Wednesday, May 6, 2009
WSO2 moves data services component to OSGI-based Carbon framework
WSO2 Data Services is “completely re-architected” for Carbon’s componentized approach to SOA development, which WSO2 debuted earlier this year. [Disclosure: WSO2 is a sponsor of BriefingsDirect podcasts.]
The new data services tools are aimed at database programmers and database administrators (DBAs), folks who may not be as familiar with WS-* style Web services, REST-style Web resources, data services, or OSGi as their Java coding brethren.
To help ease database folks into the brave new world of data services, WSO2 is offering free online training courses this month to “explain data services concepts and best practices for quickly exposing data as Web services.” In order to promote new thinking about enterprise data applications in the midst of a recession, WSO2 said it is waiving the $199 fee for the courses.
“WSO2 Data Services addresses the demand among enterprises to quickly and easily take data from a wide variety of sources and expose it as Web services within their SOAs,” Dr. Sanjiva Weerawarana, founder and CEO of WSO2, said in announcing the product.
DBAs may be asking: “How easy is easy?”
WSO2 answers that anyone who knows SQL can quickly create data services that can be shared and accessed across the network.
And you can even do some data service management from – we are not making this up –your cell phone.
This feature is courtesy of Data Services 2.0’s new extensible server administration framework that allows customization including writing a bridge application for management of data services servers from a Blackberry or other mobile device.
Since almost no enterprise SOA application is going to have just a single database, the WSO2 product supports a range of data sources. It works with relational databases including Oracle, MySQL and IBM DB2, as well as “virtually any database accessible via JDBC.” It can also work with the good old comma-separated values (CSV) file format, and Excel spreadsheets.
For DBAs and others with security concerns about where all this disparate data is coming from and where it’s going, WSO2 says services can be authenticated, encrypted and/or signed using the WS-Security and HTTP security standards. There is also a WS-Policy Editor for configuring services, as well as support for WS-ReliableMessaging.
Event-driven architecture (EDA) aficionados will find Data Services 2.0 support for events, including graphical declaration of event sources and mediation for event delivery.
Rich Seeley provided research and editorial assistance to BriefingsDirect on this blog. He can be reached richseeley@aol.com.
Follow me on Twitter at http://twitter.com/Dana_Gardner.
Active Endpoints' new ActiveVOS 6.2 offers ‘MultiSite’ BPM capabilities
This is the market Active Endpoints is aiming at with ActiveVOS 6.2, a new release of its visual orchestration systems (VOS) tools. [Disclosure: Active Endpoints is a charter sponsor of BriefingsDirect podcasts.]
The business process management suite (BPMS) featuring ActiveVOS MultiSite allows users to extend the processing of BPM applications across multiple, geographically separated data centers, according to the Active Endpoints announcement.
At first this might seem like ActiveVOS is trying to ride the cloud hype cycle. But Alex Neihaus, vice president marketing for Active Endpoints, is skeptical of the cloud and even Platform as a Service (PaaS), especially when it comes to BPM.
He notes that similar concepts in the past have had their share of failures, such as Network Storage, as well as the successes, such as Salesforce.com. And he has doubts whether enterprises “will outsource the core business processes inherent in BPM applications.”
IBM will be testing the hypothesis with some new offerings on the modeling side, though it's clear they like the idea of management of processes -- and even governance -- having a place in the cloud, on-premises, and probably both.
ActiveVOS MultiSite is designed to protect “crucial, long-running business processes from interruption or termination due to a major hardware or site failure,” but Neihaus believes its users will want to know exactly where their applications are running, even if the data center is on the other side of the globe.
"With our new release, customers can create a reliable environment to run these core apps," Neihaus told BriefingsDirect. "I wouldn’t link the ActiveVOS 6.2 failover and load-balancing capabilities to PaaS as much as I would to the fact that it’s the first BPMS to deliver geographic independence for BPM applications."
If you follow this market and think this release sounds like “deja vu all over again,” as Yogi used to say, you are partially right.
This week’s ActiveVOS 6.2 comes just 60 days after ActiveVOS 6.1, which was announced in mid-March, Neihaus acknowledges. But he positions this quick succession of point releases as an example of the speed of innovation at Active Endpoints.
