Calling all integration experts!

Remember the old Universal Translator as modeled here by the late Mr. Spock? One of the first (or perhaps future?) examples of integration solutions, and certainly one of the most fondly rememberehttp://zagg-blog.s3.amazonaws.com/community/blog/wp-content/uploads/2012/03/12581.jpgd! But at its heart, it is also an almost perfect representation of the integration challenges today. Many years ago, there was EAI (Enterprise Application Integration) which was all about integrating homegrown applications with purchased package applications and/or alien applications brought in from Mergers and Acquisitions activity. The challenge was to find a way to make these applications from different planets communicate with one another to increase return on assets and provide a complete view of enterprise activity. EAI tools appeared from vendors such as TIBCO, SeeBeyond, IBM, Vitria, Progress Software, Software AG and webMethods to mention just a few.

Then there came the SOA initiative. By building computer systems with applications in the form of reusable chunks of business functionality (called services) the integration challenge could be met by enabling different applications to share common services.

Now the eternal wheel is turning once again, with the integration challenge clothed in yet another disguise. This time it is all about integrating systems with completely different usage a resource characteristics such as mobile devices, IoT components and traditional servers, but also applications of completely new types such as mobile apps and cloud-based SaaS solutions. In an echo of the past, lines of business are increasingly going out and buying cloud-based services to solve their immediate business needs, or paying a third-party developer to create the App they want, only to then turn to IT to get them to integrate the new solutions with the corporate systems of record.

Once again the vendors will respond to these user needs, probably extending and redeveloping their existing integration solutions or maybe adding new pieces where required. But as you look for potential partners to help you with this next wave of integration challenges, it is worth keeping in mind possibly the most important fact of all; a fact that has been evident throughout the decades of integration challenges to date. Every single time the integration challenge has surged to the top of the priority list, the key differentiator contributing to eventual success is not the smarts built into the tools and software / appliances on offer. Rather it is all about the advice and guidance you can get from people with extensive experience in integration challenges. Whether from vendors or service providers, these skills are absolutely essential. When it comes down to it, the technical challenges of integration are just the tip of the iceberg; all the real challenges are how you plan what you are going to do and how you work across disciplines and departments to ensure the solution is right for your company. You don’t have the time to learn this – find a partner who has spent years steeped in integration and listen to what they have to say!

Why enterprise mobile applications need an mBroker – part 2

mobile marketingThis is the second in a series of posts about the mBroker, an essential component of enterprise mobile application deployments.

The previous post discussed the general need for broking services to handle differences in mobile and corporate application environments. In this post we will look more closely at the security issues that mBrokers address.

Mobile applications are often written in the REST style using JSON as a format, because these mechanisms are simple, lightweight and perfect for the limited resources available to mobile devices. However, when these applications need to use corporate applications and APIs it can open a number of security holes. For starters, in the corporate SOA world integration is usually addressed through SOAP-based messages and web services. SOAP messages are usually encrypted, and there are extensive security protocols built into the web services standards specifications such as WS-Security. But the REST style of programming has little in the way of security protection; after all, REST is basically calling up URLs in a similar fashion to when you are surfing the net. This means that data may be ‘in the open’ and therefore exposed to prying eyes, and also intercepting the data and injecting malicious content is relatively easy.

The mBroker security services address these issues. For example, policies can be put in place so that sensitive information can be detected and secured, and the traffic can be scrutinized on entry to the corporate network for any injected threats or attacks. For example, content might be restricted to a small set of QueryString parameters, headers may be inspected to identify the type of data expected, and so on.

The other tricky aspect of securing enterprise mobile applications is the authentication and identity management area. As touched on in Part 1, OAuth is a loose standard providing a mechanism for delivering a level of authorization in the mobile world. In essence, resource owners authorize other services to use only that set of resources required for the task. The idea is that instead of having to log in everywhere, exposing your userid and password to different third party systems, the OAuth mechanism enables you to share a token with the service providers that restricts access. However, OAuth is quite new. OAuth was a typical web-based user-driven project which has now been developed, with OAuth 2.0, into a wider reaching standard specification. Not all of the web community are in favour of this wider direction, and the fact that OAuth 2.0 is not backward compatible with OAuth has not helped the situation at all. As a result different third party environments may not support OAuth at all or may support different levels.

