Edited transcript of BlueNote Networks webinar recorded March 1, 2007.
Listen to a podcast of the webinar here. Sponsor: BlueNote Networks, Inc.
Welcome to a special BriefingsDirect presentation, a podcast created from a recent webinar on the benefits of integrating communications, PBXs, Web applications and back-end applications using web services and SOA. Listen to the story of how BlueNote Networks and the Seaport Hotel in Boston uniquely integrated services and voice-over-IP (VOIP) to create a touch-screen-enabled, in-room portal capability. This communications, customer-service, and information-access approach for guests may well define the next generation of hotel-based business services, while also helping hotels to better monetize their many offerings.
And now, let's listen to this example of a mash-up between SOA, IP communications, external web services, and a compelling user interface. ...
Etta McCarthy: Good morning and welcome to BlueNote’s Technical Webinar Series. Today’s webinar is entitled "Embedding Voice Into Portals Using Web Services,” featuring the Seaport Hotel case study. Our presenters today are Sally Bament, vice president of marketing for BlueNote Networks. And joining her is John Burke, vice president of technology for the Seaport Hotel, located here in Boston, Mass. John will share his experiences with us regarding his BlueNote Networks SessionSuite implementation. With that, I will turn the program over to Sally Bament.
Sally Bament: Good morning, everyone. As Etta said, my name is Sally Bament, and I work for BlueNote Networks. I just want to do a quick recap of today’s agenda, and then we’ll move immediately into the specifics of the webinar. For today’s agenda, we’re going to talk a little bit about portals and portal technology in general, and some of the challenges that current solutions present in terms of voice-enabling portals. Then, we’ll talk about and review a specific technology available from BlueNote that combines applications and IP telephony through Web services.
Then, as Etta explained, we’ll talk in depth about a specific customer case study, the Seaport Hotel. John Burke, who spearheaded and led a lot of the innovation that was rolled out at the Seaport Hotel, will go into detail about his challenges and the "Seaportal" application.
We’ll open up to Q&A at the end. You can ask questions throughout the webinar. They will get posted to us, and we’ll address those questions at the end, time permitting. If we don’t get to all the questions, we have everyone’s email address and we’ll be happy to follow-up directly.
With that, let us move on to the webinar. Portals are basically websites. They’re typically personalized, and they provide access to information from a variety of different sources. Portals are often built as distributed applications, with that informational content coming from a number of different applications, and they’re usually built with a captive or target audience in mind. So, there’s a one-to-many relationship between the audience or the registrar or user of the portal, and the information and the sources of content that they’re trying to access.
Many types of portal applications are available today. They could be corporate employee portals, showing employee services in larger organizations, information kiosks in airports or other travel destinations, and what we’re going to talk about later, hotel information portals. Voice-enabling portal technology actually provides a number of business benefits, as well as value to organizations. There’s an ability to increase customer reach and customer touch, and, if transactions are involved as part of the portal technology, the assumption is a higher close rate. Portals also provide new revenue opportunities through sponsorships, advertising, and cross selling, obviously a competitive advantage.
I want to make one other point on this slide, before we move on to the next, in terms of the difference between voice-enabling portals and voice-enabling websites. Voice-enabled websites have traditionally been referred to in terms of click-to-call or click-to-call-back capability. In these kinds of applications, the audience is a large, anonymous audience, involving a "warm transfer" of a call to a call center. So, unlike portal technology, it’s a many-to-one relationship. Often, during that warm transfer, if the user has a voice-enabled PC that can all happen from the PC itself.
Voice-enabled portals, as I mentioned before, usually operate with a target or small captive audience in mind, and typically involve a one-to-many relationship. Often there is a co-located client device of some kind -- whether that’s in an office, a hotel room, or even a dorm room -- that is usually associated with that portal technology. The solution that we’re going to talk about today from BlueNote Networks, although the focus of today’s webinar is on portals, can be used for both voice-enabling websites, as well as a voice-enabling portal technology.
There are solutions today to embed voice or telephony features into applications, and that typically involves traditional private branch exchanges (PBXs) and computer telephony integration (CTI) interfaces like TAPI and JTAPI, but there are a lot of challenges that organizations face in leveraging that technology. It’s very complex, involving a significant amount of programming by software developers, and an intimate knowledge of the different PBX vendors' implementations.
Because of that, the time to respond and the time to build applications are usually very long. Integration costs are high because of the customization effort involved, and the programming model of CTI interfaces is typically very different from a Web services or Web development programming model. Often, you need specialized telephony expertise to embed telephony or voice in any application, including portal technology. Also, the development effort is typically one-off. So, you’re building an application tied into a PBX as a one-off application. For those of you on the call familiar with Web services and Service Oriented Architectures (SOA), it does not have the same concept of reusability in terms of Web service technology.
Also, if the application is part of a larger broadband Internet project, that involves traditional PBXs that need upgrading, there’s cost associated with that, whether that’s upgrading for internal VOIP communication or being able to leverage the Internet or IP trunk providers to get some economies of scale in terms of voice calling. So, a lot of high cost, a lot of time, and also specific knowledge and expertise are required. There are solutions, or there is a solution out there, that allow organizations to essentially combine Web services and IP telephony to very easily and simply communications enable business applications like portal technology.
We’re going to shift now and talk a little bit about BlueNote and the solution that we provide to enable companies to do that. First, a little bit about BlueNote. Our focus is delivering software solutions that allow organizations to deliver voice, video, and any other interactive communication service as a Web service. It's a very different way of delivering voice in an enterprise, compared to the traditional PBX model.
Our target market is forward-thinking, innovative enterprises like the Seaport Hotel, and our products include a family of software solutions that combine IP telephony with Web services and associated software development toolkits, and an optional client technology in the form of SessionSuite Desktop, which is a Session Initiation Protocol (SIP) user agent.
SessionSuite, as I mentioned before, combines applications and telephony through Web services. It’s a software application; it looks like an IT application, just like any other data center application. It runs on standard data center servers, and it leverages the existing IT infrastructure in terms of corporate directory, authentication, and authorization systems -- so it can be provisioned and managed just like any other IT application. It's very different from a traditional PBX, typically an island with its own propriety provisioning and management system.
It provides a very rich set of enterprise-level features and services. It has everything that you know and love from your traditional PBX in terms of calling features, but in addition, offers advance services like meet-me conferencing, voice mail, auto attendant services, and others. All of these features and services are delivered to users who are registered with SessionSuite. So, unlike the traditional phone-centric model of the PBX, where features and services are delivered to a phone, SessionSuite allows users to access their features and services independent of their location, independent of the network they’re connected to, and independent of the physical client device they’re using.
SessionSuite can be deployed in a green-field account, but it is also fully compatible with existing PBXs, VOIP systems, phones, and networks that may be in place today. In fact, the example that we’re going to talk about, the case study at the Seaport, highlights the compatibility and the value add we provided with their existing PBX system and PBX phones. SessionSuite exposes all these rich enterprise communication services through Web service APIs. Standard XML-based SOAP interfaces allow Web developers to embed interactive communication features into applications like portal technology.
First of all, let's take a generic walk-through of how the technology works. In this example, there is an existing PBX in place. There are existing PBX phones connected to that PBX. There is a portal application running on a Web server. And, I’ve thrown in a user who is also connected through a SIP soft phone on a PC. We can use an example of a university. Maybe this is a student portal and the students can get access to that portal from their dorm room, where there is a dorm room phone.
In this case, the student would register on that portal, and if they want to look at their course schedule, they can show that information on the portal. Maybe they want to talk to their professor, and the professor has an office and a PBX phone in that office. The student can click on an icon to initiate that phone call to the professor through the Web server running the portal application. A simple Web service request is made into SessionSuite. This is an application initiating the phone call between the student and the professor. SessionSuite, through its interface directly to the existing TDM PBX, creates the call. It causes the phone to ring in the student dorm room. When the student picks the phone up, it connects the call into the professor’s office PBX phone, and creates the call again through a simple Web service request from the portal application.
In this same example, the student also may want to talk to a guidance counselor. If the guidance counselor happens to be using a SIP-based soft phone, SessionSuite creates the call directly from the student PBX phone. That IP phone connected directly to SessionSuite, and similarly leveraging the enterprise features available with SessionSuite, can also initiate a conference call between multiple parties, in this case, the student, the professor, and the guidance counselor. All of this happens through a simple Web service request from that portal application.
For another extension of this technology, maybe there is an icon for pizza delivery. A student wants to order pizza. This is obviously a partner relationship and involves a call that’s made outside of the campus over the Internet. Similarly, with a simple Web service request from that portal application to a partner service, in this case a local pizza company. All of this is through Web services initiating calling and creating sessions through SessionSuite.
Let's take a quick walk-through the SessionSuite products that enable the previous application. In the application leveraging the portal technology in the Web services, all of that was enabled using a product called SessionSuite SOA Edition from BlueNote Networks. SessionSuite SOA Edition provides a very rich set of communication services. We’ve talked about the telephony services, everything from traditional calling features to advanced services. It is based on SIP, includes a full SIP server, SIP registrar, proxy and redirect server. As I mentioned before, users are authenticated, authorized, and given access privileges, no matter where they’re physically located, whether within a company, over the Internet, the public voice network, or an IP network.
SessionSuite SOA Edition also provides optional encryption technology. We didn’t highlight that on the application example I just showed, but we provide both media as well as signaling encryption. It also includes intelligent media handling to optimize voice quality, particularly if calls are occurring over links like the Internet. SessionSuite provides a number of capabilities such as compression policy based codec selection and echo cancellation to optimize that quality of voice over that Internet link.
We also embed NAT and firewall traversal tools. So, if users are connected across foreign network boundaries, or across a NAT or firewall boundary, we can support the SIP traffic into SessionSuite without the need to have separate session border controllers. We also provide a direct connection to the PSTN or to a traditional PBX through a TDM gateway feature.
SessionSuite also includes a user portal, so that, for example, the professor could set up such specific user preferences such as call blocking, call forwarding, and other features. And there is a management system so that a system administrator can manage all of the different components of SessionSuite SOA Edition. Most importantly, SOA Edition also exposes, through application programming interfaces, a set of Web services that allow developers to embed some of the capabilities that we’ve talked about into business applications.
The next slide talks about those APIs in a little bit more detail. SessionSuite essentially provides three APIs. The Session Lifecycle API was actually used in the previous example. The Session Lifecycle API essentially allows a developer or an application to establish and terminate a call. It also allows you to forward calls, transfer calls, add parties to calls, and drop parties from calls. It also allows data to be correlated with a session or with the call. This is particularly important for call-center type applications that I referenced earlier, such as voice-enabling a website.
There is also a second API, called the Session Management API, that basically provides all the capabilities that you could get today from a management system. It allows you to provision users and services. It allows you to integrate with alarm systems and provide statistics retrieval.
Third, and very unique, there is something we refer to as a Session Plugin Framework. This allows SessionSuite to actually make a Web service request to another application to affect what SessionSuite does with the call that’s in process. So, for example, the professor may have had a calendaring application that has certain rules and policies built in. If a call is received from a student, while the professor is in a lecture hall, maybe there is a rule that forwards the call to a cell phone or to voicemail. This allows call processing behavior to be affected by SessionSuite making a request to another application.
In addition to the APIs, as I mentioned before, SessionSuite allows for the loose coupling of data to accompany a session or a call. In the case of warm transfer from a website, for example, information about an account or the Web page that that user was on can be transferred with the call or with the session. All of this is abstracted from the detailed knowledge of telephony. So, no specific CTI or even SIP experience is required to develop and embed voice and telephony technology into business applications.
This next slide shows a SIP call flow, the sort of knowledge that you would need to embed a SIP-based call into an application. With SessionSuite and our Web service APIs, through a simple command to create session between user A and user B, a Web developer can initiate a phone call as part of an application, and embed that in a business application.
So, in using SessionSuite and leveraging Web services to embed telephony into business applications, obviously it’s a lot quicker. Leveraging Web service technology shortens project cycles and certainly lowers development risks. You can leverage existing IT developers, so you don’t need an intimate and detailed knowledge of either a vendor specific CTI or even SIP. We allow organizations to actually leverage and modernize their existing PBX infrastructure.
In the example I showed, we essentially Internet-enabled and application-enabled that existing PBX. There was no rip-and-replace of either the phones, the PBX, the underlying network, or any of the cabling that would otherwise be required if you were upgrading a PBX to an IP PBX. It provides a foundation for reusable services, because we delivered communications as a Web service. You can reuse it for multiple applications.
In fact, we showed how we could use it for internal communications, as well as for external communications with a partnered service, the pizza delivery company. We’ve shown also how an organization, a university in this example, can actually derive additional business value from their existing telecom infrastructure by voice-enabling their student portal technology.
With that, I’m now going to hand things over to John Burke, who is going to walk you through the Seaportal.
John Burke: Good morning, everyone. My name is John Burke, and I am the vice president of technology at the Seaport Hotel and World Trade Center here in Boston. Today, I’m going to share with you an exciting new innovation that we’re offering our guests. It's called a Seaportal, and is enhancing the experience of our guest staying with us.
First, let me tell you a little bit about the Seaport Hotel and World Trade Center. We are a single property and not part of a chain. The Seaport is one of the Fidelity Capital Companies, now called Devonshire Investments. We are an AAA, Four Diamond property located on the waterfront in Boston. We are considered a group hotel, serving business travelers that come to Boston for trade shows at the Seaport World Trade Center, and Boston Convention and Exhibition Center.
We have 426 rooms, 57,000 square feet of banquet space, 120,000 square feet of exhibition hall, and an amphitheater that seats over 400 people. We have a unique set of facilities that differentiate us from our competition, and we focus on an extraordinary personalized experience. We are in the business of making our guests feel special. Not only is the Seaport a great place to stay, but our employees voted us the best place to work in 2006.
The Seaport is a leader in pioneering innovative technology programs. We were the first hotel in Boston to offer our guests complimentary Internet access. We were the first to offer our guests complimentary wireless access, when that became a viable solution. We are a green hotel, and we have implemented a successful conservation and recycling program. We’ve saved over 360,000 gallons of water in a year, which equates to about 142,000 less pounds of laundry.
The Seaportal is the next step of innovation. In the hotel room there are actually three devices with which you can communicate with guests: the telephone, the computer, and the entertainment system and television. We envision all three of these technologies merging in the future. This is not going to happen overnight, and it depends in large part on the comfort level the guests will have with this technology. I can’t envision my parents using this device to watch TV, make phone calls or order room service, but I know my kids will.
The Seaportal is the first generation of this technology convergence, where we merged the phone and the computer into a single device. These are some of the requirements we gathered through focus groups with our guests. We had to limit what we built in the first version, so that we could hit the target date. However, the beauty of Web technology allows us to add functionality very easily in the future.
I wanted to give you a sense of the timeline for this project. It represents a cross-functional team effort from hotel staff, IT, telecom, and without their help and commitment, this would not have been possible. The concept for the Seaportal came out of FCAT or Fidelity Center for Advanced Technology. They were chartered with providing the next innovation technology to position us ahead of our competition. The strategic funding we received for this project was provided in May. FCAT provided a wire-frame prototype, shown here on the right, which is what I affectionately call "where the rubber meets the sky."
We held focus groups with our customers and people who stay with us on a routine basis and presented the FCAT prototype. Out of those meetings, we put together a list of requirements in August, 2006. In September, we developed the website, which is what I call, "where the rubber meets the road," and I’ll show you in detail later in the presentation.
