As Mark Twain once quipped: “Everybody talks about the weather but nobody does anything about it.”
Not long ago the same might have been said about Web services: much talk, little action. But things are beginning to change. CIOs are now taking a cautious ‘yellow light’ approach to Web services and are beginning the migration from current point-to-point IT infrastructure to an open, flexible, and reusable services-oriented architecture.
For CIOs like Teknion Corp.’s John Comacchio, weighing the risks of introducing change into the current IT environment is at the heart of the Web services adoption question. And he’s not alone. IDC Canada research shows that despite significant Web services activity among Canadian organizations, the lion’s share of projects remain within the initial stages of planning and implementation.
Despite slow adoption, CIOs favour progress away from application functionality that is inextricably fused within a point-to-point architecture.
“I want to implement a standardized backbone – a dream in every CIO’s mind,” says Comacchio. To this end, organizations are first exploring applications using Web services protocols such as SOAP and WSDL. But this is just the start in realizing the CIO’s dream. The end-state is coarsely defined reusable application services, dynamically consumable within business processes spanning the organization, while capable of extension to partners and suppliers.
Today, this Web services vision seems firmly in the realm of dream, but nonetheless it is still a good strategic target.
teknion weighs Web services
Based in Toronto, Teknion has over 3,000 employees spanning 22 locations worldwide. Highly regarded for innovation in office furniture, the company operates across a complex value chain of suppliers, dealers, and customers.
Through acquisitions and an expanding supply-chain, Teknion’s IT infrastructure has grown in complexity over time. The company’s IT environment is decentralized, and composed of many non-homogeneous, disparate applications. One of Comacchio’s biggest challenges is presenting data to customers while trying to consolidate data at the back end for delivery people.
Comacchio is weighing Web services as part of an overall strategy to pull together his disparate ERP data and functionality to provide a single real-time view for internal and external stakeholders. “We look at Web services as a way to bring this all together,” he says. “I can, in essence, reduce integration costs and improve scalability and flexibility to deliver information as a single face.”
But he has not bought into the rhetoric wholesale. “At the end of the day, business drives the IT direction. [It’s about] mean time to market. We live in a world of instant gratification. If I have to get the application to market fast, then I’ll use point-to-point. A lot of the apps that we have put up, or that we will put up, are very tactical. They’re for today’s business issues. But I don’t want to overlook the overall strategic framework.”
Comacchio warns that Web services not done right can add more problems than are solved. “Strategically, my plan has to be three-step: from disparate architecture to focused architecture to a managed architecture,” he says. “Everyone thinks the Web is a panacea, but it can potentially result in a whole lot of singular disparate applications. My job is to prevent that.”
rolling out modest implementations
IDC Canada research indicates that though still within the early stages of build out, the number of Web services projects is flourishing. However, project size remains relatively small. Incremental rollout of technology continues to be a function not only of risk aversion, but also of business need and ROI.
“The most important thing is to have a long-term vision and a short-term plan,” says Ryan McRonald, Manager and member of the Web Services Council at systems integrator BearingPoint. “It’s a fine balance; seldom do we see a good balance between tactical and strategic considerations.”
For an initial foray into Web services, McRonald recommends “undertaking some projects where there is demonstrable ROI and potential business benefit, such as solving a particular integration problem between two specific applications, rather than trying to create an enterprise-wide reusable service that can be consumed by any application in any area of the organization.”
In order to meet longer-term objectives, he explains, you may wish to “start up a business-modeling capability within your organization, where you begin to document some of the legacy rules and processes that someday may be transformed by more modern replacement systems.”
CCL takes an incremental approach
At CCL Industries, CIO Akhil Bhandari advocates an incremental approach to deployment. He advises taking both a business and technology tack to review project success from the perspective of all stakeholders. Like Teknion’s Comacchio, he wants to ensure that enough time is given to properly assess the ‘new’ current state, ensuring that all is operating as it should, prior to layering on anything else.
Bhandari sees Web services rollout occurring in three phases. The first he describes as the communications phase. At this starting point organizations are turning to Web services to ease the costs and bottlenecks of inter- and intra-organizational information transfer, where errors and time lag can creep in. He cites the order fulfillment process as an example, wherein manual steps traditionally abound, adding the cost of time to re-key data from one system over to another, which inevitably leads to data-entry errors.
The second and third phases encompass facilitating more robust transactions and expanded collaboration, enabled by integrated workflow.
Bhandari has put a portal in place to streamline these processes, leveraging XML for interoperability among his suppliers and customers.
understanding the risks
Dr. Ian Graham, IT Strategist with the Bank of Montreal, explains that “you do make tradeoffs. The first time through, you don’t want to do everything. You want to do enough the new way and run enough things through the new process that you understand the risks, the benefits and costs better. So that the next time through, you actually have a better risk management framework for identifying the right choices.”
