Welcome!

Web 2.0 Authors: Bernard Golden, Greg Ness, Roger Strukhoff, Lori MacVittie, Carmen Gonzalez

Related Topics: SOA & WOA, Java, .NET, Virtualization, Web 2.0, Cloud Expo, GovIT

SOA & WOA: Article

SOA and the Cloud: Why Your Cloud Applications Need SOA

Use a services-oriented architecture as the fabric upon which to build your cloud-based applications

Some consider cloud computing to be a cure-all for virtually any type of IT infrastructure. And while the cloud certainly delivers on many of its promises, it will never truly provide all that it's capable of unless it's optimized for integration with other applications and evolution for new requirements. What is the best way to provide this? Use a services-oriented architecture (SOA) as the fabric upon which to build your cloud-based applications. In this article, we'll outline the reasons why an SOA is so important for the cloud, some principles to consider when creating your cloud platform on an SOA.

A marriage made in IT heaven: Cloud and SOA
Cloud promises just about everything a CIO could possibly hope and dream for:  lower IT costs, eradication of daily management tasks, and massively reduced overhead. At this point in its evolution, however, cloud has been so touted and lionized; it's difficult to know how to separate the truth from the hype.

But for those who have had to implement and manage packaged enterprise applications, there are at least some aspects of cloud that are indeed very real, and those involved are eager to take advantage of. Cloud truly can provide a huge positive change in how you run your business, and we know by now that some of the early promises of cloud are indeed being delivered upon. And even though there will always be limitations to what was initially promised, those bulleted lists of what cloud can do for us are, thankfully, mostly true.

What's not as evident though, is the fact that a cloud offering is really just a way of delivering functionality through a service. It's not worth a whole lot if there's not a unified roadmap for how to construct, orchestrate and run all the services your organization relies upon. Without the processes that bring a service to the user, then all you have is some code that's easily accessible. Can the cloud concept still save you time, money and resources? Of course it can, but cloud services and functionality need to be brought together with a unified plan.

Can you guess what that unified plan is? Well, there are a lot of different ways to do it, but the easiest way, and the one that provides the greatest flexibility and most applicable built-in governance is a service-oriented architecture (SOA). There's confusion about the role an SOA plays in a cloud environment, but make no mistake, cloud is not a replacement, nor an incremental improvement of cloud. Rather, SOA acts as a cohesive, flexible infrastructure that enables services to function and integrate. That's partially because, just by its very nature, an SOA is a services-based platform. An application in the cloud can't do much unless it's sitting on top of something that's optimized to recognize and pull together, in an agile way, the various types of components that exist within a service (and even more so when you're combining a variety of services).

Figure 1: A service-oriented architecture at its essence

While the cloud needs SOA, it's important to implement it with adequate services security, governance, adherence to standards, and commitment to flexibility. There are entire operational, developmental, planning, and policy attributes that are crucial to using an SOA for your cloud, and that's what we've built our SOA platform on. Our Integrated SOA Governance solutions provide integration capabilities that enable your enterprise applications to be integrated and communicate with one another.

Okay, so we're a vendor, and we're inclined to think that best results will come in the form of our solution. But we created our SOA governance model mostly because, through years of collective experience and an inordinate amount of research, we recognized that a true SOA environment is the most effective way to unify, govern and manage enterprise apps and to enable your organization to grow in a scalable way without having to re-architect your IT framework. When it comes to cloud, well, there are a lot of different ways to skin this cat, but we think that architecting your enterprise application and services environment with an SOA will ensure that you're truly taking advantage of the cloud.

Putting cloud and SOA together
With the presumption that SOA and the cloud support and extend one another, there's still a great deal of confusion over where an SOA starts and the cloud begins.

Perhaps it's best to think about it in terms of a foundation and the things that sit on top of it. SOA provides a stable foundation, but it's not static. It's inherently flexible; in fact, one of an SOA's greatest attributes is its ability to adapt and integrate to both legacy systems and whatever may change and evolve in your IT landscape. That adaptability allows for any applications and systems to integrate with the basic structure of the platform, and optimizes how applications are accessed and data is transacted. And what platform can produce the best results in this environment? You guessed it - the cloud.

In our view, there really is no point at which an SOA ends and something else "takes over". Rather, we see that an SOA and cloud architecture are complementary, and that to be successful at having an effective architecture, you really need to think about what will optimize your services-based infrastructure. And if you're going to deliver or transact with cloud-based services, it probably makes sense to keep SOA as the foundation for everything, and putting a cloud-based system on top of that. The benefits will be mostly from the interoperability among all the different services that are transacting through the cloud, but are optimized because the SOA allows them to communicate and work with one another seamlessly (this, of course, is subject to your implementation).

Each component in a cloud-based application should be considered a separate Enterprise Service, even if they are not hosted by your IT organization.  To get a cloud-based application working right, and assuring that it will perform as expected over time, one needs a single point of governance over these highly virtualized Enterprise Services throughout the entire service lifecycle.