Users can download a free, 30-day, fully-supported trial of ActiveVOS 6.2. During the trial, users can take advantage of email-based support as well as training, education and samples available on Active Endpoints’ websites.
Rich Seeley provided research and editorial assistance to BriefingsDirect on this blog. He can be reached richseeley@aol.com.
Follow me on Twitter at http://twitter.com/Dana_Gardner.
Monday, May 4, 2009
IBM cements cloud, appliance, BPM, CEP and SOA into an IMPACT 2009 solution brick
Under the umbrella of spurring on a smarter planet, the IBM push combines many of Big Blue's strengths with the goal of taking out complexity and cutting costs as its customers seek much greater business efficiency in a recession-wracked world. The moves also further IBM's embrace and commitment to services oriented architecture (SOA), but spread its benefits both deeper and wider than the earlier infrastructure push alone.
In a nutshell, IBM is helping enterprises create private clouds as either appliances or built on Z Series mainframes, with better connections to CEP, and managed from BPM in public cloud. It provides an excellent story for IBM, and places it at an early competitive advantage against Microsoft, Oracle/Sun, and HP in the ramp up to SOA-enabled hybrid cloud approaches that tackle tough business problems. IBM is going to the cloud with collaboration, too.
The pizza box-size WebSphere CloudBurst appliance, announced only recently, had its coming out party at today's keynote session, moderated by a hilarious Billy Crystal. See Twitter #IBMIMPACT by searching on the tag in Twitter for more on the live event.
This appliance approach to private clouds will be a big trend in the industry, with Oracle (using acquired Sun technology), HP and perhaps Cisco sure to follow. One has t wonder how Microsoft does appliances, with one or some partners? Will be curious to watch. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]
To me, though, the biggest news of IMPACT is the move of IBM to provide its own BPM cloud services, called BPM BlueWorks, beginning in Q2 this year. IBM continues to be chummy with Amazon Web Services, and there's no reason to believe that Google will also be an IBM cloud partner.
Indeed, the shift of BPM to a separate, elevated, cloud-based service makes sense because many services and processes will increasingly come from a variety of sources and source types. Allowing the business process and workflow architects to design, manage and implement extended business processes as a cloud service allows for leverage of more services by more businesses, with control and ability to cut costs and reduce complexity.
What's more, if BPM goes in the cloud, then it takes only a small step for IT and SOA governance to stay in the cloud, too. Will SOA, CEP and extended enterprises business processes come together better as a cloud-based management and governance model takes place? Could be.
The only rub is that IBM or some other cloud provider is host to your core control centers. But if enterprises grow comfortable with more IT functions and assets in a third-party cloud, well then the model way well offer a lot of advantages. Of course, the BPM, SOA and governance controls will also likely become hybrids.
IBM and others, like Microsoft, Oracle and HP, will also want to be in the managed management business, so the competition to do this well and right will be intense. And that will be good for users and probably (hopefully) keep the options, standards and portability largely open.
But users should still look out, as with any cloud services, for lock-in and seek contracts that protect their assets and business property. And I'd say that the governance and process models that dictate how your business works should always be considered an enterprise's property. The cloud provider needs to be a value-added provider, not a Big Brother.
IBM is also pumping up its industry frameworks solutions of applications and expertise for retail, traffic management, and health care. Look for these too to emerge as cloud-based hybrid solutions over time. The goal, of source, is to make IBM the total supplier on these vertical industry solutions, with cost and convenience being the drivers on how they are implemented. IBM has done quite well by this so far, and the cloud moves will help it further.
IBM in the cloud in a lot of ways is a very smart move. Getting BPM there first -- in the middle of processes, solutions, and moving to governance -- will be hard to resist for users and tough to beat by competitors.
Follow me on Twitter at http://twitter.com/Dana_Gardner.
Sunday, May 3, 2009
BriefingsDirect analysts unpack PaaS and predict future impact on enterprises and developers
Read a full transcript of the discussion.
Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.
People talk about “The Cloud” as if it is one unified platform, but it’s the exact opposite, argues Jim Kobielus, senior analyst at Forrester Research.
