Printer Friendly

SOA tools--virtually bridging the legacy divide part 3: along with the majors, niche players are perfecting SOA tools. Here's a sampling from some of the better-known players.

The second section of this three-part series, published in the March 2006 issue of KMWorld, detailed nine categories of functionality in which service-oriented architecture (SOA) tools specialize. Those categories include identity and access management, governance, service-oriented management, metadata management, content-aware networking, service consumers, service-oriented process, semantic integration and service-oriented integration. This concluding part highlights a specific SOA tool in each category, to give readers an idea of what vendors are providing in their respective spaces.


Identity and access management

Layer 7 Technologies ( SecureSpan product suite provides firewalls that screen XML data passed between composite services or across a process; ensures a consistent user context and identity across security and identity domains; and guarantees the security policies that govern services are consistently applied, even as services interact in enterprise SOA environments.

The SecureSpan Gateway provides hardware-based secure firewalls that screen data passed between XML-based services and other services or XML-wrapped legacy applications in external security and identity domains. It also features a Web service gateway that controls, for instance, user access and authentication across domains, and lets administrators perform activities like auditing transactions and routing services across domains.

The SecureSpan Bridge lets administrators, without manual coding, enable activities like single sign-on, identity federation and non-repudiation when Web services interact with client and portal applications across domains.

Security policies are a subset of governance policies that ID management products also control. SecureSpan Manager is a graphical interface that lets administrators, using workflow-like graphical scripting, centrally define, provision, verify and audit security and connectivity policies across domains and then manage them to ensure compliance.


Daryl Plummer, group VP of software infrastructure at Gartner (, says, "Governance is what operates on policy, and policy enables the guidelines of governance to be ensured, but the tools for both are the same." In addition to policy management, he continues, governance tools could even provide sets of best practices and blueprints for how to set up policies, though few do.

Systinet's ( Policy Manager stresses policy management--it lets users create, manage and comply with SOA policies. To expedite creation, the product comes with a library of predefined policies and performs management and compliance activities like verifying the validity of WSDL and XML Schema so users can access service registries and obtain services as advertised. Because developers can also create custom policies with familiar programming languages such as Java, training them in new languages or hiring specialized personnel isn't necessary.

The product also lets users manage services throughout their life cycle via a policy verification and approval process and a method for associating policies with services and data in registries based on common standards. As a result, users can share, update and reuse policies as they see fit. That, of course, extends to both designtime and runtime policy governance. Policy Manager also works with Systinet's Governance Interoperability Framework (GIF), a program for promoting interoperability between products from key SOA players in the GIF alliance. Once products are interoperable, Systinet can extend policy management across implementations comprised of different vendors' SOA products and into areas like security, messaging and routing that it does not yet address.

According to Jason Bloomberg, senior analyst with Zapthink (, Systinet already has a repository that stores and provides access to SOA metadata like contract and policy metadata. He says Policy Manager now gives the company soup-to-nuts governance capabilities.

Service-oriented management

Management can focus on multiple layers of the SOA infrastructure--for example, services at runtime vs. servers and network operation. AmberPoint ( focuses on the former--it manages services at runtime in production environments. Among its many capabilities, AmberPoint provides links to all services cataloged in registries throughout the enterprise and automatically locates appropriate services when they are needed so they can be accessed from repositories. It also ensures that the correct policies are applied to each service, so that it behaves the way it's advertised in registries and adheres to security and other behavioral rules when deployed in the production environment. The product tells users which policies apply to which services, posts new and changed policies to registries, and retrieves policies cataloged in registries and enforces them at runtime.

Further, it lets administrators monitor services as they interact as composite services from a map-like console on which users can view a graphic representation of linked services during runtime operation. The console shows the availability and interdependencies of deployed services within the overall SOA service network and the name, location and interdependencies of failed services. That way administrators can readily address those problems if the service doesn't fail over to another service.

Metadata management

Infravio's ( X-Registry Platform 5 provides an SOA registry/repository platform for managing individual services as they are created, activated at runtime and versioned. The repository interacts with the registry according to commonly used Universal Description, Discovery and Integration (UDDI) specs, and users access and configure both via Web browsers. For instance, in the repository they can store services, configure service contracts, create new versions of services and indicate what users are authorized to use the services. Registries are directories of all an enterprise's services and their different versions. Via the registry, users can catalog, publish, search, demo and download services for easy service deployment and reuse.

