How are organizations preparing for Services Oriented Architecture (SOA)?

In Nemertes 2008 benchmark, Services Oriented Architectures and Applications (SOAA), we asked participants about the ways that they prepare for SOA. To our surprise, organizations are spending little time and money on direct training for their employees. For example, over half the participants say that they are doing "no," or "only informal" training for SOA; only 4% say that they are hiring SOA-skilled people as a means to prepare.

In some ways, it's not totally surprising that organizations are spending little on formal training. After all, SOA is not new. Development frameworks, such as DCOM and CORBA, have been around for many years. What makes SOA new - and more successful - is the confluence of a new framework and the emergence of Web 2.0 and web services. Regardless, there is still a learning curve associated with the move from developing monolithic applications to developing loosely coupled, composite applications and learning to work in the world of software reuse.

After further discussions and analysis, it turns out that there is a not-so-invisible hand pushing along enterprise SOA deployments. That hand belongs to the likes of Accenture, BEA, Cap Gemini, IBM and the other professional services firms. Nearly 70% of participants engaged with professional services firms in the past 24 months to help implement (including on-site training and hand-holding) and manage SOA. This number goes up to 87.5% for participants who plan to us professional services to help implement and manage SOA in the next 24 months!

The recommendation for financial firms is to carefully track professional services involvement and expense. If you are not engaging professional services firms, you should consider them. It's clear that they are a perceived need - and a means to jump start SOA - by the majority of organizations.

Nemertes Research is a research-advisory firm that specializes in assessing the business value of emerging technologies. You can learn more about Nemertes Research at our website www.nemertes.com.

What are the trends in outsourcing?

The number of organizations that are turning to third parties to outsource some, or even all, of their IT environment continues to increase. These third parties include several types of providers; including carriers, vendors, system integrators, value-added resellers, and traditional outsourcers. In the Nemertes 2007 benchmark, Building The Successful Virtual Workplace, A full 84% of enterprise IT executives we interviewed were using or planning to use some flavor of outsourcing/professional services. Interest was especially strong for enterprises with remote locations as only 18.4% of branch offices have on-site IT personnel.

As networks become more complex, overburdened IT decision makers are strategically outsourcing some of the day to day burdens.

Some are committing to long term outsourcing relationships to manage or fully host services such as VOIP, security, data storage, and Business Continuance and Disaster Recovery (BC/DR). Others are in interested in short term engagements, using third parties for baseline assessment, installation, design, and training. Either way, we found that IT executives are diligent about determining when and where it makes sense to outsource. In many cases, outsourcing needs are dispersed among multiple providers. Enterprises may use a system integrator for their VOIP deployment, but then fall back to the VOIP vendor or local VAR for help with on-going management.

Some complex frameworks are seeing quite an increase in outsourcing recently. According to Nemertes’ recent benchmark, Service-Oriented Architectures and Applications, 2008, 70% of enterprises that have deployed a SOA have engaged with professional services firms in the past 24 months to help implement and manage their new infrastructure. This number goes up to 87.5% for participants who plan to use professional services to help implement and manage SOA in the next 24 months!

Lastly, one note of interest: outsourcers continue to have a strong focus on the small and mid size market, and for good reason. SMB employees are becoming more dispersed: 86% of SMBs operate a virtual workplace (in which some employees work remotely from their supervisors and/or workgroups), and 58% of employees work away from headquarters in a growing number of locations. They are often limited in their IT resources, so rather than try to run a complex system such as VOIP internally, some SMBs choose to rely on third parties that now have a few years experience.
Nemertes Research is a research-advisory firm that specializes in assessing the business value of emerging technologies. You can learn more about Nemertes Research at our website www.nemertes.com.

Will the impact of "the consumer" still be a big story for enterprise IT in 2008?

Consumer services have a long history of impacting enterprise IT. For most, the earliest experience with the "consumerization" of enterprise IT is when employees started bringing their own instant messaging accounts to work as services such as AOL Instant Messaging (AIM), Yahoo! Messaging, and Microsoft's MSN went mainstream. We expect that
these trends will continue in 2008 in a number of ways including:

- Social Computing:
Sites such as Facebook and MySpace continue to rapidly grow in popularity. As
of late 2007, five of the ten most visited sites on the web were social
communities according to Nielsen's ranking service (MySpace, YouTube, Facebook,
Wikipedia and Craig's List). Those in college, as well as those who've
graduated in the last few years, are largely comfortable with, and rely on
social communities to communicate and collaborate with friends and peers. This
is leading to growing pressure on enterprise IT shops to deliver social
community capabilities to their users, as well as deal with the threat of
company-sensitive data leaking on to public social networking sites as users go
around IT and establish their own social communities.