Misconceptions of what “The Cloud” is and a general lack of standardization among the vendors offering cloud computing services is bound to be confusing to organizations contemplating moving enterprise applications out onto the Internet.
In a podcast featuring a panel industry thought leaders, moderated by yours' truly, we offer new insight into the current status of cloud offerings and the future need for open standards and governance. Who is using the cloud for what -- and where this trend is going -- are discussed as the podcast panelists unpack the Platform as a Service (PaaS) concept in BriefingsDirect Analyst Insights Edition, Volume 40.
But before everyone jumps on the cloud bandwagon, they need to know what they are getting into, and Kobielus warns of dangers ahead if the cloud vendors end up returning to the era of silos. With each vendor creating their own proprietary version, the cloud could transform service-oriented architecture (SOA) into “silo or stealth pipe” architecture.
“The current state of cloud computing goes against the grain of SOA, where SOA is all about platform agnosticity and being able to port services flexibly and transparently from one operating platform to another,” Kobielus argues.
"This a real challenge for Microsoft. It's like the open systems discussion we had a little while ago," says David A. Kelly, president of Upside Research. "It makes more sense for players that actually earn their revenue in a different form than traditional operators, because someone like Amazon has a core business.
"Someone like Microsoft is kind of painted into the corner at the moment. That's a challenge not just for Microsoft, but for other traditional vendors. They can expand into this new area by offering low-cost services that take away from competitors, but don't hurt their core business," said Kelly.
But the cloud may simply not yet be at the stage of maturity where vendors can all get together and sing "Kumbaya." Jonathan Bryce, co-founder of Mosso, a cloud services provider at Rackspace, says vendors and providers are still getting their acts together.
“We are still developing what our niche is going to be,” he explained. “So there hasn't been a lot time to kind of stick our heads up and say, 'Oh, okay, this is what they are doing, and this is what we are doing, and it makes sense for us to tie these together'.”
That doesn’t mean everyone is afraid to try out cloud computing.
Developers, always a curious and adventuresome bunch, are already flying off into the clouds that provide them with easy access to compute power in the PaaS mode.
The cloud can set coders free, says Rourke McNamara, product marketing director at TIBCO Software, in making the positive case for PaaS. [Disclosure: TIBCO is a sponsor of BriefingsDirect podcasts.]
“It frees them from having to worry about a bunch of details that have nothing to do with their core business, and the application they are writing,” McNamara explains. “It frees them from having to install platform software on a bunch of machines, putting those machines into racks, connecting them up to the management and monitoring infrastructure, from getting everything set-up, so that those machines are fault-tolerant and the loads distributing appropriately, from making sure that they have got the right machines to handle load, and making sure that they are predicting load increases and capacity increase or requirement increases, and far enough advance, but they are able to buy new machines.”
Beyond just being a developers’ playground, the panelists see the cloud as eventually hosting Web-based Business Intelligence (BI), data mart, data mining and outward-facing B2B and B2C applications.
“You don't make your money by selling your own bellybutton,” quips Michael Meehan, senior analyst with Current Analysis. “You make your money by going out and interacting with the rest of the world, and so those are where the opportunities are.”
Meehan suggests that the governance or “adult supervision” needed for the cloud can build on what has already been done with SOA. He sees the cloud has the extension of service-orientation. He argues that not only is SOA not dead but the past decade of work on industry standards for services will allow organizations to take advantage of PaaS for business applications.
“I don't think you can move out to the cloud unless you are essentially service-oriented,” Meehan said. “I don't think the one exists without the other.”
So join our guests and analysts as they to dig into the enterprise role of PaaS.
Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Charter Sponsor: Active Endpoints. Sponsor: TIBCO Software.
Read a full transcript of the discussion.
Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.
Friday, May 1, 2009
New Open Group SOA book builds bridge over delta between IT and business services
IT people groked service orientation sometime in the past decade but are still struggling to communicate their discovery to business people.
This may be an exaggeration, but it also helps explain the disconnect between business and IT that has plagued adoption of service-oriented architecture (SOA) to the point where some people have thrown up their hands and declared SOA dead.
In some ways the problem of getting business people to embrace SOA is due to this backward-incompatible approach, in the view of Chris Harding, forum director for The Open Group. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]
“One of the things we are supposed to do is bring about alignment between the business and technical communities,” he said. “What we found when we were doing that is the business people have known what a service was for centuries if not millennia.
