Welcome!

Microservices Expo Authors: Ruxit Blog, Pat Romanski, Elizabeth White, Liz McMillan, Lori MacVittie

Related Topics: Microservices Expo, Java IoT, Microsoft Cloud, Containers Expo Blog, Agile Computing, @CloudExpo, Government Cloud

Microservices Expo: Article

SOA and the Cloud: Why Your Cloud Applications Need SOA

Use a services-oriented architecture as the fabric upon which to build your cloud-based applications

Some consider cloud computing to be a cure-all for virtually any type of IT infrastructure. And while the cloud certainly delivers on many of its promises, it will never truly provide all that it's capable of unless it's optimized for integration with other applications and evolution for new requirements. What is the best way to provide this? Use a services-oriented architecture (SOA) as the fabric upon which to build your cloud-based applications. In this article, we'll outline the reasons why an SOA is so important for the cloud, some principles to consider when creating your cloud platform on an SOA.

A marriage made in IT heaven: Cloud and SOA
Cloud promises just about everything a CIO could possibly hope and dream for:  lower IT costs, eradication of daily management tasks, and massively reduced overhead. At this point in its evolution, however, cloud has been so touted and lionized; it's difficult to know how to separate the truth from the hype.

But for those who have had to implement and manage packaged enterprise applications, there are at least some aspects of cloud that are indeed very real, and those involved are eager to take advantage of. Cloud truly can provide a huge positive change in how you run your business, and we know by now that some of the early promises of cloud are indeed being delivered upon. And even though there will always be limitations to what was initially promised, those bulleted lists of what cloud can do for us are, thankfully, mostly true.

What's not as evident though, is the fact that a cloud offering is really just a way of delivering functionality through a service. It's not worth a whole lot if there's not a unified roadmap for how to construct, orchestrate and run all the services your organization relies upon. Without the processes that bring a service to the user, then all you have is some code that's easily accessible. Can the cloud concept still save you time, money and resources? Of course it can, but cloud services and functionality need to be brought together with a unified plan.

Can you guess what that unified plan is? Well, there are a lot of different ways to do it, but the easiest way, and the one that provides the greatest flexibility and most applicable built-in governance is a service-oriented architecture (SOA). There's confusion about the role an SOA plays in a cloud environment, but make no mistake, cloud is not a replacement, nor an incremental improvement of cloud. Rather, SOA acts as a cohesive, flexible infrastructure that enables services to function and integrate. That's partially because, just by its very nature, an SOA is a services-based platform. An application in the cloud can't do much unless it's sitting on top of something that's optimized to recognize and pull together, in an agile way, the various types of components that exist within a service (and even more so when you're combining a variety of services).

Figure 1: A service-oriented architecture at its essence

While the cloud needs SOA, it's important to implement it with adequate services security, governance, adherence to standards, and commitment to flexibility. There are entire operational, developmental, planning, and policy attributes that are crucial to using an SOA for your cloud, and that's what we've built our SOA platform on. Our Integrated SOA Governance solutions provide integration capabilities that enable your enterprise applications to be integrated and communicate with one another.

Okay, so we're a vendor, and we're inclined to think that best results will come in the form of our solution. But we created our SOA governance model mostly because, through years of collective experience and an inordinate amount of research, we recognized that a true SOA environment is the most effective way to unify, govern and manage enterprise apps and to enable your organization to grow in a scalable way without having to re-architect your IT framework. When it comes to cloud, well, there are a lot of different ways to skin this cat, but we think that architecting your enterprise application and services environment with an SOA will ensure that you're truly taking advantage of the cloud.

Putting cloud and SOA together
With the presumption that SOA and the cloud support and extend one another, there's still a great deal of confusion over where an SOA starts and the cloud begins.

Perhaps it's best to think about it in terms of a foundation and the things that sit on top of it. SOA provides a stable foundation, but it's not static. It's inherently flexible; in fact, one of an SOA's greatest attributes is its ability to adapt and integrate to both legacy systems and whatever may change and evolve in your IT landscape. That adaptability allows for any applications and systems to integrate with the basic structure of the platform, and optimizes how applications are accessed and data is transacted. And what platform can produce the best results in this environment? You guessed it - the cloud.

In our view, there really is no point at which an SOA ends and something else "takes over". Rather, we see that an SOA and cloud architecture are complementary, and that to be successful at having an effective architecture, you really need to think about what will optimize your services-based infrastructure. And if you're going to deliver or transact with cloud-based services, it probably makes sense to keep SOA as the foundation for everything, and putting a cloud-based system on top of that. The benefits will be mostly from the interoperability among all the different services that are transacting through the cloud, but are optimized because the SOA allows them to communicate and work with one another seamlessly (this, of course, is subject to your implementation).

