Cloud Computing Realigns Role of Service Oriented Architecture
From its inception Service Oriented Architecture (SOA) has been a lightning rod for dissention among enterprise architects, solution architects and application architects. Enterprise architects view SOA as a business initiative that should be guiding what information technology assets receive investment and how they relate to the business’ goals and mission. Solution architects view SOA as a means to deliver solutions faster using the tenets of loose-coupling and finer-grained services, which enable faster construction. Finally, application architects see SOA as an infrastructure on which to deliver applications based on service interfaces. Regardless of viewpoint, SOA was clearly focused on the software architecture domain; that is until the arrival of cloud computing.
Debate still stirs around who coined the term ‘Service Oriented Architecture’, but a 2003 Gartner report references a 1996 Gartner report in which the term was first used and, which also describes a software architecture that complemented Web Services technologies that leveraged contract-first design to define an interface into a mesh of consumers and producers. While seemingly fodder for trivia night at the next IT conference, this clearly illustrates a concerted focus of SOA as a benefit aimed at simplifying the deployment and management of software.
However, even prior to 2003, the architectural benefits of SOA had long been recognized by computing professionals working in the field of distributed computing or had been developing distributed applications, and not just as software architecture. Indeed, early incarnations of Web Services technologies, such as Distributed Computing Environment (DCE) Remote Procedure Call (RPC) and the Common Object Request Broker Architecture (CORBA) both fostered a contract-first approach toward design, represented the producers as “servers” or “services”, and enabled businesses to develop network-accessible business services.
The advent of Hypertext Transfer Protocol (HTTP) and Extensible Markup Language (XML) just simplified the development of these services and made them accessible to a larger audience of developers. In fact, by some, DCE RPC and CORBA were considered extremely complex to understand and required highly-paid practitioners to build and support. The accessibility of Web Services to an audience that included PHP script developers enabled a level of ubiquity that was previously unfathomable.
For better or worse, anyone with an IT project attempted to associate their efforts with SOA in hopes that the excitement and perceived success around SOA would get resources and support. The hype around SOA had multiple industry impacts:
- SOA became a catch-all phrase representing a spectrum of IT-related efforts and outcomes
- The term SOA was co-opted by various factions in an attempt to corner the market for purposes of selling products and/or services
- Demand for SOA resources skyrocketed, but lack of clarity of surrounding SOA made it difficult for businesses to identify appropriate resources, which resulted in vendor-specific experience becoming a primary factor in decision-making
The net result of the hype was that it was quickly followed by strong disillusionment, because, as businesses soon learned, SOA is not about application development; it’s about the architecture. Creating a service is not as important as which services get created. So, why, in light of these lessons are we apt to see cloud computing repeat this trend?
Ooh, Here Comes The Next Shiny Thing
With cloud computing, the main level of abstraction is the service model, which describes the means and type of cloud offering. There are three service models that are most often used when discussing cloud computing: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). Service models contain within their definition the attributes of value, risk and roles.
With IaaS, the customer is acquiring the use of computing resources in the form of either a virtual machine instance or storage. Once created, the customer can load any operating system they choose on the machine instance and put any data they’d like on the storage. Typically, the customer will be charged for the amount of time and space they use for a specified period of time. This also means that the customer is responsible ensuring that any services they add on top of the IaaS are secure and available.
With PaaS, the customer is expecting a platform that manages the deployment and availability of their application. They also expect that details of operating system and storage are part of the application platform they are deploying onto. That is, the PaaS provider is responsible for ensuring that the application scales appropriately, that storage expands as needed based on demand and that the platform is secure from unauthorized access. Hence, the customer has different concerns based upon acquiring a different set of services.
SaaS completely removes the need for the customer to be concerned with anything but application capability and security. The SaaS provider is completely responsible for availability, security, data management and responsiveness. Here the burden of operation shifts more toward the service provider and away from the customer.
One would hope that IT is cumulative in its knowledge, adding what was previously known to the next iteration, but it would seem that is not always the case. Unfortunately, it seems that even though cloud computing is wholly focused on the delivery of services, it does not share an abundance of overlap with lessons learned from SOA. Likewise, there’s aspects of cloud computing, which are sorely lacking in SOA today.
SOA and Cloud Computing: Shared Experiences
At a recent cloud computing event in San Diego, IT executives from a large manufacturer, mid-sized real estate firm and mid-sized bank participating in a panel entitled, “is cloud computing mature enough for my business,” turned the question around and asked is my business mature enough for cloud computing?” Interestingly, in each of these cases the business has a greater role in cloud adoption than information technology, and, in many cases, without the guidance and approval of IT. Unfortunately, cloud may be limiting IT’s ability to apply lessons learned from SOA. In what is tantamount to 1990’s era LAN sprawl, which emerged in response to a lack of IT response to the needs of the business, business leaders are once again viewing cloud computing as a way to bypass tight and limiting IT controls in favor of faster response and higher productivity.
Indeed, according to Susan Cramm, founder of executive career-development and strategy consultancy Valudance, as well as former CIO of Taco Bell and CFO of a smaller PepsiCo restaurant chain, “CIOs used to deal with the occasional rogue IT project; now they have to deal with business managers who hire the equivalent of several IT departments using a credit card and their normal operational budgets. In fact, 65 percent maintain an IT budget of their own -- carved from their normal operational budget -- for SaaS or cloud services they can buy directly, rather than going through IT.” (Fogarty, 2011)
The net result of this cloud sprawl is that lessons learned from SOA regarding interoperability, architecture, governance and reuse are often not getting a fair opportunity to be applied in a cloud computing era and IT is being left to deal with integration, data management, disaster recovery and user management issues that might otherwise have been addressed. Moreover, cloud solutions are being selected outside the understanding of a larger enterprise architecture, which limits the ability to ensure that the cloud services being acquired are a best fit with existing IT assets and without appropriate justification. As a result, these actions will lead to higher costs for integration and data management over time eradicating any costs savings for moving to the cloud in the first place.
Ultimately, whether SOA or cloud computing, the question comes down to “what is a service and how is it delivered?” Those practicing SOA for application development today realize that, while it’s important to understand the key tenets of SOA are loose coupling, governance and granularity, understanding that SOA is, first and foremost, about the architecture is the most critical lesson of all. For example, the realization that the appropriate interface for the invocation of a method that may result in a large volume of data may be Simple Mail Transfer Protocol (SMTP) and not HTTP demonstrates an ability to envision a SOA solution as a composite of services working together in tandem to complete a mission.
Businesses successful with SOA tend to describe SOA in the following ways:
- SOA is about the interactions and relationships between consumers and producers
- Defining the appropriate granularity for a service is often the most difficult and daunting task
- The service fulfills a business need
Businesses successful in adopting cloud computing tend to describe their efforts as follows:
- I can fulfill a business need quickly without the overhead of acquiring a similar system managed internally
- I pay for only what I use and only acquire what I need
- Switching to the cloud-based solution saved money
Interestingly, these perspectives are two sides of the same coin. SOA’s success is representative of the service provider’s perspective in building and delivering a service, while cloud computing success is representative of the consumer’s perspective, indicating that cloud computing success may very well be reliant upon concepts like SOA to deliver quality services. Thus, the key for SOA practitioners is to deliver usable, reliable business services with a focus that goes beyond development.
What SOA Can Learn From Cloud
With cloud computing, the customer’s expectations of the service provider are captured in a service level agreement (SLA). The SLA lays out for the customer what they can expect if they subscribe to a vendor’s service regarding uptime, failure, assistance, and so on. Infrastructure and operations personnel are very familiar with these agreements as they have been a critical aspect of acquiring telecommunication services—Internet and phone—from the telecommunication service providers. These agreements are a major component of any mission critical system, yet, it’s rare to hear about the use of SLAs with regard to SOA.
Perhaps it’s the maturity level of SOA, or shall we say the immaturity of SOA, but the delivery of key business services should be accompanied by some indication as to what users can expect from IT with regard to use and availability of these services. However, since most of these services are delivered internally, the same expectations and constraints that operations and IT management would place on an outside vendor are not levied against the internal development organizations.
Additionally, most often times, IT itself is the consumer for the output of an SOA effort. That is, the output of an SOA effort are software services accessed through Web applications that IT is also developing and providing to the business. Therefore, IT may believe providing an SLA around the services is not warranted since they are the sole customer. However, this perspective undermines the confidence between the end users and IT and acts to foster a lack of trust in the organization. Should one of the underlying services fail, it would impact the availability of the Web application, which will impact the end users. Thus, the Web application is a component of the SOA delivery, not separate and distinct from it, and deserving of an SLA that spells out the availability of the components it is aggregating.
When Amazon Web Services had an outage in their Northern Virginia data center in April of 2011, they did their best to keep customers informed about the issue and the steps toward resolution. Even though many customers were impacted, they didn’t look to leave AWS because of this hiccup because they provided constant, informative updates regarding the situation. Users will accept bad things will occur, how you handle them as a service provider will determine your success. Even though the customers may not be paying for your services—directly—it still important for SOA practitioners to treat their end users respectfully and make no assumption regarding their level of technical understanding or their desire for information.
What Cloud Can Learn From SOA
Alternatively, SOA’s concepts of decoupling is critical to the future of cloud computing. Through SOA the industry has learned the importance of loose-coupling between services as a means of protection from changes and lack of availability. While cloud is young enough right now that it’s plausible for service providers to meet their current demand, in the future, as demand grows with cloud maturity, service providers may reach points of saturation where they may not be able to meet customer demand. This may be due to insufficient funding, delays in the supply-chain delivering critical equipment or geopolitical instabilities. In these cases, the tight coupling that dominates cloud architectures today will result in possible system-wide outages and rendering customer systems unavailable without opportunity to change providers without significant re-investment.
SOA also has fostered a new collaboration between development and operations. In the past, most IT applications were deployed on the desktop and communicated with a database over network protocols. As long as the network was available and the database server was accessible and operational, most users were capable of using the application without problems. In certain cases, however, the application would conflict with other desktop applications resulting in a small population of users having problems. With the switch from desktop to web-based applications, problems magnified as any operational problems impacted a much larger number of users. Extend this concept from a single multi-tiered web-application to a mesh of communicating software services and the potential for failure increases exponentially. Hence, SOA initiated a need for operations and development to work much more closely together in unison. Some organizations have further expanded on this concept into an operational paradigm called DevOps. This DevOps concept has become even more critical in the age of cloud computing, which has a greater focus on automation of the operations environment.
All in all, SOA and cloud computing have common competencies and should be building on the experiences each provides. SOA raises IT awareness of how to deliver services, not just applications, but falls short of offering mature service level agreements to back up their efforts. Additionally, SOA raised awareness of the need for governance in selection of investments. While SOA may have started with the lunchroom menu service, it has rapidly worked toward the building leasing service and the inventory tracking service demonstrating that businesses were having impact on steering IT output. Finally, SOA forged closer coordination of operations and development into a DevOps unit.
Meanwhile, the ease at which business can engage in cloud computing offerings may be undermining opportunity to apply lessons learned in SOA. Since the business can sign up for services without approval or input from IT, IT is losing the opportunity to ensure that acquired cloud services fit into the service oriented architecture. On the other hand, cloud computing demonstrates strong leadership in the delivery of IT services and uses service level agreements as a means of communicating expectations with the customer, whereas SOA typically has not focused on this level of commitment with users.
In the end, these two efforts should be influencing each other to ensure success in the enterprise. Cloud computing, due to its data center and operational foundation, bring a level of maturity that is lacking in SOA. SOA, on the other hand, lends cloud computing the experience of being a good enterprise citizen through governance and interoperability.
IT jobs: Winners and losers in the cloud era , Kevin Fogarty | InfoWorld
About the Author
JP Morgenthal is Cloud Evangelist for Smartronix. He has over twenty-five years of information technology experience spread across a wide array of technology and business requirements and a demonstrated ability to design complete systems inclusive of business justifications and ROI. Mr. Morgenthal communicates effectively with C-level, non-technical and engineering-level individuals in both written and spoken form and is a respected authority on Cloud Computing, Enterprise Architecture, and SOA/BPM. Mr. Morgenthal has authored three books, the most recent release is "EII: A Pragmatic Approach". JP is recognized as a Top 50 blogger on Cloud Computing and Virtualization by SYS-CON.
SOA and Cloud Computing
You rightfully note that the Cloud "...emerged in response to a lack of IT response to the needs of the business...", suggesting this is not the first time.
Perhaps this itself is the problem. IT controlling the Cloud under a single SOA regime, doesn't sound like anything a business person would care about.
Likewise, with 'contract first' services - you indicate that in a successful SOA, "Defining the appropriate granularity for a service is often the most difficult and daunting task", but let's examine that.
The reason granularity is a problem is because business users don't want to use generic services just for the sake of IT efficiency, this appears to be the tail waggin' the dog.
A coarse grained service that is unresponsive to interaction context is too generic for specialized business use. A fine grained service that is specific to a business context is too specialized for broad re-use.
This sets up a Goldilocks conundrum 'too hot' or 'too cold', while the business folks really wants 'just right'. And why shouldn't they, as their responsible for generating revenue.
If businesses want agility, they do really need to reconsider enterprise architecture. IT needs to realize that controls don't trump business, otherwise it will always be considered an obstacle to workaround. I'm not suggesting the absence of controls, but rather business optimization and policy precision.