensor goes off in your house or some sensor goes off in your business, and your business processes are going to be suddenly kicked off and you’re going to respond to things much quicker." But the fact is that we all know that trying to do that in real time is difficult.

The CIO is the one who is going to bear the brunt of why we can’t do this. The last time I remember, "Why can’t I do this," was in the PC era. You remember everybody had dumb terminals, and suddenly it was easy for people to go buy PCs through the finance department, etc. The CIOs suddenly had all this complexity and they had to tie it all together. Suddenly, they had networks showing up everywhere, all different flavors of networks, all different kinds of protocols -- and that became a nightmare to manage. Cisco was actually born out of that era in solving the problem of how to integrate and network together all these different PCs into different applications.

We’ve moved up that stack and the CIO is going to see that people are going to be building sensors and cell phones, and people are going to be saying in their businesses, "Why can’t you do this? I can go buy this capability." This will happen in the same way we saw the PC coming in the back door 20 years ago. Fortunately -- and maybe it’s really driven by this complexity -- the dialogue has turned to SOA.

SOA isn't really new. I was involved in Smalltalk and CORBA and the object-oriented movement back in the mid-1980s. A lot of these techniques and approaches have been talked about for a long time. What makes it different is that we’re now starting to get where the protocols are being made that allow standardization to occur. This idea of protocols is the same thing we saw with Internet protocol (IP). What we’re seeing is a movement up the stack to things that ride on top of IP that allow services to actually communicate, coordinate, and collaborate better -- in the same way it used to be hard to connect two things together and send data from one device to another, which is less of a problem today.

We’re going to see that protocols and services in the network are really going to allow us to communicate easier and reduce some of the complexity. So, the network’s going to tie into this movement of SOA. It’s going to provide services, infrastructure-level services, to take some of the complexity away from CIOs in terms of the infrastructure and allow them to focus on the business processes.

Gardner: We’ve discussed some of the technical integration issues, but it seems to me that in a typical enterprise today, there also is going to be the need for a cultural or organizational integration. For example, the application development and deployment folks are in one group or one culture. Network services and administration in another, and then voice telephony (VOIP) and communications in another. It seems to me that that won’t stand, that disintermediation between these different groups is not conducive to this larger integration proposition that we’re discussing. How do we bring application and network services together? How do Cisco’s AON, the Application Oriented Networking, and SOA relate, both technically and organizationally?

You know, I think you hit the nail on the head. I don’t think this is necessarily being driven by Cisco. This is being driven by this larger services-oriented trend. When you look at it, we’ve organized our IT and our businesses that integrate with IT around the Internet model and the client-server model.

When you move to a service-oriented model and you start to move more intelligence in the network, certainly you’ve got the need for the networking person to become more cognizant of how they play and support the applications -- and it’s no longer a black box. We see the need for the networking folks to take on a larger responsibility in that intelligence, and provide services that may have been more traditionally built into our applications -- duplicated in many instances -- so people have multiple identity services, instead of one that logically probably fits in the network.

What we see is that the networking folks have to come up and deal with some of the complexity of the services being put in the network. At the same time, the applications folks within an IT organization have to think of the network not as plumbing. They can't just say: "I’ve opened up a socket," or "I open up some communication mechanism and the network takes care of getting the bits from here to there." They have to realize that there are services inside the network. We’re going to see that the organizational dynamics that you suggest are going to change because of that.

I’d add one other thing. As we get to more services or other organizational dynamics, we’re going to see that the end users are going to want the tools that they have on their desktops to allow them to quickly and easily utilize those services in the network as well as on our servers, so that they can apply them and connect them into their desktop applications. We see this in the case of Google, which has done mash ups and other things out there.

It’s not just the networking administrator or the networking person. It’s not just the applications person. The end user is going to start taking advantage of services and that changes the dynamics entirely. So, we’re going to see a real change in the dynamics between these organizations. And that’s why the network is so important. It’s the one thing that connects them all -- and those services have to be there to reduce that complexity.

