Accelerating the Adoption of Web Services in Your Enterprise

You've just gone to your CIO with a plan to implement your IT organization's high-profile B2B "Project X" using Web services. Your CIO patiently listens while you explain the benefits of using third-party Web services as part of your mission-critical infrastructure, how contracts will be negotiated electronically without the need for pesky legal departments, how everyone will outsource all their security and management to providers they never need to meet in person, and how applications will dynamically assemble and modify themselves as your needs change.

You confidently sit back, smile, and wait for your CIO to give his inevitable nod of approval. It's only natural - after all, this model works just like the electric grid but with software services. After a few moments of thought, your CIO's head begins to nod. But wait, his head is nodding side to side, not up and down! The CIO is rejecting your proposal. How could this happen?

The reality is that adopting an emerging technology like Web services is risky business in the eyes of a CIO. To convince your CIO to adopt Web services, the short-term and long-term rewards have to be clear and the risks have to be manageable. You know it's in the best interest of your organization to move to Web services, but others don't share your foresight. In this article, we'll give you the tools you need to sell your organization on adopting Web services. Just remember though - you need to prove you can walk before you're allowed to run.

The first place to deploy Web services is within the enterprise, not across enterprises. This allows you to have total control over every aspect of the project, to manage the risk and ensure its success. What kinds of inside-the-enterprise projects are best suited to showcasing the benefits of Web services? Web services are all about connecting systems together, so integration projects are the right place to focus. Typically, a great starting point is a project with a Web front end that needs to access one or more other IT systems - portal projects, intranet Web sites, call center applications, etc. These projects are a great fit for Web services since they leverage its tight fit with existing Web technologies such as HTTP, XSL-T, and HTML.

The Evolution of Integration
You find an integration project well-suited to the use of Web services. You propose using Web services on this project and are told, "We've been doing integration for years without Web services, why do we need them now?" Best practices in integration have changed rapidly in recent years, and different models for integration have different trade-offs. It's easy for someone to be confused - so let's walk through the different models for integration: point-to-point, centralized, and backbone.

Point-to-point: The "Classic Coke" of Integration.
Point-to-point integrations have been going on since IT began. You know the type: "For my project, I need to connect system A's purchasing with system B's inventory management, so we'll just hand-code what we need right now to make this work." Even though point-to-point is the oldest way of integrating, it's still the most common for a few simple reasons: when projects are treated independently of each other, point-to-point is the cheapest solution for any given project and often the fastest way to get that individual project done. In addition, it puts total control in the project owner's hands with in-house resources and tools.

The downside of point-to-point integration is apparent when you look at the "big picture." If all projects are treated independently of one another, how can you possibly optimize your costs and productivity globally, across your projects? The answer is that you can't. Over time, a series of independent point-to-point integration projects breed a fragile spaghetti of application interconnections with no reuse among projects. Over the long run, you end up spending more and taking longer to get the job done while ending up with a brittle enterprise infrastructure (see Figure 1).

Centralized Integration: The "New Coke" of Integration
More recently, a few enterprising vendors realized the limitations of point-to-point and proposed a new twist on integration: instead of connecting applications directly together, put in a middleman "integration solution" (see Figure 2). The applications connect in a point-to-point fashion with the integration solution, but never directly to each other. This isolates the applications from changes in one another and provides a single point of control and reuse over all integrations - resulting in lower long-term overall costs.

Unfortunately, the strength of a centralized model is also its crucial weakness. Integration solutions suffer from the "first car builds the road" syndrome: the first integration project to attempt to use the integration solution is saddled with the bulk of the cost in both software and services. And, since you are "buying for the enterprise" rather than "buying for the project," the initial costs are very high. In addition, since the solutions are vendor-specific, the skills needed to build integrations are scarce, and the cost and delivery time of any individual project ends up being significantly more than with a point-to-point solution. And the projects themselves typically are done with outside resources or resources under the control of a central authority (because of the necessary skill sets), significantly reducing your control and increasing your risk.

To compound the problem, to get the long-term benefit from an integration solution you must standardize on one vendor's proprietary solution - a significant point of long-term risk and cost. Imagine the vendor is bought or goes out of business; your infrastructure might need to be totally replaced. Or, imagine you merge with another company; this means converting their infrastructure to your integration solution to gain back the benefits. Implementation of integration solutions often becomes the project that never ends.

For many of these reasons, single-vendor proprietary integration solutions are struggling now that the Internet bubble days of "infrastructure at any cost" are over.