- Video: After lagging for
years, high definition video has finally come of age, with standard definition
televisions rapidly disappearing from the market, and high definition channel
and program choices exploding. In the enterprise this means that
standard-definition video systems no longer meet user expectations for the
interactive video experience. In the Nemertes 2007 benchmark "Building The
Successful Virtual Workplace" we noted that 52% of enterprise IT executives
we interviewed were evaluating or planning to deploy high-definition video
conferencing or telepresence within their organization. As prices fall and
quality improves, we expect this number to grow.

- Mobility: Users are
increasingly demanding enterprise support for their personal mobile devices such
as the Apple iPhone or the Verizon LG Voyager. Enterprise mobility managers
face a growing struggle to support mobile access from a growing number of
devices while meeting requirements for data protection and security.

- The Apple
Effect: Apple has successfully turned its booming iPod customer base on to
the Mac, with Mac sales growing at a faster rate than competitors. While
overall Mac market share is still low, Apple has made tremendous inroads in the
college environment. Princeton University, for example, reported last fall
that 40% of its students and faculty were using a Mac, up from 10% in 2003.
Dartmouth reported 55% of incoming freshmen were Mac users. The growing
interest in Mac, along with concerns around migrating workers from Windows XP to
Windows Vista mean that the enterprise IT manager can expect to face growing
demands to support the Mac platform in the office environment.

We are currently investigating the use of Wide Area File Services or application/performance accelerator hardware appliances from Cisco, RiverBed, Peribit and others. Are there any software based tools that we should be considering that offer similar functionality at lower price points?

The key question to be considered is, what is it that you want to accelerate?

If your sole interest is in Web applications, software on the client side (already present in most browsers) will handle several optimizations that can be implemented on the data center side with an appliance from Juniper, Radware, or others. This one-sided optimization is pretty much limited to Web traffic, though.

If your main concern is backup traffic, various backup tools exist to compress that on the client side before shipping it out to a central server, no appliances needed at either end. Netbackup and Arkeia are examples.

If, on the other hand, you want general compression/optimization, there aren't any less-expensive, general purpose compression tools that run on the nodes rather than as appliances, and you need appliances at both ends to get the highest compressions . Several vendors are working along those lines -- putting a software version of the client on PCs -- to solve the compression problem for "branch of one" situations. An important technical consideration for multi-person remote sites is that, given current techniques, more compressions are possible on a combined set of data streams than on several individual streams compressed separately.

If putting appliances in every location is not practical but bandwidth is a problem, other solutions are possible, ranging from thin client technology to local servers for some purposes. Also , some carriers are beginning to offer application acceleration as a service on the connection rather than one handled at the endpoints.

About the Response:

Nemertes Research is a research advisory firm that specializes in analyzing and quantifying the business value of emerging technologies. You can learn more about Nemertes Research at our website www.nemertes.com.

I've heard and read a lot about network based Intrusion Prevention technology available today...is this technology really implementable in a corporate environment that depends on the flow of network traffic with customers on a daily basis?

Network, rather than host-based IPS solutions can be deployed in redundant configurations, so traffic will always flow; and can scale into the multi-gigabit range, so throughput is not a problem. But, they do add latency -- something you have to watch out for if you're sending anything real-time through -- and , as with any kind of behavioral or content-based filtering, always create the potential for false-positive rejection of legitimate traffic, an eventuality that must be planned for.

About the Response:

Nemertes Research is a research advisory firm that specializes in analyzing and quantifying the business value of emerging technologies. You can learn more about Nemertes Research at our website www.nemertes.com.

How do we know what the value of IT is at the Board level?

Ultimately, the value of IT to a company depends highly on the company's overall culture and how it views IT. Nemertes Research has found significant differences in companies that view IT as a strategic asset versus those that view it primarily as a cost center. For example, the former are projecting an increase in spending for information security in 2007 and 2008 that's 50% higher than the latter.

So to present the value of IT at the board level, you first have to understand the board's general perspective.

