Piecemeal SOA

Agencies find an edge in starting with modest service-oriented architecture projects

Laughing Stock

Thinking about implementing a service-oriented architecture? Maybe you want to find an easier way to share information with other organizations. Or perhaps you want to be able to quickly modify your information technology systems when managers find a better way to pursue the agency's mission.

SOA can help with all that, but if you're getting started on it, experts have two words of advice: Start small. Incremental change and gradual improvements are better than trying to SOA-enable your entire IT infrastructure.

SOA is a design approach that integrates business and IT strategies to provide users with common services that leverage existing and new functionality. A key goal is the development of a business and technology architecture that can support changing regulatory, business and customer needs.

The process can be arduous and costly, though. Systems need to be inventoried. Users need to be interviewed. The system logs must be analyzed. New applications need to be written, and existing applications need to be tweaked to more effectively participate and communicate within an SOA environment.

Federal time constraints

SOA-enabled systems in the federal government are still somewhat rare. One early adopter was the Federal Trade Commission, with its Consumer Information System.
FTC contracted with Bluedog, a systems integrator and software developer, to upgrade the system, which distributes fraud and identity theft information to a broad range of users and applications.

Bluedog had worked on projects to SOA-enable systems at several government agencies, including the Environmental Protection Agency and Justice Department, so the company was prepared for the FTC project.

Bluedog had about nine months to complete the job, said Tom Termini, a consultant at the company. He credited FTC chief information officer Stephen Warren with being technology-savvy enough to have a vision for how he wanted SOA to be implemented and articulate that vision to his customers, the FTC commissioners.

Because Bluedog was under time constraints, the consultants wanted to keep things simple. A lesson learned from previous work with Justice was the need to talk with business customers to find out exactly what their pain points were. Then they picked a half-dozen areas to address those issues.

'The idea was to put in place a couple of key pieces of SOA infrastructure, but we were only going to pick a few business goals to deploy,' Termini said. 'So at the end of the day, when we turned this on, the idea wasn't that it was a finished product, but it was a step down the road.'

FTC's Oracle-based Consumer Information System 'was sort of perfect for SOA because within FTC a couple of business divisions use the system ' so there is cross-functional use,' Termini said. Plus, various law enforcement agencies, such as the FBI and state and local police forces, access the system, as do international users. 'It is sort of a textbook [for how an application can work] in a service-oriented architecture,' he added.

Contractors running the FTC call centers run their own customer relationship management software. Bluedog wrote an application function to that CRM software so when a call comes in from a returning complainant, the software would dispatch a query with the complainant's phone number to pull up relevant data.

For the law enforcement tier, the FBI has wider access to information in the system than state and local police. State and local law enforcement can only pull up read-only records. If a complainant has filed a fraud report with FTC and wants to also file a police report, local law enforcement can pull up a copy of the FTC report and attach it.

Business processes are different depending on the user. So the trick was to design services in such a way that developers would not be needed, for example, if a new organization came online and needed to access the system. Business rules are stored in a rules engine, so managers can define rules themselves and after going through a governance process deploy them, Termini said.

Hitting the targeted milestones was a motivating force for the SOA team and the users. They were seeing things happen at a rapid clip, he said. Previously, FTC had used another contractor for three years and all they got was a lot of documentation, Termini said.

Because the CIO was driving the process, the consultants had direct communication with his customers at FTC. 'In order to make this happen incrementally, we laid out a very explicit road map,' Termini said. Basically, they told the customers what milestones they would meet over 30- and 60-day periods and so forth.

For example, they showed the users how the messaging layer works and why it is important to the overall plan. In the next stage, they explained why they built a federated search service and why it is important. Federated search allows users to access multiple systems for identity theft and fraud information, and supplies the results back to various managers.

Start with the proven

To achieve success, SOA teams should start with a system or project with high visibility and business value, and keep a tight focus on it. The aim is to start off with a few key SOA pieces without trying to change the entire environment, some experts say.

'Industry has done SOA a lot of disservice because they make it sound so complex,' said Michelle Davis, senior solutions architect at Iona Technologies, a developer of software that helps organizations modernize their IT infrastructure and leverage existing investments.

'There are various reasons for why people are doing SOA,' she said. Every organization does not necessarily want to weave an entire SOA infrastructure, which would involve grappling with issues such as quality of services, security, transformation, orchestration, business process and business process management, Davis said.

'It's about what is best for the agency ' for some it's pure integration, for some it's adding more security or getting more policy and governance, for others it's getting control of their data,' she said. In all these cases, there are ways to get there incrementally, she said.