Backbone Integration: The Choice of a New Generation?
Not exactly the new kid on the block, backbone integration has taken place for many years and is the benchmark integration model for large organizations. Most large financial service firms, for example, have application communication backbones. Instead of specifying a single platform or solution through which applications communicate (creating a centralization burden and risk), a backbone is formed by defining a set of standards through which applications communicate - distributing the responsibility for following the standards to each application group, division, or project (see Figure 3).

Typical backbones include standards for transport, protocol, encoding, description, location, and sometimes even data semantics. Any application that obeys these common standards is, by definition, "on the backbone." By having multiple applications obey these common standards, any application on the backbone can now communicate directly with any other application on the backbone.

A backbone model has a number of significant advantages. It allows for a clear division of responsibility. It requires no single vendor or point of failure/risk. Backbones provide reuse of integration points across projects. Backbones scale effectively to the largest, most complex IT environments on the planet.

With all of these enterprise advantages, though, how do backbones work at the project level? With the right tools in place, backbone-based integrations are as fast and cost-effective to implement on a project-by-project basis as point-to-point integrations - precisely because backbones are built incrementally on a project-by-project basis.

All the advantages and none of the problems - why doesn't everyone do integration using an integration backbone? The answer is hidden in the last paragraph: "with the right tools in place...." Large IT organizations have the resources to custom-build the tools, frameworks, and infrastructure needed for the organization's custom backbone standards. Once these tools are built they can be effectively leveraged across the entire organization to dramatically reduce integration cost and time - but the cost of building a good custom toolset is typically prohibitive for all but the largest organizations.

What About Web Services?
Web services are a collection of related Web standards for transport (HTTP, SMTP), protocol (SOAP), encoding (XML), description (XSD, WSDL), and location (UDDI). Essentially, Web services form a core set of backbone standards - an "out-of-the-box" backbone.

Web services give you the standards, but the magic equation for forming a backbone is backbone = standards + tools; what about the tools? Because of its broad industry adoption, this is where Web services shine. By the end of this year most, if not all, tools and platforms will support Web services. Today, you can choose Web services-enabled tools such as Visual Studio .NET or Borland JBuilder. You can choose Web services-enabled platforms such as .NET Server, BEA WebLogic, or IBM WebSphere. If you want to leverage your existing tools, you can use free or open-source technologies such as the Microsoft SOAP toolkit or Apache SOAP. The choices are limitless.

But, beyond tools and platforms, most packaged application vendors have announced support for Web services. This means that, once available, these applications will plug almost directly into a Web services backbone with no custom coding - something not possible with custom backbones.

Web services are a set of standards and tools that make backbone integration available to every organization, large and small. With the tools readily available, a Web services backbone can be built up incrementally, on a project-by-project basis, without the need for a "big bang" implementation. This essentially lets you begin deploying Web services as part of point-to-point integration projects, and then seamlessly scale these up to a complete Web-services backbone.

Of course, you have the option to define a custom set of standards for building a backbone, so let's recap why Web services form the most effective choice for a backbone:

Web services allow you to consolidate B2B, HTML, and application integration projects to use a single set of compatible standard technologies.

Web services have achieved broad industry adoption. Most future purchases of packaged applications, tools, and platforms will be Web services-compatible. No single vendor is in control of the standards.

Web services have a low cost of entry because all of the necessary software - TCP/IP, HTTP, XML, etc. - to get started is already available on virtually every machine.

Because Web services technologies are based on XML, HTTP, and other "text-based" standards, the cost of administration is very low. For example, instead of needing specialized custom tools to monitor Web services (which would be required if Web services were a complicated binary protocol), any simple tool for packet sniffing makes it easy to monitor how Web services interact.

Web services can be deployed incrementally, on a project-by-project basis, but scale up to a large enterprise backbone. This reduces the risk of adopting Web services, while improving the costs on a per-project basis as well as enterprise-wide.

But we already paid for XYZ, why do we need Web services?

There's a lot of hype and misunderstanding in the marketplace about what Web services are. Depending on who you talk to, Web services are the savior of software, the nirvana of networks, the best thing since sliced bread, or just another technology being forced on customers to replace what they bought last year. Web services aren't necessarily any of these, so understanding how Web services already complement your enterprise's existing tools, platforms, and technologies is important. Let's look at some common objections.

