Without architecture, cloud is a house of cards

SOA hasn't gone away; it's key to cloud computing, panelists say

Agencies moving applications to the cloud need sound architectures and service-oriented principles. If not, they’re going to have a tough time moving to cloud infrastructures, according to government and industry experts at a recent conference.

Many people thought that, with the emergence of cloud computing, service-oriented architecture went away, said Ajay Budhraja, chief technology officer for a component of the Justice Department.

“SOA is a key enabler of cloud computing,” Budhraja said, describing SOA as an architecture and cloud computing as a deployment mechanism.

“If you don’t have good architecture, good service-oriented principles, you’re going to have a tough time moving to the cloud,” Budhraja said during a keynote presentation at the SOA for E-Government Conference held April 12 at Mitre headquarters in McLean, Va. The one-day event was hosted by the Federal SOA Community of Practice and Mitre.


Related coverage:

At last, a solid definition of what a cloud looks like

Coast Guard’s two-way alert system keeps partners informed


SOA is a flexible set of design principles used during systems development and integration. A deployed SOA should provide a loosely integrated suite of services that can be used in multiple business domains.

Cloud computing is a model that provides scalable and elastic services that can be delivered on demand, making the user more of a consumer of services, Budhraja said.

If an organization has services that were developed in a modular manner and are talking to one another via open standards, it is much easier to move into the cloud, he added.

Coast Guard’s SPEAR

The U.S. Coast Guard’s Operations Systems Center (OSC), the service's main software development center, has been moving in the direction of the cloud probably since before the terminology was in vogue, said Capt. Michael Ryan, commanding officer of OSC and a Federal Computer Week 2011 Federal 100 award winner.

Under Ryan’s leadership, the center developed the Semper Paratus Enterprise Architecture Realization (SPEAR) SOA, which will save the Coast Guard millions of dollars. It has already improved data sharing and enhanced the service's response to incidents, such as the Deepwater Horizon oil spill.

The Coast Guard’s SOA is based on event-driven capabilities, asynchronous messaging and business services, Ryan said. In most cases, the Coast Guard operates a private cloud. Some of OSC’s cloud capabilities can be described as infrastructure as a service, he said, noting that every Coast Guard directorate has a footprint at his facility.

OSC meets the needs of all those components with a common framework tied to a core set of database structures or operating systems that can be provisioned for shared computing capabilities. The center is not averse to examining how other government agencies are doing business, he said, adding that the Coast Guard straddles the worlds of military and civilian agencies because it is a part of the Homeland Security Department.

The area with the greatest potential for evolution is software as a service, which allows code to be reused and commercial capabilities to be applied.

The Coast Guard's CIO is still considering which applications to move to the cloud under the Office of Management and Budget's cloud-first policy, which directs agencies to identify three services it can move to the cloud within 18 months.

“I can’t point to three specific [applications] for you at this time,” Ryan said during a panel discussion on SOA and cloud synergies. “We are doing good things already. I want to make sure our CIO recognizes that we are using cloud-type principles." For instance, the Coast Guard’s Alert and Warning System takes advantage of cloud-like capabilities, he added.

Don’t be too quick to judge

Agencies should not be criticized for not yet having picked three applications to move to the cloud, said Kevin Jackson, director of cloud services at NJVC, a provider of IT services and solutions.

The definition of the cloud is still being argued, said Jackson, who co-wrote a book, “GovCloud: Cloud Computing for the Business of Government,” that provides a five-step process for implementing cloud infrastructures.

On the one hand, there is the cloud-first policy. On the other hand, agencies are not ready to deploy a cloud environment based on the National Institute of Standards and Technology's definition. So the easiest thing for managers to do is change the definition of the cloud to fit their agencies.

“The cloud-first policy is in reality a future-proofing concept," he said. It is a long-term journey that will take eight to 10 years to unfold, and even Federal CIO Vivek Kundra has acknowledged that, Jackson added.

“So an agency should not be lambasted for not being able to say,... 'This is my cloud, and it meets all of the tenets of the NIST definition of a cloud,'” he said. However, agency managers should be able to identify a cloud project, describe its status and show how they plan to meet the cloud tenets within a set timeframe, he added.

“That is more important than saying, ‘These are my cloud projects I’m delivering within 18 months. I'm finished with that — what is next?’” Jackson said.

The government is “trying to put datelines to say we want you in this game sometime soon,” said Denzil Wasson, CTO of Everware-CBDI, a consulting firm. Agency managers should distinguish between core and contextual services. For example, handling timesheets might be a contextual service that could be handed over to the Labor Department or another cloud provider while an agency focuses on its core services.

Reader Comments

Wed, Apr 20, 2011 EdT

The Cloud is nothing more than time share of old, and service providers of today. So, the concept and servcies have been around for 40 years. The word "cloud" is a distinction without a difference...

Wed, Apr 20, 2011 M S Prasad India

A thought provoking article. However , Clod has many Use cases not particularly SOA oriented. The major issue due to which it can be a problem in adoption is security and idle botnets. Any guess for how many botnets would be in amazon service.? SLA , data not crossing thelegal boundary ( compliance and legal issues) is another problem for GRC adoption.thx.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above