After that, our developers went to work to get to a beta release at the end of November, but it did not include the VOIP-calling capability, which I’ll discuss in more detail on the next slide. We went into system test on Dec. 1 with the VOIP capability. So, the time it took to actually implement VOIP using the BlueNote SessionSuite was less than 30 days. We deployed the first 10 of 100 thin-client devices at the end of December. The feedback that we’ve received from our guests has been outstanding. They love it.
There was one mandatory requirement for the Seaportal, and that was it had to have VOIP. The reason for this is that we were looking for a lower-cost alternative to our legacy PBX. What used to be a profit center, for us is now considered a cost center. This is due to the ubiquitous use of cell phones. A number of hotels claim that they have VOIP technology deployed, and in one sense that’s true. However, in most cases they have installed IP phones and an IP phone switch, and the VOIP calls are going across their internal LAN, not over the Internet. The VOIP capability that we’ve built into the Seaportal routes calls over the Internet using a SIP parent provider.
I want to spend a few minutes and talk about the selection process and how we got to where we are with BlueNote. We began discussion with our legacy PBX vendor, Nortel, in August about the project. We spent about two months with them trying to explain to them the requirements. They came back to us with the solution that we determined was both cost-prohibitive, and couldn't meet the timeline commitment, which was Dec. 31. We looked at a couple of alternatives. We considered Skype, but we quickly ruled that out because of the proprietary protocol and also the flimsy handsets that we would have to use along with the VOIP calling. We looked at Asterisk. It’s a great solution, but we didn’t have the skill set in-house to manage and support this open-source software.
We selected BlueNote, because they had a supportable open-system platform that allowed us to plug their solution into our SOA framework, leveraging Web services. They were able to install and configure our solution to work in conjunction with our PBX in less than 30 days. The nice part about it is that they support it the same way that we used to get support from our legacy PBX vendor. We get to experience the lower-cost alternatives without ripping and replacing our existing legacy PBX. This will allow us to develop a comfort level over time with the solution, so that it will be a viable replacement alternative for higher-cost PBX in the future.
I would like to give you an overview of the Seaportal, an in-room Web portal that is accessed through a thin client PC running Windows XP Embedded. The thin clients refer to computers that don’t have a hard drive and are used mostly to gain Web access. Typically, they can run Unix, Windows CE, and Windows XP Embedded. These devices are not susceptible to viruses and can be easily returned to a known good state by rebooting them.
When a guest checks out, the cache is erased, and the device is rebooted, awaiting the next guest. There are no traces left behind of where the guest may have surfed to, or any information they have left on the device. It is a thin-client with a touch-screen display, and it provides information about the Seaport and the Seaport district. We are offering our guests complimentary Web access. We also offer complimentary long distance and local calling within the continental United States with the Seaportal.
This is the homepage for the Seaportal and what the guests see when they first get into a room. The homepage is divided into sections. As I mentioned, it’s a touch-screen display and the links on the page have specifically been designed for the touch of a finger. The current weather is displayed on most of the screens and the screen is personalized and welcomes the guest by name, which is a further integration with our property management system using the same SOA XML infrastructure.
Across the bottom of the screen are some quick dial buttons for most of the popular services in the hotel. Across the top we list the main functions of the Seaportal. We have context-sensitive help, so depending on the page that you’re on you’ll get specific information about that page. The phone function is where we provide the complementary VOIP calls. There is Web access for the Internet. We have a "preferences" section where some unique functions, such as the parental controls can be set. And I’ll go into that in just a minute. Then, a short seven-question feedback survey in which we ask our guests to tell us what they liked and disliked about the Seaportal.
This is the preferences screen. We display more information about the guests and the reservation. It tells what room the guest is in. Guests can set their home destination or next destination city and state, and that weather will be displayed to the guests when they enter the "My Weather" function, on the News and Weather tab. There is a built-in messaging function on the Seaportal that allows our guests to send and receive email messages while staying at the hotel. Guests can also have these messages forward to an email or a BlackBerry by providing an email address here.
We’ve built in some parental controls for the guests if they’re traveling with children and don’t want them to have unrestricted access to the Internet or phone. By protecting the Seaportal with the password, the phone messages and the Web options are grayed out. We do offer kid-safe sites through the Seaportal such as Nick Jr., Disney and Yahooligans!, under our Family and Kids sections, that will be available to the kids even though it’s child locked.
Now, I’m going to show you the phone capability. As I mentioned earlier, we’re offering complimentary phone calls initiated from the Seaportal to anywhere in the continental United States and Canada. The dial pad is a familiar interface. Simply enter the number you wish to dial and press "Dial." The phone in the room will ring. When the guest picks it up, they’ll get a short message saying that this is a complimentary call, and the call will be completed across the Internet. As I mentioned before, we have speed dial icons located at the bottom of the screen that let you reach some of the more popular or common hotel services.
On the speed-dial screen, there is no need for a keypad, as the numbers are pre-populated. When the guest clicks the dial button, the same sequence discussed in earlier slides, is followed. If the parental controls are enabled, the dial pad is not accessible. However, the speed dial numbers are still available to the child within the room.
We have digitized our compendium documentation and we have provided a services directory under Guest Services on the Seaportal. These are also click-to-dial enabled, and when the guest slicks on those, the numbers will also be speed dialed. Guests can compose, send, and reply to email messages within the hotel or on the Internet. They can use the preferences tab to have those emails forwarded to them to a particular email address. If someone responds to a message sent to a guest that has checked out, they will receive a message stating that the guest is no longer staying at the hotel. When the guest receives a response, a message waiting icon will appear on the function bar at the top of the screen, next to the home button. When the guest checks out, all the messages are erased.
We also offer instant messaging along with that, which gives access to all of the most popular services under Meebo. Guest can use tabs to navigate through the Seaportal without returning to the homepage. Behind the Seaportal, is a content management system, this allows us to leverage or share information between our Seaportal and our external Seaport Boston site. When we edit content on any of these pages that are shared, we only have to edit it in one place. The content can be displayed in different formats using cascading style sheets.
You can also obtain information on health and fitness, airport, and transportation. The Family and Kids section has the links to the more popular sites that kids like. News and weather, where, if you’ve entered your home zip code and state or your next destination, you can get the weather for that location under "My Weather." Then, we have in-room dining or dining, and you can look at what we offer for in-room dining, takeout, or restaurants in the area. The left navigation links gets to popular topics of interest.
When we bring up an external website, we bring it into the Seaportal framework, giving the guest the appearance that they have never left the site. We also use RSS feeds where available, so that we can limit pop-up ads to the guests. Or, guests can launch the Web tab to open an Internet browser with unlimited Web surfing.
When you launch the Web browser, a full browser is launched and we display a disclaimer message that we do not filter any of the access to the Internet. So, it’s a warning message that you may surf to sites that you might find offensive or otherwise not go to, and it provides unrestricted access to guests to surf the Web. They can access their email through the Web. We offer the most popular viewers for reading Microsoft Office attachments and Adobe PDFs. The Internet access is complimentary to the guest. We also offer complimentary printing from the Seaportal using "print me," which allows our guests to print securely to the printer in our business center using a PIN. Guests find this useful for printing boarding passes prior to departure.
On the front of the Seaportal there are two USBs slots that the guest can use to save attachments to a memory stick. BlueNote has also provided us with the browser helper object, which is at the top of the screen. There is a little phone button, where if there is a phone number on a Web page, that can be highlighted. Simply click the browser helper object, which looks like a phone at the top of the browser, and it will dial the number. It also will translate any mnemonics that the guest entered or were on the Web page, such as 1-800-Bestbuy, and it will dial the appropriate number.
So, in summary, for guests there are many benefits: traveling without lugging the laptop or computer and avoiding the hassle of airport security, and that is a distinct advantage in this day of restricted airline travel; accessing the Internet for business or pleasure; making phone calls anywhere in the U.S. and Canada for free; discovering Boston-area information; learning about the hotel services, places to go and things to do while staying at the Seaport; making restaurant reservations online; sending and receiving Internet email, and printing documents or boarding passes in our business center.
I would like to invite you to stay with the Seaport, Boston’s most accommodating host and experience the Seaportal for yourself. Thank you for your time, and I’ll pass it back to Sally.
Bament: Thank you, John. Just to wrap up, obviously we have a live example of an organization that has benefited from what BlueNote provides with the SessionSuite software technology. Seaport demonstrated how easy it was to voice-enable a portal application, and for their particular case, to extend customer reach, their guest experience, and guest loyalty program. They did leverage Web developers; there was no specific telephony development expertise that was needed as part of embedding the voice-calling capabilities into the portal. John highlighted how quickly this was turned around, in terms of from the time of engagement to deploying the first portals in the hotel rooms.
Very importantly, we allowed John to modernize his existing PBX infrastructure, without forcing him to rip out and replace the PBX that he’d been using for a while, but also to modernize it both in terms of making calls Internet accessible, as well as modernize it in terms of the portal application tie-in. We allowed him to build an opportunity and a foundation to look at new ways of leveraging voice and video and such other interactive communications services as Web services as part of his SOA. Most importantly, it showed how SessionSuite can allow organizations such as hotels, universities, other organizations can derive some business-value from their existing telecom infrastructure.
Before we get into questions and answers, I just want to point out areas where you can get additional information. We focused today’s webinar on the specific portal application, but there are many other applications that will obviously benefit from embedding telephony directly into those applications. We have a BlueNote developer portal or developer site, where you can actually get access to all of the information in detail behind our APIs, including developer documentation, WSDLs, XSD schemas and other information. To request a copy of these slides, you can email emccarthy@bluenotenetworks.com, but also we will be posting a recorded version of this webinar on our website in the next day or so.
With that, I am going to open up to questions and answers. We have several questions already.
Question: Do I need special phones to deploy this solution?
Bament: We showed with the generic example and also the Seaportal that you can deploy a solution and still leverage your existing PBX as well as TDM phones. However, SessionSuite also can be deployed in a green-field opportunity, and SessionSuite is fully compatible with a huge list of SIP-based hard phones as well SIP-based soft phones. You can actually get a list of the SIP user agents that we’re compatible with by contacting us at info@bluenotenetworks.com. We have our own SIP client, called SessionSuite Desktop, which we didn’t cover in the webinar today, but information regarding that product is available on our website.
Question: Will the slide deck be available after the seminar?
Bament: Yes. Again, you can contact Etta, emccarthy@bluenotenetworks.com. If that’s too much to remember, because I know I have switched the screen show at this point in time, feel free to just email at info@bluenotenetworks.com, and we’ll also have it posted on the website.
Question: Is the session plug-in implemented using SIP servlets?
Bament: No, SIP servlets actually require a fairly significant knowledge of the SIP protocol. What we’ve done, and have been careful to do, is build a high level of abstraction for telephony integration that allows mid-core processing using SOAP-based Web services. We built our APIs this way, so that business application developers and domain experts can easily add telephony and communications to their applications, without any level of SIP knowledge or telephony knowledge.
Question: When I place a call through the Seaportal, do I use a headset?
Burke: No. What we wanted to leverage with the Seaportal is the existing digital handset that was in the room. We felt that adding a headset or an additional handset would confuse our guests. The headset, in particular, we felt that it was not the cleanest way to do it -- to reuse those types of devices. So, we decided to leverage the existing phone infrastructure, rather than supplying a headset or an additional handset.
Question: What Web services standards do you support?
Bament: There is a lot of information on the website, particularly development of portal in terms of the details, but basically we support XML, XML schema, SOAP and WSDL standards.
Question: What do I get with the software development tool kit?
Bament: You actually get developer documentation, WSDLs, XML schemas, sample code, and also a capacity-limited version of SessionSuite SOA Edition. So, that allows you to test applications prior to deploying and rolling out.
Question: How do you control quality of service for VOIP over the Internet?
Bament: Great question. We talked a little bit about some of the capabilities that are fundamental to SessionSuite communication services in terms of intelligent media handling. We have a number of capabilities in terms of policy based codec selection, voice compression, adaptive jitter buffer, echo cancellation and a couple of other capabilities that allow you to really optimize the voice quality over any link, but particularly the Internet.
Burke: In our particular case, we certainly understood that this is something that people have come to expect from the public switched telephone network, and that was a major concern and consideration of ours. That is another reason why we decided to offer this as a complimentary service, because you can’t guarantee the quality of service over the Internet. There are a lot of things that can happen and, if people are familiar with some of the other consumer based VOIP providers like Vonage, sometimes your quality can vary.
Question: How do you secure the voice, what standards do you support?
Bament: I mentioned we support both media and signaling encryption optionally for voice calls. We support SRTP for media encryption and TLS for signaling encryption, and these can be configured as required to address sort of eavesdropping, identity theft and other security concerns and issues.
Question: How is what you’re doing at the Seaport hotel any different than using a standard soft phone client?
Burke: The difference is that we don’t have to install a soft phone on the actual thin client. It’s all done through Web services. You don’t have the complexity of installing that software, upgrading that software, monitoring that software. It simply uses Web services to pass the room number, the guest name, and the number they want to dial to the BlueNote server through Web service. So it’s a much simpler type of environment and this definitely keeps your cost down in terms of desktop support and administration.
Question: How do you handle media services such as call recording and IVR?
Bament: These capabilities are actually integrated into SessionSuite. This is another difference compared to traditional PBX vendor, where typically these are licensed separately. SessionSuite embeds in it call-recording capability. We also have, as I mentioned before, auto attendant, meet-me conference bridging, an IVR support, and also voicemail. A full list of the features and advance services that we support in SessionSuite is available on our website. We’d be happy to answer any questions directly in terms of the detail, but all of those media services are actually integral and part of the SessionSuite SOA Edition software, with no additional licensing or additional products required.
Question: Do you support video?
Bament: Good question. I think I might have mentioned through the presentation about both voice as well as video. We support point-to-point video connections, so there are a number of SIP-compliant video clients that we have tested and interoperated with. Whether it’s voice or video, we don’t care. It’s more the compatibility with the end clients that we’ve tested against.
Question: Where can I see a demo?
Bament: We can provide a demo of SessionSuite either at your location or at our facility. We’re going to be offering the ability shortly to show a demo over an Internet connection that you can access through our website. That’s not available today, but something that we’re working on, and it should be available shortly. In the meantime, we can certainly provide demos at your location or here at BlueNote Networks in Tewksbury, Mass.
Question: Scale ... How does SessionSuite scale?
Bament: What didn’t necessarily come across in the webinar today is that we run SessionSuite on standard data center servers, Linux-based servers. You can run SessionSuite on a single server or distributed servers throughout the network. So, you can deploy servers based on geography, performance, or functionality needs. We actually can scale to well over 300,000 registered user agents. Our products, through deploying multiple servers, can address the needs of very large enterprises. On the other end of the spectrum, we can also run SessionSuite on a single low-end Dell 1950 server, and can support over 1,000 users in that configuration. So, we can scale quite nicely between smaller configurations with fewer servers to very large enterprise deployments that might be geographically distributed.
Question: How do I get a high-level idea of cost?
Bament: We’d be happy to engage in that conversation. Feel free to contact us at info@bluenotenetworks.com. But just to give you an idea in terms of cost we license our software. Depending on the application that could be a server license as well as a user license metric, and we can provide the servers, or you can get them. If you have relationships with some of the hardware server providers, you can get them directly from the vendor. Today, we resell Dell, IBM, and HP servers.
Burke: They’re just standard off-the-shelf, Intel-based servers. We purchased a couple of them, because we wanted redundancy, and shipped them to BlueNote. They configured them for us and delivered them back. The reason we did that is because we have a higher volume discount than they do. But you can go either way.