Starting at the planning stage, creators of a cloud-based application need to develop and track the inventory of cloud services that are available or under construction.  Business analysts, architects and developers need to be able to compare their enterprise SOA roadmap and desired slate of cloud applications with the Enterprise Service inventory, which consists of both cloud-based and traditional Enterprise Services.  Planning governance gives these stakeholders the ability to assign development priority to the cloud services that are most urgently needed, as well as determine the applicability of cloud technology to the problem. For instance, is the application subject to "speed-of-light" concerns?

Figure 2: Stages and elements of a cloud/SOA solution

A development governance solution will provide seamless management of "the cloud" as a development target. Operational governance for cloud services should ensure two important governance factors:  First, that the services themselves implement and enforce relevant policies for data protection, security, and service levels.  Secondly, it should ensure the federation of externally provided cloud services into the enterprise network. This is similar to the way externally provided SaaS services need to be federated for policy and message exchange pattern mediation.

Cloud services are subject to the same governance process as any other enterprise service, and as such need the same levels of policy governance.  For cloud services this includes the ability to define cross-cutting policies during the planning process and validate and enforce these policies through development and operations.

SOA Software product suite allows for easy management of SOA Governance throughout the plan-build-run service lifecycle, anchoring the process with strong policy governance. In planning, SOA Software Portfolio Manager allows planning stakeholders to develop an SOA roadmap, compare it to existing and planned services, and assign priority to selected services.  In development, SOA Software's Repository Manager makes sure that enterprise services confirm to appropriate standards and guidelines, providing powerful change management capabilities.  It also governs the consumption process, facilitating controlled and measurable asset reuse. When services are deployed, SOA Software Service Manager implements and enforces defined policies for security, performance, and reliability to ensure that enterprise services function as intended.  SOA Software Policy Manager works in concert with these products to keep policy definitions, and associated metadata, consistent as the service matures from planning through development and then into operation.

Arriving at Cloud Nirvana
Keep in mind that it's not that SOA provides the glue, or that it fills in any gaps, but rather in the model of a well-constructed enterprise architecture, SOA is both the support net and the building blocks that allow you to truly benefit from the cloud. But if you're trying to boil it down to its essence, it comes down to these points where SOA delivers value and cohesion for your cloud:

  • Governance: what's not often stated about the cloud is the need for thorough and comprehensive governance. Nothing provides that better than a services-based framework that actually requires standards to keep all the disparate applications communicating and transacting with one another.
  • Integration: your apps from yesterday, the ones you have now, and the ones you're going to buy/develop in the coming years will all need to integrate and interact irrespective of complexity. SOA is entirely built on the precept that THAT is its main function - to take processes, no matter where they come from, and make them worth with other processes. If you doubt that, we'll invite you to chat with any of our customers and they can describe how much easier things got once they focused on SOA.
  • Common purpose: applications are meant to be used and users don't care where the app lives, or what it took to bring the functionality to them. They just want it up when they are, and ready to transact business 24/7. The cloud is supposed to provide the house in which that's all done, but it just won't get done unless there's a flexible backbone that enables all of that. Again, that's the job of SOA.

We know that there are dozens of other considerations, some at the business rules level, and some having to do with hardcore code compliance. But ultimately when we need to take a solution back to our company and help them be successful, we'll think about these things and realize that if we can agree on a common purpose for our apps, integrate them, and provide the necessary governance, then we're ready to establish our presence in the cloud and prepared to grow and adapt.

When you get there, when you get to that point where you're running your applications in the cloud and benefiting from substantial cost savings and watching integrated apps play nicely with one another, and the CEO pats you on the back and tells you what a great job you're doing, then you will know that you are, in fact, in cloud nirvana.

More Stories By Roberto Medrano

Roberto Medrano, Executive Vice President at SOA Software, is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been involved at the beginning of four IT industries: EDA, Open Systems, Computer Security and now SOA.

Prior to joining SOA Software, he was CEO of PoliVec, a leader in security policy. Before joining PoliVec, he was one of the top 100 Sr. Executives at Hewlett Packard. At Hewlett-Packard (HP) served as the General Manager of the E-Services and Internet Security Divisions. Medrano has held executive positions at Finjan, Avnet Inc, and Sun Microsystems. Medrano participated in President Clinton’s White House Security Summit and has been an active member on National Cyber Security Summits, and the White House National Strategy to Secure Cyberspace.

