You've just gone to your CIO with a plan to implement your IT
organization's high-profile B2B "Project X" using Web services. Your
CIO patiently listens while you explain the benefits of using
third-party Web services as part of your mission-critical
infrastructure, how contracts will be negotiated electronically
without the need for pesky legal departments, how everyone will
outsource all their security and management to providers they never
need to meet in person, and how applications will dynamically
assemble and modify themselves as your needs change.
You confidently sit back, smile, and wait for your CIO to give his
inevitable nod of approval. It's only natural - after all, this model
works just like the electric grid but with software services. After a
few moments of thought, your CIO's head begins to nod. But wait, his
head is nodding side to side, not up and down! The CIO is rejecting
your proposal. How could this happen?
The reality is that adopting an emerging technology like Web services
is risky business in the eyes of a CIO. To convince your CIO to adopt
Web services, the short-term and long-term rewards have to be clear
and the risks have to be manageable. You know it's in the best
interest of your organization to move to Web services, but others
don't share your foresight. In this article, we'll give you the tools
you need to sell your organization on adopting Web services. Just
remember though - you need to prove you can walk before you're
allowed to run.
The first place to deploy Web services is within the enterprise, not
across enterprises. This allows you to have total control over every
aspect of the project, to manage the risk and ensure its success.
What kinds of inside-the-enterprise projects are best suited to
showcasing the benefits of Web services? Web services are all about
connecting systems together, so integration projects are the right
place to focus. Typically, a great starting point is a project with a
Web front end that needs to access one or more other IT systems -
portal projects, intranet Web sites, call center applications, etc.
These projects are a great fit for Web services since they leverage
its tight fit with existing Web technologies such as HTTP, XSL-T, and
HTML.
The Evolution of Integration
You find an integration project well-suited to the use of Web
services. You propose using Web services on this project and are
told, "We've been doing integration for years without Web services,
why do we need them now?" Best practices in integration have changed
rapidly in recent years, and different models for integration have
different trade-offs. It's easy for someone to be confused - so let's
walk through the different models for integration: point-to-point,
centralized, and backbone.
Point-to-point: The "Classic Coke"
of Integration.
Point-to-point integrations have been going on since IT began. You
know the type: "For my project, I need to connect system A's
purchasing with system B's inventory management, so we'll just
hand-code what we need right now to make this work." Even though
point-to-point is the oldest way of integrating, it's still the most
common for a few simple reasons: when projects are treated
independently of each other, point-to-point is the cheapest solution
for any given project and often the fastest way to get that
individual project done. In addition, it puts total control in the
project owner's hands with in-house resources and tools.
The downside of point-to-point integration is apparent when you look
at the "big picture." If all projects are treated independently of
one another, how can you possibly optimize your costs and
productivity globally, across your projects? The answer is that you
can't. Over time, a series of independent point-to-point integration
projects breed a fragile spaghetti of application interconnections
with no reuse among projects. Over the long run, you end up spending
more and taking longer to get the job done while ending up with a
brittle enterprise infrastructure (see Figure 1).
Centralized Integration: The "New Coke" of Integration
More recently, a few enterprising vendors realized the limitations of
point-to-point and proposed a new twist on integration: instead of
connecting applications directly together, put in a middleman
"integration solution" (see Figure 2). The applications connect in a
point-to-point fashion with the integration solution, but never
directly to each other. This isolates the applications from changes
in one another and provides a single point of control and reuse over
all integrations - resulting in lower long-term overall costs.
Unfortunately, the strength of a centralized model is also its
crucial weakness. Integration solutions suffer from the "first car
builds the road" syndrome: the first integration project to attempt
to use the integration solution is saddled with the bulk of the cost
in both software and services. And, since you are "buying for the
enterprise" rather than "buying for the project," the initial costs
are very high. In addition, since the solutions are vendor-specific,
the skills needed to build integrations are scarce, and the cost and
delivery time of any individual project ends up being significantly
more than with a point-to-point solution. And the projects themselves
typically are done with outside resources or resources under the
control of a central authority (because of the necessary skill sets),
significantly reducing your control and increasing your risk.
To compound the problem, to get the long-term benefit from an
integration solution you must standardize on one vendor's proprietary
solution - a significant point of long-term risk and cost. Imagine
the vendor is bought or goes out of business; your infrastructure
might need to be totally replaced. Or, imagine you merge with another
company; this means converting their infrastructure to your
integration solution to gain back the benefits. Implementation of
integration solutions often becomes the project that never ends.
For many of these reasons, single-vendor proprietary integration
solutions are struggling now that the Internet bubble days of
"infrastructure at any cost" are over.