Again, this is ideal territory for the mBroker. The mBroker can provide consistent OAuth implementation across all services, as well as bridging between OAuth and non-OAuth forms of authentication as required.

So mBrokers provide the mechanism to ensure that mobile enterprise applications do not compromise your corporate security goals.

webMethods gets MDM with Data Foundations acquisition

Software AG, the owner of the popular webMethods suite of SOA and BPM products, has acquired Data Foundations, the US-based Master Data Management (MDM) vendor. This is a great acquisition, because the single version of the truth provided by MDM technology is often an essential component of business process management applications.

The only issue is that there is an element of catch-up here, since major BPM/SOA vendors like IBM and Oracle have had MDM capabilities for some time. But putting that aside, the fit between Data Foundations, Inc. and Software AG looks very neat. There is no product overlap to worry about, and the Data Foundations solution excels in one of the key areas that is also a strength for Software AG – that of Governance. Software AG offers one of the best governance solutions in the industry, built around its CentraSite technology, and Data Foundations has also made governance a major focus, which should result in a strong and effective marriage between the two technology bases. From a user perspective, MDM brings major benefits to business process implementations controlled through BPM technology, because the data accuracy and uniqueness enables more efficient solutions, eliminating duplication of work and effort while avoiding the customer relations disaster of marketing to the same customer multiple times.

Good job Software AG.

New Lustratus Research Report – A Competitive Review of SOA Appliances

Just a short note to say that I’ve uploaded a new report to our web store at lustratus.com.

The report, entitled A Competitive Review of SOA Appliances focuses on Intel’s SOA Expressway, IBM’s DataPower range and Layer7’s SecureSpan SOA Appliance. In the report I compare and contrast the technical and strategic approaches each vendor takes to addressing the task of creating, managing, accelerating and securing a service oriented architecture using appliances.

The report can be found here.

Steve Craggs

2010 crystal ball gazing

crysalballLustratus has just published the 2010 edition of its popular infrastructure software market predictions. This year, highlighted areas include BPM, BRMS, Cloud Computing, SOA Appliances, Integration, Security and even software patent litigation.

Every year Lustratus goes through this exercise, trying to identify the key trends for the year. Perhaps the most traumatic part of the forecast is the scoring of the predictions from the previous year – always an opportunity for embarassment. Fortunately, Lustratus has had a pretty good record over the years.

This year Lustratus is highlighting trends such as the continuing success of business alignment software like BPM, the effects that Cloud Computing is likely to have on the market, the resurgence of interest in good old integration. The Lustratus predictions can be downloaded at no charge from the Lustratus web store.

Steve

Progress Software acquires Savvion

handshakeSo Progress Software has bought yet another software company; this time a BPM vendor, Savvion. But is this the right move for Progress?

Progress Software has spent most of its life growing through acquisition, making use of the piles of cash generated by its legacy mid-range database product to find new areas of growth. After all, the legacy business may be highly profitable, but its returms are dwindling by the year and Porgress desperately needs something else to shore up its balance sheet. Unfortunately its acquisitions have had a bit of a patchy record of success. Perhaps it will be different this time.

Savvion is a credible BPM (Business Process Management) software provider, and 2009 was a bumper year for BPM sales. Specialist companies like Pegasystems and Lombardi showed huge growth rates, bucking the downward trend triggered across many technology sectors by the economic upheaval. On top of this, Progress has been trying to establish itself as a viable SOA (Service Oriented Architecture) and business integration vendor ever since it launched the Sonic ESB in the early years of the last decade, and BPM was a glaring hole in its portfolio. For these reasons, it is easy to see why Savvion would seem a good fit.

There seem to be two problems for Progress, however. Firstly, BPM is now rarely a solution bought in its own right – hence the rapid consolidation of the BPM market with Pegasystems more or less the only major oure-play BPM left standing following IBM’s acquisition of Lombardi. Instead, BPM is deployed more and more as part of a business transformation strategy involving components such as SOA, application and data integration, business rules, business monitoring and business events management.  Secondly, the gorillas in the space are now IBM, Oracle and SAP. These companies all offer a full suite of products and more importantly services based around BPM and the rest of the modern infrastructure stack. Companies such as Software AG, TIBCO and Axway form a credible second tier, too.