Bament: I think that’s all that we have time for. If there are other questions that come in, we will respond directly on email. We have everybody’s email contact information. I do want to thank you for your time today, for participating on this webinar. We’re always interested in your feedback in terms of how useful this has been and whether we addressed information that you were expecting on this webinar. So, feel free to provide input directly to us. Again, I appreciate your time and look forward to the next webinar from BlueNote Networks. Thank you.
You've been listening to a sponsored BriefingsDirect podcast, the extension of a recent webinar with BlueNote Networks. Thanks for listening.
Listen to the podcast here. Sponsor: BlueNote Networks, Inc.
Transcript of BriefingsDirect podcast. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.
Tuesday, March 13, 2007
Monday, March 05, 2007
BriefingsDirect SOA Insights Analysts on SOA Suites Vs. Best-of-Breed SOA, and Master Data Management
Edited transcript of weekly BriefingsDirect[TM] SOA Insights Edition, recorded Jan. 26, 2007.
Listen to the podcast here. If you'd like to learn more about BriefingsDirect B2B informational podcasts, or to become a sponsor of this or other B2B podcasts, contact Dana Gardner at 603-528-2435.
Gardner: Hello, and welcome to the latest BriefingsDirect, SOA Insights Edition, Volume 10. This is a weekly discussion and dissection of Service-Oriented Architecture (SOA)-related news and events with a panel of industry analysts and guests. I’m your host and moderator Dana Gardner, principal analyst at Interarbor Solutions, ZDNet software strategies blogger, and Redmond Developer News magazine SOA columnist.
Our panel this week consists of show regular Steve Garone. Steve is a former IDC Group vice president, founder of the AlignIT Group, and an independent industry analyst. Welcome again, Steve.
Steve Garone: Hi, Dana, great to be back.
Gardner: Also joining us again Joe McKendrick, research consultant, columnist at Database Trends, and a blogger at ZDNet and ebizQ. Thanks for coming, Joe.
Joe McKendrick: Thanks, Dana, glad to be here.
Gardner: Also Tony Baer is making another appearance. He is principal at onStrategies. Thank for coming, Tony.
Tony Baer: Hey, Dana, good to be here.
Gardner: We’re also talking with Neil Macehiter. He is a research director at Macehiter Ward-Dutton in the U.K. Thanks for coming, Neil.
Neil Macehiter: No problem, Dana.
Gardner: And last on our list -- we have a large group today -- Jim Kobielus. Jim is a principal analyst at Current Analysis. Thanks for coming along, Jim.
Jim Kobielus: Thanks a lot, Dana. Hi, everybody.
Gardner: For our first topic this week -- and this is the week of Jan. 22, 2007 -- we’ll begin with the notion of SOA suites, a merging and definable market segment. We’re going to be looking at how mature such suites are. I suppose we should also look at the distinction between the best-of-breed-approach, where one could pick and choose various components within their SOA arsenal, or a more complete suite, a holistic full-feature set with the benefits, trade-offs, and detriments of each of these approaches.
Jim, you’re the one who was interested in this topic. Why don't you give us a little set-up as to what you think the state of the market is?
Kobielus: Thanks a lot. Over time, we’ve all been seeing this notion of a SOA suite take root in the industry’s productization of their various features, functions, and applications. Now, the big guys -- SAP, Oracle, Microsoft, webMethods, for that matter lots of software vendors -- are saying, “Hey, we provide a bigger, 'badder' SOA suite than the next guy.” That raises an alarm bell in my mind, or it’s an anomaly or oxymoron, because when you think of SOA, you think of loose coupling and virtualization of application functionality across a heterogeneous environment. Isn’t this notion of a SOA suite from a single vendor getting us back into the monolithic days of yore?
This thought came to me when I was reading a Wall Street Journal article earlier in the week about SAP, “SAP Trails Nimble Start-Ups As Software Market Matures.” There was one paragraph in there that just jumped out at me. They said, “Some argue that SAP's slump highlights a broader shift under way in business software, in which startup companies wield an advantage over established titans. Under this traditional business model companies buy large, costly packages of software from SAP and Oracle to help them run their back-office functions and so forth, but as the business software industry matures, many companies already have the big software pieces they need, and feel little urgency to replace them.”
So, clearly SAP is then sort of a driver in the SOA suite arena for few years with NetWeaver. Is the notion of SOA suite an oxymoron? Are there are best-of-breed-suites? There are also best-of-breed SOA components, and I’m not sure that the notion of a suite, an integrated suite is really what companies are looking for from SOA. They want best-of-breed components with the assurance, of course, that those components are implementing the full range of SOA standards for heterogeneous interoperability. So, I’m taking issue with this notion of a "best-of-breed" suite. Anybody else have any thoughts on that?
Macehiter: I’ll give you a couple of perspectives on this. We have to recognize that organizations increasingly are looking to rationalize their supply strategy. So, they’re increasingly looking to deal with a smaller number of vendors and suppliers, which is, in part, driving the move toward larger vendors attempting to offer a suite or portfolio of product capabilities that can help organizations manage the lifecycle of an SOA initiative.
That’s one factor that’s driving it. The second issue is the use of the term "suite," and what that really entails, versus what the market is currently delivering. Companies are putting together a bunch of products under a common brand, whether it’s Oracle Fusion, SAP NetWeaver, or under the IBM WebSphere brand. That's one thing. Actually making sure the products are well integrated and that they have a common management environment, common configuration environment, and common policy definition environment is the second thing. That’s one element of it.
The second issue is what actually constitutes a suite to support service-oriented initiatives. There is a tendency, certainly among the larger vendors, to focus on SOA from a development and integration proposition, rather than thinking more broadly about the capabilities you need to support service-oriented initiatives throughout the lifecycle. That extends beyond development and integration into things like security and identity, which have to be incorporated into an overall SOA offering.
Management and monitoring, usage management, audit logging are in the broad range of capabilities that you need. There’s a question as to whether it’s feasible for one vendor to offer all of those capabilities that you need to support an SOA initiative versus a set of core capabilities. Then the hooks in the interoperability allow you to exploit existing security and management infrastructure. There are a number of factors that we need to consider, and a lot of the SOA suite propositions are very much focused around development and integration, rather than management and monitoring, and really dealing with the lifecycle of services.
Gardner: I guess that explains and is consistent with the past. If you can have a cohesive approach to the development side, then the deployment tends to follow, and that’s where you monetize. Steve Garone, what do you think of this breakdown between best-of-breed and a suite?
Garone: All of us on this podcast today know that the debate over best-of-breed versus integrated-stack approach has been going for many years in a variety of scenarios and contexts, and it hasn’t stopped. I don’t really like the word "suite." It reeks more of marketing than functionality. I think what you really have to look at in terms of SOA is how people are actually approaching getting into building SOA-based environments.
What we’ve seen so far -- and we’ve talked about this on other podcasts -- is that up to this point people have tended to do pilot projects that are much lower in scale than what they will eventually do if they have success with the immediate projects. One tends to think that what they’re going to do at that point is pick and choose the individual products and functions that they need to make that happen in the short term.
I think that’s what we’re seeing, but I also sense that, despite the fact that everybody wants an open environment where they can pick and choose and not be tied to one vendor, what overrides all this is a desire to get things done quickly, efficiently. They want a way in which they don’t have to be concerned about integrating a lot of products and what that entails, and having potentially an unreliable environment. What that points to is working toward one vendor. End users will do that even in the short term by choosing someone that they know they can grow with in the future.
Gardner: Pragmatically, these vendors are also looking at their future and they’re saying, “We have an installed base. We have certain shops where we’re predominant. We want to be able to give them a clear path as to how to attain SOA values from their investment in our legacy. Therefore, we need to follow through with add-ons that smack of a integrated-stack approach.” So, it is almost incumbent on vendors to try to produce this "whole greater than the sum of the parts" -- if not to build out more SOA business, then just to hold on to their previous business.
Garone: That up brings up another interesting point, which is vendors, especially the platform vendors. The larger vendors, like IBM, Sun, and so on, tend to try to walk the line between being able to offer a fully integrated stack of software to accomplish whatever the goal it is -- in this case SOA implementations -- and also being what might be called “integratable.” This means you can bring in another product, because we adhere to standards, we’ll be able to help you do that.
They try to walk that line; where that really makes a difference is not so much what you are going to do in the future, but rather what you have done in the past. If you've got an existing registry that you used for identity management with your current applications, if you have existing app servers -- which is probably more common -- whomever you choose is going to have to be able to allow you to continue to work with those as part of a legacy environment. It sounds funny calling application servers legacy, but at this point you can do that, and that’s really where the "integratability" aspects of a fully integrated stack come into play.
Gardner: So how about you, Joe McKendrick? Do you see that the drive for simplicity and working from your installed base creates a compelling case for an integrated SOA approach? Or is the trade-off such that this is really not going to happen anymore? Is that the old way -- and is SOA fundamentally different, and therefore one should look for a different strategy?
McKendrick: Perhaps a little of both, Dana. Basically the industry still operates under the traditional mode where a lot of enterprises rely on one vendor -- we'll call it a master vendor -- that supplies most of its solutions. We see that in the IBM and in the Oracle markets. I agree with Jim that the notion of a SOA suite is very much an oxymoron. The idea of a SOA is to have "hot-swappable" software components that you could install and take out as needed in a loosely coupled architecture.
Dana, you hit upon the point that the vendors themselves have to demonstrate that they have some type of path to their installed base. They need some type of path to show that, "Yes, we are on top of the technology." In fact, if you speak with vendors out there about this strategy, even if the products or the path that they're offering are something customers aren’t adopting at the moment, it’s something they want to see with the vendor. If Oracle, hypothetically, wasn’t talking about SOA at all, there would be a lot of consternation, a lot of concern, among their installed base as to where the vendor is going.
Gardner: SAP would walk in, and their sales people would beat them up in these accounts, right?
McKendrick: Exactly. Now, Oracle is an interesting case. When I think of suites, I think Oracle demonstrates the best tendency in this area. In fact, they called their offering "The SOA Suite," and they include a number of components. I have spoken with some companies that have Oracle installations. Now, it should be noted that typically the customers for these suites are the installed base. The people who will be buying into the components of the Oracle SOA suite are companies that either have the Oracle applications, the E-Business suite or the Oracle database underneath. And, in most cases, they are buying into components of the suite.
I've heard a lot of positive things said about the BPEL Process Manager, for example. And, they are buying into pieces of the solutions, and as Steve pointed out -- it’s still in the pilot-project stage. We’re not seeing widespread enterprise implementations, but they are beginning to buy into pieces of these solutions such as the BPEL Process Manager.
Gardner: Hey, Tony Baer, how about you? Do you think that we are mature enough in SOA that we should be looking for homogeneity when it comes to tools and even deployment side? Or, is heterogeneity the issue that we are trying to manage?
Baer: As Steve was saying before, we can’t decompose it down to the age-old argument of best-of-breed versus integrated-stack. There is always going to be a tension between homogeneity and heterogeneity. For the customer, it’s going to be dictated obviously by what is already in place, basically as Joe pointed out. If 60 percent of my functionality, or even say 30 or 40 percent of my functionality, is SAP, I’m likely to listen when SAP tells me about a NetWeaver Solution.
On the other hand, if I’m in a sector that does not lend itself to package solutions, I will more than likely tend to take a best-of-breed approach -- especially if I do a lot of homegrown development, because my business is so unique. There will always be that creative tension there. That being said, the fact is that at the infrastructural level, there is a desire to have consistency. I don’t want to have five security engines. I don’t want to have three different authentications, if possible. Obviously, we’re never going to get that one, centralized identity repository in the sky, but I want to at least have my management framework be as consistent as possible and to manage what will inevitably be, in most large organizations, a federation of different installed bases of different technologies.
The other side of this is that for vendors -- and Oracle is probably the best poster child for this -- the reality in the enterprise software industry has been one of merger, acquisition, and consolidation. This means that vendors who started as organic developers now have four or five different product lines and each has had a separate lineage. The only way to put some rationality there is something like an Oracle Fusion SOA framework. Oracle has to develop this, if only out of the necessity to keep its own product offerings consistent.
Gardner: Now, back to Jim Kobielus’s point about this integrated approach being an oxymoron for SOA. Shouldn’t the vision of SOA allow us to have it both ways? If you have a culture and mindset in an organization, maybe it’s because of your legacy. Maybe it’s because of how you operate and the value you’ve perceived in past IT investments. Thus, you might want to remain with more of a single-vendor or an integrated-stack approach, but there might be other vendors without a legacy to drag along. The enterprise may want to take advantage of any innovation they can to be functionally heterogeneous and to explore and test open-source componentry as that becomes available. Shouldn’t SOA allow both of these approaches -- and pretty much equally?
Macehiter: In principle it should. We have to be careful to distinguish between the infrastructure that you require to enable SOA initiatives and what you’re trying to enable with that service-oriented initiative. Just because you want to have a loosely coupled component that you can combine in multiple ways to deliver business outcomes, doesn’t mean that the infrastructure that underpins that has to be similarly loosely coupled and based on the heterogeneous offerings from different vendors. So, there is a separation there.
We also we have to bear in mind the challenges around going for best-of-breed approach, which are well understood. It’s not so much whether the individual components can actually talk to one another but more about things like the management environment and how you manage the configuration and how do you deal with policy definition?
We’ve done some detailed assessments of service infrastructure offerings from SAP, BEA, IBM, Oracle, Sun, and webMethods. If you actually dig under the covers, you will see that each of the components has its own policy definition approach. So, the way you configure policy within the orchestration engine is inconsistent with the way you do it within the security and identity management capabilities, and that challenge occurs within suites. That’s going to be compounded as you look across different components. That introduces risk into the deployment. It reduces the visibility of the end-to-end deployment. It's those factors that are going to be important, as well as whether a communication and brokerage capability can integrate with the registry and repository. There are a number of factors that you have to bear in mind there.
Kobielus: I agree -- I think that the notion of a best-of-breed SOA suite makes more sense from an enterprise customer’s point of view. Most enterprises want to standardize on a single vendor and a single stack for the SOA plumbing -- the registries and repositories and also the development tools. They want the flexibility to plug in the different application layer components from Oracle and SAP and others, that are SOA-enabled and that can work with that single-core-plumbing-stack from a single vendor.
Gardner: Perhaps the tension here is between what aspects of SOA should be centralized, repeatable, simplified, and consolidated, and which ones should not. It’s not really a matter of SOA homogeneous or SOA heterogeneous. In moving toward SOA, should you say, "Listen, this is going to be common throughout. Let’s reuse this. Let’s manage our policy as centrally as possible.
"We might say the same for other federated and directory services. We might say the same for our tooling, so that we don’t have myriad tools and approaches from our developers. On the other hand, we want to have great flexibility and loosely coupled benefits, when it comes to which services, be they internal or external, be they traditional nature or more of a ‘software as a service’ nature that we can easily incorporate and then manage those as process."
So, is the dividing line here, Steve Garone, between what architecturally makes sense as centralized and not?
Garone: Actually I’ve just sort of been chomping on the bit here a little, because I’ve been listening to the conversation. This a really important point, mostly because there is a lot of stuff -- a lot of analyst opinion, a lot of blogging -- floating around that I’ve read, and I know you guys have probably read, on this very subject, the sort of philosophical dichotomy between what SOA is supposed to be and the notion of an SOA suite or a SOA integrated stack.
