An interesting topic which I had not considered is the effect of the cloud on today's kids. The Happy. Healthy. Life. blog tackles this fascinating issue. Many parents have age limits on social networking, but at what cost: sites which use the cloud (Facebook, Twitter, Whrrl, etc) bring people close to together. But there are still privacy and security issues involved, two areas that are still immature in the Cloud. As the blog states, a happy medium of cloud usage is the key.
Joe McKendrick writes that now may be the right time for all the SOA startups. This is truly a great time to start a startup. The problem? Funding. Try getting VC funding right now on a technology which has received a lot of press for its 80% failure rate. The financial industry, which would benefit greatly from SOA with all the current mergers, have not been big adopters. Instead of startups for SOA technology, I believe we will see more startups using SOA technology. By using cloud computing (such as Amazon) to provide storage, data storage, etc. on a much cheaper basis than having to build out that yourself.
Sometimes I wonder if Larry Ellison knows that Oracle has been seeding the cloud. Ellison said Oracle will not invest in cloud computing centers, which is not Oracle's expertise. However, there are lots of companies making money on the cloud. Amazon for one. And we know Oracle delivered AMI's for one reason -- $.
Vendors continue to rush to unveil new SOA products and add-ons, obviously a positive sign for the technology. Software AG unveiled webMethods SOA Suite which is the webMethods "ESB". Whether this is a true ESB, or rebranded old technology as I suspect, remains to be seen. Software AG has been partnering with Layer 7 to expand their SOA exposure. But as KPI advises, go with Oracle or IBM if you are looking for complete SOA solutions.
Mule Xpack for Intel(R) XML Software Suite is a set of Mule extensions that significantly improve XML processing performance for SOA deployments. XML processing performance, as we know, needs a lot of improvement. There needs to be an industry XML binary standard. But until then, the likes of StAX and Intel XML Software Suite will need to do. Intel's XML Software Suite provides thread safe and efficient memory utilization, scalable stream-to-stream processing, and large XML file processing capabilities. XPack can be used for XML parsing, XSLT transformations, and XPath evaluations. As always, however, KPI recommends that you do not use open source SOA products for your enterprise.
Sure, it has been available in a feature pack, but IBM's feature packs do not have the same quality as a GA (in general). The adoption of WAS7 will further push organizations into the SOA World. The current version of WAS has become badly outdated, relying on the extremely slow JAX-RPC. And with so many "IBM shops" out there...
Oracle is entering the cloud. They will deliver a set of free Amazon Machine Images (AMIs), enabling customers to deploy Oracle solutions on EC2. Using these AMIs, new virtual machines can be provisioned with Oracle Database 11g, Fusion, and Oracle Enterprise Linux. Oracle is also introducing a secure Cloud-based backup solution: Oracle Secure Backup Cloud Module, based on their tape backup management software, to enable customers to use S3 as their database backup destination. The Oracle Secure Backup Cloud Module also enables encrypted data backups to help ensure complete privacy in the Cloud environment. It's fully integrated with Oracle Recovery Manager and Oracle Enterprise Manager, providing users with familiar interfaces for Cloud-based backups. Secure, encrypted backups is an absolute necessity when running on a public cloud.
Parasoft and AmberPoint announced closed-loop integration between their SOA quality and runtime governance solutions. The integrated Parasoft-AmberPoint solution promises to automatically emulate services based on real-world historical data collected from the runtime environment. The advantages are obvious -- testing complex distributed SOA systems is one of the main challenges of SOA.
Amazon, the undisputed king of SOA, will begin a pay-as-you-go content delivery service. How simple has Amazon made it? You start by storing the original version of your objects in Amazon S3 to ensure they are publicly readable. Next, a simple API call registers your bucket with the new content delivery service. This API call returns a new domain name for you to include in your Web pages or application. When clients request an object using this domain name, they will be automatically routed to the nearest edge location for high performance delivery of your content.