Medrano has been selected as one of “The 100 most influential Hispanics in US”, “The 100 most influential Latinos in Silicon Valley” “Top 100 most influential Hispanics in Information Technology” and is co-founder and CEO for Hispanic-Net, a non-profit organization. Medrano holds an MBA from UCLA, a MSEE from MIT, BSEE from USC.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
Samsung VP Jacopo Lenzi, who headed the company's recent SmartThings acquisition under the auspices of Samsung's Open Innovaction Center (OIC), answered a few questions we had about the deal. This interview was in conjunction with our interview with SmartThings CEO Alex Hawkinson. IoT Journal: SmartThings was developed in an open, standards-agnostic platform, and will now be part of Samsung's Open Innovation Center. Can you elaborate on your commitment to keep the platform open? Jacopo Lenzi: Samsung recognizes that true, accelerated innovation cannot be driven from one source, but requires a...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Architect for the Internet of Things and Intelligent Systems at Red Hat, will describe how to revoluti...
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at Internet of @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, will discuss how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money! Speaker Bio: Esmeralda Swartz, CMO of MetraTech, has spent 16 years as a marketing, product management, and busin...
SYS-CON Events announced today that Red Hat, the world's leading provider of open source solutions, will exhibit at Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As the connective hub in a global network of enterprises, partners, a...
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at Internet of @ThingsExpo, Robin Raymond, Chief Architect at Hookflash Inc., will walk through the shifting landscape of traditional telephone a...
SYS-CON Events announced today that Matrix.org has been named “Silver Sponsor” of Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Matrix is an ambitious new open standard for open, distributed, real-time communication over IP. It defines a new approach for interoperable Instant Messaging and VoIP based on pragmatic HTTP APIs and WebRTC, and provides open source reference implementations to showcase and bootstrap the new standard. Our focus is on simplicity, security, and supporting the fullest feature set.
BSQUARE is a global leader of embedded software solutions. We enable smart connected systems at the device level and beyond that millions use every day and provide actionable data solutions for the growing Internet of Things (IoT) market. We empower our world-class customers with our products, services and solutions to achieve innovation and success. For more information, visit www.bsquare.com.
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic • Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it’s a mix of architectural style...
SYS-CON Events announced today that SOA Software, an API management leader, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOA Software is a leading provider of API Management and SOA Governance products that equip business to deliver APIs and SOA together to drive their company to meet its business strategy quickly and effectively. SOA Software’s technology helps businesses to accelerate their digital channels with APIs, drive partner adoption, monetize their assets, and achieve a...
From a software development perspective IoT is about programming "things," about connecting them with each other or integrating them with existing applications. In his session at @ThingsExpo, Yakov Fain, co-founder of Farata Systems and SuranceBay, will show you how small IoT-enabled devices from multiple manufacturers can be integrated into the workflow of an enterprise application. This is a practical demo of building a framework and components in HTML/Java/Mobile technologies to serve as a platform that can integrate new devices as they become available on the market.
SYS-CON Events announced today that Utimaco will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Utimaco is a leading manufacturer of hardware based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. Only Utimaco delivers a general-purpose hardware security module (HSM) as a customizable platform to easily integrate into existing software solutions, embed business logic and build s...
Connected devices are changing the way we go about our everyday life, from wearables to driverless cars, to smart grids and entire industries revolutionizing business opportunities through smart objects, capable of two-way communication. But what happens when objects are given an IP-address, and we rely on that connection, sometimes with our lives? How do we secure those vast data infrastructures and safe-keep the privacy of sensitive information? This session will outline how each and every connected device can uphold a core root of trust via a unique cryptographic signature – a “bir...
Internet of @ThingsExpo Silicon Valley announced on Thursday its first 12 all-star speakers and sessions for its upcoming event, which will take place November 4-6, 2014, at the Santa Clara Convention Center in California. @ThingsExpo, the first and largest IoT event in the world, debuted at the Javits Center in New York City in June 10-12, 2014 with over 6,000 delegates attending the conference. Among the first 12 announced world class speakers, IBM will present two highly popular IoT sessions, which will take place November 4-6, 2014 at the Santa Clara Convention Center in Santa Clara, Calif...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at Internet of @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, will discuss how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.

SUNNYVALE, Calif., Oct. 20, 2014 /PRNewswire/ -- Spansion Inc. (NYSE: CODE), a global leader in embedded systems, today added 96 new products to the Spansion® FM4 Family of flexible microcontrollers (MCUs). Based on the ARM® Cortex®-M4F core, the new MCUs boast a 200 MHz operating frequency and support a diverse set of on-chip peripherals for enhanced human machine interfaces (HMIs) and machine-to-machine (M2M) communications. The rich set of periphera...

SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue business and deliver exceptional experiences to their customers.
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce the value of the network in helping organizations to maximize their company’s cloud experience.
The Internet of Things (IoT) is making everything it touches smarter – smart devices, smart cars and smart cities. And lucky us, we’re just beginning to reap the benefits as we work toward a networked society. However, this technology-driven innovation is impacting more than just individuals. The IoT has an environmental impact as well, which brings us to the theme of this month’s #IoTuesday Twitter chat. The ability to remove inefficiencies through connected objects is driving change throughout every sector, including waste management. BigBelly Solar, located just outside of Boston, is trans...
SYS-CON Events announced today that Matrix.org has been named “Silver Sponsor” of Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Matrix is an ambitious new open standard for open, distributed, real-time communication over IP. It defines a new approach for interoperable Instant Messaging and VoIP based on pragmatic HTTP APIs and WebRTC, and provides open source reference implementations to showcase and bootstrap the new standard. Our focus is on simplicity, security, and supporting the fullest feature set.