Frankly, from the end-user perspective, the message ought to be that the whole notion of SOA, as it relates to loose coupling, is really focused on the services and the applications that you’re going to deliver. That doesn't imply or even suggest that your infrastructure cannot be based on an integrated stack or software that’s designed to work well together. It allows you to work with a single vendor, and to be very efficient about how you both develop, deploy, and maintain and manage your environment.
Gardner: We also have to remember that this evolution of SOA is not happening in a vacuum. There are other major IT trends and business trends of worth. Many of them are focused on trying to reduce the cost of ongoing maintenance and support somewhere between 60 and 80 percent of total IT costs, and maybe more, to free up discretionary spending and to reduce the total spending for IT in many organizations. The trends often involved include data center consolidation, moving toward a more standardized approach for underlying hardware, embracing virtualization/grid/utility principles, and so on. Perhaps we have to recognize that even as SOA moves on its own sort of trajectory, organizations are going to be consolidating and looking for commonality of services, and improved support and maintenance types of features throughout their infrastructure.
Garone: Just to make one more small point. The one area that may diverge from the philosophy that we’ve been talking about is in the area of open source. I think that people who go out and try to implement SOA-based solutions on a variety of levels using open source technology may tend to take a more best-of-breed, individual-component approach than those who would run to their local IBM sales rep and say, “What do I do with SOA?” Even that’s going to change over time, and we’re starting to see SOA suites develop around open-source technology as well. So, that’s going to move in that direction as time goes on.
Gardner: That's another trend that is in tandem with SOA and needs to be woven together with it. It’s obviously a large undertaking. I‘m also reminded, after an interesting briefing I took this week with Informatica, and Ash Kulkarni. We had a really long, interesting discussion about the role of data, master data, and metadata when it comes to moving toward SOA. We really shouldn’t lose track of the fact that as you move to applications as services, and you go loosely coupled, and you adopt more reuse across development with common frameworks, and use rich internet application interfaces -- what about the data?
The data has to be managed as well. Increasingly, companies that have had mergers and acquisitions, or have just gotten myriad applications with varying views of something as specific as a customer identity -- there might be 10 or 15 different views of a customer, as defined by a variety of different applications. How do you manage that? And when you think about the progression of the data, it seems to me that if not in actuality, in a virtual sense, you want to become centralized with your data so that data can be used in a clean and impactful or productive way across all of your services.
Does anyone out there have some thoughts about what considerations to have when it comes to data in this decision about best-of-breed or integrated approach?
Macehiter: I was just going to say, the issue is that data has always been treated as a second-class citizen, and that it has been the product of applications which have then been subsequently analyzed. More organizations are recognizing this need to treat data as a peer, and deliver access to information, whether it’s structured or unstructured, as a service, which can be incorporated as needed into business process.
IBM was quick to identify this when they sold the information as a service strategy. And Oracle, surprisingly, given where they have come from, has actually not really enunciated data services, vision and platform. Although I did notice something on the Oracle Technology Network a couple of weeks ago, where they are just starting to talk about Oracle Data Integrator, based on an acquisition they made of a company called Sunopsis.
So, increasingly that's going to become part of the broader suite proposition. And, this is not just in the area of data but -- more broadly as customer adoption matures -- what constitutes an SOA suite. We’ve seen this around registry and repository, which historically was a best-of-breed proposition from the likes of Systinet and Infravio. Where are they now? They're part of a broader suite proposition from HP and webMethods, respectively. We’ll see this again.
Through acquisition what constitutes a suite will broaden as organizations become more mature in their approach to SOA. "Information as a service" is exactly one of those areas. Initially, that will probably be served by best-of-breed components, and then through a combination of acquisitions or very close partnership relationships will gradually be subsumed into what organizations believe is a SOA suite.
Gardner: Any other thoughts on the data services level and how that relates to this discussion?
Kobielus: I cover SOA for Current Analysis, primarily with reference to data management; and SOA in the data management realm is really consistent with master data management (MDM) as a discipline. Basically, master data management revolves around how you share, reuse, and enable maximum interoperability of your core master reference data, your single version-of-truth information, which is maintained in data warehouses and various operational data stores, and so forth.
Informatica is one of many vendors -- you mentioned Informatica earlier -- that has a strong MDM strategy. But there are are a lot of enterprise information integration (EII) vendors out there. EII revolves around really federated MDM, where you keep the data in its source repository, and then provide a virtualized access layer. This allows your business intelligence and other applications to access that data through a common object or model and a common set of access schemas -- wherever that data might reside -- but facilitated through a virtualized access layer. That’s very much EII as implemented by Business Objects, BEA, and many other vendors, and is very much the approach for federated MDM.
Gardner: Let me pause you there for a minute, Jim. If a virtualized centralization works for information, why wouldn’t it work for other aspects of SOA?
Kobielus: Oh, it does. Virtualization, of course, is one of the big themes in SOA.
Gardner: You can enjoy the benefits of a homogeneous approach, but, in fact, have great heterogeneity beneath the covers. Isn't that the whole idea of SOA -- to provide homogeneity in terms of productivity control management, and yet with flexibility and agility?
Kobielus: SOA, first and foremost, is a virtualization approach -- virtualization defined as an approach for abstracting the external call interface from the internal implementation of a resource, be it data or application functionality.
Gardner: So SOA is best-of-breed -- and it’s integrated. And you can pick and choose how to proceed, based perhaps on your legacy and your skill sets.
Macehiter: We just have to be clear to distinguish between the assets or resources that you’re virtualizing through SOA, which is typically going to be functional assets versus whether you need to virtualize the infrastructure and apply SOA to the underlying infrastructure. That’s the key distinguishing point. And that gets the point that was being raised earlier about virtualized access to information.
The infrastructure could be common, but the information assets that you’re accessing will be in heterogeneous repositories accessed in a number of different ways. This is exactly what IBM is doing with its offerings around information-as-a-service, and BEA as well. It's having the equivalent of application adapters by applying them to information assets and then exposing those through a service interface, so it’s virtualized and transparent: where the information is, how it’s stored and what format it’s in.
Kobielus: You mentioned Oracle’s acquisition of Sunopsis, which is interesting, because Sunopsis is an ETL vendor and the transform side of it is critically important. When you are extracting data from source repositories, you’re transforming it in various ways. Traditionally, Sunopsis’s tools have been used primarily to support transformation of data, which will then be loaded into centralized data warehouses.
But transformation functionality is important, whether you’re doing it in an ETL data warehousing environment -- in other words, the traditional bus for MDM -- or whether you’re doing the transformation in an EII environment. There, in fact, you are not ultimately loading the transform data into a central store, but rather simply transforming the data, keeping it in it’s original schema, but transforming it so it can be rationalized, harmonized, or aligned with a virtualized data access model provided by that EII environment.
Macehiter: Exactly. The transformation should occur behind the service interface, and this is why you need the idea of common information models and common schema models.
Gardner: Before we get down too much in the weeds on EII -- we can address that perhaps in a whole show in the future with a guest who is very much involved with that industry. Let’s move on to our second topic today, given the amount of time we have.
There are a burgeoning number of critical skill sets that need to be applied to SOA. We’ve talked about data, whether it’s cleansing, transforming, virtualizing and approaching some sort of a MDM capability. We have talked about development and process, BPEL. We talked about infrastructure. There is the management, the architectural overview, and what’s our philosophy.
It seems like we’re going to need a lot of very skilled people who are both generalists, as well as highly specific and technical. Because for SOA to work, a bunch of people who are highly specific -- but don’t share the same vision or have a general sense of the strategy -- probably won’t fare too well. This issue comes to us from Joe McKendrick. Joe, give us a little setup and overview of where you think things are headed in terms of the necessary skill sets companies are going to need in order to accomplish the promise of SOA.
McKendrick: Thanks, Dana. It’s interesting. Actually, the impetus for my thinking on this came from a report Ron Schmelzer posted and I reported on my blog this week.
Gardner: Ron being with ZapThink.
McKendrick: That’s correct. He is sounding the alarm bells that the folks that we need to drive SOA forward in the enterprise is this class of enterprise architects and enlightened architects, if you will. There are a lot of SOA projects everybody is interested in. Everybody’s kind of ginned up about SOA now, and we’ve been hearing about it. Enterprises really want to begin to either pilot or move SOA past the pilot stage, and 2007 should be a big year.
Ron Schmelzer feels there may not be enough architects who can take this high-level view and drive this process forward. Now, it’s interesting, but when I posted this on my blog, I got lot of feedback that perhaps architects are not the only ones who can really lead this effort. There are plenty of developers out there, high-level developers, who can also contribute to the process and interact with the business. The key behind this argument is that you need folks who know what’s going on technically, but can interact with the business. It can be a rare skill to have both.
Gardner: Yeah, this is going to be demanding. You can get Oracle-certified, you can get Microsoft-certified, IBM-certified. Where do you go to become SOA architect-certified?
McKendrick: Where do you go in terms of higher education institutes to get trained on architectural planning and network design? I’ve talked to lots of people who say, “Yeah, we look at the computer science graduates coming up, but how many of these people really, fully have had any training or courses whatsoever on broad architectural subjects like SOA?" Very few.
Kobielus: That’s true. Not to get reminiscent or anything, but 10 years ago, when we started seeing Java ramp up, we saw a lag there as well. A lot of organizations were really hungry for Java developers, and the universities came through with more focus on it, but later than probably most organizations wanted. What will happen here is that while this ramp-up goes on, we might see a lot of new business and new interest in service organizations that can provide the professional services required to get people through it.
Macehiter: Yeah, that’s true. That’s going to be an important -- absolutely an important source. Also, there’s some work under way. I don’t know whether any of you are familiar with the the International Association of Software Architects (IASA), which is really trying to foster a community that does try and share best practice around software architecture, including SOA.
You hit the nail on the head in terms of the key skills that are required around being able to interface with the business. One of the skills and attributes that you also need as a SOA architect is really this ability to balance supporting short-term business outcomes but keeping an eye on the longer-term objectives in terms of gaining high quality and maximizing IT value. That’s an equally difficult skill because too often architecture historically has been focused on quite discrete initiatives or infrastructure. I’m thinking about server architecture or network architecture rather than this broader perspective. There are skills occurring from such things as Oasis and what they are trying to do around things like SOA blueprints. It will be useful to get someone from Oasis in a future podcast to discuss this, because this is where the education is coming from.
Gardner: I think that if everyone goes about SOA methodically on his or her own track, and based on their own experience, and we are going to come up with a real mish-mash, then it’s going to be a problem. There needs to be some standardization around methodology.
Coincidentally, in April we’re expecting to see version 3 of the Information Technology Infrastructure Library (ITIL). This is focused on the lifecycle of services. It’s really more at the IT service-management level than pure technology, but it does offer blueprints and books and standardized approaches on how to setup an IT department and manage some of these organizational things. It strikes me that that might be another influence on bringing some kind of a cohesive approach to SOA, rather than be totally scatter-shot.
Macehiter: ITIL came out of the U.K. government. What was interesting about it is that it was driven very much from the experience of people who were grappling with these very challenges. That’s where it’s going to come from in SOA. It’s going to come from things like the IASA and others practitioners defining the best practice, rather than a more theoretical, academic approach to defining the ideal methodology.
Gardner: It's my understanding that the global systems integrators are very interested in this coming version of ITIL, and some of these other standardization-for-methodological-benefit approaches. As I’ve said before, SOA is the gift that keeps giving, if you’re a systems integrator in a professional services organization. It will be really interesting to see how successful they are at bringing a standardized set of approaches to the SOA architect role and whether that’s actually in their best interests over time.
McKendrick: And when it washes up on these shores, we’ll call it American ITIL.
Gardner: Actually the number of ITIL users is highest in the private sector and in North America, as I understand it, although it’s hard to see to what degree people actually use it. I think people use it in dribs and drabs and not in entirety.
McKendrick: It’s going to be interesting. There’s a lot of emphasis on compliance now, and data management is a big part of it as well. ITIL is really going to come into play, and should be coming into play, because processes are outsourced. Because processes are being managed by third-party firms, you need to have across-the-board standards to ensure that the data is being managed properly and in accordance with some type of universal standard. And, the regulators are going to want to see that as well.
Gardner: Well, I think we’ve come up with two separate shows we'll need to do -- one on enterprise information integration (EII) and dig in to that topic specifically; and then, perhaps, we should do an ITIL show, get someone who is familiar with some of the authoring there, and dig into its implications for SOA.
Well I think that wraps it up for today. We’ve covered quite a bit of ground in a short amount of time. I want to thank all of our guests. We’ve had Steve Garone, Joe McKendrick, Neil Macehiter, Tony Baer and Jim Kobielus. This is Dana Gardner, your host and moderator for this week’s BriefingsDirect SOA Insights Edition. Please come back and join us next week. Thank you.
If any of our listeners are interested in learning more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, please fill free to contact me, Dana Gardner at 603-528-2435.
Listen to the podcast here.
Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition, Vol. 10. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.
Listen to the podcast here. If you'd like to learn more about BriefingsDirect B2B informational podcasts, or to become a sponsor of this or other B2B podcasts, contact Dana Gardner at 603-528-2435.
Gardner: Hello, and welcome to the latest BriefingsDirect, SOA Insights Edition, Volume 10. This is a weekly discussion and dissection of Service-Oriented Architecture (SOA)-related news and events with a panel of industry analysts and guests. I’m your host and moderator Dana Gardner, principal analyst at Interarbor Solutions, ZDNet software strategies blogger, and Redmond Developer News magazine SOA columnist.
Our panel this week consists of show regular Steve Garone. Steve is a former IDC Group vice president, founder of the AlignIT Group, and an independent industry analyst. Welcome again, Steve.
Steve Garone: Hi, Dana, great to be back.
Gardner: Also joining us again Joe McKendrick, research consultant, columnist at Database Trends, and a blogger at ZDNet and ebizQ. Thanks for coming, Joe.
Joe McKendrick: Thanks, Dana, glad to be here.
Gardner: Also Tony Baer is making another appearance. He is principal at onStrategies. Thank for coming, Tony.
Tony Baer: Hey, Dana, good to be here.
Gardner: We’re also talking with Neil Macehiter. He is a research director at Macehiter Ward-Dutton in the U.K. Thanks for coming, Neil.
Neil Macehiter: No problem, Dana.
Gardner: And last on our list -- we have a large group today -- Jim Kobielus. Jim is a principal analyst at Current Analysis. Thanks for coming along, Jim.
Jim Kobielus: Thanks a lot, Dana. Hi, everybody.
Gardner: For our first topic this week -- and this is the week of Jan. 22, 2007 -- we’ll begin with the notion of SOA suites, a merging and definable market segment. We’re going to be looking at how mature such suites are. I suppose we should also look at the distinction between the best-of-breed-approach, where one could pick and choose various components within their SOA arsenal, or a more complete suite, a holistic full-feature set with the benefits, trade-offs, and detriments of each of these approaches.
Jim, you’re the one who was interested in this topic. Why don't you give us a little set-up as to what you think the state of the market is?
Kobielus: Thanks a lot. Over time, we’ve all been seeing this notion of a SOA suite take root in the industry’s productization of their various features, functions, and applications. Now, the big guys -- SAP, Oracle, Microsoft, webMethods, for that matter lots of software vendors -- are saying, “Hey, we provide a bigger, 'badder' SOA suite than the next guy.” That raises an alarm bell in my mind, or it’s an anomaly or oxymoron, because when you think of SOA, you think of loose coupling and virtualization of application functionality across a heterogeneous environment. Isn’t this notion of a SOA suite from a single vendor getting us back into the monolithic days of yore?