Another trend that’s afoot today that we haven’t mentioned, but has an impact, is the social networking phenomena, characterized often as Web 2.0, where we're seeing communities and collaboration and particularly interactivity. This back-and-forth nature of a discussion, of sharing of knowledge, is growing prominent, not only in blogging, but more mainstream in enterprises and in how people do business. Given that interactivity is a buzzword, and I don’t think just a short-term one, how does the network play in a modern, advanced sense in supporting interactivity solutions?

Ruh: Within Cisco, we talk about unified communications -- all the different mechanisms that people use to communicate and collaborate, and that communication is certainly changing. You just outlined that. We go from Voice-over-IP (VOIP), to instant messaging, to collaborative applications, sharing documents, and then we get into blogging.

This whole idea of communication is fundamentally being re-written overnight. Unified communications is going to be the focus for these next-generation applications that are going to support that environment. When you really look at the vision for where unified communications will go in the next five years, it includes the idea: "Why can't I take my blogs, and why can’t I take something like Google Earth and then plot where the blogs are?" Maybe I want to look at blogs that are from a certain part of the world, or that talk about a certain part of the world.

Communication is fundamentally changing to be IP-based. So, the network has provided services to allow those individuals to integrate with everybody. If I’m on a blog and I want to talk to someone and I want to collaborate with someone, I can bring up my collaboration tools. I can bring up my VOIP capability -- all of these things that are integrated. Those services allow me to take all of the services like Google Earth and start to use those tools as a part of the collaboration.

The idea that services can get integrated to the communications is important, and the network becomes the focal point for the services that support that infrastructure, as well as IP being the basis for all these different tools working together.

It sounds like what we’re gaining here is the opportunity to not just view communications, applications, and data as separate, but that we need to pull together with our own brains -- with our wet-ware. How do we take this intelligent information network and manage it? It sounds like we have this opportunity, but I think people are still stuck thinking about these things as separate and unrelated.

That’s obviously going to take some time, in the same way the Internet took time. I remember in 1994 and 1995 putting up Web sites. At the time I was with the Mitre Corp., and we did a lot of early work there. A lot of folks looked at this and asked, "What use was it?" and, "Who is going to manage it?"

Between 1994 or 1995 and 2000, organizations suddenly had a change, and now they have Web administrators and Web servers and everything else coming in. The organization had to morph to support that, so there’s always this chicken-and-egg relationship. What do you do first?

The important thing is that you don't decide to put the organization in place and then the technology. What happens is that the business begins to be driven by some of these external forces. So, external forces -- sensors, unified communications, and moving to VOIP -- and all these IP services -- are starting to come together, and they’re coming into the organization. With the PC, the user said, “Well, I’ve got this spreadsheet, and this is how I want to interact with things.” People start to focus on what the application is.

"If I can go home and do all the things I’m doing at home, well, when I go to work, I want to have exactly the same thing." That’s the thinking that drove the PC. That’s what drove the Internet, and that’s what’s going to drive this whole era. People can do this at home, and they’re going to say, "Well, why can’t I do that at work, and why can’t I have that same capability?" And they start bringing it in the back door. What happens then, of course, is that the IT world has to respond to that.

What we’ll see is that organizations are going to have to decide whether they want to get a little ahead of the power curve here. They know this is all happening, and that means they have to look at their network, look at their systems and say, "I’m going to do services-oriented here. I’m going to do SOA, and I’m going to do services-oriented infrastructure. Let me figure out a few of the core elements I need to put in. Security is a network service. That’s great, and I’ve got to put that in there. I’ve got to start looking at what kind of services go where."

You get a few core elements in and from that what is going to happen is that IT organizations are going to learn what they need to do to really fit into this wave or this trend. Number two, is that they are going to be viewed as being responsive to the business side of things. This is the approach that people have to look at. "What are some of these core services that I can put in the network? What are some of the core services that I’ve got within my servers and how can take advantage of this trend and support what is certainly going to be a wave that is going to hit?"

