Welcome!

Government Cloud Authors: Jason Bloomberg, Amy Eager, Pat Romanski, Rene Buest, Yeshim Deniz

Related Topics: Microservices Expo, Java IoT, Microsoft Cloud, Containers Expo Blog, Agile Computing, @CloudExpo, Government Cloud

Microservices Expo: Article

SOA and the Cloud: Why Your Cloud Applications Need SOA

Use a services-oriented architecture as the fabric upon which to build your cloud-based applications

Some consider cloud computing to be a cure-all for virtually any type of IT infrastructure. And while the cloud certainly delivers on many of its promises, it will never truly provide all that it's capable of unless it's optimized for integration with other applications and evolution for new requirements. What is the best way to provide this? Use a services-oriented architecture (SOA) as the fabric upon which to build your cloud-based applications. In this article, we'll outline the reasons why an SOA is so important for the cloud, some principles to consider when creating your cloud platform on an SOA.

A marriage made in IT heaven: Cloud and SOA
Cloud promises just about everything a CIO could possibly hope and dream for:  lower IT costs, eradication of daily management tasks, and massively reduced overhead. At this point in its evolution, however, cloud has been so touted and lionized; it's difficult to know how to separate the truth from the hype.

But for those who have had to implement and manage packaged enterprise applications, there are at least some aspects of cloud that are indeed very real, and those involved are eager to take advantage of. Cloud truly can provide a huge positive change in how you run your business, and we know by now that some of the early promises of cloud are indeed being delivered upon. And even though there will always be limitations to what was initially promised, those bulleted lists of what cloud can do for us are, thankfully, mostly true.

What's not as evident though, is the fact that a cloud offering is really just a way of delivering functionality through a service. It's not worth a whole lot if there's not a unified roadmap for how to construct, orchestrate and run all the services your organization relies upon. Without the processes that bring a service to the user, then all you have is some code that's easily accessible. Can the cloud concept still save you time, money and resources? Of course it can, but cloud services and functionality need to be brought together with a unified plan.

Can you guess what that unified plan is? Well, there are a lot of different ways to do it, but the easiest way, and the one that provides the greatest flexibility and most applicable built-in governance is a service-oriented architecture (SOA). There's confusion about the role an SOA plays in a cloud environment, but make no mistake, cloud is not a replacement, nor an incremental improvement of cloud. Rather, SOA acts as a cohesive, flexible infrastructure that enables services to function and integrate. That's partially because, just by its very nature, an SOA is a services-based platform. An application in the cloud can't do much unless it's sitting on top of something that's optimized to recognize and pull together, in an agile way, the various types of components that exist within a service (and even more so when you're combining a variety of services).

Figure 1: A service-oriented architecture at its essence

While the cloud needs SOA, it's important to implement it with adequate services security, governance, adherence to standards, and commitment to flexibility. There are entire operational, developmental, planning, and policy attributes that are crucial to using an SOA for your cloud, and that's what we've built our SOA platform on. Our Integrated SOA Governance solutions provide integration capabilities that enable your enterprise applications to be integrated and communicate with one another.

Okay, so we're a vendor, and we're inclined to think that best results will come in the form of our solution. But we created our SOA governance model mostly because, through years of collective experience and an inordinate amount of research, we recognized that a true SOA environment is the most effective way to unify, govern and manage enterprise apps and to enable your organization to grow in a scalable way without having to re-architect your IT framework. When it comes to cloud, well, there are a lot of different ways to skin this cat, but we think that architecting your enterprise application and services environment with an SOA will ensure that you're truly taking advantage of the cloud.

Putting cloud and SOA together
With the presumption that SOA and the cloud support and extend one another, there's still a great deal of confusion over where an SOA starts and the cloud begins.

Perhaps it's best to think about it in terms of a foundation and the things that sit on top of it. SOA provides a stable foundation, but it's not static. It's inherently flexible; in fact, one of an SOA's greatest attributes is its ability to adapt and integrate to both legacy systems and whatever may change and evolve in your IT landscape. That adaptability allows for any applications and systems to integrate with the basic structure of the platform, and optimizes how applications are accessed and data is transacted. And what platform can produce the best results in this environment? You guessed it - the cloud.

In our view, there really is no point at which an SOA ends and something else "takes over". Rather, we see that an SOA and cloud architecture are complementary, and that to be successful at having an effective architecture, you really need to think about what will optimize your services-based infrastructure. And if you're going to deliver or transact with cloud-based services, it probably makes sense to keep SOA as the foundation for everything, and putting a cloud-based system on top of that. The benefits will be mostly from the interoperability among all the different services that are transacting through the cloud, but are optimized because the SOA allows them to communicate and work with one another seamlessly (this, of course, is subject to your implementation).

Each component in a cloud-based application should be considered a separate Enterprise Service, even if they are not hosted by your IT organization.  To get a cloud-based application working right, and assuring that it will perform as expected over time, one needs a single point of governance over these highly virtualized Enterprise Services throughout the entire service lifecycle.