In previous acquisitions, Progress has treated each acqusition as purely software products. This is not surprising, since selling databases is more about selling products than selling solutions. However, it is this factor that has been at the root of the patchy performance of Progress acquisitions. For instance, the Data Direct division of Progress, where it placed a number of acquisitions in the data space, has fared reasonably well. This is because it is more of a product business. However its attempts in areas such as ESBs and SOA governance have suffered due to a seeming reluctance to embrace a more industry-specific, services-based solution model.

With its acqusition of Savvion, Progress once again has the chance to try to show the market that it has learnt from its mistakes. BPM is absolutely an area where companies need to be offered solutions – products together with services and guidance to develop effective and affordable business solutions. It will be hard enough for Progress to cut a share of the BPM pie with all the big players involved, but it does have one outstanding advantage; it has a strong and accessible customer base in the mid-range market where the larger companies struggle. However, if it fails to take on board the need to hire industryvertical skills and solution-based field and service professionals then this acquisition could prove to be yet another lost opportunity.

Steve

TIBCO 1Q09 earnings will make interesting reading

In a week’s time, TIBCO Software will release its earnings figures for its 1Q09 quarter ending March 1st.

These earnings should make interesting reading, and will start to indicate how well the company is standing up to a number of squeezes on its business. TIBCO has been caught recently in a two-way fight with both traditional and new-wave vendors. On the one hand, it sees a key growth market as the general area of SOA, BPM and wider business integration where it is having to cope with the IBM steamroller, while on the other its ‘traditional’ market of core messaging for financial services front-office needs is coming under attack from new market entrants with radical shifts in technology.

IBM goes from strength to strength with its SOA / BPM WebSphere product suite, claiming throusands of deployments, and was always going to be a hard fight for TIBCO. The new TIBCO ActiveMatrix architecture is an attempt to fight back, but it remains to be seen how effective this approach might be. Perhaps more worrying for TIBCO is the surge of new competition in the high-speed financial messaging marketplace, where companies such as 29West and Solace Systems have emerged with messaging offerings that outperform traditional TIBCO Rendezvous messaging. The TIBCO response has been to partner with Solace Systems to produce a messaging appliance that implements Rendezvous software in hardware, since it recently claimed that

Software has reached its limit in ultra-low latency messaging, focusing increasing importance on the hardware “plumbing” to deliver future performance increases.

This brings TIBCO into competition with appliance offerings from Solace Systems, Tervela and IBM (DataPower). However, other vendors have taken a different approach to the performance issue in these highly demanding financial messaging markets, instead revolutionising the messaging architecture to generate the necessary high performance figures through software. Offerings have appeared from companies such as 29West, who pioneered this approach, and latterly IBM (LLM), with even NYSE promising to get in on the act.

So this set of TIBCO results are likely to be even more closely scrutinized than previously. Is the TIBCO strategy working, or is the company getting more and more squeezed? Technologies such as BPM seem to be riding out the recession particularly well, but will TIBCO show similarly resilient figures? Has TIBCO’s admission that Rendezvous software is out of steam carried its customer base across to the idea of appliances, or is it going to open the door to competition? It certainly looks like 2009 will be an interesting year for TIBCO.

Steve

Microsoft and ESBs – what a shame!

I was recently doing some research into the latest state of play in the Enterprise Service Bus (ESB) market, and decided to take a look at Microsoft’s ESB – or rather its pretend ESB.

I had never been sure about Microsoft and SOA- it tends to focus instead on BizTalk and the Microsoft world. However, recently I have heard a lot of encouraging noises from Microsoft about its belief in SOA, and how it sees BizTalk as a key component in an SOA architecture for application design and deployment. But I must admit I had not realized that Mircosoft gave any credence to the ESB concept.