We’ve had quite a few acronyms in our discussion, and we could probably come up with a couple of hundred more. Help me out with Services Oriented Network Architecture (SONA). I’ve got a pretty good handle on SOA, and I’ve got a pretty good handle on AON, but I’m a little bit less clear on SONA. What do you all mean by that?

Ruh: SONA is a Cisco-defined architecture. We recognize that we have a very diverse product set, and those products fit together. So part of SONA is to show how all of our products that we bring to market fit together into an overall network. And rather than the network as just the transport, it's the network as a platform.

With that you can understand how unified communications fits with mobility, data center, networking, and security. How does all this fit on top of your network infrastructure and work together? One piece of this is to show how the entirety of what we’re doing in terms of our products fits together as a single, integrated platform.

In addition, what SONA is about is for us to show how these are not only just products with features and functions, but that they provide specific services in the network -- identity services, VPN services, presence services from mobility -- so that the applications people can begin to understand it. If they're going to use a presence service within the SONA architecture, when the networking people provide those mobility services, and there is a presence service in there, they can take advantage of that presence service for their application.

SONA is about how the entire Cisco product line fits together. It’s also about how those products then provide services and how those services fit with the application. Finally, it really lays out the vision for how we’re taking our portfolio going forward and how these things are going to continue to evolve, how they’re going to continue to work together. As an architecture, we show how we can create an infrastructure that can improve your overall SOA investment.

As you invest in SOA, the infrastructure through SONA is there to allow you to scale. How are you going to do bandwidth and manage bandwidth and quality of service? How are you going to provide a converged network? How are security and mobility going to fit in? Which standards and protocols are going to be used? How do you get the ability to virtualize your storage and your compute environments and other devices? SONA really is an architecture, and it’s a way for the customer to see how the network plays in their overall service-oriented architecture and what services we believe really belong in the network going forward.

Help me understand, if I put myself in the role of the developer. Traditionally as a developer I probably haven’t been too concerned with the network and I probably feel that’s up to the operations people to deal with. I’m focused on the logic, on the presentation, on the access and integration. But it sounds to me as a developer that I may have a palette of different objects and services to choose from as I’m crafting my application. And increasingly I’m going to have more on that palette in the form of network services.

Is that the way I should be thinking as a developer -- that I should be looking toward network services as part of my typical library of resources when I’m putting together an application? Or is there some other intercept where these network services as you described them will come into play with applications?

Ruh: We don’t want developers to look and say, "Oh, I’m programming the network." Obviously that’s not the intent here. In fact, to them, these services should just exist and be available to them as part of their overall palette, as you described.

The issue that we’re trying to educate people on is that some of these services do belong in the network. From a developer’s perspective today they may think about identity services or mobility services. They need to be aware that decisions need to be made about it. Maybe this ought to be in the network, and they need to work with networking folks and architecture folks. If we need these as common services, hopefully they’ll also say, "Yeah, we know that they should be in the network."

And this has happened before. VPN used to be in application code -- and it has migrated down to the network. Multi-cast is another great example: Programmers used to build multi-cast and now they know it’s in the network, and they expect it to be there. Firewalls used to be at the application layer. It's the same with quality of service, replication, back-up, and encryption -- all these things. We’re really continuing down the path of educating developers that these services belong in the network.

From a programmer’s standpoint, it either just happens, which is the best case, or they can configure it as a service. The way we’re moving is to open up and provide some of our functionality to services that a system’s architect or an application person can take advantage of as they build out their applications.

Perhaps I had it a little bit backward. Instead of my seeing more items on my palette, perhaps I should expect to see fewer, as components that have perhaps traditionally been part of an application or middleware layer, migrate to the network layer. Then, I really don’t have to worry about them, and so perhaps the reuse and integration of these services into a platform reduces my options as a developer. Do you think that’s right?

