We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

By now, you’ve probably heard all about how the cloud simplifies everything by enabling Software as a Service (SaaS), Process as a Service (PaaS), and other various things-as-a-service (collectively XaaS).

While that all sounds valuable, business and IT executives need to realize that there’s an important hurdle between these services and return on investment (ROI): Software in modern businesses doesn’t run in a vacuum.

The downside to running software in a XaaS model in the cloud is that the software isn’t physically at your location. Many BPM applications rely on integration with other systems that live on an organization’s network, so hosting the piece of the infrastructure that talks to these systems externally can present challenges. This article from Macedon Technologies explores the enterprise service bus (ESB) as an architectural solution to these challenges.

As any BPM suite (BPMS) vendor will tell you, the technical side of BPM was designed to be heavy on interactions with other information technology systems. Some automated processes store data to the databases of the legacy systems that they’re replacing, so that existing reports will still work until they’re phased out. Some processes integrate with third-party applications that are systems of record, such as ERP or CRM systems. Some processes leverage external document management systems for document data or offload rule evaluation to an RMS.

Ideally, most automated processes make calls into defined service-oriented architecture (SOA) access points to retrieve data from other systems via Web services rather than talking directly to those systems' back ends.

Each of these interactions requires network communication with another system, which means connectivity must be established and data will be transmitted. If the BPMS is hosted within the organization (probably in a corporate data center), it’s easy to establish such connectivity. The two systems are already on the same network, so they can talk to each other by default. If there’s a firewall between them, then someone in IT can usually poke a hole in that firewall to allow the systems to talk to each other. And because the traffic is all on the same network, there’s little risk of anyone snooping on the data that’s passed back and forth between systems.

When one of the systems--the BPMS in this case--is hosted remotely, communication becomes trickier. Now something outside of the network needs to make requests to the back end of a system inside the network. In the case of SQL communication, the system may even require direct access to a database with high-level permissions. Most IT departments have policies forbidding that kind of communication, labeling it a security breach (and rightfully so).

The standard solution pattern is that inbound requests from outside the network can only access standard interfaces (that is, Web servers) that are in the “demilitarized zone” (DMZ). Direct access to the back end is restricted to either inside the network or the systems in the DMZ. That way, the only access points that could possibly exposed to hackers are those with that have the greatest security and that expose the least-flexible access to data.

The easiest solution: Establish a system architecture in which all integration requests from the BPMS go to a centralized ESB. With that approach, there’s a single component listening for a single form of communication into the network. Most ESBs include modules to perform authentication and authorization, which can ensure that only the BPMS and other pre-defined systems are allowed to consume certain services.

ESBs also generally accept requests over encrypted connections (SSL) so that interlopers cannot intercept data flowing between the BPMS and the ESB. The ESB can be fronted by a Web server, restricting communication to the standard ports and allowing a DMZ-style separation just like public-facing Web applications. The guts of the services live on the real network and the end users/integrating systems can be anywhere, but communication only enters the network through the Web server and the Web server is the only component that is allowed to communicate with the guts.

Alternatively, some modern, cloud-compliant BPMS tools support more sophisticated secure communications, such as allowing the cloud instance to establish a VPN connection into the internal network. That model supports direct communication with any legacy systems that are exposed internally on the network, as though the BPMS were hosted internally instead of in the cloud.

The ESB is still a useful architectural pattern to simplify the interface between the BPMS and legacy systems, but the extra layer of secure communication means the IT department doesn’t have to expose any integration interfaces outside the network.

READER FEEDBACK: Have you used an ESB with your BPMS? If so, ebizQ editors would like to hear about your experience. Contact Site Editor Anne Stuart at editor@ebizq.net.



About the Author

Austin Rosenfeld is founder and CEO of Macedon Technologies, a consulting firm specializing in BPM. Previously, he was a product architect at Appian and ran the BPM consulting practice at Amentra.

More by Austin Rosenfeld, CEO/Consultant, Macedon Technologies

-1-

1  

Explore Our Topics

  • EDITOR'S BRIEFING
  • Virtual Conferences
  • Webinars
  • Roundtables

BPM in Action

March 10, 2011

The sixth annual BPM in Action 2011 Virtual Conference will explore cutting-edge market developments in BPM and describe how to leverage them for improved business operation and performance. More

View All Virtual Conferences

Smart Case Management: Why It's So Smart.

Date:Nov 05, 2009
Time:12:00 PM ET- (17:00 GMT)

REGISTER TODAY!

Date:Oct 29, 2009
Time:15:00 PM ET- (19:00 GMT)

REGISTER TODAY!
View All Roundtables
  • Research Library
  • Podcasts
  • News

Joe McKendrick: Part II of II: Designing Evolve-ability into SOA and IT Systems

In part two of Joe McKendrick's recent podcast with Miko Matsumura, chief strategist for Software AG, they talk about how SOA and IT systems need to change and grow and adapt with the organization around it.

Listen Now

Phil Wainewright: Helping Brands Engage with Social Media

Phil Wainewright interviews David Vap, VP of products at RightNow Technologies, and finds out how sharing best practices can help businesses understand how best to engage with online communities.

Listen Now

Peter Schooff: Making Every IT Dollar Result in a Desired Business Outcome: Scott Hebner of IBM Rati

Scott Hebner, Vice President of Marketing and Strategy for IBM Rational, discusses a topic on the top of every company's mind today: getting the most from IT investments.

Listen Now

Jessica Ann Mola: Where Will BI Fit In? Lyndsay Wise Explains

In BI, this tough economy and the increasing role of Web 2.0 and MDM are certainly topics on people's minds today. WiseAnalytics' Lyndsay Wise addresses each of them in this informative podcast.

Listen Now

Dennis Byron: Talking with...Deepak Singh of BPM Provider Adeptia

Deepak Singh, President and CTO of Adeptia, joins ebizQ's Dennis Byron in a podcast that gets its hand around the trend of industry-specific BPM.

Listen Now
More Podcasts
  • Most Popular
  • Quick Guide
  • Most Discussed

Quick Guide: What is BPM?

Learn More

Quick Guide: What is Event Processing?

Smart event processing can help your company run smarter and faster. This comprehensive guide helps you research the basics of complex event processing (CEP) and learn how to get started on the right foot with your CEP project using EDA, RFID, SOA, SCADA and other relevant technologies. Learn More

Quick Guide: What is Enterprise 2.0?

A lot of people are talking about Enterprise 2.0 as being the business application of Web 2.0 technology. However, there's still some debate on exactly what this technology entails, how it applies to today's business models, and which components bring true value. Some use the term Enterprise 2.0 exclusively to describe the use of social networking technologies in the enterprise, while others use it to describe a web economy platform, or the technological framework behind such a platform. Still others say that Enterprise 2.0 is all of these things. Learn More