Backbone Integration: The Choice of a New Generation?
Not exactly the new kid on the block, backbone integration has taken
place for many years and is the benchmark integration model for large
organizations. Most large financial service firms, for example, have
application communication backbones. Instead of specifying a single
platform or solution through which applications communicate (creating
a centralization burden and risk), a backbone is formed by defining a
set of standards through which applications communicate -
distributing the responsibility for following the standards to each
application group, division, or project (see Figure 3).
Typical backbones include standards for transport, protocol,
encoding, description, location, and sometimes even data semantics.
Any application that obeys these common standards is, by definition,
"on the backbone." By having multiple applications obey these common
standards, any application on the backbone can now communicate
directly with any other application on the backbone.
A backbone model has a number of significant advantages. It allows
for a clear division of responsibility. It requires no single vendor
or point of failure/risk. Backbones provide reuse of integration
points across projects. Backbones scale effectively to the largest,
most complex IT environments on the planet.
With all of these enterprise advantages, though, how do backbones
work at the project level? With the right tools in place,
backbone-based integrations are as fast and cost-effective to
implement on a project-by-project basis as point-to-point
integrations - precisely because backbones are built incrementally on
a project-by-project basis.
All the advantages and none of the problems - why doesn't everyone do
integration using an integration backbone? The answer is hidden in
the last paragraph: "with the right tools in place...." Large IT
organizations have the resources to custom-build the tools,
frameworks, and infrastructure needed for the organization's custom
backbone standards. Once these tools are built they can be
effectively leveraged across the entire organization to dramatically
reduce integration cost and time - but the cost of building a good
custom toolset is typically prohibitive for all but the largest
organizations.
What About Web Services?
Web services are a collection of related Web standards for transport
(HTTP, SMTP), protocol (SOAP), encoding (XML), description (XSD,
WSDL), and location (UDDI). Essentially, Web services form a core set
of backbone standards - an "out-of-the-box" backbone.
Web services give you the standards, but the magic equation for
forming a backbone is backbone = standards + tools; what about the
tools? Because of its broad industry adoption, this is where Web
services shine. By the end of this year most, if not all, tools and
platforms will support Web services. Today, you can choose Web
services-enabled tools such as Visual Studio .NET or Borland
JBuilder. You can choose Web services-enabled platforms such as .NET
Server, BEA WebLogic, or IBM WebSphere. If you want to leverage your
existing tools, you can use free or open-source technologies such as
the Microsoft SOAP toolkit or Apache SOAP. The choices are limitless.
But, beyond tools and platforms, most packaged application vendors
have announced support for Web services. This means that, once
available, these applications will plug almost directly into a Web
services backbone with no custom coding - something not possible with
custom backbones.
Web services are a set of standards and tools that make backbone
integration available to every organization, large and small. With
the tools readily available, a Web services backbone can be built up
incrementally, on a project-by-project basis, without the need for a
"big bang" implementation. This essentially lets you begin deploying
Web services as part of point-to-point integration projects, and then
seamlessly scale these up to a complete Web-services backbone.
Of course, you have the option to define a custom set of standards
for building a backbone, so let's recap why Web services form the
most effective choice for a backbone:
Web services allow you to consolidate B2B, HTML, and
application integration projects to use a single set of compatible
standard technologies.
Web services have achieved broad industry adoption. Most
future purchases of packaged applications, tools, and platforms will
be Web services-compatible. No single vendor is in control of the
standards.
Web services have a low cost of entry because all of the
necessary software - TCP/IP, HTTP, XML, etc. - to get started is
already available on virtually every machine.
Because Web services technologies are based on XML, HTTP, and
other "text-based" standards, the cost of administration is very low.
For example, instead of needing specialized custom tools to monitor
Web services (which would be required if Web services were a
complicated binary protocol), any simple tool for packet sniffing
makes it easy to monitor how Web services interact.
Web services can be deployed incrementally, on a
project-by-project basis, but scale up to a large enterprise
backbone. This reduces the risk of adopting Web services, while
improving the costs on a per-project basis as well as enterprise-wide.
But we already paid for XYZ, why do we need Web services?
There's a lot of hype and misunderstanding in the marketplace about
what Web services are. Depending on who you talk to, Web services are
the savior of software, the nirvana of networks, the best thing since
sliced bread, or just another technology being forced on customers to
replace what they bought last year. Web services aren't necessarily
any of these, so understanding how Web services already complement
your enterprise's existing tools, platforms, and technologies is
important. Let's look at some common objections.
We run MQSeries, so we don't need Web services.
