One this is that the environments are more and more heterogeneous with many different interfaces and protocols that are being faced. SOA is never becoming fewer Web services or fewer standardizations or one particular protocol. You will always have that heterogeneous environment with a variety of applications and platforms that are in place. So, having said that given that situation, when you talk about quality you have to make sure that your business processes run on top of these heterogeneous environments need to be validated. You need to have a framework that is flexible enough to drive your process and drive your testing activities across these different heterogeneous environments. That is one thing that we have provided to the marketplace with Parasoft SOA Solution being very heterogeneous and focused on that diversity. The other thing that I am seeing more and more recently is as people understand and apply quality at the process level and the messaging layer, they start to look at the end-to-end process. So, they start to ask, what about my legacy applications, or the mainframes, or the green screen? They look more at what kind of framework can give them the flexibility so it can be extended to help them with all these specific needs that they have. Having a framework that is extensible and that can support some of the common things that people do is becoming more and more critical. Supporting any kind of need is becoming more and more critical because you need to drive your data validation on the systems you have that are common, that are similar to other people. But you also need to incorporate more specific things and provide the protocols that you have with specific applications, customize that framework. Have you found that to be more difficult because there are so many different services going into it or is that not a concern?
Right, so this brings a lot of challenges, of course. When you look at end-to-end testing you have these different components and you have a business process that spans these different components, they're all managed by different teams that are distributed. You might have somebody in L.A., someone in India, or in Europe and they are each responsible for a different part of the system. And yet, when you need to validate, establish a quality framework, you need to have an end-to-end strategy that comes through that validation. So the only way really to tackle that problem with the distributed teams is to be able to emulate the components that you have. This way, when you have a team in LA and they're working on an application that depends on another system in India, you can emulate that system so that you can continue working to evolve your part of the system without relying on whether they are up or down. So when you're able to create these service emulations quickly and easily, you are able to really speed up the lifecycle and improve the process and get the work done. I've been to some customers where you have the interface facing group and it relies on the back-end that is managed by a totally different group somewhere else. And when the other systems go down or are unavailable, they cannot do anything and they just sit around and waste time, but when they have a way to emulate it and they don't have that dependency, they can keep working. All these teams can work parallel without any lag time. Have you found anything new coming into this conference? Anything unexpected?
I wouldn't say unexpected. SOA itself has passed the hype cycle and is becoming more and more mainstream. The thing that I'm seeing is more the relationship between SOA and some of the other components, like Web 2.0, mashups, REST. All these things and how they can relate together in a heterogeneous environment. Also, there is more talk in terms of event-driven architecture. Now once you have your processes in place, how you can manage and monitor and track all these events that happen throughout the enterprise so that you can make the right decisions and expedite the agility in terms of making these decisions? So, these event-driven topics seem to be coming up more and more. There has been a push to communicate with the business people lately. Have you found that there are more business people and less programmers than in previous years?
It continues to be a mix. There is always this issue out there of how you align the business to the underlying IT. There is that gap, a real gap that is out there and there is an effort to align them together, but I think once you reach a certain level of maturity with your architecture in terms of the governance, both in runtime and design time, you then have the capability to align to the business side of things. The business side will by then know what is happening and what they need and will have a smaller gap compared to in the past. But, I am still seeing a mixed group. One thing that I am also seeing is some of the smaller companies who have not necessarily adopted SOA, but are looking into that and are coming for guidance. There are more later adopters, either adopting SOA or adopting some enterprise architecture. What would you consider an advanced SOA—how do you get from SOA to advanced SOA?
There are maturity models out there, IBM, BEA and others where you can kind of assess what level of maturity your SOA is. So it is more than just beginning and advanced, they do have several stages of maturity. One way to measure or assess that is in the beginning they have some disparate services or groups of concepts that take place, in terms of smaller scale integration initiatives. But you reach the higher maturity levels once you have the proper governance strategy in terms of how you manage the lifecycle in a consistent way. What kind of SOA do they have? How do you define them? How do you use them? What kind of quality policies do they adhere to? Once you have these policies in place and that governance structure is when you've reached a managed state and perhaps a higher maturity state of optimizing SOA. So, it is the governance that defines SOA as being advanced. What is the percentage of businesses that you've come across that would be considered advanced? Is it more than it was just a couple years ago?
Yes, definitely more are looking at how they can improve the process. It is a mix. I don't know if I could ballpark the percentage. I see that it is at least 20-30% are at a good level of maturity when it comes to their SOA maturation. Most are still at the earlier stages, where they have defined their architecture and their guidelines, but now are looking more at how they can improve their governance structure and how to take it to the next step. This is usually the phase where they start talking about quality. Unfortunately, they don't usually consider quality as part of the initial governance strategy, although they should. The overall governance is necessary for success and in order to succeed with the governance side, you need to have quality. So, particularly what distinct strategy do you need? What testing strategy do you need? What are your policies on testing? Are you consistently complying with interoperability standards? Are you applying that in a consistent way? When it comes to runtime security policies, will they be enforced? There is that quality component with policies associated with it that needs to be defined and enforced consistently from the beginning so that everything evolves in the right direction.