Bob Schumm | An insider's thoughts on SOA

Just what the heck is a service-oriented architecture anyway? One of the biggest IT buzzwords today, SOA nonetheless suffers from a lack of formal definition. Advocates tend to extoll SOA's benefits without actually explaining what it is, or how an agency could go about procuring one. To get some clarity, we consulted with Bob Schumm, director of Federal Business Development for BEA Systems Inc. of San Jose, Calif.Perhaps best known for its WebLogic application server software, BEA has been a strong champion for organizational use of SOA. Earlier this summer, the company released its AquaLogic suite of software products, which is specifically designed to help large organizations create an SOA framework. The suite includes an enterprise service bus, a data services platform, a services registry and an enterprise security toolkit.As director of federal business development, Schumm shepherds BEA's products through government certifications such as Section 508 and Common Criteria Validation.He holds a bachelor's degree in economics from Fairfield University, Conn. GCN associate writer Joab Jackson spoke to Schumm by phone.Schumm: An SOA is an IT strategy that aligns IT with the business processes. It allows you to reuse existing components to improve productivity.Schumm: Web services are just one way to implement an SOA. SOA is an architecture, not a specific technology. SOA usually uses [Extensible Markup Language] and the Internet to tie Web services together, but you could do it with Java 2 Enterprise Edition components, such as remote Enterprise Java Beans.Schumm: The Office of Management and Budget requires all agencies to develop their business cases to align to the FEA language and taxonomy. OMB reviews the submittal against the reference model, looking for duplication in business functionality, technology investments and services redundancy.So in one sense, FEA is a diagnostic tool that allows OMB to discover applications, data repositories or other components that would be good candidates for reuse.The FEA gives you a road map [to] implement an SOA. If you were to look at the Data Reference Model, you could quickly identify redundancy in data repositories. You could look at the technical reference model to find compatibilities between standards and technologies used in [separate] areas. So you could later use an SOA model to consolidate the data sources and the systems they are connected to.Schumm: I can answer using examples from BEA. With our development environment, WebLogic Workshop, you simply would right mouse-click on the object in development, and ask it to generate a service, and [Workshop] would create all the artifacts around the Web service. Once you've done that, you need to record it to whatever Universal Description Discovery and Integration registry you're using.Schumm: An SOA is only secure as the least-secured area. So if you don't secure all the services you have in your registry, you would create a hole. Security is on multiple levels, so you could do things such as authentication and authorization on a Secure Sockets Level, you could do it at the message level, with Web Services Security [communication protocols]. And then there is policy-based access control to applications and services.Schumm: We've met with [OMB chief architect] Richard Burk and talked a bit about this. It is through the Exhibit 300 submission [in an agency's business case] and review process. You want to make a service available, in your Exhibit 300 form request, you would point out that you would need the additional resources. OMB would do the cost-benefit analysis.Schumm: Grants.gov is an SOA implementation. What they have done fundamentally is create a data schema and repository, and built some core services needed in the grants processing space. There are some standard pieces of business logic involved in grants processing. So by providing the services, other agencies that are developing grants services can reuse those. They are only responsible for the unique part of their [services].Schumm: AquaLogic is a new family of products that enables customers to deploy, configure and operate services through the SOA lifecycle.To give you some context, AquaLogic is a [part of] a new category of software, called service infrastructure. It is one of the fastest-growing categories of enterprise software. It enables free flow of process, information and services across and be- tween heterogeneous business environments. An IDC market study says it will grow to $9 billion by 2009.Schumm: It is a piece of software that provides a place for programs to run. It handles the mundane tasks of communications between processes, job scheduling, getting resources. It takes away the redundant tasks that you [normally] need to develop a Java program, so the programmer can only focus on the logic of the program itself. In some ways, it is like an extension of an operating system.Schumm: There really is not a comparison with Oracle. The Oracle Application Server requires the Oracle database. We're platform agnostic: We run on everybody's hardware; we run with everybody's database.Tomcat fits a small market, serving users with a low-functioning need that is not very complex. BEA's customers tend to be large organizations that require reliable technology. Also, our customers like that the software to be supported, that there is somebody responsible to get the application back up. Our low-end product can scale many more times than Tomcat.Schumm: Well, it depends on whether the person who first wrote the application strictly followed standards. BEA, being standards-based, is easier to port to and port from.Schumm: I think for a lot of applications, that is correct. But some of the vendor extensions provide things that aren't available [otherwise]. In a number of ways, BEA has developed technology and subsequently provided that technology back to the open-source community. It is more about complying with the standards.