He advises establishing internal guidelines and best practices that can be leveraged by the teams next in line to tackle such projects, so that they don’t have to repeat the same mistakes and can take advantage of service specifications, schema designs, and development practice guidelines.
Graham explains that there are multiple dimensions of risk associated with Web services. But there is an upside as well, for Web services can mitigate the risk of continued sprawling complexity.
From an architectural perspective, Graham asks, “do you define top-down or bottom-up?” The deliberation centres on the specifics of first defining the WSDL (for describing/exposing application functionality) and then deriving the underlying code from the WSDL. Or, on the other hand, deriving the WSDL from the code. He finds that with the top-down approach, it is easier to translate business requirements into business Web services. The bottom-up approach is technically easier to achieve, but produces less flexible, less business-centric services.
delivering integrated workflow
McRonald sees Web services enabling a level of workflow integration that will allow organizations to consider business issues, rather than being mired in technology. But he says that there are multiple stages to reach that goal. “In my observation many organizations are still struggling with the integration dilemma. They have yet to achieve the vision of Web services composite services, orchestrated by workflow technologies that are agile and readily changed.”
Delivering integrated workflow will rely on addressing considerations like application and data reusability, adaptable across diverse situations. “If there’s an easy way to serve up an application,” Teknion’s Comacchio states, “people want to do it the easy way.” But he cautions that there is much more to application reusability than exposing a standardized service interface. He advises that CIOs should consider the unique contexts of stakeholders who will be consuming information and utilizing the functionality.
“Who are the stakeholders that we’re trying to reach, and what are we trying to reach them with?” he asks.
Comacchio describes inappropriate information reuse as one of the dangers of the Web. “You can serve [information] up worldwide quickly, but if you don’t know the community you’re serving it up to you can’t control the information in the context in which they need it.”
In order to address the growing information needs of the variety of constituents he serves, while delivering it to their unique requirements, Comacchio is exploring a portal concept.
However, several unresolved questions, in his view, could limit the progress of Web services. These include:
– Data gaps. Will holes be discovered in data completeness when pooled together?
– Data timing. How do you define ‘when is now’, operating real-time across time zones?
– Data handling. Will human intervention be adding another layer of complexity?
web services and security
Within a multipoint Web services architecture, data (such as customer information) will be touched by multiple systems across departmental, partner, and, potentially, national boundaries. For this reason, specifications like WS-Security, SAML, and the Liberty Alliance’s security/privacy architecture and best practices are being defined.
Though significant progress has been made, a complete framework for securing Web services’ interactions is a minimum of a few years away. McRonald believes that, for some organizations, consolidating identity repositories may, in fact, be a good starting point for Web services deployment. But he sees performance issues persisting within security deployments using Web services XML protocols.
Ultimately, Web services security protocols are intended to enable the formation of secure and private closed-loop circles of trust. From this premise B2C and B2B commerce can take place, guided by factors like customer preferences and applicable legislation. CIOs are keeping tabs on evolving Web services security solutions, but most are unwilling to introduce it into their IT mix just yet.
maximizing the potential
Maximizing the IT and business potential of Web services requires greater education of developers, architects/analysts, and management. For developers, it means becoming fluent in best practices within a services-based paradigm. For architects and analysts, it means redefining how business/IT goals are accomplished, and the operational impact of change. Finally, for business leaders, it means weighing tactical alternatives inside strategic implications and objectives.
Web services are initiating a reexamination of the role of application functionality and data within both business and IT contexts. For business, as an example, Web services will increasingly inject a variable cost structure into software acquisition, disrupting the software “build versus buy/rent” discussion. For IT, Web services are a model of application and information delivery that ushers in a new way of considering the layers that persist within the IT stack; including data, business logic and workflow, spanning server, desktop and mobile environments.
mitigating the risk
Introducing Web services into the IT environment is first and foremost related to risk tolerance, however. To mitigate risk, CIOs are rolling out a services-oriented architecture in stages, defined by quantifiable basic integration leading to quick ROI in the short-term, and architectural flexibility capable of delivering business focus in the longer-term. Web services languages are well defined and the technologies show some promise. But, as with any new technology, the real difficulty is operationalizing that concept.
Moving forward to Web services in a predictable and cost-effective manner stems from plans that lever detailed knowledge of the IT environment. “A key component of achieving a Web services vision is ensuring that you have a good understanding of your current environment,” McRonald advises.
As growing pains persist in the migration towards a services-oriented architecture, CIOs will tread carefully to focus on both immediate and future business value while protecting the stability of the current state.
As John Comacchio put it, “I get paid to be cautious. Our core competency is to build office furniture, not to build systems.”
David Senf is the Manager of IDC’s IT/Business Enablement program, which is focused on research geared towards helping CIOs assess and deliver business value from technologies like Web services. He also teaches XML and Web services at the University of Toronto, as well as frequently presenting to business and IT audiences in this area.