Geeks With Blogs

News Dave's Mug View David Oliver's profile on LinkedIn Add to Technorati Favorites Blog Directory for Guildford, Surrey
Dave Oliver's Blog Enterprise Technology Thought Leadership in a FTSE 100

And now to my other project that is close to my heart at the moment which is SOA.
As you may recall, we were having difficulty in selling the idea of SOA in our business, this has now changed. We have a project and a business sponsor. So in this post I want to reflect on some of the tips I’ve picked up so far that I would like to share with you.
Now this is list isn’t completely comprehensive, I’m bound to have miss something out, but hey, something to talk about in future posts.
Tip 1 – Don’t do anything until you have got buy-in from a business user. Like any major change you will need backing from someone with a cash-flow that gets it.

Tip 2 – Define the business requirements before you start, prioritise them to find out which is the area that would most benefit. This also helps the ROI case.
Tip 3 – Start small. This is a problem with my last attempt I was over ambitious and the risk was too great for management to swallow. With a new business unit that what’s to have their own new application but with the ability to integrate in to the existing systems with out affording any change to these systems we have an ideal scenario.
Tip 4 – Make a plan, manage you expectations and those of the business and your management on exactly how you are going to get ‘there’ and where ‘there’ is. A good way to do this is to create a ‘maturity model’ which I have only read about on Microsoft sites, but turning to IBM they have a lovely example which is below

You can read more about his diagram here at the wonderful CDBI forum.
Tip 5 – Education. Give a clear and concise message about your goal that you are trying to achieve using SOA so it is easy to understand. Demonstrate if need by, getting in different vendors, we used IBM and Microsoft. They both presented about SOA and they were both very consistent with each other on style and approach, it was just the technology sell at the end that was different.
Don’t forget to take the technical staff as well as management with you. It’s important to get buy-in from all levels.
SOA isn’t rocket science or blue-sky, its best practice for loose-coupled integration, get that message across simply and clearly. Avoid Buzzwords … people will start playing bingo in your presentations.
The most important person to educate is yourself make sure that you invest time in your learning so you can understand fully what your doing and what you will be asking others to do. No point in asking someone to write an XML Schema if you don’t know what one is and where it fits into the picture as an example.
Tip 6 – Use Web Services. For the life of me I can’t see any point in trying to do SOA with any other technology, it would just be too much of a pain in the arse so it just wouldn’t be worth it.
Yes, of course if your were to follow the rule book you could use any distributed technology, but the truth of the matter is that there aren’t that many distributed technologies that aren’t platform independent, ok perhaps CORBA and MQ maybe, but only web services has such broad commitment from all the big vendors and all of them are investing heavily in the technology, Microsoft is in fact betting the farm … and web services are soooo easy!

The anti-web services stuff is so yesterday, get over it.
Tip 7 – Work out your namespaces and schema first, but remember for all the will in the world you aren’t going to get it right first time. So in your plan have a re-engineering phase, don’t make it a surprise that you will need to go back and fix things. Don’t sell SOA as a silver-bullet, it’s a best practice and like all best practices get better each time you practice. The sweet point for this in your plan will be when you have learnt a great deal but not fully implemented a lot.
Tip 8 – Categorise your services. Pretty soon you are going to have 100+ services and you will soon get spaghetti if you’re not careful

Matt Deacon from Microsoft in a recent presentation recommended these different categories,

Entity Services
• Represent simple atomic operations on an Entity
• Activity Services
• Coordinate several Entity Services to enable Business Function execution (UpdateCustomer, AcceptPO)
• Implement common business transactions

Process services
• Represent long running business processes that may involve complex workflow and human interaction
• Consider BizTalk Server 2004 for these services

Enterprise Services
• Represent enterprise wide, or public B2B services

Infrastructure Services
• Provide common functionality to other services,
• Represent horizontal common services across organisations
• Strong buy versus build bias
• Enable Security, Management and Metering/Monitoring.
• Examples include Authentication, Authorization, Logging, Exception management

Event Services
• Notify subscribers of interesting events triggered

Tip 9 – Work out your security model. This I believe will be one of the most painful things to go back and re-work, so it’s a really good idea to work this out before starting.

Inside the Generico Sample SOA application found here you will find a white paper that in it will define three methodologies to choose from and they are (and I will quote directly from the document to save any confusion)

1. Use Windows integrated authentication throughout by specifying Windows as the authentication mechanism in all Web.config files and the IIS configurations of all Web applications. This means we don’t bother implementing any form-based login mechanism and instead rely on the browser providing credentials, perhaps showing a login dialog to collect them from the user if necessary. This allows us to use http as the protocol for all messages since the infrastructure will take care of performing authentication and authorization.
2. Use a custom authentication mechanism in the application and use Windows authentication in the service. In this case, specify Forms or None in the Web.config files and allow anonymous access in IIS. Also, use https between the browser and the Web application when collecting credentials in a Web form.
3. Use a custom authentication mechanism in the application and use WSE (WS-Security and WS-Policy) in the service. This methodology resembles the custom methodology above concerning the communication between the browser and the Web application since it still means specifying Forms or None in the Web.config files, allowing anonymous access in IIS, and using https between the browser and the Web application. Where it differs is how it secures the communication between the Web applications and the Web services they use.

Now I have to be honest, I’m still working on this one, so I will let you know which method we pick and why.

Anyway, I hope you’ve found my tips useful.

Posted on Tuesday, September 13, 2005 7:57 AM SOA | Back to top

Comments on this post: Tips for starting a SOA project in the real world.

# re: Tips for starting a SOA project in the real world.
Requesting Gravatar...
How goes your research into Tip 9 options?
Left by Chris on Dec 20, 2005 2:05 PM

# re: Tips for starting a SOA project in the real world.
Requesting Gravatar...
At the moment the services we have are using option 1. Windows integrated authentication. This is going to be a problem moving forward as the Mainframe can create web services, but doesn't do windows authentication. Hurry up WS-I! I need WS-Security completed now!
Left by Dave Oliver on Dec 21, 2005 6:32 PM

# re: Tips for starting a SOA project in the real world.
Requesting Gravatar...
Tips are really helpful to get the Idea for starting.
Left by Ameya on Nov 28, 2007 9:25 AM

Comments have been closed on this topic.
Copyright © Dave Oliver | Powered by: