Over the last four decades, software architectures have attempted to deal with increasing levels of software complexity. But the level of complexity continues to increase, and traditional architectures seem to be reaching the limit of their ability to deal with the problem. At the same time, traditional needs of IT organizations persist; the need to respond quickly to new requirements of the business, the need to continually reduce the cost of IT to the business and the ability to absorb and integrate new business partners and new customer sets, to name a few. As an industry, we have gone through multiple computing architectures designed to allow fully distributed processing, programming languages designed to run on any platform, greatly reducing implementation schedules and a myriad of connectivity products designed to allow better and faster integration of applications. However, the complete solution continues to elude us. Now Service Oriented Architecture (SOA) is being promoted in the industry as the next evolutionary step in software architecture to help IT organizations meet their ever more complex set of challenges. Is it real, though, and even if it can be outlined and described, can it really be implemented? The promise of SOA is true; that after all the hype has subsided, and all the inflated expectations have returned to reality, you will find that an SOA, at least for now, is the best foundation upon which an IT organization can take its existing assets into the future as well as build its new application systems. This article is intended to help you better understand the value of a SOA, and to develop a realistic plan for evaluating your current infrastructure and migrating it to a true service-oriented architecture.
For some time now, the existence of Web services technologies has stimulated the discussion of services-oriented architectures (SOAs). The discussion isn't a new one; the concept has been developing for more than a decade now, ever since CORBA extended the promise of integrating applications on disparate heterogeneous platforms. Problems integrating those applications have always arisen, often because so many different (and non-CORBA-compliant) object models became popular; thus many architects and engineers became so bogged down in solving technology problems that the promise of developing a more robust architecture that would allow simple, fast and secure integration of systems and applications was lost. The problems, however, persist and become more complex every year. Basic business needs such as lowering costs, reducing cycle times, integration across the enterprise, B2B and B2C integration, greater ROI, creating an adaptive and responsive business model and so on keep us looking for better solutions; but more and more, we are finding that "point solutions" won't solve the basic problem. The problem, in many cases, is the lack of a consistent architectural framework within which applications can be rapidly developed, integrated and reused. More importantly, we need an architectural framework that allows the assembly of components and services for the rapid, and even dynamic, delivery of solutions. Many papers have been written about why particular technologies such as Web services are good, but what is needed is an architectural view unconstrained by technology. Let's begin by considering some of the fundamental problems that underlie our search for a better foundation, for how these problems are addressed will determine the success or failure of the effort.
The first problem -- complexity
Some things are always the same, particularly the business problems facing IT organizations. Corporate management always pushes for better IT utilization, greater ROI, integration of historically separate systems and faster implementation of new systems; but some things are different now. Now you find more complex environments. Legacy systems must be reused rather than replaced, because with even more constrained budgets, replacement is cost-prohibitive. You find that cheap, ubiquitous access to the Internet has created the possibility of entirely new business models, which must at least be evaluated since the competition is already doing it. Growth by merger and acquisition has become standard fare, so entire IT organizations, applications and infrastructures must be integrated and absorbed. In an environment of this complexity, point solutions merely exacerbate the problem, and will never lead us out of the woods. Systems must be developed where heterogeneity is fundamental to the environment, because they must accommodate an endless variety of hardware, operating systems, middleware, languages and data stores. The cumulative effect of decades of growth and evolution has produced severe complexity. With all these business challenges for IT, it is no wonder that application integration tops the priority list of many CIOs, as shown in Figure 1.
Figure 1. CIO priorities
Another problem -- redundant and non-reusable programming
Consider a bank that has separate "silos," self-contained application systems that are oblivious to other systems within the bank. The first of these application systems may have been an excellent design, as well as the second, third and so on, but each was produced by and for a different line of business within the bank and was a separately funded, isolated project. Thus, for example, the function of get account balance is repeated in the ATM system, the branch teller delivery system and the credit card scoring system, even if they access the same account data in the same database. Now suppose the bank must develop an Internet service, online banking or an online loan origination system for its customers if it is to remain competitive. The new system will just add to the problem of all the redundant programming already in place, unless somehow the existing code can be reused.
