"Secure Integration in a Box"... literally!

The way the Business innovates has shifted
Many businesses today are innovating by providing their customers with new ways to conduct business. This is a significant shift from how businesses used to run -- being directed from the enterprise out, with controlled applications, business processes, and information. Now those barriers are dissolving and technology has connected and empowered a new set of external stakeholders: customers, partners and even external app developers who demand a collaborative dialog with the business, while expecting highly secure access to their own information. The importance of technology to the business agenda continues to increase in priority, and IT needs to be able to respond quickly to these business needs by leveraging new capabilities like cloud, mobile and social computing for business advantage.

New workloads must be supported
Enterprises need a technology platform that can address the escalating demands of new workloads (mobile, APIs, cloud), as well as core traditional ones (batch, web applications, transaction processing) all while also addressing security. You must be able to adapt to the workload styles dictated by new technology and market trends. The core workloads like OLTP, batch processing, and web applications must interact with mobile apps, API services, and social conversations. But how can you make the change to your infrastructure to support all of the workload requirements?

Mobile creates new security and integration issues
Building and connecting mobile apps has become essential as the business focus has shifted to the mobile enterprise space – both for employees using mobile as a productivity tool and for customers/partners using mobile to conduct real business. While mobile presents great opportunity, it also presents some unique challenges around security and integration. Most legacy applications were not built to handle the new challenges of mobile security. Sophisticated, targeted attacks designed to gain continuous access to critical information are increasing in severity and occurrence. (For details on increased threats, see the IBM X-Force 2012 Trend & Risk Report) For example, XML security threats are growing. Securing employee-owned devices and connectivity to corporate applications are top of mind to CIOs as they broaden support for mobility. Regulatory and compliance pressures are mounting as companies store more data and can become susceptible to audit failures. Cloud security is a key concern as customers rethink how IT resources are designed, deployed and consumed. How can you secure access to enterprise resources from these growing threats?

Characteristics of the ideal solution for IT ‘s needs
IT organizations are under tremendous pressure to reduce costs and do more with less, all while responding to business demands. The ideal solution would address:

• Built-in Security for web apps, mobile, APIs, B2B and web services for both XML and non-XML traffic
• Workload Optimization by enabling self-balancing, providing dynamic load distribution to backend enterprise resources, and providing the option to cache certain types of data
• Superior performance to respond to growing workloads
• Industry standards support
• Flexible integration with backend services and data, shielding business applications from security requirements, protocol changes and service versioning
• Runtime SOA Governance to enforce different types of policies including Authorization Security and Service Level Agreements
• Reduced total cost of ownership (TCO) both for operational and development costs, with a minimal infrastructure footprint
• Simplified maintenance decreasing the time required to upgrade the environment

Assessing solutions from 4 key players in the market

There are a few technology vendors that provide a single drop-in solution in a physical appliance form-factor to address some or all of these requirements. But how does one choose the best solution? To help you decide, Lustratus Research has assessed four leading vendor solutions in this space. Read their findings in “A Competitive Review of SOA Appliances.”
 

---

Remember how we used to set alarm clocks at a fixed time? And browse web sites? Remember?

Everyone is familiar with pointing their web browser at a web site that is powered by several web servers so that they can locate information, data, go shopping, banking, do social media stuff, etc. 

Imagine, in the future you will be able to point your browser at a person and get information about the person including health status – blood pressure, heart rate. Or point at a house and get the status of devices in the home from the security system, heating and media and just as important will be able to control them.  The Internet of Things goes beyond this, it will not just be people interacting with devices but the devices interacting with each other. 

 

Imagine an intelligent alarm clock that looks at your calendar and understands where you need to travel to first thing the next day, it monitors traffic and weather conditions and wakes you up at the right time to ensure you get to you first appointment on time.

Imagine devices that consume a lot of energy, listening for changes in the price of energy and turning on when the rate is cheap and off when the price goes up enabling efficient use of the grid.

Imagine emergency services drawing up at a building that is on fire and using an augmented reality display to determine where hazardous chemicals are located on site, where people are located and what their health condition is.

What will the world look like in 5 years time? It will be a lot more event-oriented. With the proliferation of devices the internet will evolve.