This thought came to me when I was reading a Wall Street Journal article earlier in the week about SAP, “SAP Trails Nimble Start-Ups As Software Market Matures.” There was one paragraph in there that just jumped out at me. They said, “Some argue that SAP's slump highlights a broader shift under way in business software, in which startup companies wield an advantage over established titans. Under this traditional business model companies buy large, costly packages of software from SAP and Oracle to help them run their back-office functions and so forth, but as the business software industry matures, many companies already have the big software pieces they need, and feel little urgency to replace them.”
So, clearly SAP is then sort of a driver in the SOA suite arena for few years with NetWeaver. Is the notion of SOA suite an oxymoron? Are there are best-of-breed-suites? There are also best-of-breed SOA components, and I’m not sure that the notion of a suite, an integrated suite is really what companies are looking for from SOA. They want best-of-breed components with the assurance, of course, that those components are implementing the full range of SOA standards for heterogeneous interoperability. So, I’m taking issue with this notion of a "best-of-breed" suite. Anybody else have any thoughts on that?
Macehiter: I’ll give you a couple of perspectives on this. We have to recognize that organizations increasingly are looking to rationalize their supply strategy. So, they’re increasingly looking to deal with a smaller number of vendors and suppliers, which is, in part, driving the move toward larger vendors attempting to offer a suite or portfolio of product capabilities that can help organizations manage the lifecycle of an SOA initiative.
That’s one factor that’s driving it. The second issue is the use of the term "suite," and what that really entails, versus what the market is currently delivering. Companies are putting together a bunch of products under a common brand, whether it’s Oracle Fusion, SAP NetWeaver, or under the IBM WebSphere brand. That's one thing. Actually making sure the products are well integrated and that they have a common management environment, common configuration environment, and common policy definition environment is the second thing. That’s one element of it.
The second issue is what actually constitutes a suite to support service-oriented initiatives. There is a tendency, certainly among the larger vendors, to focus on SOA from a development and integration proposition, rather than thinking more broadly about the capabilities you need to support service-oriented initiatives throughout the lifecycle. That extends beyond development and integration into things like security and identity, which have to be incorporated into an overall SOA offering.
Management and monitoring, usage management, audit logging are in the broad range of capabilities that you need. There’s a question as to whether it’s feasible for one vendor to offer all of those capabilities that you need to support an SOA initiative versus a set of core capabilities. Then the hooks in the interoperability allow you to exploit existing security and management infrastructure. There are a number of factors that we need to consider, and a lot of the SOA suite propositions are very much focused around development and integration, rather than management and monitoring, and really dealing with the lifecycle of services.
Gardner: I guess that explains and is consistent with the past. If you can have a cohesive approach to the development side, then the deployment tends to follow, and that’s where you monetize. Steve Garone, what do you think of this breakdown between best-of-breed and a suite?
Garone: All of us on this podcast today know that the debate over best-of-breed versus integrated-stack approach has been going for many years in a variety of scenarios and contexts, and it hasn’t stopped. I don’t really like the word "suite." It reeks more of marketing than functionality. I think what you really have to look at in terms of SOA is how people are actually approaching getting into building SOA-based environments.
What we’ve seen so far -- and we’ve talked about this on other podcasts -- is that up to this point people have tended to do pilot projects that are much lower in scale than what they will eventually do if they have success with the immediate projects. One tends to think that what they’re going to do at that point is pick and choose the individual products and functions that they need to make that happen in the short term.
I think that’s what we’re seeing, but I also sense that, despite the fact that everybody wants an open environment where they can pick and choose and not be tied to one vendor, what overrides all this is a desire to get things done quickly, efficiently. They want a way in which they don’t have to be concerned about integrating a lot of products and what that entails, and having potentially an unreliable environment. What that points to is working toward one vendor. End users will do that even in the short term by choosing someone that they know they can grow with in the future.
Gardner: Pragmatically, these vendors are also looking at their future and they’re saying, “We have an installed base. We have certain shops where we’re predominant. We want to be able to give them a clear path as to how to attain SOA values from their investment in our legacy. Therefore, we need to follow through with add-ons that smack of a integrated-stack approach.” So, it is almost incumbent on vendors to try to produce this "whole greater than the sum of the parts" -- if not to build out more SOA business, then just to hold on to their previous business.
Garone: That up brings up another interesting point, which is vendors, especially the platform vendors. The larger vendors, like IBM, Sun, and so on, tend to try to walk the line between being able to offer a fully integrated stack of software to accomplish whatever the goal it is -- in this case SOA implementations -- and also being what might be called “integratable.” This means you can bring in another product, because we adhere to standards, we’ll be able to help you do that.
They try to walk that line; where that really makes a difference is not so much what you are going to do in the future, but rather what you have done in the past. If you've got an existing registry that you used for identity management with your current applications, if you have existing app servers -- which is probably more common -- whomever you choose is going to have to be able to allow you to continue to work with those as part of a legacy environment. It sounds funny calling application servers legacy, but at this point you can do that, and that’s really where the "integratability" aspects of a fully integrated stack come into play.
Gardner: So how about you, Joe McKendrick? Do you see that the drive for simplicity and working from your installed base creates a compelling case for an integrated SOA approach? Or is the trade-off such that this is really not going to happen anymore? Is that the old way -- and is SOA fundamentally different, and therefore one should look for a different strategy?
McKendrick: Perhaps a little of both, Dana. Basically the industry still operates under the traditional mode where a lot of enterprises rely on one vendor -- we'll call it a master vendor -- that supplies most of its solutions. We see that in the IBM and in the Oracle markets. I agree with Jim that the notion of a SOA suite is very much an oxymoron. The idea of a SOA is to have "hot-swappable" software components that you could install and take out as needed in a loosely coupled architecture.
Dana, you hit upon the point that the vendors themselves have to demonstrate that they have some type of path to their installed base. They need some type of path to show that, "Yes, we are on top of the technology." In fact, if you speak with vendors out there about this strategy, even if the products or the path that they're offering are something customers aren’t adopting at the moment, it’s something they want to see with the vendor. If Oracle, hypothetically, wasn’t talking about SOA at all, there would be a lot of consternation, a lot of concern, among their installed base as to where the vendor is going.
Gardner: SAP would walk in, and their sales people would beat them up in these accounts, right?
McKendrick: Exactly. Now, Oracle is an interesting case. When I think of suites, I think Oracle demonstrates the best tendency in this area. In fact, they called their offering "The SOA Suite," and they include a number of components. I have spoken with some companies that have Oracle installations. Now, it should be noted that typically the customers for these suites are the installed base. The people who will be buying into the components of the Oracle SOA suite are companies that either have the Oracle applications, the E-Business suite or the Oracle database underneath. And, in most cases, they are buying into components of the suite.
I've heard a lot of positive things said about the BPEL Process Manager, for example. And, they are buying into pieces of the solutions, and as Steve pointed out -- it’s still in the pilot-project stage. We’re not seeing widespread enterprise implementations, but they are beginning to buy into pieces of these solutions such as the BPEL Process Manager.
Gardner: Hey, Tony Baer, how about you? Do you think that we are mature enough in SOA that we should be looking for homogeneity when it comes to tools and even deployment side? Or, is heterogeneity the issue that we are trying to manage?
Baer: As Steve was saying before, we can’t decompose it down to the age-old argument of best-of-breed versus integrated-stack. There is always going to be a tension between homogeneity and heterogeneity. For the customer, it’s going to be dictated obviously by what is already in place, basically as Joe pointed out. If 60 percent of my functionality, or even say 30 or 40 percent of my functionality, is SAP, I’m likely to listen when SAP tells me about a NetWeaver Solution.
On the other hand, if I’m in a sector that does not lend itself to package solutions, I will more than likely tend to take a best-of-breed approach -- especially if I do a lot of homegrown development, because my business is so unique. There will always be that creative tension there. That being said, the fact is that at the infrastructural level, there is a desire to have consistency. I don’t want to have five security engines. I don’t want to have three different authentications, if possible. Obviously, we’re never going to get that one, centralized identity repository in the sky, but I want to at least have my management framework be as consistent as possible and to manage what will inevitably be, in most large organizations, a federation of different installed bases of different technologies.
The other side of this is that for vendors -- and Oracle is probably the best poster child for this -- the reality in the enterprise software industry has been one of merger, acquisition, and consolidation. This means that vendors who started as organic developers now have four or five different product lines and each has had a separate lineage. The only way to put some rationality there is something like an Oracle Fusion SOA framework. Oracle has to develop this, if only out of the necessity to keep its own product offerings consistent.
Gardner: Now, back to Jim Kobielus’s point about this integrated approach being an oxymoron for SOA. Shouldn’t the vision of SOA allow us to have it both ways? If you have a culture and mindset in an organization, maybe it’s because of your legacy. Maybe it’s because of how you operate and the value you’ve perceived in past IT investments. Thus, you might want to remain with more of a single-vendor or an integrated-stack approach, but there might be other vendors without a legacy to drag along. The enterprise may want to take advantage of any innovation they can to be functionally heterogeneous and to explore and test open-source componentry as that becomes available. Shouldn’t SOA allow both of these approaches -- and pretty much equally?
Macehiter: In principle it should. We have to be careful to distinguish between the infrastructure that you require to enable SOA initiatives and what you’re trying to enable with that service-oriented initiative. Just because you want to have a loosely coupled component that you can combine in multiple ways to deliver business outcomes, doesn’t mean that the infrastructure that underpins that has to be similarly loosely coupled and based on the heterogeneous offerings from different vendors. So, there is a separation there.
We also we have to bear in mind the challenges around going for best-of-breed approach, which are well understood. It’s not so much whether the individual components can actually talk to one another but more about things like the management environment and how you manage the configuration and how do you deal with policy definition?
We’ve done some detailed assessments of service infrastructure offerings from SAP, BEA, IBM, Oracle, Sun, and webMethods. If you actually dig under the covers, you will see that each of the components has its own policy definition approach. So, the way you configure policy within the orchestration engine is inconsistent with the way you do it within the security and identity management capabilities, and that challenge occurs within suites. That’s going to be compounded as you look across different components. That introduces risk into the deployment. It reduces the visibility of the end-to-end deployment. It's those factors that are going to be important, as well as whether a communication and brokerage capability can integrate with the registry and repository. There are a number of factors that you have to bear in mind there.
Kobielus: I agree -- I think that the notion of a best-of-breed SOA suite makes more sense from an enterprise customer’s point of view. Most enterprises want to standardize on a single vendor and a single stack for the SOA plumbing -- the registries and repositories and also the development tools. They want the flexibility to plug in the different application layer components from Oracle and SAP and others, that are SOA-enabled and that can work with that single-core-plumbing-stack from a single vendor.
Gardner: Perhaps the tension here is between what aspects of SOA should be centralized, repeatable, simplified, and consolidated, and which ones should not. It’s not really a matter of SOA homogeneous or SOA heterogeneous. In moving toward SOA, should you say, "Listen, this is going to be common throughout. Let’s reuse this. Let’s manage our policy as centrally as possible.
"We might say the same for other federated and directory services. We might say the same for our tooling, so that we don’t have myriad tools and approaches from our developers. On the other hand, we want to have great flexibility and loosely coupled benefits, when it comes to which services, be they internal or external, be they traditional nature or more of a ‘software as a service’ nature that we can easily incorporate and then manage those as process."
So, is the dividing line here, Steve Garone, between what architecturally makes sense as centralized and not?
Garone: Actually I’ve just sort of been chomping on the bit here a little, because I’ve been listening to the conversation. This a really important point, mostly because there is a lot of stuff -- a lot of analyst opinion, a lot of blogging -- floating around that I’ve read, and I know you guys have probably read, on this very subject, the sort of philosophical dichotomy between what SOA is supposed to be and the notion of an SOA suite or a SOA integrated stack.
Frankly, from the end-user perspective, the message ought to be that the whole notion of SOA, as it relates to loose coupling, is really focused on the services and the applications that you’re going to deliver. That doesn't imply or even suggest that your infrastructure cannot be based on an integrated stack or software that’s designed to work well together. It allows you to work with a single vendor, and to be very efficient about how you both develop, deploy, and maintain and manage your environment.
Gardner: We also have to remember that this evolution of SOA is not happening in a vacuum. There are other major IT trends and business trends of worth. Many of them are focused on trying to reduce the cost of ongoing maintenance and support somewhere between 60 and 80 percent of total IT costs, and maybe more, to free up discretionary spending and to reduce the total spending for IT in many organizations. The trends often involved include data center consolidation, moving toward a more standardized approach for underlying hardware, embracing virtualization/grid/utility principles, and so on. Perhaps we have to recognize that even as SOA moves on its own sort of trajectory, organizations are going to be consolidating and looking for commonality of services, and improved support and maintenance types of features throughout their infrastructure.
Garone: Just to make one more small point. The one area that may diverge from the philosophy that we’ve been talking about is in the area of open source. I think that people who go out and try to implement SOA-based solutions on a variety of levels using open source technology may tend to take a more best-of-breed, individual-component approach than those who would run to their local IBM sales rep and say, “What do I do with SOA?” Even that’s going to change over time, and we’re starting to see SOA suites develop around open-source technology as well. So, that’s going to move in that direction as time goes on.
Gardner: That's another trend that is in tandem with SOA and needs to be woven together with it. It’s obviously a large undertaking. I‘m also reminded, after an interesting briefing I took this week with Informatica, and Ash Kulkarni. We had a really long, interesting discussion about the role of data, master data, and metadata when it comes to moving toward SOA. We really shouldn’t lose track of the fact that as you move to applications as services, and you go loosely coupled, and you adopt more reuse across development with common frameworks, and use rich internet application interfaces -- what about the data?
The data has to be managed as well. Increasingly, companies that have had mergers and acquisitions, or have just gotten myriad applications with varying views of something as specific as a customer identity -- there might be 10 or 15 different views of a customer, as defined by a variety of different applications. How do you manage that? And when you think about the progression of the data, it seems to me that if not in actuality, in a virtual sense, you want to become centralized with your data so that data can be used in a clean and impactful or productive way across all of your services.
Does anyone out there have some thoughts about what considerations to have when it comes to data in this decision about best-of-breed or integrated approach?
Macehiter: I was just going to say, the issue is that data has always been treated as a second-class citizen, and that it has been the product of applications which have then been subsequently analyzed. More organizations are recognizing this need to treat data as a peer, and deliver access to information, whether it’s structured or unstructured, as a service, which can be incorporated as needed into business process.
IBM was quick to identify this when they sold the information as a service strategy. And Oracle, surprisingly, given where they have come from, has actually not really enunciated data services, vision and platform. Although I did notice something on the Oracle Technology Network a couple of weeks ago, where they are just starting to talk about Oracle Data Integrator, based on an acquisition they made of a company called Sunopsis.
So, increasingly that's going to become part of the broader suite proposition. And, this is not just in the area of data but -- more broadly as customer adoption matures -- what constitutes an SOA suite. We’ve seen this around registry and repository, which historically was a best-of-breed proposition from the likes of Systinet and Infravio. Where are they now? They're part of a broader suite proposition from HP and webMethods, respectively. We’ll see this again.
Through acquisition what constitutes a suite will broaden as organizations become more mature in their approach to SOA. "Information as a service" is exactly one of those areas. Initially, that will probably be served by best-of-breed components, and then through a combination of acquisitions or very close partnership relationships will gradually be subsumed into what organizations believe is a SOA suite.
Gardner: Any other thoughts on the data services level and how that relates to this discussion?