That said, like any other strategic initiative, IT can provide three main benefits:
-- Reduce overall costs (saved dollars)
-- Increase top-line revenue of existing products and services to existing customers (more dollars)
-- Enable the delivery of new types of products and services products and services to new groups who are not currently customers (new dollars)

There is also a fourth category that's particularly relevant to financial services firms:
- Enable compliance with industry and government regulation (forced dollars).

Whether the CIO stresses saved dollars, more dollars, new dollars, or forced dollars depends on the board's general bent and orientation.

Finally, it's critical that the CIO actually have a seat at the board. Without it, the value of IT is diminished, and the likelihood of positioning IT effectively is greatly diminished.

About the Response:

Nemertes Research is a research advisory firm that specializes in analyzing and quantifying the business value of emerging technologies. You can learn more about Nemertes Research at our website www.nemertes.com.

Question: What is the state of maturity of tools that are used in the industry to assess the quality of developers' codesets, specifically (but not limited to) on conforming to reference enterprise architectures (stacks, patterns, services and component model)?

Generally, software development and source code management tools do not assess things like fidelity to reference architectures, patterns, or the like in implementations. They can and do track things like exactly where in the code particular design or functional requirements are addressed. Such functions are very mature. Moreover, modern tools can provide managers with both visual representations of the current state of development (tools like AccuRev) and create a UML model based on existing code (as with Flywheel), allowing comparison of that result with a UML model embodying the initial architectural decisions. These capacities can enable people to assess the fidelity of the implementation, whether in-house development-team managers or outsourced code reviewers. Such features are newer and therefore less mature than things like requirements tracking, but are in use in production and in demanding environments.

Looking specifically at service-oriented architectures, there are governance tools for auditing both run-time compliance with prescribed services architectures (AmberPoint, HP Systinet, LogicLibrary Logidex) and development-cycle adherence to same (Logidex again). Note, though, that this compliance is based on behaviors, not implementations of those behaviors. Run-time governance is more mature than development-phase governance, and implemented in more tools.

Auditing code for security is another aspect of code quality assessment, and there are many tools and services focused on it. More recently, both source code management tools and security assessment tools have extended their scope to support regulatory compliance efforts. SCM tools do this primarily by providing better audit trails for development work, and by making it possible to reproduce at any time a particular version of the source code, rather than looking for specific code features like method calls to authenticate an attempted resource access.

At the other end of the process, application development tools (from IBM, CA, Borland, CompuWare, and others) have for several years been able to generate large portions of an application's code based on design patterns, standard application frameworks, and application templates. This goes a long way towards ensuring conformance, since it narrows dramatically the parts of an application that are developed uniquely for a particular project.

About the Response:

You can find out more about software development and source code management tools by contacting Nemertes Research. Nemertes Research is a research advisory firm that specializes in analyzing and quantifying the business value of emerging technologies. You can learn more about Nemertes Research at our website www.nemertes.com.

Question: "Everyone is talking about the desire to reduce latency in time-sensitive systems. However, "latency" is found throughout the cycle. Are there any common approaches / terminology ...so that we're all using similar terms and describing the same problem?"

The following terms are commonly used to describe components of end-to-end latency:

Between systems:
Network latency (one-way or round-trip): time it takes packet of data to transit the network, from start of transmission to start of reception.
Transmission delay: Time from start of packet reception to end of packet reception.
Propagation delay: the portion of network latency due to transit of data over cable, fiber, or through space.
Processing delay: time lost to network nodes traversed (routers, amplifiers on long-haul fiber, including appliances such as firewalls and proxy servers.

Within a system (server or client):
Processing or computational delay: latency incurred waiting for and then performing active processing of the data, often comprising multiple passes through the cycle of waiting to get the CPU, using the CPU, and getting switched off the CPU to wait for another time slice.
This can be broken down further to split out delays/latencies due to operating system process scheduling, to actual computation, to memory access, to disk access, and to communication with or use of any other subsystem or peripheral, including other processors in a multi-processor system.
This is where an application's programming affects latency as perceived by the end user.

Within a client system, there is of course processing or computational delay, in this case including:
Rendering delay: latency incurred by construction of graphical images by a graphics card or subsystem.
Display delay: time a display takes to actually display an image once it has received it.

Any of these forms of latency, if identified as a problem, can be addressed by re-engineering systems -- with the exception of latencies due to the speed of light, of course.

About the Response:

You can find out more about latency by contacting Nemertes Research. Nemertes Research is a research advisory firm that specializes in analyzing and quantifying the business value of emerging technologies. You can learn more about Nemertes Research at our website www.nemertes.com.