To connect smart devices with each other to the enterprise, you would need a reliable but lightweight messaging protocol. Message Queue Telemetry Transport (MQTT) is an open message protocol that enables the transfer of telemetry-style data in the form of messages from pervasive devices, along high latency or constrained networks, to a server or small message broker. Pervasive devices may range from sensors and actuators, to mobile phones, embedded systems on vehicles, or laptops and full scale computers. This extremely lightweight publish/subscribe messaging transport is useful for connections with remote locations where a small code footprint is required and/or network bandwidth is at a premium.

Did you know that Facebook is using MQTT for their smartphone messaging app launched in late 2011. More details on that are here:
https://www.facebook.com/notes/facebook-engineering/building-facebook-messenger/10150259350998920

IBM's implementation of MQTT in WebSphere MQ allows for access to remote devices with your messaging infrastructure running on MQ. More details are here:  

http://www-01.ibm.com/software/integration/wmqfamily/telemetry/

The most exciting news is that MQTT is now taken to a standards body. For details on the submission to Eclipse of MQTT Java and C client code, see here:  

http://eclipse.org/proposals/technology.paho/

Every company, organization, city, nation, and natural systems like rivers and weather are becoming instrumented, interconnected and intelligent. This is leading to new savings and efficiency—and perhaps more importantly—new possibilities for progress. 

We live in such exciting times!

Service Federation Management whitepaper

Useful whitepaper on Service Federation Management that discusses identifying service domains, federation topologies to consider and the sharing, governance and monitoring of services across service domains. (Why are these still called whitepapers? What's with white and paper? Who prints anything these days anyway?)

All growed up

The title of this blog post doesn't have a typo. All Growed Up is the animated movie of Rugrats, a popular American television show that portrays lives of a group of toddlers. In this episode of Rugrats, the babies attempt to tackle real issues as if they are much older and ponder major life decisions. Its like Rugrats 2.0.

Mainstream SOA adoption
We are at an inflection point with Service Oriented Architecture (SOA) maturity. For several years, businesses have moved to an architecture that is oriented towards services to give them increased flexibility. For over ten years, applying SOA principles has been a very effective way for organizations to achieve both business agility and cost optimization. SOA has primarily been about the services that allow an organizaton to achieve its business goals, and both service reuse and flexibility have been key factors in the success of SOA. Across the world, thousands of IT organizations have embraced SOA to really simplify their application integration environments and enterprise architecture, by addressing and increasing service reuse as well as securely integrating across a heterogenous set of service consumers and service providers. Each of these organizations started with a specific business problem or process or application and a set of services. These SOA pilot projects focused on specific business problems that tackled aspects of the SOA lifecycle. By using the SOA paradigm and applying best practices they were able to see real business benefit. SOA is more mainstream now and often as the "only way that IT approaches and solves business problems".

SOA is "all growed up"
Many enterprises are moving beyond SOA projects that focused on specific, departmental business problems to more complex SOA installations extending the reach of SOA and making it ubiquitous, supporting end-to-end business transactions across departmental or business unit boundaries. Most modern enterprises are not single entities, but have multiple business units. These are different departments or lines of businesses, that are sometimes even across country boundaries. And each business unit has services reused within the business unit boundaries via its own connectivity infrastructure. Each domain has their own ESB and registry. These domains or business units are often unconnected and autonomous - they are effectively "islands of SOA", or service domains. There has been a growing requirement to share services between these independent domains. These may be a result of a merger or acquisition, or the creation of inter-enterprise hosted services, or as a result of multi-enterprise collaboration. Connecting isolated services can optimize business performance and improve flexibility.

What if this cost can be reduced by bridging connectivity "across" domain boundaries? A non-technical analogy is - a government structure where a "federation model is used to address unity out of a number of separate entities so that each member retains the management of its internal affairs."

In the SOA context, this poses several questions:

• Heterogeneity : How does one maximize service reuse across heterogeneous enterprise domains?
• Share: How can one share services between domains, instead of federating the underlying connectivity infrastructure?
• Visibility: Can an enterprise architect discover and manage those services that span the multiple SOA boundaries?
• Effort: Sharing services on a case-by-case basis is possible, but can be complex and costly.What code has to be written by the IT middleware team to accomplish the federation?
• Autonomy: Can each domain still run their own SOA based on how they like it, or same as how they did it before participating in the federation?

