AmberPoint Inc. today announced what it calls "the industry's first agentless system for SOA runtime governance," which is being incorporated into this quarter's release of its SOA Management System product.
This new agentless architecture was developed in response to the increasing sophistication of XML appliances, enterprise service buses and operating systems in handling policy enforcement, said Ed Horst, AmberPoint's vice president of marketing. This trend is in its early stages, but he noted that the policy enforcement is a growing concern from appliance vendors such as F5 Networks Inc., IBM and Reactivity Inc. Policy enforcement points can also be found in application servers, such as WebLogic from BEA Systems Inc., and even in operating systems, including the upcoming Vista operating system from Microsoft.
"The thing that's starting to happen, albeit still in the early stages, is we don't have to have agents for certain types of work to be done," he said. "Microsoft in their [Windows] Communications Foundation, which was originally known as Indigo, is starting to have some policy execution capabilities in Vista. We want to leverage that because we never wanted to build agents in the first place."
Horst describes agents as the beat cops of the governance police force enforcing policies governing issues such as Web services interaction at the SOA execution layer.
However, he pointed out that AmberPoint is not out of the agent business yet. Its new architecture offers both agent-based and agentless policy enforcement options. This allows architects and developers to customize the use of agents based on the appliances, ESBs, application servers and operating systems deployed in their infrastructure.
AmberPoint delegates runtime policy execution based on the capabilities of the SOA infrastructure when what it calls "policy-capable infrastructure" is in place.
"We have decoupled the policy enforcement layer from the policy execution agents," Horst explained. "We have the ability to take policies that need to be enforced at runtime and delegate them to these new app servers, appliances, operating systems. This is part of the release that's shipping this quarter."
AmberPoint new architecture for its SOA runtime governance product will provide flexibility in deligating policy, Horst said.
"We offer the ability now to delegate a policy," he explained. "The same policy might be delegated to several things. In one environment you may use F5 for doing load balancing. In another environment, you might use the clustering capabilities of the app server to do that same function. So the implementation of a policy can be widely different."
Jason Bloomberg, senior analyst with ZapThink Inc., said AmberPoint is on the right track with it's new release, but that other vendors in the SOA governance space are also recognizing the changing capabilities within the infrastructure.
"AmberPoint is one of several vendors recognizing the need for closed loop SOA governance," the analyst said. He said this "closed loop" trend is leading vendors to recognize "that governance is more than creating policies or even enforcing policies, but also includes policy execution as well as feedback from the runtime environment back to the policy definition and management."
The analyst said other vendors in the governance space, including SOA Software Inc., WebLayers Inc., Layer 7 Technologies Inc., Mercury Interactive Inc. (now owned by HP) and LogicLibrary Inc., can be expected to release products along similar lines in the coming months.
So while AmberPoint's announcement is definitely on the right track," Bloomberg said, "it's one of a family of offerings that provide for the necessary closed-loop SOA governance.