Services: Build, buy, or repurpose?
by Ronald Schmelzer,, Senior Analyst, ZapThink, LLC
Smart companies approach all IT investment decisions with a three-part question: Should they buy, build, or repurpose their IT resources to meet their emerging business needs? Such fundamental investment questions apply to all aspects of IT, ranging from network devices to application software to professional services needs. As a result, the same thought processes apply to burgeoning implementations of service-oriented architecture (SOA).
However, one of the significant shifts in thinking that SOA introduces is the notion that business logic is not engrained in programming code, but rather in the declarative metadata that describes a service and how it interacts with other services. In essence, SOA advocates a movement away from code-centric development to configuration-centric composition. This shift to metadata-driven development introduces new challenges to how organizations purchase, repurpose, or develop services. Rather than dealing with traditional development lifecycles, companies must now understand how to continually iterate the development of their services and therefore, their service metadata as well. Just as companies have the choice of developing applications in-house or purchasing their IT assets from third parties, so too they must they resolve the issue of whether to create and maintain their services and associated metadata themselves, repurpose them from existing assets, or purchase them from third party suppliers.
Building services from scratch
When faced with an SOA mandate, the first thing that most IT departments feel compelled to do is to start developing service interfaces for their existing legacy systems. But what does it mean to "develop a service"? There are actually two different sorts of assets developers must deal with when building services in an SOA: the application logic that underlies a service interface, and the service metadata themselves.
Application logic development that underlies a service is much the same as it has always been, with one key difference: developers should not hard-code business process or any other business logic into the application, but rather leave them for the metadata to handle. In an SOA implementation, security, reliability, and transport binding considerations should likewise be relegated to the service interface and policy contracts that surround a service, rather than to its underlying code. As such, the real kernel of functionality that remains abstracted beneath the service interface simply provides the implementation that guarantees the service level agreed to in the service contract.
Most importantly, companies should realize that putting service interfaces in front of existing application logic is not all that challenging. Since adding service interfaces to legacy systems is straightforward, the real development work comes from defining service contracts and creating the process, security, management, and other metadata that sit on top of the services themselves. Furthermore, this approach to service development is only applicable for fine-grained services where it's easy to control the functionality and scope of change for those services. Simply wrapping legacy systems with service interfaces is not sufficient for coarse-grained business services.
As such, building business services "from scratch" really means coming up with the policies and other metadata that govern how the services work. In this context, it makes more sense to build such services in-house than to source them from third parties. While it's possible to purchase the underlying code that makes the Service work, it's hard to make the same case for Service metadata. Therefore, while companies might be able to buy fine-grained services from third-party providers, they should look to build their own service metadata and composite, coarse-grained business services.
One of the major tenets of SOA is that companies should reuse services as broadly as possible to support their growing and changing set of business requirements. As such, companies should expect their investment in services to gradually shift over time from service exposure and fine-grained development to composition focused on service reuse. Rather than spending time and money trying to figure out which new services to build, companies should focus their efforts and resources identifying existing services in the enterprise, composing them into new processes, and refactoring them as necessary to support new capabilities.
Thus, the significant question that companies will be forced to grapple with is which services to build from scratch and which to repurpose to meet changing needs. The answer to this question depends upon the particular circumstances of the business and the scope of their existing Services. Furthermore, many of the fine-grained services that companies will have in the early days of their SOA projects will not be amenable to much refactoring, since they might come from pre-packaged enterprise application suites or simple extensions of legacy APIs.
That said, companies that have properly defined their services in a top-down fashion by starting with an overall architectural plan, rather than building their SOA from the bottom up by building fine-grained services as legacy wrappers will be better able to repurpose and refactor their Services for new capabilities. Therefore, companies that develop process-driven, coarse-grained, composite services will find greater flexibility and ability to extract continuing value from their Service investments. On the other hand, companies that fail to move beyond fine-grained services may hardly even get the chance to think about repurposing their Services, let alone do so successfully.
Of course, service metadata that define security, policy, reliability and declarative business logic for interacting with services should be amenable to repurposing. Companies should try their hardest to create service metadata once and repurpose them as many times as possible to meet ever-changing business requirements. As such, the real development effort here is not one of creating services from scratch, but rather developing from the start the most agile, flexible services that can be repurposed to meet new needs.
If companies can repurpose services, then they can also purchase them from third parties, as a logical extension of the basic ability to reuse services. In many cases, companies may find that the services they are using the most do indeed come from IT suppliers, rather than their own development shops. For example, enterprise application vendors are increasingly providing fine-grained services for consumption in corporate SOA implementations. However, a business-centric, process-driven SOA composes these fine-grained services with other services that may or may not come from that technology supplier. As such, even in situations where the bulk of the Services might come from a third-party vendor, the business logic itself should be in the composite metadata, which the company most likely develops from scratch in-house.
The forward-looking question is whether companies will purchase composite, coarse-grained services from third-party vendors. This question actually doesn't have anything to do with technology, but rather is one of business process outsourcing. Buying a business-focused service from a third-party vendor should be the same thing as outsourcing an entire business process to that vendor. The service would have to be at such a level of granularity that the actual implementation and process details are abstracted from the consumer, and therefore, would appear to be a process the company outsources in its entirety. As a result, companies looking at purchasing coarse-grained services must first think about whether or not they want that process outsourced.
While a third party can readily supply the underlying implementation of a service can be readily supplied by a third-party, it's not clear what sort of metadata can realistically be purchased from a third-party supplier. Every company's security, reliability, process, and management criteria will differ significantly, and as such, the most that a company can expect from a vendor are technologies for managing metadata or tools to simplify their creation. Therefore, the purchasing decision for Services is only relevant for either fine-grained services or for processes that are outsourced in their entirety.
The ZapThink Take
In reality, most companies will find that they have to adopt a hybrid of all of the above approaches for their service development and maintenance. Existing technology vendors will pre-package a wide variety of services that a company will use, while other services will emerge when companies extend their legacy systems using in-house resources. As companies devote more effort to developing services, it's clear that the one thing companies will need most of all is a corporate memory for how they create and evolve their services over time.
In an SOA world, it isn't sufficient for companies to make point decisions about the services they build, buy, or repurpose. Rather, they must think of the architecture as a whole and how its implementation will evolve over time. Some services are more economical to build in-house , not necessarily the first time around, but as they are repurposed for future activities. Likewise, outsourcing certain services may be economical only in the long run. As such, the decision to buy, build, or repurpose must also be capable of evolving as the business changes.
Copyright 2005. Originally published by ZapThink LLC, reprinted with permission. ZapThink LLC provides quality, high-value, focused research, analysis, and insight on emerging technologies that will have a high impact on the way business will be run in the future. To register for a free e-mail subscription to ZapFlash, click here.