Starting at the planning stage, creators of a cloud-based application need to develop and track the inventory of cloud services that are available or under construction.  Business analysts, architects and developers need to be able to compare their enterprise SOA roadmap and desired slate of cloud applications with the Enterprise Service inventory, which consists of both cloud-based and traditional Enterprise Services.  Planning governance gives these stakeholders the ability to assign development priority to the cloud services that are most urgently needed, as well as determine the applicability of cloud technology to the problem. For instance, is the application subject to "speed-of-light" concerns?

Figure 2: Stages and elements of a cloud/SOA solution

A development governance solution will provide seamless management of "the cloud" as a development target. Operational governance for cloud services should ensure two important governance factors:  First, that the services themselves implement and enforce relevant policies for data protection, security, and service levels.  Secondly, it should ensure the federation of externally provided cloud services into the enterprise network. This is similar to the way externally provided SaaS services need to be federated for policy and message exchange pattern mediation.

Cloud services are subject to the same governance process as any other enterprise service, and as such need the same levels of policy governance.  For cloud services this includes the ability to define cross-cutting policies during the planning process and validate and enforce these policies through development and operations.

SOA Software product suite allows for easy management of SOA Governance throughout the plan-build-run service lifecycle, anchoring the process with strong policy governance. In planning, SOA Software Portfolio Manager allows planning stakeholders to develop an SOA roadmap, compare it to existing and planned services, and assign priority to selected services.  In development, SOA Software's Repository Manager makes sure that enterprise services confirm to appropriate standards and guidelines, providing powerful change management capabilities.  It also governs the consumption process, facilitating controlled and measurable asset reuse. When services are deployed, SOA Software Service Manager implements and enforces defined policies for security, performance, and reliability to ensure that enterprise services function as intended.  SOA Software Policy Manager works in concert with these products to keep policy definitions, and associated metadata, consistent as the service matures from planning through development and then into operation.

Arriving at Cloud Nirvana
Keep in mind that it's not that SOA provides the glue, or that it fills in any gaps, but rather in the model of a well-constructed enterprise architecture, SOA is both the support net and the building blocks that allow you to truly benefit from the cloud. But if you're trying to boil it down to its essence, it comes down to these points where SOA delivers value and cohesion for your cloud:

  • Governance: what's not often stated about the cloud is the need for thorough and comprehensive governance. Nothing provides that better than a services-based framework that actually requires standards to keep all the disparate applications communicating and transacting with one another.
  • Integration: your apps from yesterday, the ones you have now, and the ones you're going to buy/develop in the coming years will all need to integrate and interact irrespective of complexity. SOA is entirely built on the precept that THAT is its main function - to take processes, no matter where they come from, and make them worth with other processes. If you doubt that, we'll invite you to chat with any of our customers and they can describe how much easier things got once they focused on SOA.
  • Common purpose: applications are meant to be used and users don't care where the app lives, or what it took to bring the functionality to them. They just want it up when they are, and ready to transact business 24/7. The cloud is supposed to provide the house in which that's all done, but it just won't get done unless there's a flexible backbone that enables all of that. Again, that's the job of SOA.

We know that there are dozens of other considerations, some at the business rules level, and some having to do with hardcore code compliance. But ultimately when we need to take a solution back to our company and help them be successful, we'll think about these things and realize that if we can agree on a common purpose for our apps, integrate them, and provide the necessary governance, then we're ready to establish our presence in the cloud and prepared to grow and adapt.

When you get there, when you get to that point where you're running your applications in the cloud and benefiting from substantial cost savings and watching integrated apps play nicely with one another, and the CEO pats you on the back and tells you what a great job you're doing, then you will know that you are, in fact, in cloud nirvana.

More Stories By Roberto Medrano

Roberto Medrano, Executive Vice President at SOA Software, is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been involved at the beginning of four IT industries: EDA, Open Systems, Computer Security and now SOA.

Prior to joining SOA Software, he was CEO of PoliVec, a leader in security policy. Before joining PoliVec, he was one of the top 100 Sr. Executives at Hewlett Packard. At Hewlett-Packard (HP) served as the General Manager of the E-Services and Internet Security Divisions. Medrano has held executive positions at Finjan, Avnet Inc, and Sun Microsystems. Medrano participated in President Clinton’s White House Security Summit and has been an active member on National Cyber Security Summits, and the White House National Strategy to Secure Cyberspace.

Medrano has been selected as one of “The 100 most influential Hispanics in US”, “The 100 most influential Latinos in Silicon Valley” “Top 100 most influential Hispanics in Information Technology” and is co-founder and CEO for Hispanic-Net, a non-profit organization. Medrano holds an MBA from UCLA, a MSEE from MIT, BSEE from USC.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organi...
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Datanami has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datanami is a communication channel dedicated to providing insight, analysis and up-to-the-minute information about emerging trends and solutions in Big Data. The publication sheds light on all cutting-edge technologies including networking, storage and applications, and thei...
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
SYS-CON Events announced today that TechTarget has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
SYS-CON Events announced today that EnterpriseTech has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. EnterpriseTech is a professional resource for news and intelligence covering the migration of high-end technologies into the enterprise and business-IT industry, with a special focus on high-tech solutions in new product development, workload management, increased effi...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...