"And technical people have come across this wonderful new idea. And actually the alignment problem is to stop the technical people reinventing service in a new way that the business people don’t understand.”
To help get the business-technical alignment back on track, The Open Group is publishing The SOA Source Book.
Harding knows what you are thinking: What do we need with another SOA book?
He is quick to differentiate that The SOA Source Book is from all the other SOA titles now available.
To begin with this is not your coder’s SOA book. It does not tell you how to build a service. It is also not a publication of standards and guidelines that would have required a lengthy review and adoption process.
The SOA Source Book was created by members of The Open Group’s SOA Workgroup, who have day jobs architecting business applications. They are offering real world enterprise architecture experience in deploying services for business purposes.
Applying The Open Group Architecture Framework (TOGAF) approach, The SOA Source Book “aspires to be systematized common sense” in architecture and governance, Harding says.
It takes a flexible approach to implementation. For example, rather than advocating one model for SOA, the book suggests a number of models that can be used depending on what makes the most common sense for the business application.
The SOA Source Book is also not your after-market weighty tome that can double as a doorstop. Running exactly 100-pages in the PDF version, it features short clear sentences in brief paragraphs focused on the many moving parts of an SOA implementation. Scanning the categories and subheads in the table of contents, the reader can quickly find information on a specific subject.
Rather than reading it from cover to cover, Harding anticipates that enterprise and IT architects will use it to quickly look up information they need for specific components or processes they are working on.
The SOA Source Book is available in both printed and electronic form (if you want to save a tree). More information is available.
Rich Seeley provided research and editorial assistance to BriefingsDirect on this blog. He can be reached at Writer4Hire.
Follow me on Twitter at http://twitter.com/Dana_Gardner.
rPath offers free management tool for applications aspiring to the cloud
The Raleigh, N.C.-based start up founded by Red Hat refugees, Tim Buckley,
executive chairman of the board, and Erik Troan, CTO, recently released a free downloadable version of rBuilder for managing application deployment to virtual or cloud-based environments as well as traditional glass houses. [Disclosure: rPath is a sponsor of BriefingsDirect podcasts.]
For IT managers looking at cloud deployment, rPath’s approach is to embrace as many flavors of the cloud as possible to deal with the fact that what is commonly called the cloud is really a bunch of non-standard environments varying from vendor to vendor.
rPath lists support for three clouds, Amazon EC2, Globus Alliance, and Bluelock. rBuilder also supports hypervisors, including VMware ESX, Citrix Xen and Microsoft Hyper-V.
As a startup with a limited budget for hardware, rPath eats its own cloud dog food. The company uses Amazon EC2 for some of its own applications, as Billy Marshall, chief strategy officer, explained in a Q&A interview with SearchSOA last fall. We also did an interiew with Marchall on BriefingsDirect.
The new free version of rBuilder differs from the free rBuilder Online community version in that you can download it and run it behind your own firewall. And it differs from the commercial version in that it is restricted to 20 running system instances in production.
Once a user reaches 21, they have to “establish a commercial relationship with rPath.”
Also, users of the free version can only get support through the rBuilder Online community.
For shops looking to explore Cloud computing, the free version of rBuilder, appears to be a viable option. You can check out the system requirements and download instruction at rPathQuickStart.
Rich Seeley provided research and editorial assistance to BriefingsDirect on this blog. He can be reached at Writer4Hire.
Follow me on Twitter at http://twitter.com/Dana_Gardner.
Wednesday, April 29, 2009
PC 'security as a service' gains global cloud footprint with free Panda anti-virus offering
This delivery and two-way malware detection-access model makes a ton of sense, so much so that I expect we'll be soon seeing the cloud model deliver of more than PC security and anti-virus/anti-spam services. The era of remote services for a slew of device support and maintenance -- of everything from cars to cell phones to home appliances -- is upon us.
Essentially anything that uses software and has network access can be supported efficiently and powerfully based on the Panda Security cloud model. Making the service free to home-based users is especially brilliant because it gains the Metcalfe's Law benefits of a valuable community to detect the malware, with the means to then sell the detection and prevention means to business and professional users. [Disclosure: Panda Security is a sponsor of BriefingsDirect podcasts.]