The real integration killer -- multiplicity of interfaces
Consider also the n(n-1) integration problem. All organizations face integration problems of some sort; perhaps because of a corporate merger, a new business alliance, or just the need to interconnect existing systems. If n application systems must be directly interconnected, it will produce n(n-1) connections, or interfaces. In Figure 2, each arrowhead represents an interface.
Figure 2. Direct integration of n applications
Consequently, if another application system A n+1 must be integrated, it will require that 2n new interfaces be generated, documented, tested and maintained. While in the diagram above, the set of five applications require 20 direct interfaces, the addition of a sixth application will require 10 new interfaces! Worse yet, the code in each of the existing applications must be modified to include the new interfaces, thus generating substantial testing costs. Immediately, you look for the optimum solution that produces the minimum number of interfaces (n) for n applications, with only one new interface for each additional system added, but find that it can't be done by direct connection.
And what of the future?
Over the last four decades the practice of software development has gone through several different programming models. Each shift was made in part to deal with greater levels of software complexity and to enable the assembly of applications through parts, components or services. More recently, Java technology contributed platform-neutral programming, and XML contributed self-describing, and thus platform-neutral, data. Now Web services has removed another barrier by allowing the interconnection of applications in an object-model-neutral way. Using a simple XML-based messaging scheme, Java applications can invoke DCOM-based, CORBA-compliant or even COBOL applications. CICS or IMS transactions on a mainframe in Singapore can be invoked by a COM-based application driven by LotusScript running on a Domino server in Munich. Best of all, the invoking application most likely has no idea where the transaction will run, what language it is written in or what route the message may take along the way. A service is requested, and an answer is provided.
Web services are more likely to be adopted as the more genuine standard to deliver effective, reliable, scalable and extensible machine-to-machine interaction than any of its predecessors, as a result of the timely convergence of several necessary technological and cultural prerequisites. These include:
- A ubiquitous, open-standard, low-lost network infrastructure and technologies that make for a distributed environment much more conducive to the adoption of Web services than both CORBA and DCE faced.
- A degree of acceptance and technological maturity to operate within a network-centric universe that requires interoperability in order to achieve critical business objectives, such as distributed collaboration.
- Consensus that low-cost interoperability is best achieved through open Internet-based standards and related technologies.
- The maturity of network-based technologies (such as TCP/IP), tool sets (IDEs, UML, etc.), platforms (such as J2EE platforms) and related methodologies (such as OO, services, etc.) that provide the infrastructure needed to facilitate loosely coupled and interoperable machine-to-machine interactions -- a state far more advanced than what CORBA users experienced.
On the horizon, however, are even more significant opportunities. First, there is Grid computing, which is much more than just the application of massive numbers of MIPS to effect a computing solution; it also will provide a framework whereby massive numbers of services can be dynamically located, relocated, balanced and managed so that needed applications are always guaranteed to be securely available, regardless of the load placed on the system. This, in turn, makes obvious the need for the concept of on-demand computing, which might be implemented on any configuration, from a simple cluster of servers to a network of 1024-node SP2s. The user needs to solve a problem and wants the appropriate computing resources applied to it -- no more, no less -- paying only for the resources actually used.
The effective use of these new capabilities will require the restructuring of many existing applications. Existing monolithic applications can run in these environments, but will never use the available resources in an optimal way. This, along with the problems previously discussed, leads to the conclusion that a fundamental change must be made -- the conversion to a service-oriented architecture.
Requirements for a service-oriented architecture
From the problems discussed above, it should be clear that an architecture should be developed that meets all requirements, and that those requirements include:
- First and foremost, leverage existing assets. Existing systems can rarely be thrown away, and often contain within them great value to the enterprise. Strategically, the objective is to build a new architecture that will yield all the value hoped for, but tactically the existing systems must be integrated such that, over time, they can be componentized or replaced in manageable, incremental projects.