Kobielus: I cover SOA for Current Analysis, primarily with reference to data management; and SOA in the data management realm is really consistent with master data management (MDM) as a discipline. Basically, master data management revolves around how you share, reuse, and enable maximum interoperability of your core master reference data, your single version-of-truth information, which is maintained in data warehouses and various operational data stores, and so forth.
Informatica is one of many vendors -- you mentioned Informatica earlier -- that has a strong MDM strategy. But there are are a lot of enterprise information integration (EII) vendors out there. EII revolves around really federated MDM, where you keep the data in its source repository, and then provide a virtualized access layer. This allows your business intelligence and other applications to access that data through a common object or model and a common set of access schemas -- wherever that data might reside -- but facilitated through a virtualized access layer. That’s very much EII as implemented by Business Objects, BEA, and many other vendors, and is very much the approach for federated MDM.
Gardner: Let me pause you there for a minute, Jim. If a virtualized centralization works for information, why wouldn’t it work for other aspects of SOA?
Kobielus: Oh, it does. Virtualization, of course, is one of the big themes in SOA.
Gardner: You can enjoy the benefits of a homogeneous approach, but, in fact, have great heterogeneity beneath the covers. Isn't that the whole idea of SOA -- to provide homogeneity in terms of productivity control management, and yet with flexibility and agility?
Kobielus: SOA, first and foremost, is a virtualization approach -- virtualization defined as an approach for abstracting the external call interface from the internal implementation of a resource, be it data or application functionality.
Gardner: So SOA is best-of-breed -- and it’s integrated. And you can pick and choose how to proceed, based perhaps on your legacy and your skill sets.
Macehiter: We just have to be clear to distinguish between the assets or resources that you’re virtualizing through SOA, which is typically going to be functional assets versus whether you need to virtualize the infrastructure and apply SOA to the underlying infrastructure. That’s the key distinguishing point. And that gets the point that was being raised earlier about virtualized access to information.
The infrastructure could be common, but the information assets that you’re accessing will be in heterogeneous repositories accessed in a number of different ways. This is exactly what IBM is doing with its offerings around information-as-a-service, and BEA as well. It's having the equivalent of application adapters by applying them to information assets and then exposing those through a service interface, so it’s virtualized and transparent: where the information is, how it’s stored and what format it’s in.
Kobielus: You mentioned Oracle’s acquisition of Sunopsis, which is interesting, because Sunopsis is an ETL vendor and the transform side of it is critically important. When you are extracting data from source repositories, you’re transforming it in various ways. Traditionally, Sunopsis’s tools have been used primarily to support transformation of data, which will then be loaded into centralized data warehouses.
But transformation functionality is important, whether you’re doing it in an ETL data warehousing environment -- in other words, the traditional bus for MDM -- or whether you’re doing the transformation in an EII environment. There, in fact, you are not ultimately loading the transform data into a central store, but rather simply transforming the data, keeping it in it’s original schema, but transforming it so it can be rationalized, harmonized, or aligned with a virtualized data access model provided by that EII environment.
Macehiter: Exactly. The transformation should occur behind the service interface, and this is why you need the idea of common information models and common schema models.
Gardner: Before we get down too much in the weeds on EII -- we can address that perhaps in a whole show in the future with a guest who is very much involved with that industry. Let’s move on to our second topic today, given the amount of time we have.
There are a burgeoning number of critical skill sets that need to be applied to SOA. We’ve talked about data, whether it’s cleansing, transforming, virtualizing and approaching some sort of a MDM capability. We have talked about development and process, BPEL. We talked about infrastructure. There is the management, the architectural overview, and what’s our philosophy.
It seems like we’re going to need a lot of very skilled people who are both generalists, as well as highly specific and technical. Because for SOA to work, a bunch of people who are highly specific -- but don’t share the same vision or have a general sense of the strategy -- probably won’t fare too well. This issue comes to us from Joe McKendrick. Joe, give us a little setup and overview of where you think things are headed in terms of the necessary skill sets companies are going to need in order to accomplish the promise of SOA.
McKendrick: Thanks, Dana. It’s interesting. Actually, the impetus for my thinking on this came from a report Ron Schmelzer posted and I reported on my blog this week.
Gardner: Ron being with ZapThink.
McKendrick: That’s correct. He is sounding the alarm bells that the folks that we need to drive SOA forward in the enterprise is this class of enterprise architects and enlightened architects, if you will. There are a lot of SOA projects everybody is interested in. Everybody’s kind of ginned up about SOA now, and we’ve been hearing about it. Enterprises really want to begin to either pilot or move SOA past the pilot stage, and 2007 should be a big year.
Ron Schmelzer feels there may not be enough architects who can take this high-level view and drive this process forward. Now, it’s interesting, but when I posted this on my blog, I got lot of feedback that perhaps architects are not the only ones who can really lead this effort. There are plenty of developers out there, high-level developers, who can also contribute to the process and interact with the business. The key behind this argument is that you need folks who know what’s going on technically, but can interact with the business. It can be a rare skill to have both.
Gardner: Yeah, this is going to be demanding. You can get Oracle-certified, you can get Microsoft-certified, IBM-certified. Where do you go to become SOA architect-certified?
McKendrick: Where do you go in terms of higher education institutes to get trained on architectural planning and network design? I’ve talked to lots of people who say, “Yeah, we look at the computer science graduates coming up, but how many of these people really, fully have had any training or courses whatsoever on broad architectural subjects like SOA?" Very few.
Kobielus: That’s true. Not to get reminiscent or anything, but 10 years ago, when we started seeing Java ramp up, we saw a lag there as well. A lot of organizations were really hungry for Java developers, and the universities came through with more focus on it, but later than probably most organizations wanted. What will happen here is that while this ramp-up goes on, we might see a lot of new business and new interest in service organizations that can provide the professional services required to get people through it.
Macehiter: Yeah, that’s true. That’s going to be an important -- absolutely an important source. Also, there’s some work under way. I don’t know whether any of you are familiar with the the International Association of Software Architects (IASA), which is really trying to foster a community that does try and share best practice around software architecture, including SOA.
You hit the nail on the head in terms of the key skills that are required around being able to interface with the business. One of the skills and attributes that you also need as a SOA architect is really this ability to balance supporting short-term business outcomes but keeping an eye on the longer-term objectives in terms of gaining high quality and maximizing IT value. That’s an equally difficult skill because too often architecture historically has been focused on quite discrete initiatives or infrastructure. I’m thinking about server architecture or network architecture rather than this broader perspective. There are skills occurring from such things as Oasis and what they are trying to do around things like SOA blueprints. It will be useful to get someone from Oasis in a future podcast to discuss this, because this is where the education is coming from.
Gardner: I think that if everyone goes about SOA methodically on his or her own track, and based on their own experience, and we are going to come up with a real mish-mash, then it’s going to be a problem. There needs to be some standardization around methodology.
Coincidentally, in April we’re expecting to see version 3 of the Information Technology Infrastructure Library (ITIL). This is focused on the lifecycle of services. It’s really more at the IT service-management level than pure technology, but it does offer blueprints and books and standardized approaches on how to setup an IT department and manage some of these organizational things. It strikes me that that might be another influence on bringing some kind of a cohesive approach to SOA, rather than be totally scatter-shot.
Macehiter: ITIL came out of the U.K. government. What was interesting about it is that it was driven very much from the experience of people who were grappling with these very challenges. That’s where it’s going to come from in SOA. It’s going to come from things like the IASA and others practitioners defining the best practice, rather than a more theoretical, academic approach to defining the ideal methodology.
Gardner: It's my understanding that the global systems integrators are very interested in this coming version of ITIL, and some of these other standardization-for-methodological-benefit approaches. As I’ve said before, SOA is the gift that keeps giving, if you’re a systems integrator in a professional services organization. It will be really interesting to see how successful they are at bringing a standardized set of approaches to the SOA architect role and whether that’s actually in their best interests over time.
McKendrick: And when it washes up on these shores, we’ll call it American ITIL.
Gardner: Actually the number of ITIL users is highest in the private sector and in North America, as I understand it, although it’s hard to see to what degree people actually use it. I think people use it in dribs and drabs and not in entirety.
McKendrick: It’s going to be interesting. There’s a lot of emphasis on compliance now, and data management is a big part of it as well. ITIL is really going to come into play, and should be coming into play, because processes are outsourced. Because processes are being managed by third-party firms, you need to have across-the-board standards to ensure that the data is being managed properly and in accordance with some type of universal standard. And, the regulators are going to want to see that as well.
Gardner: Well, I think we’ve come up with two separate shows we'll need to do -- one on enterprise information integration (EII) and dig in to that topic specifically; and then, perhaps, we should do an ITIL show, get someone who is familiar with some of the authoring there, and dig into its implications for SOA.
Well I think that wraps it up for today. We’ve covered quite a bit of ground in a short amount of time. I want to thank all of our guests. We’ve had Steve Garone, Joe McKendrick, Neil Macehiter, Tony Baer and Jim Kobielus. This is Dana Gardner, your host and moderator for this week’s BriefingsDirect SOA Insights Edition. Please come back and join us next week. Thank you.
If any of our listeners are interested in learning more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, please fill free to contact me, Dana Gardner at 603-528-2435.
Listen to the podcast here.
Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition, Vol. 10. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.
Wednesday, February 21, 2007
Transcript of BriefingsDirect Podcast on ITIL v3 and IT Service Management
Edited transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Jan. 22, 2007.
Listen to the podcast here. Podcast sponsor: Hewlett-Packard.
Dana Gardner: Hi, this Dana Gardner, principal analyst at Interarbor Solutions and you’re listening to BriefingsDirect. Today, a sponsored podcast discussion about Information Technology Service Management (ITSM) and a related area, the evolving Information Technology Infrastructure Library (ITIL). These are complementary trends that are helping to mature IT as a customer-focused quality-of-service activity.
We’re not so much focused on how technology is deployed and actually used, on a product-by-product basis, but really how IT is delivered to an enterprise for its internal consumers of IT. ITSM and ITIL are following longer term trends that we’ve seen in manufacturing, such as Six Sigma and the quality initiatives that we saw in the post-World War II period. So, this is really an indication of how IT is maturing and how to take it to a further, higher plane of a customer focus and quality of service.
Joining us to look into these subjects and learn more about them as they’re now maturing and coming into some milestones -- particularly ITIL with the next version arriving in the spring of 2007 -- are executives from Hewlett-Packard's Services Consulting and Integration group. Joining us is Klaus Schmelzeisen, director of the global ITSM and security practices at HP’s Services Consulting and Integration group. Klaus is managing the solution portfolio that helps customers manage their applications and infrastructure environment. Welcome to the show, Klaus.
Klaus Schmelzeisen: Hello, everyone.
Gardner: Also joining us is Jeroen Bronkhorst, ITSM program manager within the Services Consulting and Integration group at HP and also an active participant in the ITIL version 3 editorial core team, as well as an author of the integrated ITIL process maps. At HP, he is a consulting coordinator and is helping to develop the core deliverables, as well as an ITSM reference model. Welcome to the show, Jeroen.
Jeroen Bronkhorst: Thank you, Dana. Hello, everyone.
Gardner: As I mentioned, this is part of a longer-term trend. ITIL has been around for quite some time, and ITSM services for management is a bit newer. Perhaps you could help us understand the history. How did the demand for these services come about, and what are some of the current drivers that are bringing this into the fore for an increasing number of enterprises?
Schmelzeisen: Let me take this one on. I've been observing the area of ITSM since the early '90s, and, interestingly enough, it really started with the infrastructure piece. At that point in time, corporations were introducing lots of new technologies, especially in the networking environment. This was a change from the X.25 networks into TCP/IP environments, but it was also a time when a lot of the mainframe environments were superseded and replaced by open-system environments.
Client-server infrastructures came into place. So, there was a big need for infrastructure monitoring that, once this was in place, were followed by IT services, which brought a completely different spin. That was to deliver the output of an IT organization as a service to the business. That's where ITSM started big time, and that was a couple of years later.
So, really, around the mid-'90s and since then, standards and best practices have evolved. HP has had its reference model since 1996 as a trademarked approach. Even before that, there were pre-versions of it. So, ITSM came along really in the early to mid '90s, and ITIL started around the same time.
Gardner: Do you think this is just a response to complexity? Is that what the underlying thrust was for this? Were there just more types of systems to deal with, and therefore they needed more structure, more of a best practices approach?
Schmelzeisen: Definitely. The complexity drove a lot of new and different technologies, but there were also more people in IT organizations. With more people, complexity went up, and then quickly the realization came that processes are really a key part of it. That brings you right to the heart of ITSM and then ITIL.
Gardner: So, it’s really about the complexity of the IT department itself, not necessary the technology?
Schmelzeisen: Definitely.
Gardner: Is there anything in particular about what’s going on now that makes this more relevant? Do you think the expectations for what IT provides are growing? Or is it the fact that IT is becoming much more strategic, the companies need to succeed at IT for the entire company to succeed?
Schmelzeisen: It’s actually multifold. On one side, the old challenges are still here. We see new technologies. We see the need for new services coming up. But there are also a lot of drivers that are putting pressure on the IT department. One is the ongoing topic of cost reduction. The competitiveness of an IT department is related to the efficiency and the quality of processes in place.
There is also the big theme of regulatory compliance. That is permanently on the CIO agenda and that of all C-level management. To achieve this you need to have all the processes very well under control. There is also the ongoing demand to provide more value to the business, to be more agile in your responses, how quickly can you can implement new environments and respond to the needs of the business. Those are really the challenges of today.
Bronkhorst: May I add to that as well, Dana?
Gardner: Please, yes.
Bronkhorst: What I also see is that there are organizations that have an increasing need to demonstrate the level of quality that they are providing to their customers. We now have an industry standard called ISO/IEC 20000 for IT Service Management. There is an opportunity here to become certified, which might be useful in the case, for example, an IT organization wants to go to the outside world and provide services in the open market or as a protection mechanism for the internal IT organization to prevent themselves from become outsourced. This is another driver for organizations to show the value and the quality they provide.
Gardner: So, demonstrating their role and their certification helps to establish them internally against a competing approach, but also gives them more credibility if they want to take these services to an extended enterprise approach.
Bronkhorst: Yes, that’s correct.
Gardner: Now, could you help us understand ITIL, this library of best practices? We’ve got a new refresh coming up with Version 3 this coming spring. What is the impact of ITIL and how does it relate to ITSM?
Bronkhorst: Let me speak to that a little bit. ITIL originated in the '80s actually. It was created by the British Government, which still owns ITIL. It's a set of books that describes best practice guidance in the area of, "How do I organize the operational processes that help me manage my infrastructure and he help me manage my IT services?"
When it was created in the '80s, it initially consisted of more than 30 books. They were condensed in the '90s down to eight books, and that’s basically the set that exists today. However, as we’ve seen the technology and the needs evolve, the British Government is driving a project to further condense ITIL down to five books. This will better link it to the needs of businesses today, which will then help customers to get themselves organized around the lifecycle of IT services, being able to create new services, define them, build them, test them, bring them into production, and take them out of production again once they’re no longer needed.
If I look at the traditional impact of ITIL, I would say that it is typically targeted at the operations department within an IT organization, the area where all the infrastructure and applications are maintained, and where, as a user, you would interact most on a daily basis.
What’s happening with the new ITIL is that the scope of these best practices will be significantly improved, and ITIL Version 3 will be more focused on how you organize an IT organization as a whole. In other words, taking an integral view of how to manage an IT service that consists of applications, infrastructure components, hardware, etc. This means it will be a much bigger scope of best practices compared to what is it today.
