Participants in this podcast include Gian Trotta (GT) and Kelly Emo (KE).

GT: Welcome to a very special ebizQ podcast. I’m your host, ebizQ’s Gian Trotta. SOA is moving into a more mature phase with a new emphasis on governance. At the same time, a wide array of Web 2.0 applications and strategies are opening up SOA to many more stakeholders.

Here to talk about the state of SOA governance in general, and some state-of-the-art SOA deployments in particular, is Kelly Emo, SOA Product Marketing Manager for HP Software. She'll be a guest at out Introducing a New Vision for SOA Governance Webinar on Jan. 23rd She’ll also be a panelist at the Enterprise Mash-Ups for Wall Street presentation at the Web Services SOA on Wall Street show that is set for February 11. Welcome, Kelly and thanks for joining us.

KE:Thanks a lot, Gian. And I’m really pleased to be able to speak on this subject. Because I just see it’s such an exciting and dynamic area right now. And really, I do, what I see is that I see two key waves that are really coming to shore for IT. One has had what I would say a longer incubation, although I would still say it’s early in its broad scale and adoption. And that’s SOA: service-oriented architecture. You know, there’s been a lot of surveys done recently about SOA and most of those surveys put SOA adoption at somewhere between about 40 to 60 percent of enterprises in terms of their starting to work with SOA, maybe in a pilot phase or possibly in a business deployment.

And I’ve also seen a couple of surveys that talk how about over 70 percent of CIOs today are planning some sort of SOA effort in 2008. So while it’s early in its adoption, it definitely hit the mainstream in terms of thinking about it and planning for it.

The other wave, however, is really just begun to materialize. But I would say it’s crashing upon the beach of IT quickly and with great force -- whether they want it or not. And that’s Web 2. So it’s a very interesting time for IT. IT is busy and focused at modernizing and rationalizing their infrastructure. They’re dealing with those meaty back-office problem like how do I leverage the legacy infrastructure structure, how to do I change my point-to-point integration into more flexible, loose coupling, more dynamic how do I break up my application silos and they’re using what I would say are proven serious architectural disciplines such as identifying their key reusable components and exposing those as standard space services.

But the other dynamic that’s going on is that creative end users don’t have the time or the patience to wait for this plan to meticulous processes. And so they’re taking their needs into their own hands and using approaches, kind of Wild West approaches like mash-ups and Web collaboration. And these mash-ups in many cases are resulting in big productivity gains. And this is where it gets interesting: if you’ve had a chance to read that book called The Mash-Up Corporation, the whole idea is that these creative assimilations of capability that come to fruition from situational applications and mash-ups end up delivering measurable business value.

And so what happens is they get the attention of the VPs of the business domains -- the folks with the money. And the CEO. And they’re coming back to IT and saying “make it so.” You know, support this application.

Hero or Zero!

And so, IT is at this inflection point. Joking around, I like to say that it’s time for IT to become the hero or zero. They can embrace this capability. And they can make it work using the same level of robustness, the same level of service, quality of service, or they can put up roadblocks. And say, no I am not going to let this rogue capability into IT. And that’s where they are going to run into issues.

So, I think the real opportunity for IT right now is to embrace this new Wild West of Web 2 and combine it with the productivity and architectural best practice of SOA. So effectively, what IT is doing is combining innovation and discipline. And the concept behind this is what HP is calling implicit governance. And I can definitely let you know more of what’s involved in that. It allows –

GT: It sounds like something that transcends SOA and involves all of IT.

KE: You know, it really does. I think what you have going on here is you have a desire for the back office environments, for the underlying fundamental IT infrastructure to become service oriented. Now whether you want to call every aspect of that service-oriented architecture or whether it’s application modernization, creating a standard interface to a mainframe capability for instance, or just creating a shared service that might be, you know, even based on a COBOL application. Really, the whole idea of enabling that infrastructure to be governed and then identifying what portions of that infrastructure are valuable functionality that should be exposed as mashable services -- as services that could be accessed by the innovation outside of core IT.

To create these new value-added situational apps is really key and then to enable the result of that: the consumption relationship; to have a sense of control. So that IT knows, you know, even though they can’t predict how many consumers they’re going to have out there in the Web 2 world, they can know how many they’re able to support and they manage as the load comes in when they need to allocate more resources.

And so I call that implicit governance. The Web 2 consumer is not aware that they’re participating in an IT governance process but in essence they are. And they’re assured of getting the service that they just basically have grown up to expect, you know, the always on type capability. And IT is able to get ahead of the curve and know, okay, I can support this many consumers. I can estimate that they are going to require this much bandwidth and I can establish a contract that will allow me to manage that with those consumers. So that’s the really the idea behind the implicit SOA governance for Web 2.

GT: Understood. Kelly, do you have any specific examples of how to orchestrate governance to improve performance and compliance?

KE: Sure. Absolutely. That’s a really, really good question. And, you know, I spend most of my time in the SOA world so I’m talking to architects and IT personnel who are looking at ruling out an SOA. But it really transcends that. It really addresses all of IT governance. I’m going to talk to your question in an SOA context and put a little Web 2 spin on it but again, I want to say that these concepts really apply to governance in the large as well.

So, let me go back to that example I was talking about before. And let’s say you have back office applications to support the sales organization. And you want to enable certain capability to be exposed to your sales organization so that they can create their own situational applications, maybe to track demand and sales cycle times and kind of lead basically pipeline fulfillment in certain regions, again certain attributes that you can’t even predict what they are.

So you want to take your business-critical applications to support your sales force. You want to expose certain capabilities as mashable and you want to enable your sales organization, maybe partners, you don’t know how far this could potentially go to create these situational apps. Now how are you going to assure that that back end application is going to continue to perform at the service level that you’ve established with the business owner? Well, that’s where some of this interesting implicit governance comes into play. You can put in technology, the back end, where the services are being created to support (a) the service developers to validate against the development policies that will result in good security and good performance.

You can also put in quality testing capabilities that feed into the governance process that ensure that these applications go through functional testing, performance testing, not only standalone but as composite applications. So how they’re going to actually perform over the network. And then from there, you can determine, you can make estimates of what kinds of load the systems will support when they first roll out and how many consumers you can effectively support.

Now, once you expose your services as mashables, you want to put in place a contract between those that will consume those services in their mash-up applications. That’s more WSIYWG style. So if you think Google, Amazon, eBay. When somebody comes in to create a mash-up with an API that they enable, it’s what you see is what you get. There’s no contract negotiation. They’re very straight forward. You accept, you can mash.

But what IT can now do because they’ve got this governance platform in place, is they can track proactively how many consumption events are taking place. What kind of traffic they’re seeing and they can get ahead of the curve. They can say, “Okay, I have 100,000 separate consumers now in this application and I know through my testing scenarios, that underload I can only support 150,000. I should allocate and provision more capability so that I can bring on more consumers.”

You can also do something very creative like track traffic and come up with a policy that de-provisions consumers if they’re not using the system. So that you can get ahead of that curve and free up more capability for other new innovative consumers. The salesforce example is a little bit constrained. Because you’re not going to have a huge number of people interacting with the system in that scenario. But think about if you wanted to allow new channels for your products or services and creative mash-ups to deliver information about your products into whole new markets where they’ll want to place orders. I mean, that could just explode worldwide. So you really need to get ahead of those consumption relationships.

GT: Well, that’s a great example of the some of the real value that enterprise mash-ups delivers to an industry. Do you have any others?

KE: You know, it’s interesting because I think what’s amazing about Web 2 and this capability is there is no end to the creativity that we are going to see out in this industry. So certainly in the consumer world we are seeing it in play in all kinds of places. We’re seeing really interesting start-ups creating mash-ups to deliver products or deliver information. You’re seeing in universities interesting applications where they’re mashing up capability and then putting up new Web capabilities. The examples that we all know about are things like, all the different things you can do with Google Maps, for instance.

But I think it also gets very interesting when you think about in mobile and telecommunication services what telecommunication companies can do in terms of new capabilities to be delivered to mobile phones or new capabilities to be delivered to small businesses that are a result of bringing together information and applications for their consumers to take action.

It’s also an interesting way to support partnerships. Allowing partners to come in and mash-up visions of how they can do business with you, is another interesting way to look at it.

GT: Well it certainly is. And this is something. Our time is running out, Kelly. You’re certainly welcome to continue this in subsequent podcasts.

KE: Sure!

GT: That’s one good example. Thanks so much, Kelly. Our editors and bloggers, including myself, will be reporting from the Web Services on Wall Street show and we look forward to seeing you there!

KE: That’s going to be a great opportunity to really focus on the value of this for the financial services industry.

GT: It sure will! Kelly, in the meantime, where can our listeners go for more information on the myriad of concepts you’ve raised here?

KE: Sure, certainly! Probably the best place to get started with HP, because we do have a rather large Web footprint ourselves, is we have a focused SOA area on the Web. It’s www.hp.com/go/SOA and that’s where you’ll find white papers, information about HP solutions and services, kind of everything SOA at HP.

GT: Okay! I thank you very much and again, this is Gian Trotta thanking all of your for participating. And if you have a follow-up question for Kelly Emo, feel free to submit it to this podcast landing page which should be found at www.ebizq.net/firstlook.