One example of an incremental project is to integrate functions of a legacy system into other systems, she said.

'We call that a many on-and-off ramp. That's because we offer an architecture that plugs into various pieces when needed as needed,' she said. Iona's Artix, a suite of distributed infrastructure products that work together or separately, offers users the ability to adopt SOA incrementally.

For example, the software, which was built on a Java 2 Enterprise Edition security specification, doesn't make development teams go through a layered architecture if they just want to add security to their infrastructure. They don't have to add components that are not necessary, she said.

Artix architecture includes an enterprise service bus for modernizing existing middleware, registry and repository, orchestration tools for adding new functionality into reusable services, data modeling applications and a transformation toolkit to abstract data services from the underlying infrastructure, and SOA management software. Iona also has an open-source version of the architecture, called Celtix.

Another company promoting an incremental approach to SOA is NetManage. The company specializes in exposing the functions of legacy applications as Web services.
SOA-enabling legacy applications is a challenge, said Yuan Huntington, vice president of marketing. Users are trying to determine what applications to bring into the fold first. Business process analysis is time consuming and expensive.
To address these issues, NetManage advocates a four-step process: plan, build, evolve and scale. The company has fashioned its SOA product line around these four steps.

The plan stage involves getting a blueprint of the business processes residing on the mainframe or other host systems. For this stage, NetManage provides SOA Planner, a server product that noninvasively provides a view of user interactions with host systems. The data highlights the most-used business transactions that might generate the most cost savings and benefit to an organization.

SOA architects 'need tools that enable the discovery of functionality as changes are made to legacy applications. Those changes need to be managed in real time and in a central repository,' said James Kobielus, a data management analyst at Current Analysis. The first step in any SOA project is an inventory of systems, he added.

During the build stage, developers model, create and deploy services as prototypes using tools such as NetManage's OnWeb Server and OnWeb Development Tools. The evolve step involves getting feedback from users to refine the applications and Web services. Finally, the last step, scale, focuses on the deployment of the SOA applications into the production environment, using such tools as NetManage's OnWeb for CICS and OnWeb for iSeries.

Long journeys, single steps

The IRS is taking an incremental approach to a major IT modernization effort that involves the sharing and reuse of services across the enterprise.

A challenge for the agency is that the IRS Tax Administration System, which collects more than $2 trillion in revenue every year, is dependent on more than 500 computer systems, some dating back to the 1960s, said Tom Lucas, senior adviser for enterprise architecture at the IRS.

Lucas gave a presentation last month at the Third Annual Service-Oriented Architecture for E-Government Conference sponsored by the CIO Council's SOA Communities of Practice and Mitre in McLean, Va.

The modernization of core systems is a huge and complex task. 'We can't do it all at once. We have to do it over multiple years,' Lucas told conference participants.

This means that some accounts will be on old systems, some on new systems.

However, 'in order to provide functionality to the end user, we need to be able to hide the complexity of that back-end set of systems. So SOA is really an assistant for us to abstract the functionality that lies in multiple back-end systems to provide a single experience for end users or applications,' he said.

The IRS has a SOA road map now but didn't have one in 2004 when officials decided to move in this direction. They needed some education first, and the chance to put some projects through a prototype lab and understand how the various pieces fit together, he said.

The IRS' strategy to modernize its IT involves a number of steps, including modernizing electronic filing, the Customer Account Data Engine and account management services. It also involves building a comprehensive data strategy.

Account management services involve the services that support many IRS processes such as case management or address changes. There are hundreds of services used in applications. Building those services is a key part of IRS' strategy, he said.
The services are for individual taxpayers as well as the IRS community. 'If we can give [IRS employees] help, they can give more accurate advice' to taxpayers, he said.

In 2005, IRS started implementing Web services for the modernized e-file system.
'The chief architect in that area came to the enterprise architecture area ' we have a prototype lab together,' Lucas said. 'From an enterprise perspective, we looked at the practical needs of the project, developed some Web services and then went into production to provide services,' he said.

Next, the IRS focused on building the enterprise architecture and acquiring the middleware tooling. It also identified services that would be part of its transition strategy.

Now the agency is implementing services for filing and payment compliance, both a big part of the IRS collecting process, Lucas said. The agency is also expanding Web services to cover core account management services, infrastructure and security services.

The SOA deployments will come in waves over the next five years and more, integrating services, portal and data strategies, Lucas said.

'We have an SOA road map. Unlike most government documents we kept it under 100 pages and it is very much tied into the practical things that the business needs,' Lucas.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above