Web Services Spread Slowly Into IT

But more work needs to be done to address architectural, process and security issues.

Dade County, Fla., has more than 40 Web services in production that are used to integrate data to build citizen-facing applications, like those for online fee payment and access to building-inspection reports.

In November, Dade County rolled out the first release of a call center application built to provide answers to common questions through Web services interfaces to criminal justice, waste management and public works back-end systems, said Carmen Suarez, systems support manager at the county's enterprise technology services department.

Dade County is one of a growing number of organizations that have successfully lassoed Web services as a way to link dissimilar systems more quickly and cost-effectively than they could with traditional, hard-coded integration. Now, many are attempting to address the architectural changes required to exploit Web services to develop flexible applications that can be changed as business requirements evolve.

Web services emerged in the midst of the IT recession during the early 2000s as a way to integrate systems using standards—Simple Object Access Protocol, Web Services Description Language and the Universal Description, Discovery and Integration specification—along with key XML technology.

The Web services concept was slow to make its way to corporate IT operations because vendors debated the path of the standards. But the demand for such capabilities forced a peace among rival vendors and led to IT efforts to take advantage of Web services, despite architectural and security challenges.

For example, the state of Wisconsin last year used Web services to integrate six procurement systems in less than two weeks, according to CIO Matt Miszewski. And Navitaire Inc., a Minneapolis-based application service provider that houses reservation systems for low-cost airlines, expects to slash infrastructure costs in half by leveraging application development tools and Web services in Microsoft Corp.'s .Net platform to migrate its applications. Navitaire is migrating to .Net from the HP3000 system, which Hewlett-Packard Co. stopped selling last year.

Wisconsin CIO Matt Miszewski
Wisconsin CIO Matt Miszewski

Image Credit: David Nevala

Almost two-thirds of all major Web services deployments today are focused on integration projects, according to research firm Gartner Inc. And analysts are forecasting that 40% of all business software purchased in 2007 will be Web-services-enabled. With that in mind, some companies are embarking on a path toward the Holy Grail of Web services—reusing business processes to build composite applications. But as they do, some are running into architectural challenges.

For example, Dade County is trying to find a way to manage Web services and create a directory for developers to access Web services for reuse in future applications.

"I am looking for a way to manage the change that will be involved with the Web services," Suarez said. The county needs to be able to "monitor performance and understand relationships between Web services and back-end systems," she added.

On the SOA Path

Using Web services for point-to-point integration is a baby step toward building a service-oriented architecture (SOA) that can manage Web services, said Jason Bloomberg, an analyst at ZapThink LLC in Waltham, Mass. SOAs support the security, business process management and performance monitoring needed to use Web services to quickly build new applications by tying together components of existing ones.

"An SOA is more of a challenge because it involves architectural change," said Bloomberg. "The goal is an architecture that is flexible enough so the business side can rework business applications over time."

Companies building an SOA first need to outline a strategic vision for Web services, suggested Tyson Hartman, director of .Net solutions at Seattle-based Avanade Inc., a systems integrator formed by Accenture Ltd. and Microsoft. The plan should detail how a company will measure the success of using Web services. "One of the important questions is, What is the cost benefit of using a Web services solution for a given business problem?" Hartman said.

For example, Avanade often works with companies that have multiple custom-written applications doing the same function for different delivery mechanisms. Collapsing those channels to support all the delivery vehicles, such as desktop and wireless systems, with a common back end could result in significant savings, Tyson said.

However, companies that have deployed a dozen or more Web services are "getting to the point where they realize this is getting out of hand," said Anne Thomas Manes, an analyst at Burton Group in Midvale, Utah. Such companies can benefit from registries and management technology to gain control of the Web services, she said.

Experts do say that those enterprises making a successful leap to full-fledged SOAs can expect a substantial payoff.

For example, Wisconsin expects its SOA effort to allow "all of the pieces of what will be our ERP system to be available as Web services," said Miszewski. "As people build new applications, they will be able to tap into the ERP Web services themselves." Wisconsin will use an enterprise service bus, which uses messaging technology and routing to tie systems together. The bus, from Cape Clear Software Inc., will provide an integration infrastructure that anchors a single instance of ERP for the whole state.