In other words, there is a strong need to manage service visibility and reuse across the enterprise, across divisions and across boundaries of SOA domains. As Tommy would say to Angelica from Rugrats in his nasally voice, "what are we going to do Angelica? we are all growed up!!"

"Yes, everything is included!"

Why can't all buying decisions be made easy? My teenage son wanted to get a "good" sound system for his car. In the U.S., you can drive at 16. Since he drives a previously used car that is over 10 years old, he wanted to upgrade his speakers. You know for the usual reasons - to feel good, look cool, show off at school, etc.

So after having a family discussion about it, I agreed to look into it. I took my son to the default giant electronic superstore, because "they have everything you need" and "you can't go wrong". We entered the giant store and found the car audio section. What I saw was a large impressive array of choices. There were aisles of stereo receivers with many sub-choices. There were about 40 different speakers. Then there was the sub-woofer section, some with an enclosure included. Somehow through all this maze, I must have missed the "Accessory" section, which displays hundreds of cables and connectors. I was both impressed and annoyed.

We walked over to the sales rep and I asked him "Can you help us? We wanted to get a good audio system for our car." His response was something I dreaded even before I walked into the store. He said "Well... depends on what you want". I wanted to scream. Not at him but the store. I was the customer. They were the audio technology experts. How would I know what I want?

I patiently replied - "Can we go over the components/features and you give me the list of things I need to buy?" He reluctantly agreed. After spending 45 minutes walking through the different aisles and making hasty uninformed decisions along the way, I waited for the list and the price estimate. The sales rep came back and said "Your total will be $925.96". I said "Ok" to him and "Wow. That's a lot. I wonder if I chose the wrong components. Maybe 1000 watts is too much" to myself.

Then he dropped a bomb! He said - "You know that price is just for parts. Installation cost is extra. About $300-500". I was speechless. We thanked the store employee and quickly left.

As we drove home, I thought - that is a lot of money for something that I don't know will even meet my expectations or I would be paying for the premium quality sound that would exceed my expectations. Big unknown.

My son told me about another store that specializes in car audio electronics. So the next day we went there.

It was a small store that seemed to generate a positive vibe. Maybe it was the music with high quality sound that was playing. Maybe it was the number of people in the store. We went in. I said "We need to upgrade our sound system in our car". He only asked us two questions. "What kind of car?" and "What kind of music do you listen to?". After we answered his questions, he pondered first, used the calculator next, and then said "$800 for an excellent system"

I said "Ok. Does that include sub-woofers? What about the enclosure for the sub-woofers? Does the price include the 4 speakers? What about the wiring? How much is installation?" He said "Yes, everything is included". Then he listed the specs of his package - 2000 watts, Pioneer receiver with detachable faceplate+remote, CD/MP3 and USB/iPod/iPhone compatible, 2 sub-woofers 12 1/2 inch each with enclosure, mounted in the trunk, and a 1000 watt amplifier for the sub-woofers installed behind the backseat.

That was music to my ears! Acceptable price, good brand name components, tailored to the customer's music preference (hip-hop), and installation was included. I was pleased. Then he said something even better "I can do it right now and it will take one hour". Sold! About 90 minutes later, my son was driving home in what sounded like a "dance club on wheels".

What if technology purchasing decisions were that easy?

As their needs grow, businesses often look at their IT infrastructure and consider an "upgrade". IT managers begin exploring how others are solving similar problems.

So many questions to consider?
- Should I now embrace a Service Oriented Architecture (SOA)?
- Is an Enterprise Service Bus (ESB) required?
- Do I need a Service Registry?
- Do they come together?
- Do I make two separate decisions or can I get everything I need?

- Do I need something else for handling file transfers or will my FTP based systems work with the ESB?

When IT managers do go shopping, do technology vendors say "Depends on what you want"? Or do they say "We have a package or a suite that will solve your application integration problems. It can coexist and fit on top of your existing technologies and also allows you to grow as your needs evolve"?

Does being prescriptive in an application integration or middleware space make sense? What do you think?

Who let you change that?

So I find myself taking some time off from work this week. You know for "the Holidays" through New Year's Day 2010. I stroll outside my front door and see something attached to the door handle from the outside. Was it something from Santa? Or just a pesky promotion for me to buy something? Well, neither.