Here's how it works, from Panda's release:
Consumers can download the free client protection product from http://www.cloudantivirus.com. ... The Panda Cloud Antivirus thin-client agent introduces a new philosophy for on-access asynchronous cloud-scanning. It combines local detection technologies with real-time cloud-scanning to maximize protection while minimizing resource consumption. This optimized model blocks malicious programs as they attempt to execute, while managing less dangerous operations via non-intrusive background scans.Panda says the model demands a lot less of a PC's resources, 5% versus 9% for other fat-client AV software approaches. That means older PCs can get protected better, cheaper, and longer. Far fewer people will need to upgrade the PC hardware just to keep it free from viruses. It's about time! Poor security should not be a business model for sellers of new computers and software.
Panda's proprietary cloud computing technology called Collective Intelligence, Panda Cloud Antivirus harnesses the knowledge of Panda's global community of millions of users to automatically identify and classify new malware strains in almost real-time. Each new file received by Collective Intelligence is automatically classified in under six minutes. Collective Intelligence servers automatically receive and classify over 50,000 new samples every day. In addition, Panda's Collective Intelligence system correlates malware information data collected from each PC to continually improve protection for the community of users.
I'm going to try this service on Windows XP Home running on Parallels on my iMac Leopard. I'll report back on how it works.
As I said, I hope this model succeeds because it really is a harbinger of how cloud-based services can improve and solve thorny problems in a highly efficient manner that combines the power of community with scale and automation. This may go far in also dissuading the creators of malware because the bad things will be squelched so fast if a Panda model get critical mass that the effort is useless and therefore mute.
Panda Security, a privately held company based in Spain, could well see its services expand to include PC maintenance, support, remote and automated support, and even more SaaS applications and productivity services. I expect this burgeoning ball of PC services from the cloud ecology to become the real software plus services model. It will be very interesting to see which vendors and/or providers or partnerships can assemble the best solutions package first and best.
Incidentally, don't expect Microsoft to do this cloud-based security thing. It can't afford to kill off or alienate the third-party malware security providers by doing it all itself. Those days are long past gone. The third parties, however, can now stretch their wings and fly. And they are.
Follow me on Twitter at http://twitter.com/Dana_Gardner.
Tuesday, April 28, 2009
Can software development aspire to the cloud?
As we’re all too aware, the tech field has always been all too susceptible to the fad of the buzzword, which of curse gave birth to another buzzword as popularized by gave birth to Gartner’s Hype Cycles. But in essence the tech field is no different from the worlds of fashion or the latest wave in electronic gizmos – there’s always going to be some new gimmick on the block.
But when it comes to cloud, we’re just as guilty as the next would-be prognosticator as it figured into several of our top predictions for 2009. In a year of batten-down-the-hatch psychology, anything that saves or postpones costs, avoids long-term commitment, while preserving all options (to scale up or ramp down) is going to be quite popular, and under certain scenarios, cloud services support all that.
And so it shouldn’t be surprising that roughly a decade after Salesforce.com re-popularized the concept (remember, today’s cloud is yesterday’s time-sharing), the cloud is beginning to shake up how software developers approach application development. But in studying the extent to which the cloud has impacted software development for our day job at Ovum, we came across some interesting findings that in some cases had their share of surprises.
ALM vendors, like their counterparts on the applications side, are still figuring out how the cloud will impact their business. While there is no shortage of hosted tools addressing different tasks in the software development lifecycle (SDLC), major players such as IBM/Rational have yet to show their cards. In fact, there was a huge gulf of difference in cloud-readiness between IBM and HP, whose former Mercury unit has been offering hosted performance testing capabilities for 7 or 8 years, and is steadily expanding hosted offerings to much of the rest of its BTO software portfolio.
More surprising was the difficulty of defining what Platform-as-a-Service (PaaS) actually means. There is the popular definition and then the purist one. For instance, cloud service providers such as Salesforce.com employ the term PaaS liberally in promoting their Force.com development platform, in actuality development for the Force.com platform uses coding tools that don’t run on Salesforce’s servers, but locally on the developer’s own machines. Only once the code is compiled is it migrated to the developer’s Force.com sandbox where it is tested and staged prior to deployment. For now, the same principle applies to Microsoft Azure.