Ruh: I think it's absolutely right, and I think you’ve got the point there, which is: Should every application implement virus detection and virus management? No. Should it be implemented for them? Yes. Should there be some ability for the applications to control other set policies? Those are things that should happen, but the fact is that there are a lot of things that are infrastructure that should just happen, where programmers don’t have to worry about them as they do today.

In wrapping up, why don’t we try to get into some more of the reality side of this in terms of implementation? If I’m a CIO, or if I’m a developer, or architect beginning to see the logic of bringing services from middleware and from a siloed basis onto a more ubiquitous platform for reuse, how do I get started, where do I put the pencil on the paper first to start in this direction?

What we’ve been doing in working with customers down this path is, and -- as strange as this is going to sound -- it really does start with a strategy and roadmap. The IT organization really needs to make sure that they have their strategy for their IT environment laid out, as well as the kind of roadmap they have to get there. That's what allows the dialogue to take place at the next level.

What you don’t want to do is to say, "Okay, I need services. Let me go buy services, put them in;" to do the Field of Dreams thing ... and they will come. In the past, as we’ve learned from object oriented, building common services, and having the Field of Dreams approach doesn’t work.

What does work is if you’ve got your strategy and your roadmap for your IT organization, such as where your investments are going to be made, what applications you’re going to be building. The best strategy is to come in and say, "Okay what is the best approach -- architectural approach -- to get there?" Now you can begin to integrate with the architectural group to say, "We know that we want to start to put in place certain B-to-B capabilities or certain other applications."

Maybe the best place to start is with identity services within the network or maybe the best place to start is with mobility services in the network. Or maybe really, I want to improve the data center. If I take a retail operation, if my strategy and roadmap is really that, I’m going to invest in the store operations in the stores. I may really focus on identity management and wireless services in the network. Maybe I’m going to move to wireless POS (point of sales).

Maybe I’m going to do e-learning. Maybe I’m just going to just change the nature of the store. If I've already invested in the stores, what I really want to do is I want to save money in my back-ends and I want to improve my data center operations. Then, it may be that putting in storage networking services, putting in a compute services in the network to virtualized storage and servers, maybe those are much better approaches.

The fact is you want to tie bringing in new services to the investments you plan to make that will be tied to the business problems that are out there. Then, very naturally, over the course of three years, as you execute that strategy and roadmap, you end up with these services being built in and being paid for as a part of that natural investment. Where we have been coming in, interestingly enough, is we are now getting involved with those strategies and roadmaps by doing a lot of workshops and planning with them, and then bringing in what SONA can provide in tying down to a real ROI analysis. Then, you get into the architecture and the technology and how it fits in. And, the part everybody really loves-- you finally get down to buying specific products that implement that capability.

So I guess two takeaways from that would be: The good news is that I can do this incrementally; that I don’t have to build it all and then throw a switch one day. It can start on a crawl-walk-run basis. But, in order to make that plausible, there also has to be a top-down mandate for these cultural silos. And all of these different parts need to act in some concert toward an iterative build-out and adoption. There has to be some word from on high that this is our strategy, this is the roadmap, and this is what we’re going to do. Does that sound about right?

Ruh: That sounds about right, and it’s getting people to realize that this can be done incrementally. It makes the most sense to have the discussion around a business problem that you’re going to invest in anyway. And then very naturally the network folks, the app folks, and the architecture folks are sitting around the table and having the right discussions -- which is: which services really belong in the network, which services are going to give us the biggest bang for the buck, and which services quite naturally belong in the other parts of the IT infrastructure? So, it really starts the dialogue down the right path.

Gardner: Well, thanks very much. We’ve been discussing mega-trends and convergence, network services, application services, and SOA. Joining us has been Bill Ruh, the vice president of Advanced Services at Cisco Systems. This is Dana Gardner, principal analyst at Interarbor Solutions for BriefingsDirect. Thanks for joining us.

Ruh: Thanks a lot.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect podcast on network services and SOA convergence. Copyright Interarbor Solutions, LLC, 2005-2006. All rights reserved.