SOA: A Governance Nightmare

How do you protect and connect applications as services across departmental and organizational boundaries in a flexible and scalable way?

By Sue Bushell
Tue, April 03, 2007

CIO Australia — As a graduate student years ago, Layer 7 CTO Dr Toufic Boubez used to have a poster on his wall that read: "A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable."

That about sums it up, really, doesn't it? In a few neat words, the poster suggests both how long flexibility has been a dominant theme of software engineering, and — given the vehement response the slogan still gets in seminars and presentations — just what an elusive goal flexibility remains even today. Indeed whenever Boubez repeats the slogan, people all around the room nod their heads in agreement, suggesting brittleness remains one of software implementers' most dominant preoccupations.

Whatever the promises of SOA, the reality is brittle interconnections with coding of each endpoint

In theory, of course, service-oriented architecture (SOA), along with its implementation technologies like Web services, should deliver that long-desired business agility. With an SOA in place, users should be able to look forward to just-in-time integration, more flexible systems achieved by loosening the coupling between software components, reuse of software components across diverse business processes, and late binding and platform interoperability.

Yet as anyone who has headed down the SOA path knows, things are very different in the real world, where real applications live. Whatever the promises of SOA, the reality is brittle interconnections with coding of each endpoint. In fact, Boubez says, to date the promise of loose coupling has only ever proved real for the simplest, most "vanilla" Web services, like those with no security requirements. Constraints and capabilities for services have to be hard-coded, while any changes in these preferences will render your own computer unusable.

"The original goal of the service-oriented architecture concept, and its implementation technologies such as Web services, was to build flexible, loosely coupled systems. But any two components in a system that communicate with each other are by definition coupled to a certain extent," he says.

"The fact is that currently the way we build service-oriented architectures using Web services is pretty tightly coupled for anything that is not just plain vanilla-type Web services. [SOA] works well in the lab: that whole trilogy of Publish, Find and Bind using SOAP [simple object access protocol] and WSDL [Web services description language] and UDDI [universal description, discovery and integration] and so on. It works pretty well under very controlled conditions, but as soon as you start deploying that stuff in the real world — where you need to deal with issues like security models, like identity issues, like access control, encryption, confidentiality, integrity, even routing and encapsulation, all that kind of stuff — there is absolutely no way to deal with it properly right now using any of those mechanisms," Boubez says.

"If you have pilot projects that don't have to deal with these things then loose coupling works pretty well. But any time you have to deal with the real world it breaks down unless you start thinking pretty hard about a policy layer/policy abstraction layer," he says.

So in pursuit of real flexibility, the aim of the game should be to lessen that coupling or, at least, to loosely couple components in systems by removing or lessening the run-time dependencies between them. According to Boubez, the best mechanism to achieve that is to delegate as far as possible the run-time tasks to the infrastructure.

If this is to work, the organization needs to define and automate contracts, requirement and capabilities through a declarative, configurable and manageable mechanism. But while WSDL is the contract language for Web services, Boubez says WSDL is far from being adequate as a contract language for SOA.

Continue Reading

White Papers »
IDC MarketScape: Worldwide Business Process Platforms 2011 Vendor Analysis
This IDC study uses the IDC MarketScape model to assess the capabilities of vendors to support midrange to complex process improvement scenarios using business process management software.
Oracle SOA vs. IBM SOA - Customer Perspectives on Evaluating Complexity and Business Value
With this white paper, Oracle SOA vs. IBM SOA, you'll get a healthy perspective on SOA and figure out which one is best for your organization.
Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives
Download this white paper, Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives, for a guide to governance that will set you on the right path.
Get Serious About SOA Governance: A Five-Step Action Plan for Executives
Download this whitepaper, Get Serious About SOA Governance: A Five-Step Action Plan for Executives to see why many organizations are reaping the rewards of successful SOA transformations and what you need to do to make yours one of them.
Accelerate time to application value
For your IT organization to keep pace with the business, you need a new, faster approach to infrastructure deployment-an approach that increases agility and accelerates time to application value. That's HP Converged Systems. Built on Converged Infrastructure, these systems deliver the industry's first portfolio of pre-integrated, tested, and optimized infrastructure solutions for applications running in virtual, cloud, dedicated, or hybrid environments.
Top 10 Myths About Virtualizing Business-Critical Applications
Even though virtualization has brought positive change to enterprise IT over the last decade, some skepticism remains about how valuable virtualization can be in the way companies deliver and run business applications. Uncover the truth about how you can run your business critical applications with confi dence without sacrifi cing
availability or service quality-and at lower costs.
Webcasts »
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as support considerations
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and disaster recovery and support considerations.
Virtualize Business-Critical Applications with Confidence
Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere® 5, VMware is helping customers accelerate the deployment of business-critical applications, including Exchange, SQL, SAP and Oracle.
Discover the Benefits of Virtualization for Federal Applications
Want to say goodbye to missed SLAs? VMware can help you virtualize mission-critical applications such as Oracle, MS Exchange and SharePoint to achieve dramatic improvements in uptime, performance and responsiveness. In this webcast, we'll discuss the key benefits of virtualizing your agency's most critical applications and Oracle databases as a necessary first step in fulfilling OMB's mandate to move IT services to the cloud. With VMware, you'll be on the way to quick, effective and full compliance.
When Java EE Is Overkill: Lightweight Application Server Benefits
The complexity, cost and technological bloat of traditional Java EE application servers are often barriers to running a lean and efficient IT organization. Increased need for scalability and rapid application delivery are driving businesses to reconsider the platform they use for application deployment. By combining the portability and agility of the Spring framework with a lightweight application server, your organization can meet business demands while staying within budget constraints. VMware vFabric™ tc Server is a modern, lightweight Java application server based on Apache Tomcat. It improves developer productivity, control and manageability-and is the most flexible platform for virtualizing Java applications and workloads for the cloud. View this webcast to learn about real-world examples of companies that have adopted VMware vFabric tc Server and how to plan for future cloud deployments.
Introduction to VMware vCenter Site Recovery Manager 5
Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to expand disaster protection beyond their most critical applications, largely because they are uncertain whether the quality of the protection is really worth its cost. VMware vCenter™ Site Recovery Manager 5 is the market-leading disaster recovery product that addresses this situation for organizations of all kinds. It complements VMware vSphere to ensure the simplest and most reliable disaster protection for all virtualized applications.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

IDC MarketScape: Worldwide Business Process Platforms 2011 Vendor Analysis

Oracle SOA vs. IBM SOA - Customer Perspectives on Evaluating Complexity and Business Value

Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives

Get Serious About SOA Governance: A Five-Step Action Plan for Executives

Accelerate time to application value

Top 10 Myths About Virtualizing Business-Critical Applications

The Hidden Truth About Virtualizing Business-Critical Applications

Enterprise Java Applications on VMware: Unix to Linux Migration Guide

Virtualizing Tier 1 Applications: A Critical Step on the Journey Toward the Private Cloud  

Best Practices Guide: Microsoft Exchange 2010 on VMware

Google: Security for Google Apps Messaging & Collaboration

Forrester: Economic Impact of Switching to Google Apps

ESG Analyst White Paper - VMware's vSphere Storage Appliance: High Availability for Small IT Operations

Lightweight Application Development Systems Ride the Cloud: IDG Report

Modernizing Application Platforms for Cost-Effective Cloud Readiness

VMware View Optimization Guide for Windows 7

VMware View Optimization Guide for Windows 7

A Guide for Enterprise VMware ThinApp Deployments

NetApp, VMware, Cisco, Wyse, Fujitsu 50,000 Seat VMware View deployment

Licensing for SaaS Applications: ISVs Take to the Cloud
Resource Center
buy a link »
Ads by TechWords