Each component in a cloud-based application should be considered a separate Enterprise Service, even if they are not hosted by your IT organization.  To get a cloud-based application working right, and assuring that it will perform as expected over time, one needs a single point of governance over these highly virtualized Enterprise Services throughout the entire service lifecycle.

Starting at the planning stage, creators of a cloud-based application need to develop and track the inventory of cloud services that are available or under construction.  Business analysts, architects and developers need to be able to compare their enterprise SOA roadmap and desired slate of cloud applications with the Enterprise Service inventory, which consists of both cloud-based and traditional Enterprise Services.  Planning governance gives these stakeholders the ability to assign development priority to the cloud services that are most urgently needed, as well as determine the applicability of cloud technology to the problem. For instance, is the application subject to "speed-of-light" concerns?

Figure 2: Stages and elements of a cloud/SOA solution

A development governance solution will provide seamless management of "the cloud" as a development target. Operational governance for cloud services should ensure two important governance factors:  First, that the services themselves implement and enforce relevant policies for data protection, security, and service levels.  Secondly, it should ensure the federation of externally provided cloud services into the enterprise network. This is similar to the way externally provided SaaS services need to be federated for policy and message exchange pattern mediation.

Cloud services are subject to the same governance process as any other enterprise service, and as such need the same levels of policy governance.  For cloud services this includes the ability to define cross-cutting policies during the planning process and validate and enforce these policies through development and operations.

SOA Software product suite allows for easy management of SOA Governance throughout the plan-build-run service lifecycle, anchoring the process with strong policy governance. In planning, SOA Software Portfolio Manager allows planning stakeholders to develop an SOA roadmap, compare it to existing and planned services, and assign priority to selected services.  In development, SOA Software's Repository Manager makes sure that enterprise services confirm to appropriate standards and guidelines, providing powerful change management capabilities.  It also governs the consumption process, facilitating controlled and measurable asset reuse. When services are deployed, SOA Software Service Manager implements and enforces defined policies for security, performance, and reliability to ensure that enterprise services function as intended.  SOA Software Policy Manager works in concert with these products to keep policy definitions, and associated metadata, consistent as the service matures from planning through development and then into operation.

Arriving at Cloud Nirvana
Keep in mind that it's not that SOA provides the glue, or that it fills in any gaps, but rather in the model of a well-constructed enterprise architecture, SOA is both the support net and the building blocks that allow you to truly benefit from the cloud. But if you're trying to boil it down to its essence, it comes down to these points where SOA delivers value and cohesion for your cloud:

  • Governance: what's not often stated about the cloud is the need for thorough and comprehensive governance. Nothing provides that better than a services-based framework that actually requires standards to keep all the disparate applications communicating and transacting with one another.
  • Integration: your apps from yesterday, the ones you have now, and the ones you're going to buy/develop in the coming years will all need to integrate and interact irrespective of complexity. SOA is entirely built on the precept that THAT is its main function - to take processes, no matter where they come from, and make them worth with other processes. If you doubt that, we'll invite you to chat with any of our customers and they can describe how much easier things got once they focused on SOA.
  • Common purpose: applications are meant to be used and users don't care where the app lives, or what it took to bring the functionality to them. They just want it up when they are, and ready to transact business 24/7. The cloud is supposed to provide the house in which that's all done, but it just won't get done unless there's a flexible backbone that enables all of that. Again, that's the job of SOA.

We know that there are dozens of other considerations, some at the business rules level, and some having to do with hardcore code compliance. But ultimately when we need to take a solution back to our company and help them be successful, we'll think about these things and realize that if we can agree on a common purpose for our apps, integrate them, and provide the necessary governance, then we're ready to establish our presence in the cloud and prepared to grow and adapt.

When you get there, when you get to that point where you're running your applications in the cloud and benefiting from substantial cost savings and watching integrated apps play nicely with one another, and the CEO pats you on the back and tells you what a great job you're doing, then you will know that you are, in fact, in cloud nirvana.

More Stories By Roberto Medrano

Roberto Medrano, Executive Vice President at SOA Software, is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been involved at the beginning of four IT industries: EDA, Open Systems, Computer Security and now SOA.

Prior to joining SOA Software, he was CEO of PoliVec, a leader in security policy. Before joining PoliVec, he was one of the top 100 Sr. Executives at Hewlett Packard. At Hewlett-Packard (HP) served as the General Manager of the E-Services and Internet Security Divisions. Medrano has held executive positions at Finjan, Avnet Inc, and Sun Microsystems. Medrano participated in President Clinton’s White House Security Summit and has been an active member on National Cyber Security Summits, and the White House National Strategy to Secure Cyberspace.