Gardner: You mentioned that this began in a government orientation. Is this being embraced by governments, or by certain geographies or regions? Globally, is ITIL something that a certain vertical industry is more likely to adapt? I guess I'm looking for where is this in place and where does it make the most sense?
Bronkhorst: ITIL is not particularly focused on a specific industry segment. ITIL is generic in the sense that it provides best practices to any type of IT organization. It’s also not restricted geographically, although the British Government created it initially. Over the past few years, we could almost say it has conquered the world. This is evidenced by the fact that there are local IT service management forum organizations, which some people call ITIL users groups, but it’s a little bit more than that.
These IT groups focus on best practices in the area of IT service management of which ITIL is a component. And so, across the globe, many of these user groups have started. Actually, HP was a founding member of many of those user groups, because it is important for people who use these best practices to share their experiences and bring it to a higher level.
Gardner: This new version, Version 3, is this a major change? Is this a modest change? I guess I'm looking for the impact. Is this is a point release or a major SKU? How different will Version 3 be from some of the past approaches for these best practices?
Bronkhorst: I would classify ITIL Version 3 as a major release. I say that not because it is changing things from ITIL as it exists today. One of the basic underlying designs is that it builds on the principles that exist in ITIL today. The reason I'm saying it’s a major release, is because it's adding so much more to the scope of what ITIL covers, plus it completely restructures the way in which the information is organized.
What do I mean by that? In the past when you looked at the ITIL books, they were focused on topics that made sense to the people who work within the IT organization. Application Management, Infrastructure Management, Software Asset Management are all topics that make sense from an IT internal view. But, few people who look at IT from the outside care about how you do it, as long as they get the service that they have agreed on with you.
The new ITIL will be organized around five phases of the service lifecycle, starting with strategy. How do you handle strategies around services, followed by how do you design a service, and how do you then transition that service into operations? Service operation is the fourth phase, and then the last phase is all about how to continuously or continually improve service delivery? That will be a major change, especially for people who are familiar with the current ITIL in the way in which it is structured.
Gardner: Now, this isn’t happening in a vacuum. There are many other large trends taking place and affecting IT and businesses, and these are very dependent on IT. I'm thinking of application modernization, services-oriented architecture, consolidation and unification, adoption of new approaches with an emphasis on agile or rapid development. Does ITIL help reduce the risk of embracing some of these new trends? How should companies view this in terms of some of the other activities that they are involved with in their IT department?
Bronkhorst: ITIL basically helps you to set the context for these trends in an IT organization. In other words, if you organize yourself according to ITIL best practices, you have a solid foundation for being able to more quickly adopt new trends in the marketplace or new, evolving technologies, as you are organizing yourself to be much more agile than you have been before.
Gardner: Are there hard numbers to apply here. Perhaps, Klaus, you have some indication? When companies look at this, it seems like it makes great sense. It’s progressive. It’s maturing -- something that is fairly recent and fast-moving in organizations. But, are there hard business metrics, ROI, reduced total cost of IT, or higher productivity? When it comes time to sell this, to convince the business to invest in such things as ITSM, and they say, “Well, what’s the pay-back,” what has been the experience?
Schmelzeisen: We definitely have a lot of numbers. The usual metrics are cost reduction. For example, one of our big customers, DHL, reports 20 percent cost reduction since it implemented their IT processes. We have other cases where they are looking at a total return on investment that includes efficiency gains, as well as staff reduction, improved quality. That showed a breakeven for one of our clients, Queensland Transport, the government agency in Australia, in the second year, and an ROI of 400 percent in five years.
There are other measurements, like decreased amount of rework, decreased response time, how many calls you can solve on the first call. All these measurements are coming together. Alcatel-Lucent, for example, is showing very good returns in terms of quality improvements, as well as things that are much less tangible, like facilitated consolidation of all systems and their subsequent decommissioning.
So, there are very tangible measurements, like cost reduction, the number of call resolutions, and things like that -- quality improvements. And, there are less tangible ones, like how quickly you can get rid of older environments, how quickly you can consolidate, etc.
Gardner: What about the impact on users? Have there been surveys? You mention some of the software paybacks around reduced the time for resolution and better call center performance. Has anyone that you're aware of done user focus surveys after ITSM approaches have been adopted. Have they gauged the satisfaction of the people who are the ones actually using IT?
Schmelzeisen: Basically, the response to the quality of service provided by the IT department?
Gardner: That’s right -- the perception and the sense of confidence in IT.
Schmelzeisen: I don’t have a precise number at hand right now, but you can easily deduce it. If you call a help desk and you get put on hold, or you have to call again and your call is continuously routed to another person, and eventually you get an answer in a couple of days, how is your satisfaction rate based on that? It’s probably going to be very low.
However, if you call, and the person at the other end has all the information available about your case, he knows what type of system you have, he knows how it’s configured, he knows what changes have be done within the last couple of weeks or months, and he knows what environment you’re working in -- and he can help you right away -- I think it does great things for customer satisfaction.
Gardner: Sure, if customers can call in and get resolution and a sense of confidence, they're less likely to go off and start doing IT things on their own, on the department and lower-division level, which then requires that to be brought into a more centralized approach. Then, you lose any of the efficiencies of central procurement, managing licenses, and reducing redundancies.
It seems as if taking this life-cycle approach has a great opportunity to improve on efficiency from a procurement, licensing, and cost basis.
Schmelzeisen: Absolutely.
Bronkhorst: May I add one more thing, Dana? I think what we also see is that it’s not only important to measure, monitor, and manage customer satisfaction. It’s also key for a lot IT organizations to manage and monitor employee satisfaction. This is something that we also do as an integral part of the way that we handle projects where we implement ITSM processes and technologies with our customer.
Gardner: As far as United States market goes -- the one that I am most similar with -- it has been a long-term trend that it’s difficult to get qualified IT people and hold them. They often jump from company to company. I suppose that’s part of the dissatisfaction, but places enterprises in a fire-fighting mode much of the time, rather than in a more coordinated and straightforward productivity approach.
Bronkhorst: It’s also key that if you implement an ITSM solution or an ITSM environment, then what you do is structure the activities within an IT organization. Those activities are performed by a piece of technology, in other words automated, or performed by people. The challenge with many of these implementations is how to configure people in a way that they execute the processes the way they were designed. Technology, you can control, but people, sometimes you can’t, and you need to do something extra in order to make that work.
Schmelzeisen: I think that’s an interesting term that’s been introduced, "configuration of people," which means training and education. As a proof point to that, in all of the big projects -- Alcatel-Lucent, DHL, and Queensland Transport -- we had actually trained and retrained a significant number of people. With DHL, we trained about 4,000 IT professionals from a number of companies. With Alcatel-Lucent, it was training for about 1,000 employees. So, it’s a significant number of people need to be "reconfigured," as you called it.
Gardner: In another economic efficiency area, companies and enterprises have been looking to outsource or offshore. They're, looking to have better choices and more options in terms of how they acquire IT. If they have the certification process, as is being described here, in place, they can go and say, "Well, are your people certified? Are they trained? I am not going to outsource to anyone that isn’t."
It seems like this could make for more professionalism and less guessing, or risk, when it comes to outsourcing. Is that a trend you are seeing as well?
Schmelzeisen: Absolutely. It is important for organizations that want to show that they can achieve a certain level of quality to consider certification. What we did in our approach was to make sure that we use methodologies that have proven themselves in reality for customers to become certified in ITSM.
Gardner: All right. Let’s look to the future a little bit. It seems that there is a life-cycle approach to ITSM itself, and its successes can build upon one another toward a whole greater than the sum of the parts. But on the other hand, with this commoditization, if all companies are certified and all IT departments are operating in the same fashion, some companies that have depended on IT for a competitive edge might lose that. Is there any risk of reducing IT to a commodity set of services that prevents companies from somehow differentiating themselves?
Schmelzeisen: In some respects that’s a valid question, because a lot of IT services will be commoditized over time. On the other side, there is an ongoing wave of new things coming in, and there will always be leaders and followers. So, we will see more and different services being deployed. In the future, you won’t be able to differentiate just through an email service, to give you one example of an IT service.
However, it's different when it comes to other things: the way you manage your environment, integrate things like SOA or deploy SOA in your environment, embrace new technologies, drive mergers and acquisition from an IT integration point of view, how you select whether you are outsourcing, out-tasking or keeping things in-house.
Those are really differentiating points for the future, and I'll elaborate a little bit on the latter one. We are moving to a full IT service provider environment. A lot of these service provider ideas really come down to what you keep in-house, where you compete with others, and where your capabilities complement others. So, they are really looking at a whole supply chain in the sense of looking at complementors and competitors. It’s becoming a value net that IT organizations will have to look at and will have to manage. That is where the differentiation will be in the future.
Gardner: Anything else for us on that subject, Jeroen, about the competitive issues and commoditization? On one hand, we're saying that commoditization happens, but it is good in that it levels the playing field for you to be innovative.
Bronkhorst: I agree with what Klaus said, especially in the area that new technologies keep coming up. You can find new things in the stores almost every day, and the more new technology that’s introduced the more complex the world becomes, especially for IT organizations that have to keep it all up and running.
The challenge for a lot these IT departments is to make the right choices about which technologies to standardize on at what moment in time, and how to balance the cost associated with that with the quality you provide to your customer base. The real challenge is in doing that in a way that you distinguish yourself from the world surrounding you and being aware of the role you play in relation to your competitors and your complementors, as Klaus indicated.
Gardner: On a more pragmatic level, for those companies that are not quite into this yet, but want to be, how do you get started? How do you say, "I want to have a professional approach to ITSM? I also want to learn more about ITIL and how that could be useful tools for me?" Should you do one before the other? Are they something you can do on a simultaneous track? How do you get started?
Schmelzeisen: You always have to look at three main components, and we have mentioned them a couple of times before. It's people, process and technology. As people are driving most of the changes it’s definitely a good idea to have at least a certain number of people trained and certified, so that they can make educated decisions on technologies and processes later on.
When it comes to the process work, this can start in parallel, but definitely requires trained people. Technology is something that is definitely very important, but technology alone will not solve the problem. What's your view on this, Jeroen?
Bronkhorst: I agree with that. For those organizations that do not know yet whether a process-oriented approach is right for them we have a very interesting simulation game from our education department. We simulate processes in a non-IT environment, and make people aware of the value that can bring to their daily job.
We don't go into any of the ITIL or ITSM specifics right away, although there is some theory in the training. It’s really a simulation, and that is what a number of organizations start with. There are others who are more knowledgeable in this area already, and they typically want to go straight into a discussion as to how to compare themselves to industry best practices and what areas to address to improve. Then, we get more into a project simulation and assessment type approach, where you basically have a discussion with each other as to where we are today and where we want to be in the near future.
Gardner: I've been thinking about this as something for very large organizations, but perhaps that’s not the right way to look at it. How does this scale down? Does it fit well with small- to medium-sized businesses, or even smaller divisions within larger corporations? What’s the shakeout in terms of the size of the organization?
Schmelzeisen: You can deploy it to very small organizations as well. There might be one significant change: the need for automation. My experience is that this grows with the size of the organization. So, if you are a 170,000-person company with a huge IT department, you ought to have automated processes. This obviously means the processes need to be standardized and well understood, and people need to be trained on it.
If you are a 10-person IT department, you still have to have processes, but probably if you are such a small group, and you might even be located in one place, you can still do this without automation, using more basic tools, even on paper. Nevertheless, the need to understand your processes and have them well defined is independent of the size of the company.
Bronkhorst: There is actually a book from one of the ITSM’s chapters around how to apply ITIL in a small-size business environment, though I think that underlines the point that Klaus is making.
Gardner: Great. Well, thanks very much. This has been an interesting discussion about IT Service Management, making IT a professional organization with customer-focused quality of service as goals, and how to go about that on step-by-step basis.
Discussing this with us today have been two executives from Hewlett-Packard -- Klaus Schmelzeisen, the global director of the Global ITSM and Security Practices at HP Services Consulting and Integration group, and also Jeroen Bronkhorst, the ITSM program manager with HP Services Consulting and Integration group. I want to thank you gentlemen both for joining us.
Schmelzeisen: Well, thanks, Dana.
Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions, and you have been listening to a sponsored BriefingsDirect podcast. Thank you.
Listen to the podcast here.
Podcast sponsor: Hewlett-Packard.
Transcript of Dana Gardner’s BriefingsDirect podcast on ITIL v3 and IT Service Management. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.
Listen to the podcast here. Podcast sponsor: Hewlett-Packard.
Dana Gardner: Hi, this Dana Gardner, principal analyst at Interarbor Solutions and you’re listening to BriefingsDirect. Today, a sponsored podcast discussion about Information Technology Service Management (ITSM) and a related area, the evolving Information Technology Infrastructure Library (ITIL). These are complementary trends that are helping to mature IT as a customer-focused quality-of-service activity.
We’re not so much focused on how technology is deployed and actually used, on a product-by-product basis, but really how IT is delivered to an enterprise for its internal consumers of IT. ITSM and ITIL are following longer term trends that we’ve seen in manufacturing, such as Six Sigma and the quality initiatives that we saw in the post-World War II period. So, this is really an indication of how IT is maturing and how to take it to a further, higher plane of a customer focus and quality of service.
Joining us to look into these subjects and learn more about them as they’re now maturing and coming into some milestones -- particularly ITIL with the next version arriving in the spring of 2007 -- are executives from Hewlett-Packard's Services Consulting and Integration group. Joining us is Klaus Schmelzeisen, director of the global ITSM and security practices at HP’s Services Consulting and Integration group. Klaus is managing the solution portfolio that helps customers manage their applications and infrastructure environment. Welcome to the show, Klaus.
Klaus Schmelzeisen: Hello, everyone.
Gardner: Also joining us is Jeroen Bronkhorst, ITSM program manager within the Services Consulting and Integration group at HP and also an active participant in the ITIL version 3 editorial core team, as well as an author of the integrated ITIL process maps. At HP, he is a consulting coordinator and is helping to develop the core deliverables, as well as an ITSM reference model. Welcome to the show, Jeroen.
Jeroen Bronkhorst: Thank you, Dana. Hello, everyone.
Gardner: As I mentioned, this is part of a longer-term trend. ITIL has been around for quite some time, and ITSM services for management is a bit newer. Perhaps you could help us understand the history. How did the demand for these services come about, and what are some of the current drivers that are bringing this into the fore for an increasing number of enterprises?
Schmelzeisen: Let me take this one on. I've been observing the area of ITSM since the early '90s, and, interestingly enough, it really started with the infrastructure piece. At that point in time, corporations were introducing lots of new technologies, especially in the networking environment. This was a change from the X.25 networks into TCP/IP environments, but it was also a time when a lot of the mainframe environments were superseded and replaced by open-system environments.
Client-server infrastructures came into place. So, there was a big need for infrastructure monitoring that, once this was in place, were followed by IT services, which brought a completely different spin. That was to deliver the output of an IT organization as a service to the business. That's where ITSM started big time, and that was a couple of years later.
So, really, around the mid-'90s and since then, standards and best practices have evolved. HP has had its reference model since 1996 as a trademarked approach. Even before that, there were pre-versions of it. So, ITSM came along really in the early to mid '90s, and ITIL started around the same time.
Gardner: Do you think this is just a response to complexity? Is that what the underlying thrust was for this? Were there just more types of systems to deal with, and therefore they needed more structure, more of a best practices approach?
Schmelzeisen: Definitely. The complexity drove a lot of new and different technologies, but there were also more people in IT organizations. With more people, complexity went up, and then quickly the realization came that processes are really a key part of it. That brings you right to the heart of ITSM and then ITIL.