The tool comes in three editions. Catalog contains the registry only; IT Governance contains registry and repository with advanced management features; and Partner lets users readily integrate the registry, repository and management capabilities with external portal and intranet environments. Customers can upgrade from Catalog through Partner as their needs dictate.

Content-aware networking

Conformative Systems (recently acquired by Intel, offers an affordable method of processing XML to improve SOA infrastructure performance without duplicating existing hardware or software. As SOAs and Web services proliferate, XML, the prevalent data interchange standard for SOAs, will become an increasingly large percentage of traffic over networks. That is a problem because XML-based data is denser and more format-intensive than other data types. Not only will the overall volume of traffic over SOA-enabled enterprises increase, it will do so at a faster pace than ever before. Companies that adopt SOA, therefore, can either increase the quantity or quality of their data processing equipment--server software and hardware, like database and application servers, and networking infrastructure software and hardware, like routers, switches and firewalls--and run up software, hardware and long-term management costs, or add content-aware, XML-processing software for a fraction of that total cost of ownership. Otherwise quality of service will suffer and companies will risk alienating customers.

Conformative claims its CSXi server speeds XML processing by 50-fold by using parallel-processing techniques to perform XML-related activities like XML transformation. So, along with better performance and customer satisfaction, companies implementing SOAs achieve a much lower total cost of ownership by eliminating unnecessary equipment and management expenses.

Service consumers

Aside from Web browsers, Adobe ( Acrobat may be the most widely used client in the world inasmuch as it allows users to access and manipulate documents as PDFs on PCs and mobile devices, and thus preserves the text and formatting of the original document. In acquiring Macromedia, Adobe has developed three Acrobat/Flash bundles (Design, Web and Video), which let users similarly capture and reuse multimedia Web pages and video to do document, Web page and postproduction video design. What's more, they can do so from services as well as applications.

Service-oriented process

According to Bloomberg, vendors in this space either evolved their current expertise from mastering composite applications or business process management. Cordys ( specialized in the latter--its Cordys BPM product is a Web services-based, business process modeling and execution product. Without coding, business analysts can use graphical, drag-and-drop modeling tools to orchestrate, compose and choreograph business processes without being overly dependent on their IT departments. For instance, to orchestrate a process, they might include decision branching, event triggers and parallel processing of activities as logic that links and controls interacting services or composite services.

Designers can use Cordys to design and deploy all types of processes involving both people and services--human-to-human, human-to-service and service-to-service. The first, like insurance claims processing, are more time-intensive and complex because they manage events--the activities of the next person in the process, which are dependent on the decisions and actions taken by the previous person in the process. The last, on the other hand, are ideal for processes like buying and selling stocks where the process has to automatically handle huge volumes of transactions, not events, in almost real time. The second might involve a salesperson submitting an order via a process, but activities like inventory checking and invoice generation, which happen later in the process, are done automatically and via service links to other applications.

Cordys BPM also lets analysts simulate process activity in a test environment to identify potential situations where bottlenecks might occur, as well as to analyze a process in production to see if it is performing as designed and tested. The product is also standards-based--BPMN (Business Process Modeling Notation) and BPEL (Business Process Execution Language) compliant, which helps ensure that implementations are future-proof and play well with partners' similarly compliant packages.

Semantic integration

Digital Harbor's ( Professional Information Integration Environment (PiiE) establishes relationships between the same types of data in disparate applications (for example, three different enterprise resource planning systems in a supply chain), so processes that span those applications can use the data in a consistent way. The product, therefore, establishes an enterprisewide information context within which data of the same type can relate and even merge.

That capability lets users look at and leverage data by subject (as it relates to a customer or product or vendor, for example) across applications to make real-time business decisions, manipulate business processes and later find out how and why a process yielded a certain result. Digital Harbor performs semantic integration in the context of developing and deploying composite services so that functionality controlling the data in each system is duplicated by or rolled into the service itself.