We run MQSeries, so we don't need Web services.
MQSeries is a reliable message transport that complements Web services. By analogy, if MQSeries is the telephone network, Web services is the language spoken by callers. An effective conversation can't take place without both. Depending on your needs, you might choose HTTP as a transport for Web services where reliability isn't critical but low cost of deployment is, and you might choose MQSeries as a transport for Web services in other cases where you need guarantees of once-only message delivery. Web services standards are flexible enough to allow you to choose the transport that best suits your needs. Many of the tools already on the market, in fact, support MQSeries as a Web Service transport.

We have a business process management system (BPMS), so we don't need Web services.
BPMS defines business processes that coordinate operations across different business services. But how do you make those services available to the BPM engine? One choice is to use a proprietary set of adapters that the BPMS vendor sells - but this is costly, complicated to implement, and the only system in the enterprise that will be able to leverage this work is the BPMS itself. Alternately, if you publish the business services as Web services, then not only can the BPMS use the services, but any other application that needs to leverage them can also do so. Using a BPMS in conjunction with Web services is the most cost-effective way, both short and long term, to build your enterprise infrastructure.

We have an application server/portal/integration solution, so we don't need Web services.
As with BPM solutions, Web services are not about how you define, combine, or use services (which is what application servers, portals, and integration solutions are all about), but about how you access services. You always have the choice of accessing services through custom-built code or tightly coupled proprietary adapters with any of these solutions. But these custom vendor-specific solutions are expensive, available skill sets are limited, and they don't easily scale to broader use. Alternately, you can access services using Web services standards, which provide a cost-effective, vendor-neutral, scalable solution for accessing services. Web services are the most effective way to leverage use of your application server, portal, or integration solution.

Web Services Sound Great, but...
With all the advantages of Web services, what are the downsides? There are really two issues to consider. The first is that your enterprise may have already invested hundreds of thousands to billions of dollars in applications that aren't Web services-compatible - and these applications aren't going away. How do you leverage these existing assets without rebuilding them and without truckloads of hand-coded Web service wrappers? Second, even when you get some of your existing applications published as Web services, these applications - not having been built on Web services standards originally - are likely to have their own security and management systems. Even for native Web services, there are multiple competing standards for such things as security. How do you provide a consolidated single model for security and single point of management for your emerging Web services backbone?

Luckily, an emerging category of software, Web services gateways, addresses these issues. Web services gateways allow existing non-Web services applications to be published as if they are natively written Web services. At the same time, these gateways act as a single point of management that transparently adapts between the standards you choose for your backbone (security, reliability, transport, semantics, etc.) and the standards used by the applications themselves - at the application level they serve much the same purpose, in concept, as a multiprotocol network router for low-level network traffic. This allows you to have a well-defined and manageable backbone, while at the same time supporting the diversity of your application portfolio. The best Web services gateways are totally transparent to the applications, requiring no application changes or modifications while providing the infrastructure for mapping between different standards in each area (security, transport, etc.) with the flexibility to accommodate your unique environment, now and in the future, with little or no hand-coding.

The Venus Flytrap
Web services have tremendous possibilities when deployed well, but there are some pitfalls that can cripple your ability to derive long-term benefits from them. Even though you're going to start small, you need to think ahead. If the long-term goal is to have a unified Web services backbone, don't make choices now that will hamper your ability to reach this goal in future. The two key traps to avoid here are:

Don't fall for "Web services lip service": Some vendors will try to convince you that they support Web services standards, but to gain the real advantages of their solution you need to use their proprietary, nonstandard capabilities, or deploy their proprietary software together with each application (giving them total control of the backbone). This approach locks you into the vendor's proprietary solution - whether it's Web services-based or not. Once you choose to go down this path, there's no easy way to turn back.

"The great thing about standards is that there are so many to choose from." Defining a Web services backbone means that you will need to choose from among the various options for security standards, transports, etc. These decisions should not be made on a project-by-project basis; other -wise, you may end up with as many differences as there are similarities - your backbone may be all Web services-based, but no applications can talk to each other. Make sure to choose a cohesive set of standards and stick to them. This will allow the individual projects to, over time, form the basis for your common Web services backbone.

Conclusion
Web services can be deployed initially at low risk and at low cost. At the same time, a thoughtful Web services enterprise architecture plan, begun now, can enable your enterprise to gain significant long term advantages in terms of cost reduction, flexibility, scalability, and responsiveness to changing business needs. Make it happen!

Author Bio
Dan Foody, CTO at Actional Corp., has extensive hands-on experience in enterprise systems integration of packaged, legacy, and custom applications as well as middleware, platform, and emerging technologies used for integration. He is the author of various application integration standards. Dan holds a BS and MS in electrical engineering from Cornell University. info@sys-con.com

Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.