Here are the slides to Linthicum's speech "SOA from the combat zone" at the InfoWorld SOA conference in NYC. KPI finds that Linthicum's basic principles are correct but often ignored by companies. One instance where Linthicum is simply wrong: when he states 'do not let consultants or vendors drive the project.' Your SOA project will have a much better chance of success if you let IBM Global Services or Oracle drive. Why? Because they have the experience of many SOA projects already behind them. Likewise, an experienced SOA consultant can bring a wealth of knowledge from different projects and different vendors. The last thing you want to do is to use in-house developers. In fact, the most successful SOA projects are ones that start with a change at the C-level, followed by imported SOA architects and developers to augment and teach the in-house staff.
Morph Labs has launched Morph AppClouds, a PAAS (platform as a service) built using Amazon Amazon Web Services (Amazon EC2 for virtual servers, as Amazon S3 for storage). Through the Morph Labs Web interface, users choose the components they require for their specific environment using drag and drop. With one click deployment, the cloud is provisioned, configured and dozens of technologies are enabled to form a comprehensive end to end environment for the deployment, delivery and management of Web applications. Cloud computing is progressing at a fast rate -- from both vendors and business. I would like to see more attention paid to security and the ability to access the online data offline if the cloud goes offline (that is being worked on) as these are the two main barriers of entry for many companies.
The Roosevelt Hotel hosts the InfoWorld SOA Executive Forum September 16th and 17th in NYC. David Linthicum presents "SOA in the Combat Zone: How to Succeed with SOA the FIrst Time, and Never Make a Mistake" on the 16th at 8:45am. Another good talk will be on 16th as well in the afternoon: "SOA Security: Why the Old Rules Won't Work". TheSOABlog will be following this conference -- check here for updates.
EMC, IBM, and Microsoft announced a joint specification on interoperable Web Services for enterprise content management. The companies intend to submit the Content Management Interoperability Services specification to OASIS (Organization for the Advancement of Structured Information Standards) for advancement through its rigorous standards development process. Currently, companies waste a lot of money in productivity on content management. There are several advantages (1) An open specification will result in a higher knowledge based as developers are tied to a vendor specific implementation (2) Organizations with multiple CMS systems will be able to integrate the data more easily (3) Web Services will be decoupled from the CMS database.
As some readers may know, I was on the initial development team of the IBM WebSphere product at Transarc/IBM. I have worked with the IBM Hursley lab and other non-IBM UK based companies. There is a great divide between America and the UK on software process. The UK embraces it, while American managers, in general, tend to make penny fool decisions on the matter (as additional evidence, the UK spends more time reading TheSOABlog than the US!). As the leader of KPI, I stress to our clients that a good process and SOA governance is critical in large SOA systems. Without it, your SOA implementation will fall into the 80% failure bucket. Imagine the scenario where you need to evolve your service version to a new version. Remember that in SOA, a service provider should be decopuled from a service consumer. How does a service provider advertise it's expiration date, if any? How does it advertise a new version? How is service created or retired? Which brings us back to the UK, where the Hursley lab has been instrumental in WSRR, IBM's registry and governance tool. After an organization has the proper mindset on process and governance, they need to pick a tool. KPI recommends WSRR (there are other tools we like also) as it gives business the opportunity to create their own governance model that supports the process and governance needed for a large scale SOA deployment. If you are using the IBM stack, it is also becoming increasingly integrated into DataPower and WebSphere.
KPI always advises our customers to be on the lookout for SOA vendor spin, especially vendors putting the SOA label on old technology. This vendor-written article on the benefits of open source SOA is just one example. The spin begins in the second paragraph: "Open source has become a staple of enterprise-class IT as concerns about stability, security and support fall away." These concerns are, if anything, growing -- especially in the area of security. Fortify has shown that some of the most popular open source systems are exposing businesses and users to "significant and unnecessary business risk." The article then goes on to advocate open source for your ESB and governance, calling it a "good and affordable option." Both claims are ridiculous. In high throughput enterprise level environments, you need an enterprise quality ESB and enterprise level support. Open source might be free, but if you use it for an emerging technology such as SOA, you will pay more in the long run. KPI has seen it happen over and over.