MQSeries is a reliable message transport that complements Web
services. By analogy, if MQSeries is the telephone network, Web
services is the language spoken by callers. An effective conversation
can't take place without both. Depending on your needs, you might
choose HTTP as a transport for Web services where reliability isn't
critical but low cost of deployment is, and you might choose MQSeries
as a transport for Web services in other cases where you need
guarantees of once-only message delivery. Web services standards are
flexible enough to allow you to choose the transport that best suits
your needs. Many of the tools already on the market, in fact, support
MQSeries as a Web Service transport.
We have a business process management system (BPMS), so we
don't need Web services.
BPMS defines business processes that coordinate operations across
different business services. But how do you make those services
available to the BPM engine? One choice is to use a proprietary set
of adapters that the BPMS vendor sells - but this is costly,
complicated to implement, and the only system in the enterprise that
will be able to leverage this work is the BPMS itself. Alternately,
if you publish the business services as Web services, then not only
can the BPMS use the services, but any other application that needs
to leverage them can also do so. Using a BPMS in conjunction with Web
services is the most cost-effective way, both short and long term, to
build your enterprise infrastructure.
We have an application server/portal/integration solution, so
we don't need Web services.
As with BPM solutions, Web services are not about how you define,
combine, or use services (which is what application servers, portals,
and integration solutions are all about), but about how you access
services. You always have the choice of accessing services through
custom-built code or tightly coupled proprietary adapters with any of
these solutions. But these custom vendor-specific solutions are
expensive, available skill sets are limited, and they don't easily
scale to broader use. Alternately, you can access services using Web
services standards, which provide a cost-effective, vendor-neutral,
scalable solution for accessing services. Web services are the most
effective way to leverage use of your application server, portal, or
integration solution.
Web Services Sound Great, but...
With all the advantages of Web services, what are the downsides?
There are really two issues to consider. The first is that your
enterprise may have already invested hundreds of thousands to
billions of dollars in applications that aren't Web
services-compatible - and these applications aren't going away. How
do you leverage these existing assets without rebuilding them and
without truckloads of hand-coded Web service wrappers? Second, even
when you get some of your existing applications published as Web
services, these applications - not having been built on Web services
standards originally - are likely to have their own security and
management systems. Even for native Web services, there are multiple
competing standards for such things as security. How do you provide a
consolidated single model for security and single point of management
for your emerging Web services backbone?
Luckily, an emerging category of software, Web services gateways,
addresses these issues. Web services gateways allow existing non-Web
services applications to be published as if they are natively written
Web services. At the same time, these gateways act as a single point
of management that transparently adapts between the standards you
choose for your backbone (security, reliability, transport,
semantics, etc.) and the standards used by the applications
themselves - at the application level they serve much the same
purpose, in concept, as a multiprotocol network router for low-level
network traffic. This allows you to have a well-defined and
manageable backbone, while at the same time supporting the diversity
of your application portfolio. The best Web services gateways are
totally transparent to the applications, requiring no application
changes or modifications while providing the infrastructure for
mapping between different standards in each area (security,
transport, etc.) with the flexibility to accommodate your unique
environment, now and in the future, with little or no hand-coding.
The Venus Flytrap
Web services have tremendous possibilities when deployed well, but
there are some pitfalls that can cripple your ability to derive
long-term benefits from them. Even though you're going to start
small, you need to think ahead. If the long-term goal is to have a
unified Web services backbone, don't make choices now that will
hamper your ability to reach this goal in future. The two key traps
to avoid here are:
Don't fall for "Web services lip service": Some vendors will
try to convince you that they support Web services standards, but to
gain the real advantages of their solution you need to use their
proprietary, nonstandard capabilities, or deploy their proprietary
software together with each application (giving them total control of
the backbone). This approach locks you into the vendor's proprietary
solution - whether it's Web services-based or not. Once you choose to
go down this path, there's no easy way to turn back.
"The great thing about standards is that there are so many to
choose from." Defining a Web services backbone means that you will
need to choose from among the various options for security standards,
transports, etc. These decisions should not be made on a
project-by-project basis; other -wise, you may end up with as many
differences as there are similarities - your backbone may be all Web
services-based, but no applications can talk to each other. Make sure
to choose a cohesive set of standards and stick to them. This will
allow the individual projects to, over time, form the basis for your
common Web services backbone.
Conclusion
Web services can be deployed initially at low risk and at low cost.
At the same time, a thoughtful Web services enterprise architecture
plan, begun now, can enable your enterprise to gain significant long
term advantages in terms of cost reduction, flexibility, scalability,
and responsiveness to changing business needs. Make it happen!
Subscribe to SOA World Magazine Email News Alerts
Subscribe via RSS