Medrano has been selected as one of “The 100 most influential Hispanics in US”, “The 100 most influential Latinos in Silicon Valley” “Top 100 most influential Hispanics in Information Technology” and is co-founder and CEO for Hispanic-Net, a non-profit organization. Medrano holds an MBA from UCLA, a MSEE from MIT, BSEE from USC.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
This digest provides an overview of good resources that are well worth reading. We’ll be updating this page as new content becomes available, so I suggest you bookmark it. Also, expect more digests to come on different topics that make all of our IT-hearts go boom!
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor – all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
In his session at @DevOpsSummit at 19th Cloud Expo, Yoseph Reuveni, Director of Software Engineering at Jet.com, will discuss Jet.com's journey into containerizing Microsoft-based technologies like C# and F# into Docker. He will talk about lessons learned and challenges faced, the Mono framework tryout and how they deployed everything into Azure cloud. Yoseph Reuveni is a technology leader with unique experience developing and running high throughput (over 1M tps) distributed systems with extre...
Sharding has become a popular means of achieving scalability in application architectures in which read/write data separation is not only possible, but desirable to achieve new heights of concurrency. The premise is that by splitting up read and write duties, it is possible to get better overall performance at the cost of a slight delay in consistency. That is, it takes a bit of time to replicate changes initiated by a "write" to the read-only master database. It's eventually consistent, and it'...
There's a lot of things we do to improve the performance of web and mobile applications. We use caching. We use compression. We offload security (SSL and TLS) to a proxy with greater compute capacity. We apply image optimization and minification to content. We do all that because performance is king. Failure to perform can be, for many businesses, equivalent to an outage with increased abandonment rates and angry customers taking to the Internet to express their extreme displeasure.
Right off the bat, Newman advises that we should "think of microservices as a specific approach for SOA in the same way that XP or Scrum are specific approaches for Agile Software development". These analogies are very interesting because my expectation was that microservices is a pattern. So I might infer that microservices is a set of process techniques as opposed to an architectural approach. Yet in the book, Newman clearly includes some elements of concept model and architecture as well as p...
No matter how well-built your applications are, countless issues can cause performance problems, putting the platforms they are running on under scrutiny. If you've moved to Node.js to power your applications, you may be at risk of these issues calling your choice into question. How do you identify vulnerabilities and mitigate risk to take the focus off troubleshooting the technology and back where it belongs, on innovation? There is no doubt that Node.js is one of today's leading platforms of ...
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
Ovum, a leading technology analyst firm, has published an in-depth report, Ovum Decision Matrix: Selecting a DevOps Release Management Solution, 2016–17. The report focuses on the automation aspects of DevOps, Release Management and compares solutions from the leading vendors.
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...

Let's just nip the conflation of these terms in the bud, shall we?

"MIcro" is big these days. Both microservices and microsegmentation are having and will continue to have an impact on data center architecture, but not necessarily for the same reasons. There's a growing trend in which folks - particularly those with a network background - conflate the two and use them to mean the same thing.

They are not.

One is about the application. The other, the network. T...

This is a no-hype, pragmatic post about why I think you should consider architecting your next project the way SOA and/or microservices suggest. No matter if it’s a greenfield approach or if you’re in dire need of refactoring. Please note: considering still keeps open the option of not taking that approach. After reading this, you will have a better idea about whether building multiple small components instead of a single, large component makes sense for your project. This post assumes that you...
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
If you are within a stones throw of the DevOps marketplace you have undoubtably noticed the growing trend in Microservices. Whether you have been staying up to date with the latest articles and blogs or you just read the definition for the first time, these 5 Microservices Resources You Need In Your Life will guide you through the ins and outs of Microservices in today’s world.
Before becoming a developer, I was in the high school band. I played several brass instruments - including French horn and cornet - as well as keyboards in the jazz stage band. A musician and a nerd, what can I say? I even dabbled in writing music for the band. Okay, mostly I wrote arrangements of pop music, so the band could keep the crowd entertained during Friday night football games. What struck me then was that, to write parts for all the instruments - brass, woodwind, percussion, even k...
Node.js and io.js are increasingly being used to run JavaScript on the server side for many types of applications, such as websites, real-time messaging and controllers for small devices with limited resources. For DevOps it is crucial to monitor the whole application stack and Node.js is rapidly becoming an important part of the stack in many organizations. Sematext has historically had a strong support for monitoring big data applications such as Elastic (aka Elasticsearch), Cassandra, Solr, S...