I just found out that my utility company that provides gas and electric services to my house, just installed a "Smart Meter". Now that sounds really exciting because I never really liked my "Dumb Meter" that I have had for 14 years. But wait a minute. I thought I was already enrolled in the "Smart AC" program. Oh! That was for putting intelligence into my Air Conditioner. This will make my entire gas and electric consumption "smarter"! How wonderful. I feel so intelligent now living in a Smart house.

While I am certainly all for embracing change to help be more smart about power/gas consumption and often am an early adopter of technology, I started thinking about the change incident itself.

- Who allowed the utility company to do this?
- If they installed a Smart Meter, they must have uninstalled the previous meter
- Was power interrupted during the swap?

I couldn't help thinking what if I was working from home and on an important conference call? My cordless phone connection, Instant Messaging session and Internet connection would have definitely dropped when the power was cut for a few seconds. I would have seen an actual "outage"!!

While I didn't feel the impact of this meter swapping, this reminded me of how IT often deals with change. In several enterprises that have embraced a service-based paradigm to achieve business agility through reuse and optimization of resources, a utility company installing a Smart Meter at a home is very similar to
- A new business service being installed into production
- A new version of an existing service being installed
- Deleting a service from an environment because no one is using it

Got services?
So that brings me to a big question for you. Do you know where your services are? What if you are tracking their use in a spreadsheet? ...

While several IT organizations manage this problem somewhat effectively by having elaborate change control processes and review boards, that approach is not foolproof and not scalable. Some IT organizations are smarter than that. They use a Service Registry to control and manage change.

A Service Registry contains information about services, such as the service definitions, interfaces, operations and parameters. These smart organizations start by registering information about services into a Service Registry. They can then get the visibility and change control they need when a new version of a service is registered or uploaded. So Service Registries are great.

Calm the chaos
With IBM's Service Registry, called WSRR, which stands from WebSphere Service Registry and Repository, you can even "auto-discover" services that may exist across your entire network on a variety of platforms such as .NET and JEE. That certainly helps with the initial setup phase.

So you maybe thinking that WSRR is just a slick catalog or a collection of service metadata, what's the big deal? Well, the big deal is that just like you capture information about services in WSRR, you can also create and manage policies in WSRR. It enables policy management across the lifecycle of a service. Policies can be attached or associated with one or more service, and then actually enforced during service development time as well as during runtime.

If you already have an idea of what WSRR is from a few years ago, I suggest you look again. The product has been transformed significantly in the last year. The latest version of WSRR, gives you ATOM feeds enabling Web 2.0 style interactions in a REST fashion. That means you can get notified about service related activity on your smart phone, favorite news reader, email or web dashboard. So during development time, someone could be notified that a new service definition is being created by a developer. To avoid service proliferation, the Enterprise Architecture team for example, could decide if reusing an existing service makes more sense.

What if you don't have services, but like to get the visibility and control for your MQ-based applications? Service enabled applications from WebSphere MQ and CICS can be published in WSRR enabling you to reuse, classify, describe, and govern these apps like any other service.

And WSRR is not just for IT users. Even business users can get useful information about services, because after all they are the ones who fund the IT infrastructure. WSRR V7 allows business users to track ROI of service investments, through simple browser widgets, that provide useful info graphically. Ofcourse, WSRR does much more than what I listed in this blog post. You can get more details here.

Outage?
So that brings me back to my meter-swapping concern. It turns out that the utility company had notified me about the meter change event but it was a month ago and by snail mail. If only I was alerted by email for me to click "approve" or a tweet or something...

And BTW, looks like there was an outage in my home. My kitchen clocks were blinking and needed to be reset.

Bit the bullet

I finally did it. Couldn't resist the temptation. Come on, the year 2010 is almost here. Now I can say "Yes. I blog". And maybe even say "never mind", if I am asked to explain myself.

Now, before I really blog, I better say that I am employed by IBM, and the postings on this blog are my own and do not necessarily represent IBM’s positions, strategies or opinions. So there.

About the title of this blog, I live in a city called Walnut Creek in Northern California, near San Francisco. That's the reference to the creek.

Soon I plan to blog about integration technology and people. Stay tuned!