Gardner: So, it’s really about the complexity of the IT department itself, not necessary the technology?
Schmelzeisen: Definitely.
Gardner: Is there anything in particular about what’s going on now that makes this more relevant? Do you think the expectations for what IT provides are growing? Or is it the fact that IT is becoming much more strategic, the companies need to succeed at IT for the entire company to succeed?
Schmelzeisen: It’s actually multifold. On one side, the old challenges are still here. We see new technologies. We see the need for new services coming up. But there are also a lot of drivers that are putting pressure on the IT department. One is the ongoing topic of cost reduction. The competitiveness of an IT department is related to the efficiency and the quality of processes in place.
There is also the big theme of regulatory compliance. That is permanently on the CIO agenda and that of all C-level management. To achieve this you need to have all the processes very well under control. There is also the ongoing demand to provide more value to the business, to be more agile in your responses, how quickly can you can implement new environments and respond to the needs of the business. Those are really the challenges of today.
Bronkhorst: May I add to that as well, Dana?
Gardner: Please, yes.
Bronkhorst: What I also see is that there are organizations that have an increasing need to demonstrate the level of quality that they are providing to their customers. We now have an industry standard called ISO/IEC 20000 for IT Service Management. There is an opportunity here to become certified, which might be useful in the case, for example, an IT organization wants to go to the outside world and provide services in the open market or as a protection mechanism for the internal IT organization to prevent themselves from become outsourced. This is another driver for organizations to show the value and the quality they provide.
Gardner: So, demonstrating their role and their certification helps to establish them internally against a competing approach, but also gives them more credibility if they want to take these services to an extended enterprise approach.
Bronkhorst: Yes, that’s correct.
Gardner: Now, could you help us understand ITIL, this library of best practices? We’ve got a new refresh coming up with Version 3 this coming spring. What is the impact of ITIL and how does it relate to ITSM?
Bronkhorst: Let me speak to that a little bit. ITIL originated in the '80s actually. It was created by the British Government, which still owns ITIL. It's a set of books that describes best practice guidance in the area of, "How do I organize the operational processes that help me manage my infrastructure and he help me manage my IT services?"
When it was created in the '80s, it initially consisted of more than 30 books. They were condensed in the '90s down to eight books, and that’s basically the set that exists today. However, as we’ve seen the technology and the needs evolve, the British Government is driving a project to further condense ITIL down to five books. This will better link it to the needs of businesses today, which will then help customers to get themselves organized around the lifecycle of IT services, being able to create new services, define them, build them, test them, bring them into production, and take them out of production again once they’re no longer needed.
If I look at the traditional impact of ITIL, I would say that it is typically targeted at the operations department within an IT organization, the area where all the infrastructure and applications are maintained, and where, as a user, you would interact most on a daily basis.
What’s happening with the new ITIL is that the scope of these best practices will be significantly improved, and ITIL Version 3 will be more focused on how you organize an IT organization as a whole. In other words, taking an integral view of how to manage an IT service that consists of applications, infrastructure components, hardware, etc. This means it will be a much bigger scope of best practices compared to what is it today.
Gardner: You mentioned that this began in a government orientation. Is this being embraced by governments, or by certain geographies or regions? Globally, is ITIL something that a certain vertical industry is more likely to adapt? I guess I'm looking for where is this in place and where does it make the most sense?
Bronkhorst: ITIL is not particularly focused on a specific industry segment. ITIL is generic in the sense that it provides best practices to any type of IT organization. It’s also not restricted geographically, although the British Government created it initially. Over the past few years, we could almost say it has conquered the world. This is evidenced by the fact that there are local IT service management forum organizations, which some people call ITIL users groups, but it’s a little bit more than that.
These IT groups focus on best practices in the area of IT service management of which ITIL is a component. And so, across the globe, many of these user groups have started. Actually, HP was a founding member of many of those user groups, because it is important for people who use these best practices to share their experiences and bring it to a higher level.
Gardner: This new version, Version 3, is this a major change? Is this a modest change? I guess I'm looking for the impact. Is this is a point release or a major SKU? How different will Version 3 be from some of the past approaches for these best practices?
Bronkhorst: I would classify ITIL Version 3 as a major release. I say that not because it is changing things from ITIL as it exists today. One of the basic underlying designs is that it builds on the principles that exist in ITIL today. The reason I'm saying it’s a major release, is because it's adding so much more to the scope of what ITIL covers, plus it completely restructures the way in which the information is organized.
What do I mean by that? In the past when you looked at the ITIL books, they were focused on topics that made sense to the people who work within the IT organization. Application Management, Infrastructure Management, Software Asset Management are all topics that make sense from an IT internal view. But, few people who look at IT from the outside care about how you do it, as long as they get the service that they have agreed on with you.
The new ITIL will be organized around five phases of the service lifecycle, starting with strategy. How do you handle strategies around services, followed by how do you design a service, and how do you then transition that service into operations? Service operation is the fourth phase, and then the last phase is all about how to continuously or continually improve service delivery? That will be a major change, especially for people who are familiar with the current ITIL in the way in which it is structured.
Gardner: Now, this isn’t happening in a vacuum. There are many other large trends taking place and affecting IT and businesses, and these are very dependent on IT. I'm thinking of application modernization, services-oriented architecture, consolidation and unification, adoption of new approaches with an emphasis on agile or rapid development. Does ITIL help reduce the risk of embracing some of these new trends? How should companies view this in terms of some of the other activities that they are involved with in their IT department?
Bronkhorst: ITIL basically helps you to set the context for these trends in an IT organization. In other words, if you organize yourself according to ITIL best practices, you have a solid foundation for being able to more quickly adopt new trends in the marketplace or new, evolving technologies, as you are organizing yourself to be much more agile than you have been before.
Gardner: Are there hard numbers to apply here. Perhaps, Klaus, you have some indication? When companies look at this, it seems like it makes great sense. It’s progressive. It’s maturing -- something that is fairly recent and fast-moving in organizations. But, are there hard business metrics, ROI, reduced total cost of IT, or higher productivity? When it comes time to sell this, to convince the business to invest in such things as ITSM, and they say, “Well, what’s the pay-back,” what has been the experience?
Schmelzeisen: We definitely have a lot of numbers. The usual metrics are cost reduction. For example, one of our big customers, DHL, reports 20 percent cost reduction since it implemented their IT processes. We have other cases where they are looking at a total return on investment that includes efficiency gains, as well as staff reduction, improved quality. That showed a breakeven for one of our clients, Queensland Transport, the government agency in Australia, in the second year, and an ROI of 400 percent in five years.
There are other measurements, like decreased amount of rework, decreased response time, how many calls you can solve on the first call. All these measurements are coming together. Alcatel-Lucent, for example, is showing very good returns in terms of quality improvements, as well as things that are much less tangible, like facilitated consolidation of all systems and their subsequent decommissioning.
So, there are very tangible measurements, like cost reduction, the number of call resolutions, and things like that -- quality improvements. And, there are less tangible ones, like how quickly you can get rid of older environments, how quickly you can consolidate, etc.
Gardner: What about the impact on users? Have there been surveys? You mention some of the software paybacks around reduced the time for resolution and better call center performance. Has anyone that you're aware of done user focus surveys after ITSM approaches have been adopted. Have they gauged the satisfaction of the people who are the ones actually using IT?
Schmelzeisen: Basically, the response to the quality of service provided by the IT department?
Gardner: That’s right -- the perception and the sense of confidence in IT.
Schmelzeisen: I don’t have a precise number at hand right now, but you can easily deduce it. If you call a help desk and you get put on hold, or you have to call again and your call is continuously routed to another person, and eventually you get an answer in a couple of days, how is your satisfaction rate based on that? It’s probably going to be very low.
However, if you call, and the person at the other end has all the information available about your case, he knows what type of system you have, he knows how it’s configured, he knows what changes have be done within the last couple of weeks or months, and he knows what environment you’re working in -- and he can help you right away -- I think it does great things for customer satisfaction.
Gardner: Sure, if customers can call in and get resolution and a sense of confidence, they're less likely to go off and start doing IT things on their own, on the department and lower-division level, which then requires that to be brought into a more centralized approach. Then, you lose any of the efficiencies of central procurement, managing licenses, and reducing redundancies.
It seems as if taking this life-cycle approach has a great opportunity to improve on efficiency from a procurement, licensing, and cost basis.
Schmelzeisen: Absolutely.
Bronkhorst: May I add one more thing, Dana? I think what we also see is that it’s not only important to measure, monitor, and manage customer satisfaction. It’s also key for a lot IT organizations to manage and monitor employee satisfaction. This is something that we also do as an integral part of the way that we handle projects where we implement ITSM processes and technologies with our customer.
Gardner: As far as United States market goes -- the one that I am most similar with -- it has been a long-term trend that it’s difficult to get qualified IT people and hold them. They often jump from company to company. I suppose that’s part of the dissatisfaction, but places enterprises in a fire-fighting mode much of the time, rather than in a more coordinated and straightforward productivity approach.
Bronkhorst: It’s also key that if you implement an ITSM solution or an ITSM environment, then what you do is structure the activities within an IT organization. Those activities are performed by a piece of technology, in other words automated, or performed by people. The challenge with many of these implementations is how to configure people in a way that they execute the processes the way they were designed. Technology, you can control, but people, sometimes you can’t, and you need to do something extra in order to make that work.
Schmelzeisen: I think that’s an interesting term that’s been introduced, "configuration of people," which means training and education. As a proof point to that, in all of the big projects -- Alcatel-Lucent, DHL, and Queensland Transport -- we had actually trained and retrained a significant number of people. With DHL, we trained about 4,000 IT professionals from a number of companies. With Alcatel-Lucent, it was training for about 1,000 employees. So, it’s a significant number of people need to be "reconfigured," as you called it.
Gardner: In another economic efficiency area, companies and enterprises have been looking to outsource or offshore. They're, looking to have better choices and more options in terms of how they acquire IT. If they have the certification process, as is being described here, in place, they can go and say, "Well, are your people certified? Are they trained? I am not going to outsource to anyone that isn’t."
It seems like this could make for more professionalism and less guessing, or risk, when it comes to outsourcing. Is that a trend you are seeing as well?
Schmelzeisen: Absolutely. It is important for organizations that want to show that they can achieve a certain level of quality to consider certification. What we did in our approach was to make sure that we use methodologies that have proven themselves in reality for customers to become certified in ITSM.
Gardner: All right. Let’s look to the future a little bit. It seems that there is a life-cycle approach to ITSM itself, and its successes can build upon one another toward a whole greater than the sum of the parts. But on the other hand, with this commoditization, if all companies are certified and all IT departments are operating in the same fashion, some companies that have depended on IT for a competitive edge might lose that. Is there any risk of reducing IT to a commodity set of services that prevents companies from somehow differentiating themselves?
Schmelzeisen: In some respects that’s a valid question, because a lot of IT services will be commoditized over time. On the other side, there is an ongoing wave of new things coming in, and there will always be leaders and followers. So, we will see more and different services being deployed. In the future, you won’t be able to differentiate just through an email service, to give you one example of an IT service.
However, it's different when it comes to other things: the way you manage your environment, integrate things like SOA or deploy SOA in your environment, embrace new technologies, drive mergers and acquisition from an IT integration point of view, how you select whether you are outsourcing, out-tasking or keeping things in-house.
Those are really differentiating points for the future, and I'll elaborate a little bit on the latter one. We are moving to a full IT service provider environment. A lot of these service provider ideas really come down to what you keep in-house, where you compete with others, and where your capabilities complement others. So, they are really looking at a whole supply chain in the sense of looking at complementors and competitors. It’s becoming a value net that IT organizations will have to look at and will have to manage. That is where the differentiation will be in the future.
Gardner: Anything else for us on that subject, Jeroen, about the competitive issues and commoditization? On one hand, we're saying that commoditization happens, but it is good in that it levels the playing field for you to be innovative.
Bronkhorst: I agree with what Klaus said, especially in the area that new technologies keep coming up. You can find new things in the stores almost every day, and the more new technology that’s introduced the more complex the world becomes, especially for IT organizations that have to keep it all up and running.
The challenge for a lot these IT departments is to make the right choices about which technologies to standardize on at what moment in time, and how to balance the cost associated with that with the quality you provide to your customer base. The real challenge is in doing that in a way that you distinguish yourself from the world surrounding you and being aware of the role you play in relation to your competitors and your complementors, as Klaus indicated.
Gardner: On a more pragmatic level, for those companies that are not quite into this yet, but want to be, how do you get started? How do you say, "I want to have a professional approach to ITSM? I also want to learn more about ITIL and how that could be useful tools for me?" Should you do one before the other? Are they something you can do on a simultaneous track? How do you get started?
Schmelzeisen: You always have to look at three main components, and we have mentioned them a couple of times before. It's people, process and technology. As people are driving most of the changes it’s definitely a good idea to have at least a certain number of people trained and certified, so that they can make educated decisions on technologies and processes later on.
When it comes to the process work, this can start in parallel, but definitely requires trained people. Technology is something that is definitely very important, but technology alone will not solve the problem. What's your view on this, Jeroen?
Bronkhorst: I agree with that. For those organizations that do not know yet whether a process-oriented approach is right for them we have a very interesting simulation game from our education department. We simulate processes in a non-IT environment, and make people aware of the value that can bring to their daily job.
We don't go into any of the ITIL or ITSM specifics right away, although there is some theory in the training. It’s really a simulation, and that is what a number of organizations start with. There are others who are more knowledgeable in this area already, and they typically want to go straight into a discussion as to how to compare themselves to industry best practices and what areas to address to improve. Then, we get more into a project simulation and assessment type approach, where you basically have a discussion with each other as to where we are today and where we want to be in the near future.
Gardner: I've been thinking about this as something for very large organizations, but perhaps that’s not the right way to look at it. How does this scale down? Does it fit well with small- to medium-sized businesses, or even smaller divisions within larger corporations? What’s the shakeout in terms of the size of the organization?
Schmelzeisen: You can deploy it to very small organizations as well. There might be one significant change: the need for automation. My experience is that this grows with the size of the organization. So, if you are a 170,000-person company with a huge IT department, you ought to have automated processes. This obviously means the processes need to be standardized and well understood, and people need to be trained on it.
If you are a 10-person IT department, you still have to have processes, but probably if you are such a small group, and you might even be located in one place, you can still do this without automation, using more basic tools, even on paper. Nevertheless, the need to understand your processes and have them well defined is independent of the size of the company.
Bronkhorst: There is actually a book from one of the ITSM’s chapters around how to apply ITIL in a small-size business environment, though I think that underlines the point that Klaus is making.
Gardner: Great. Well, thanks very much. This has been an interesting discussion about IT Service Management, making IT a professional organization with customer-focused quality of service as goals, and how to go about that on step-by-step basis.
Discussing this with us today have been two executives from Hewlett-Packard -- Klaus Schmelzeisen, the global director of the Global ITSM and Security Practices at HP Services Consulting and Integration group, and also Jeroen Bronkhorst, the ITSM program manager with HP Services Consulting and Integration group. I want to thank you gentlemen both for joining us.
Schmelzeisen: Well, thanks, Dana.
Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions, and you have been listening to a sponsored BriefingsDirect podcast. Thank you.
Listen to the podcast here.
Podcast sponsor: Hewlett-Packard.
Transcript of Dana Gardner’s BriefingsDirect podcast on ITIL v3 and IT Service Management. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.
Subscribe to:
Posts (Atom)