The sum of the data relationships that result forms a master taxonomy called an ontology. When users or other services activate a composite service at runtime, the semantic integration server uses the ontology to correlate data so users can employ it to collaborate across the business process in which the composite service is involved.

Service-oriented integration

Sonic ESB from Sonic Software ( is a robust, message-oriented, middleware-based enterprise service bus the company has adapted to integrate with a broad array of legacy applications on disparate platforms (J2EE, .NET, mainframe, etc.), as well as with Web services in an SOA environment to, among other activities, reconcile their disparate data formats and communication protocols so those applications and services can interoperate. Customers can also purchase adapters for various legacy applications to accelerate Web service-based integration with the ESB.

Sonic's ESB especially promotes high-throughput, low-latency communications for SOA environments with rigorous quality of service requirements for quickly moving large volumes of transactions and events among applications and services. It can also accommodate synchronous and asynchronous messaging, as well as publish and subscribe data distribution. Customers can also modify the ESB-centric, SOA integration fabric without altering the operation of applications, services or business processes. Sonic also features guaranteed message delivery, load balancing over clustered servers and management options for performing functions like centralized service activity logging and auditing via a management console.

SOA or bust?

According to various reports by Forrester Research (, the majority of traditional integration projects linking legacy applications in medium and large organizations average about $7 million and take almost two years to complete. That is a major reason why the consultancy estimates that because of its benefits for integration, about 70% of large organizations will adopt SOA by the end of this year.

You might say that SOA tools evolved from the center out in most organizations with vendors first mastering registry, repository, ESB and management infrastructure to catalog, store and expedite interaction of services. Security, management and other tools followed as customers encountered tangential challenges related to those core activities. As a result, those early vendors have the best name recognition in the SOA space. But niche vendors are appearing in the least exploited categories like governance and semantic integration, so the SOA toolset will diversify. For instance, this discussion limited the definition of "governance" to policy management. In fact, there are other aspects of governance like best practices that vendors have largely not addressed yet.

Plummer says, "All vendors are lacking in the organizational, best practices and blueprint areas of governance--instead, in governance of SOA today, it comes down to management of policy."

Likewise, says Bloomberg, semantic integration vendors have barely scratched the surface when it comes to normalizing the meaning of the same type of data in different applications in an SOA environment. So customers will still be challenged in developing a macro design for, as well as in interpreting the meaning and leveraging the enterprise context of the same types of data within their SOA environments.

But these are mere bumps in the road given the progress of SOA products thus far and the building momentum of customer adoption of SOA. In the next wave of SOA tools, look for vendors other than platform or niche SOA ones to SOA-enable their products. For instance, content management vendors with smaller customer bases may be more willing to risk SOA-enabling their platforms from the ground up, to steal market share from slower-moving incumbents who have to cater to large, traditional, application-centric customer bases.

At the other end of the spectrum, the majors are committed to SOA and may develop platforms that can organically accommodate SOA and other component technologies they do not already have. What's more, they have the funds to buy specialists of this type to bring them under their own SOA umbrella. Consolidation is no doubt some time off, however, as the diversification of SOA tools is still aggressively expanding the industry. But SOA is just the kind of paradigm-altering technological development that could precipitate such industry-wide upheaval.

According to Sandra Rogers, program director of SOA, Web services and integration at IDC (, that reality begs the question: Should customers buy all their SOA tools from one vendor? The answer, of course, is: It depends. For instance, she says, a major may have more extensive tools, but a vendor with fewer tools may have made them less proprietary, better integrated with one another and more standards-based so they are future-proof.

Whatever strategy customers pursue, though, SOA bodes well for them. Easier integration, better ROI and greater agility to compete are benefits that go straight to the bottom line, and that will make SOA an alternative that customers will find hard to resist.

John Harney is president of ASPWatch, a consultancy focusing on market, partner and technology strategy for ASPs, e-mail john
COPYRIGHT 2006 Information Today, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:service-oriented architecture
Author:Harney, John
Article Type:Product/service evaluation
Date:May 1, 2006
Previous Article:RM: compliance rules, litigation advances.
Next Article:Much needed R & R (management): Stellent introduces Universal Records and Retention Management.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters