Desperately seeking SOA

The enterprise software acronym of the year must be SOA (service-oriented architecture). The concept behind SOA — that applications should expose their functionality as “services” in a way that can be accessed by any authorized external system — isn’t new. We’ve heard promises of a universal integration platform before, accompanied by the same consultants salivating over the billable hours implicit in the “revolution.” What’s new about SOA is that the promise might actually be fulfilled.

For more than a decade, various platform vendors have attempted to implement SOAs using methods such as RPCs and enterprise message buses. Although many organizations have implemented those technologies as part of tactical integration projects, the solutions proved expensive to implement on a large scale (in part due to their proprietary nature), hard to maintain, and relatively limited in scope.

Using XML to define data and SOAP to define loosely coupled RPCs, Web services seem to be the long-sought linchpin of SOAs. That’s because they comprise the first real integration technology based on genuine standards that span nearly every operating system, application stack, programming language, and network topology.

Every top-tier vendor now offers an SOA strategy, and services are now at the heart of application platform offerings as diverse as BEA WebLogic, Microsoft .Net, IBM WebSphere, and Oracle 10g. Traditional integration players such as Sonic Software, Tibco, webMethods, and WRQ are leaping onto the SOA bandwagon, and newer players such as Grand Central Communications are redefining themselves as SOA powerhouses.

Slower to catch on have been the CRM and ERP packaged application giants such as PeopleSoft, SAP, and Siebel and content management heavyweights such as EMC’s Documentum division, Interwoven, and Vignette. Yet there’s no doubt they’ll all be singing the SOA song soon, along with application service providers such as Salesforce.com.

The database community is also heading toward SOA. Plans are afoot to enable IBM DB2, Microsoft SQL Server 2005, Oracle 10g, Sybase ASE, and other platforms to participate actively in Web services-based SOA activities as first-class citizens — even without the use of application servers. This will have profound implications for the design and management of widely distributed n-tiered applications because, in effect, hierarchical tiers will become horizontal peers.

The rise of SOAs will reap an unexpected benefit for many companies, eventually enabling them to take part in vast trading networks built around dotcom survivors such as Amazon.com and eBay. In the meantime, the biggest challenge is how to get there without breaking the bank or giving away the store. It’s not trivial to service-enable existing applications, to build the right Web services hooks into new applications, or to ensure SOAs incorporate proper access controls and security safeguards. After all, thanks to HIPAA and Sarbanes-Oxley, good security isn’t just good IT policy, it’s the law.

To address those concerns, numerous vendors — Actional, AmberPoint, Cape Clear, and Infravio, among others — began offering in 2004 solutions that manage, secure, and route messages in an SOA, in many cases adding multiple layers of complexity to what’s intended to be a lightweight, loosely coupled messaging system. A danger is that those management layers will evolve into closed or proprietary software stacks or will turn into performance choke points, thereby negating many of the benefits SOAs plan to offer. But don’t worry, there will always be plenty of consultants to help you navigate those shoals.