UPDATE: if you still trust Google's cloud, read this

With cloud computing gaining momentum, the need to protect your private data is more important than ever. Did you know the Feds are using Facebook, where you can easily create a fake profile for someone, to help decide who poses a threat to national security? With Facebook, Whrrl, and Twitter becoming tightly integrated into the cloud -- the need to protect your privacy increases. This brings us to who wants to become the biggest cloud of them all: Google. The world's largest search engine stores private data - it's one of the reasons they target ads so well. Privacy and security lags significantly behind other components of SOA and the cloud. KPI recommends to our customers some basic steps to take: (1) always browse in 'private' mode, a feature in Safari and the new Microsoft browser (2) aggressively search for false Wikipedia, Facebook, etc. entries and (3) use high privacy/security settings in applications and browsers. You would be shocked to find out how even these little things are not done.
Active Endpoints released version 6.0 today. ActiveVOS allows you the build service orchestration and BPM applications using open standards. It was selected by the FBI for orchestration as part of a 10 year contract awarded to Lockheed Martin. ActiveVOS is also used by Toyota (Toyota is a big believer in SOA).
IBM correctly summarizes one of the best IBM best practices in a recent whitepaper: "To achieve a successful (SOA) deployment, a core architecture leadership team must first be established to ensure consistency of efforts and direct the vision of the architecture." IBM's five best practices: (1) deploy architecture with a vision for the future. KPI's experience is creating services and WSDL's with the future in mind is essential (i.e. use the extension pattern as Amazon does). (2) Foresee linkages from IT to your business processes. (3) Create an organizational structure to support SOA. KPI finds that SOA must be supported and the organization structured to support SOA (such as governance) or else your SOA deployment will fail. (4) Build a scalable infrastructure (5) Enable operational visibility on governance and service management. Again, this starts at the C-level.
Motley Fool has a spot-on article regarding the business and investing side of cloud computing. First, Motley states the recent outages from Google, Apple (.me), and Amazon (two hour cloud outage) shows businesses should not be running their business on the Internet quite yet. That is obvious. Much more importantly, Motley Fool also calls you "crazy" if you're not betting on the cloud as an investor. The reason? Google, Apple, and Microsoft are all working to offer offline access to their online data. Google is working on this with Gears, Adobe has the AIR runtime, and Microsoft, of course, has Silverlight.
The technology behind Google's new browser is a step forward for WOA. The thread and memory management was built in such a way to better support WOA and web services, unlike the current browsers which rely on legacy code. FireFox, for example, is well known to freeze when too many tabs are open with Flash components. Google's intent can be seen on the home page, where a number of independent web pages can be seen at a glance. SOA has been receiving a lot of negative press for its 20% success rate. While usually due to overreaching implementations and bad people, Google (which has lagged considerable on web services behind Amazon) just gave a WOA a big boost. This will help WOA by forcing Microsoft to get more involved in WOA/SOA.
On the heels of Progress buying MindReef and IONA, Oracle has acquired ClearApp. ClearApp monitors SOA performance and tracks runtime environment changes to ease the burden of finding application and performance problems in complex SOA environments. ClearApp also supports WebSphere. In some SOA environments, "IBM shops" using WebSphere might now use three components from Oracle: Tangosol, ClearApp, and DB. Oracle is clearly positioning themselves to have a homegenous solution in order to siphon market share from IBM. Good move, Oracle. Your turn, IBM.
SOA has their own set of security vulnerabilities. Besides vulnerabilities such as weak encryption that have been faced before, new ones such as replay attacks must be considered. Fortify 360 is one tool to look into for help with these issues. Most importantly, think about security from the start. Your performance metrics might go from acceptable to not once you go from weak to strong encryption, for example. And that could trigger a vicious cycle where you need different hardware or tweaked architecture.
SAP will have new enhancements by December geared towards SOA, reports Computer World. The "more consumable" features of SOA will have service definitions.