With an element of hope I delved into Microsoft’s ESB stuff – only to be disappointed to discover it is not an ESB product at all, but ‘ESB Guidance’, a collection of samples, templates and artifacts to deliver ESB functionality. In essence, Microsoft does not yet acknowledge the existence of the ESB class of product, preferring instead to take the old IBM line of a few years back pretending that an ESB is a style of implementation rather than a product. However, I thought, this doesn’t really matter as long as Microsoft offers ESB functionality, however it packages it.

But then sad reality dawned. Microsoft ESB Guidance is not even supported. It is a collection of samples and pieces offered on an ASIS basis, take it or leave it. Use it if you like, but don’t come to us with any issues or problems. How disappointing. See the Microsoft Guidance notes –

The Microsoft ESB Guidance for BizTalk Server R2 is a guidance offering, designed to be reused, customized, and extended. It is not a Microsoft product. Code-based guidance is shipped “as is” and without warranties.

So, it looks like Microsoft isn’t really on the ESB bandwagon yet. The new release of BizTalk Server this year may introduce a ‘real’ ESB, but at this point in time Microsoft appears to be paying lip-service to SOA compliance, but not actually doing much about it.

Steve

BPM’s time has come

Could 2009 finally be the year BPM comes into its own? My own opinion is – YES!

This may seem a bit odd – after all, in previous years I have been a bit hesitant about BPM adoption, finding instead that many users were working on lower level integration problems first and then ‘backing into’ BPM. On top of this, with all the trading uncertainty around surely no-one will be rushing to BPM?

In fact, Lustratus thinks that the current economic environment is EXACTLY the right time for BPM. My worries in the past have been to do with people trying to move completely over to a BPM model. This requires a heck of a lot of effort, thought, maturity in process engineering and resources, and can take some time to generate a payback although the eventual gains are admittedly great. However, the current economic situation is forcing people to be much more pragmatic, and it is here that BPM really starts to deliver.

Lustratus recently produced a paper discussing the Lustratus BPM Sweet Spots – five potential targeted uses of BPM technology sorted in terms of speed of return, ease of implementation and overall benefit. A number of these sweet spots represent quick ways to improve a particular process, increasing automation and hence providing the opportunity to reduce people costs. It is this improved efficiency and productivity that attracts companies in the current economic downturn – anything that makes use of what is already there but cuts the staffing bill is almost a no-brainer. In addition, the visibility BPM brings with it into process execution is of enormous use when trying to implement responsible risk and compliance management measures, something greatly desired in the current circumstances.

So, 2009 should be the year when companies turn to BPM – but note the distinction of pragmatic, targeted BPM as opposed to grand BPM strategies that will make everything better ‘sometime’.

Steve

Linux v z/OS on IBM mainframes

Five or ten years ago, this sort of question would have been unthinkable, but now mainframe users are increasingly facing a choice between whether to use Linux on System z or z/OS to host new mainframe workloads.

These new workloads may be the result of a consolidation project, or simply taking advantage of flexible architectures like SOA to utilize spare mainframe capacity, but the decision is not an obvious one in either case.

On the one hand, long-time mainframe guys will say that z/OS has grown up with the mainframe and therefore must be the best choice. But IBM has done a lot to its version of Linux for the mainframe, and Linux bigots will be quick to point out that the license costs will be cheaper and there are strong advantages in standardizing on a portable and flexible operating system enterprise-wide. Worst of all, given the polarized nature of IT in general, the decision makers find it hard to get unbiased advice on such a divisive question.

In the end, the answer to the question of whether z/OS or Linux on System z is better is not surprising – “it depends”. This subject is discussed in much more detail in a free Lustratus report, “Choosing the right SOA platform on IBM System z”, available from the Lustratus web store. While this paper focuses particularly on developing or moving SOA workloads onto System z, the analysis applies to any new mainframe workload. Summarizing the arguments in the paper, the major differences that affect the decision are that Linux is designed to offer a common environment across many platforms, and is thus less attuned to individual platform capabilities by definition, and that whereas Linux has been designed for the ‘server’ model where it is used to operating one type of workload, z/OS has been built to handle multiple subsystems from the start.

The common environment aspect of Linux offers flexibility, helps to drive license costs down and leverages widely available skills. The multi-system capabilities of z/OS combined with its close linkage to the System z platform offer the greatest exploitation of System z facilities. But as always the devil is in the details.

Steve