SOA and WOA Magazine

If you've followed the arc of the SOA revolution, you might have expected the current moment to be one of great fanfare and proclamations of success. SOA (was supposed to have) arrived! SOA (was supposed to be) an accepted standard for software development and enterprise architecture. Yet, as we have seen, the naysayers appear to have had their day. SOA is DOA, we are told again and again. The recession/complacency/complexity/security problems/creeping vendor lock-in, you name it, has put a dagger in the heart of the enterprise SOA. I don't think it is actually thus. The reality turns out to be more subtle, and the declaration of SOA's demise is premature.

Nearly a decade after the debut of the Web services standards and the modern service-oriented architecture (SOA), the proof of the paradigm's remarkable success lies in what can only be described as its rather quiet and dull but effective existence. SOA has become so omnipresent, so unsurprisingly effective, it's a triumph. While many large organizations have been planning and executing far-reaching SOA plans, a different reality has snuck up on everyone. Service-orientation, if not actual SOA, is simply embedded into most software today, and it is routinely pulling off what used to be considered a nearly impossible task: the seamless, low-friction interoperation of radically different applications.

Like the hundreds of invisible electric motors that run our homes, tools, and offices, Web services are now stealthily powering whole classes of enterprise technology. They're like mobile phones. We just assume everyone has one today. And, like the mobile phone experience, which was total science fiction a generation ago but today is so commonplace it's not even noticed any more, Web services are the remarkable, nearly invisible magic in current integration scenarios.

I see this constantly in my work at Mitratech, whose TeamConnect software is used to manage corporate legal and compliance departments at large companies. Regardless of whether our clients have developed the kind of full-blown, enterprise SOA that everyone had on the drawing board circa 2005 or not, we are consistently implementing Web services-based integrations to other enterprise applications. What's fascinating is how Web services and the service-oriented capability are just assumed to be available. If you're deploying software in a large enterprise, you can pretty much assume that you can plug your other application in to Web services in the application infrastructure and that it can discover and integrate with other applications via their Web services.

Like many other packaged software vendors, we regularly plug TeamConnect into Web services interfaces in other applications and create integrations in days, which would have surely taken weeks or even months at the turn of the century. It's all, so, wonderfully boring! That's true success for SOA. Service-orientation, and Service-Oriented Business Applications (SOBAs), if not actual SOA, have taken over so completely in enterprise architecture for integration purposes that it's just not a big deal any longer, it's a fact.

For example, we often connect our corporate legal matter management product suite with enterprise content management solutions. This is done via web services calls that create the corresponding folder in the DM when the matter is created, another web service call to share security rights information, and presto they are working like one composite application. It's not a hassle to accomplish this integration. In fact, the integration potential is essentially pre-packaged into both solutions. Each vendor already knows where the integration is going to occur so it's already there. There's no consulting of a massive, central UDDI or federated bank of Web service registries, and no ESB. In contrast to the big vision, we now have narrowly scoped but highly valuable service-oriented business applications (SOBAs). How's that for dull?

One thing that is striking, though, is how different the reality of SOA is turning out to be in comparison with the way it was envisioned in 2001. As the SOA "revolution" gained momentum in the heady days of 2003-2005, the big vision was that major organizations would launch a service-oriented architecture program across the entire enterprise. With a large-scale UDDI at the core, developers would access Web services using ESBs and similar business process management / modeling technologies. Developers were to use existing Web services to build composite applications assembled out of odd Web services strewn across the enterprise, and to develop their own Web services on top of legacy applications. Of course, some of this has happened, but what seems to be more common, and a lot more interesting in its own boring way, is the simple, nonchalant hooking up of Web service-enabled applications as requirements demand it. It seems as if the preference for packaged applications with exposed Web services has outstripped the early SOA vision of a universe of custom-developed Web services being tied together in wholly new composite apps.

Consider what "code reuse," the rallying cry of the SOA movement, looks like in the successful, ho-hum SOA. The code-reuse theory was based on the idea that you could develop a Web service once and use it many times. That is true, but what's really happening is the repeated reuse of services from packaged software offerings. It's more like "buy once, use many times." Again, it's more boring than developing your own services, but still a great economy.

The ho-hum SOA has some catches, though. Broad, ad-hoc point-to-point Web service integration may advance the utility and value of service-orientation, but it can potentially wreak havoc on security and governance. In most cases, integrations occur between systems managed by consenting adults, who think through the data access control and confidentially issues as they plan and execute the connections. However, you can't make that assumption universally, and "self-policing" of app-to-app integration can be very problematic. SOA governance solutions can make a big difference here, but you need to have the right one and know that it will have the desired effect at a reasonable cost.

Data management can also get tricky when a lot of SOBAs are getting stitched together more or less on the fly. Part of a successful SOA technology strategy is making sure the information flowing through service-oriented applications is timely and accurate. Data that gets transformed on its way in and out of service-oriented applications can potentially cause disaggregation in the underlying databases unless SOBA development and data management are closely aligned. With SOA taking over, sans drama and major announcements, the IT department needs to keep up with this quiet tsunami, assuring compliance in information flow and integrity of enterprise services. Using ESBs to streamline the integration and to manage the X-Application Web services is an important factor of a large Enterprise / X-Enterprise SOA; this will ensure you publish the data once and subscribe from one or more systems, centralize common data transformations, establish common Business processes, share them, and so forth.

Though the big SOA plan and corporate SOA initiative are still important projects to work on, today's IT manager should not lose sight of what's actually happening, in SOA terms, right in their backyard. Historically, the winners of major technology battles are neither flashy nor loud. Big paradigms creep up on us until they become an omnipresent fact of life, even if no one's been looking. That appears to be happening with SOA. It's a transcendent, if boring, success. There's a lesson in this. The big vision is great to have, but sometimes, even if you never reach it, the technological future you want to build will catch up to where you want it to be on its own steam, and merits.