- Support all required types or "styles" of integration. This includes:
- User interaction -- being able to provide a single, interactive user experience
- Application connectivity -- communications layer that underlies all of the architecture
- Process integration -- choreographs applications and services
- Information integration -- federates and moves the enterprise data
- Build to integrate -- builds and deploys new applications and services.
- Allow for incremental implementations and migration of assets, which will enable one of the most critical aspects of developing the architecture: the ability to produce incremental ROI. Countless integration projects have failed due to their complexity, cost and unworkable implementation schedules.
- Include a development environment that will be built around a standard component framework, promote better reuse of modules and systems, allow legacy assets to be migrated to the framework and allow for the timely implementation of new technologies.
- Allow implementation of new computing models; specifically, new portal-based client models, grid computing and on-demand computing.
The advent of Web services has produced a fundamental change, because the success of many Web services projects has shown that the technology does in fact exist, whereby you can implement a true service-oriented architecture. It lets you take another step back and not just examine your application architecture, but the basic business problems you are trying to solve. From a business perspective, it's no longer a technology problem, it is a matter of developing an application architecture and framework within which business problems can be defined, and solutions can be implemented in a coherent, repeatable way.
First, though, it must be understood that Web services does not equal service-oriented architecture. Web services is a collection of technologies, including XML, SOAP, WSDL and UDDI, that let you build programming solutions for specific messaging and application integration problems. Over time, you can reasonably expect these technologies to mature, and eventually be replaced with better, more efficient or more robust ones but, for the moment, they will do. They are, at the very least, a proof of concept that SOAs can finally be implemented. So what actually does constitute a service-oriented architecture?
SOA is just that -- an architecture. It is more than any particular set of technologies, such as Web services; it transcends them and, in a perfect world, is totally independent of them. Within a business environment, a pure architectural definition of a SOA might be something like "an application architecture within which all functions are defined as independent services with well-defined invokable interfaces that can be called in defined sequences to form business processes." Note what is being said here:
- All functions are defined as services. This includes purely business functions, business transactions composed of lower-level functions and system service functions. This brings up the question of granularity, which will be addressed later.
- All services are independent. They operate as "black boxes"; external components neither know nor care how they perform their function, merely that they return the expected result.
- In the most general sense, the interfaces are invokable; that is, at an architectural level, it is irrelevant whether they are local (within the system) or remote (external to the immediate system), what interconnect scheme or protocol is used to effect the invocation or what infrastructure components are required to make the connection. The service may be within the same application or in a different address space within an asymmetric multiprocessor, on a completely different system within the corporate Intranet or within an application in a partner's system used in a B2B configuration.
- Security -- authorization of the request, encryption and decryption as required, validation, etc.
- Deployment -- allowing the service to be redeployed (moved) around the network for performance, redundancy for availability or other reasons.
- Logging -- for auditing, metering, etc.
- Dynamic rerouting -- for fail over or load balancing.
- Maintenance -- management of new versions of the service.
About the authors
Kishore Channabasavaiaho received a Bachelors degree in Mechanical Engineering from Bangalore University, India. He is currently an Executive Architect in the Chicago Innovation Center of IBM Global Services. He provides thought leadership for e-business Integration solutions with a focus on Web services and end-to-end solutions. His current focus is in Web application solutions, conducting technical solution reviews, Web services, service-oriented architecture and Pervasive Computing.
Kerrie Holley received a Bachelor of Arts degree in Mathematics and a Juris Doctorate in law degree from DePaul University. He is currently a Distinguished Engineer in IBM Global Services and a Chief Architect in the e-business Integration Solutions where he provides thought leadership for the Web services practice. His current focus is in software engineering best practices, end-to-end advanced Web development, adaptive enterprise architecture, conducting architecture reviews, Web services and service-oriented architecture.
Edward M. Tuggle, Jr. received a Bachelor of Science degree in Mathematics from the University of Oklahoma, and is currently a Senior Software Engineer on the IBM Software Group jStart Emerging Technology Solutions team. He worked with IBM in operating systems design, development and maintenance for 23 years, for the past six years in Java technology and other emerging technologies, and is now specializing in Web services and service-oriented architecture.