That throws plenty of ambiguity on the term PaaS – does it refer to development inside the cloud, or development of apps that run in the cloud? The distinction is important, not only to resolve marketplace confusion and realistically manage developer expectations, but also to highlight the reality that apps designed for running inside a SaaS provider’s cloud are going to be architecturally different than those deployed locally. Using the Salesforce definition of PaaS, apps that run in its cloud are designed based on the fact that the Salesforce engine handles all the underlying plumbing. In this case, it also highlights the very design of Salesforce’s Apex programming language, which is essentially a stored procedures variant of Java. It’s a style of development popular from the early days of client/server, where the design pattern of embedding logic inside the database was viewed as a realistic workaround to the bottlenecks of code running from fat clients. Significantly, it runs against common design patterns for highly distributed applications, and of course against the principles of SOA, which was to loosely couple the logic and abstracted from the physical implementation. In plain English, this means that developers of apps to run in the cloud may have to make some very stark architectural choices.
The confusion over PaaS could be viewed as a battle over vendor lock-in. It would be difficult to port an application running in the
That throws plenty of ambiguity on the term PaaS – does it refer to development inside the cloud, or development of apps that run in the cloud?
Salesforce cloud to another cloud provider or transition it to on premises because the logic is tightly coupled to Salesforce’s plumbing. This also sets the stage for future differentiation of players like Microsoft, whose Software + Services is supposed to make the transition between cloud and on premises seamless; in actuality, that will prove more difficult unless the applications are written in strict, loosely-coupled service-oriented manner. But that’s another discussion that applies to all cloud software, not just ALM tools.But the flipside of this issue is that there are very good reasons why much of what passes for PaaS involves on-premises development. And that in turn provides keen insights as to which SDLC tasks work best in the cloud and which do not.
The main don’ts consist of anything having to do with source code, for two reasons: Network latency and IP protection. The first one is obvious: who wants to write a line of code and wait until it gets registered into the system, only to find out that the server or network connection went down and you’d better retype your code again. Imagine how aggravating that would be with highly complex logic; obviously no developer, sane or otherwise, would have such patience. And ditto for code check-in/check out, or for running the usual array of static checks and debugs. Developers have enough things to worry about without having to wait for the network to respond.
More of concern however is the issue of IP protection: while your program is in source code and not yet compiled or obfuscated, anybody can get to it. The code is naked, it’s in a language that any determined hacker can intercept. Now consider that unless you’re automating a lowly task like queuing up a line of messages or printers, your source code is business logic that represents in software how your company does business. Would any developer wishing to remain on the payroll the following week dare place code in an online repository that, no matter how rigorous the access control, could be blown away by determined hackers for whatever nefarious purpose?
If you keep your logic innocuous or sufficiently generic (such as using hosted services like Zoho or Bungee Connect), developing online may be fine (we’ll probably get hate mail on that). Otherwise, it shouldn’t be surprising that no ALM vendor has yet or is likely to place code-heavy IDEs or source code control systems online. OK, Mozilla has opened the Bespin project, but just because you could write code online doesn’t mean you should.
Conversely, anything that is resource-intensive, like performance testing, does well with the cloud because, unless you’re a software vendor, you don’t produce major software releases constantly. You need lots of resource occasionally to load and performance test those apps (which by that point, their code is compiled anyway). That’s a great use of the cloud, as HP’s Mercury has been doing since around 2001.
Similarly, anything having to do with the social or collaboration aspects of software development lent themselves well to the cloud. Project management, scheduling, task lists, requirements, and defect management all suit themselves well as these are at core group functions where communications is essential to keeping projects in sync and all members of the team – wherever they are located — on literally the same page. Of course, there is a huge caveat here – if your company designs embedded software that goes into products, it is not a good candidate for the cloud: imagine getting a hold of Apple’s project plans for the next version of the iPhone.
This guest post comes courtesy of Tony Baer's OnStrategies blog . Tony is a senior analyst at Ovum. His profile is here. You can reach him here.