Web Services and BPM

For many companies, business process management is front and center in Web services efforts. For example, MasterBrand Cabinets Inc. plans to use Web services and business processes to ease efforts to integrate ERP systems from companies it has acquired over the years.

"Our organization was very application-centric," said Dave Mewes, vice president and CIO at the Jasper, Ind.-based cabinetmaker. "What we've tried to do is retrain our organization to think of processes horizontally—across the enterprise. We don't discuss applications; we discuss needs."

Thomson Learning, a professional and academic testing company in Stamford, Conn., homed in on its business processes when it built Web services interfaces into applications for scheduling tests and transmitting test scores to its partners. Before exposing the application programming interfaces of its applications as XML, Thompson did an analysis to break down processes into various elements, such as the name of the test taker, the location of the test and the payment method. An orchestration tier routes the elements to the legacy application or new service to be consumed.

Thompson, which began transmitting test scores last year and will launch test scheduling early this year, has a much better understanding of the business process flow using Web services than it did when it used traditional enterprise application integration technology, said Christopher Crowhurst, vice president and principal architect. "We can measure the performance of them all very cleanly," he said.

Security Issues

Enterprises ramping up Web services work must also tackle increasingly complex security issues, especially if their use of Web services extends beyond internal firewalls.

For example, National Student Clearinghouse (NSC) this year will begin a pilot in which it will use Web services to transmit college transcripts to its partners. The Herndon, Va.-based nonprofit now uses passwords, usernames and Secure Sockets Layer encryption to securely transmit college degree verifications to employers and background screeners. More security will be required as more personal data is included in communications with clients over time.

A username-and-password system is a "less-than-ideal security environment," said Mark Jones, NSC's vice president of marketing. "You've got your core access to a lot of very important data for anybody who wants to or knows how to go after it. In an ideal world, we would digitally sign the whole payload and identify who is coming in based on a digital certificate."

RouteOne LLC, a Web services veteran, wrestled with security early on and eventually turned to a third party for help.

RouteOne, a joint venture of DaimlerChrysler Services North America LLC, Ford Motor Credit Co., General Motors Acceptance Corp. and Toyota Financial Services Corp. that was formed to provide a Web-based credit application management system, has built its entire business on XML and Web services.

"Security was a gimme for us [because] it is the dealers' customer data going across," said T.N. Subramaniam, chief architect at RouteOne in Farmington Hills, Mich. "We tried to do it in software by rolling our own, but it was too slow for the volume of messaging."

The company now uses Cambridge, Mass.-based DataPower Technology Inc.'s secure gateway product, a wire-speed XML-aware networking device that digitally encrypts and signs the entire payload of RouteOne's messages without affecting performance, Subramaniam said.

COMPUTERWORLD POLL

Is your organization developing Web services?

Already using them and developing more projects 58%
Working on pilot projects 15%
Actively evaluating 12%
Not interested 8%
Don’t know 7%

Base: Survey of 966 Computerworld subscribers, December 2004

WEB SERVICES

Management Matters

Through 2006, more than 90% of internal and business-to-business service-oriented business applications in operation will face Web services outages, performance issues and failures resulting from insufficient management.

WHAT YOU CAN DO

medium_orange_bullet.gif
Map your technology choices to your business needs. Some organizations may need to manage Web services in basic ways, such as monitoring interactions like an address lookup from a database. Others may face complex issues like load-balancing and scalability requirements to meet service-level agreements with trading partners.

medium_orange_bullet.gif
Find Web services middleware technology that is overarching and can be used not only for management of Web services provisioning and consumption, but also for life-cycle management and policy enforcement within the integrated development environment.

medium_orange_bullet.gif
Select technology that provides security and management in one package, only if you can establish ROI in three years or less.

Source: Gartner Inc., Stamford, Conn.

Copyright © 2005 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon