William Vambenepe's blog

HP, IBM, Intel and Microsoft just released a roadmap to describe how we plan to converge the myriad of Web services specs currently used for resource acces, eventing and management. Basically converging WS-Management and the stack under it with WSDM and the stack under it. This roadmap should make users of these specs feel a lot more at ease. It also is specific enough to give a good indication of the smart way to architect systems today in a way that will align with the reconciled version. Even though we don’t have spec candidates ready to share at this point, we thought it would be valuable to let people know of the direction we are heading towards. The resulting set of specifications will be based on the currently existing WS-Transfer, WS-Eventing and WS-Enumeration. Which, as it happens, are published as member submissions by the W3C today.

After Systinet, it’s now Actional’s turn to take the plunge. For those trying to keep track, Jeff Schneider has a useful recap of SOA-related acquisitions and mergers. It’s only missing the name changes to be complete (e.g. Corporate Oxygen to Confluent, Digital Evolution to SOA Software…).

With the ongoing virtualization of the computing infrastructure as well as the proliferation of multi-core processors, revising software pricing strategies (often based on number of processors) is a hot topic. The usual spin is: we can’t keep using the current model (as “number of processors” doesn’t mean much anymore) so we have to think of a new one. But there is another way to look at it. Revising the pricing strategy not because we have to but because we can.

Pricing software based on the number of processors only makes sense because we are used to it. We are used to it because it is prevalent. It is prevalent because it is easy to measure and apply (or was until recently). It’s hard to measure the value to the business of a piece of software but it is easy to measure how many processors run it. So we use the number of processors as an approximation of the value. This approach to pricing is very similar to the approach of policy-driven IT management that creates SLAs at different levels of the architecture. The IT administrator is told to make sure that a certain server stays up 99.9% of the time. Does the business really care that the server is up? No, what it cares about is that the business processes can progress and these processes happen to use applications running on the server. But if we told the IT admin “make sure the business processes can progress”, he doesn’t know what to do in practical terms. He doesn’t know whether the downtime to patch the server is worth it or not. By giving him a more measurable metric (uptime), the IT admin is now able to make the necessary decisions to meet the specific uptime SLA. Just like the number of processors is used as a convenient approximation of the business value of the software, the uptime SLA is used as a convenient approximation of the business need. Like any approximation, they are not perfect and making decisions based on them rarely leads to optimal decisions. But when that’s all you can do you call it good enough and you go with it.

One of the key promises of the effort to “bridge the gap between business and IT” is to better align infrastructure-level decisions with the real business impact. Products like OpenView’s Business Process Insight allow you to map business processes to the IT infrastructure that powers the steps of the process. So that you can make decisions on managing the IT elements based on their real impact on the business rather than fixed SLAs. We are seeing a huge amount of interest for this and there is a lot of room for optimization once this correlation is established. At this point, the focus is on using this to automate and optimize IT management. But this is so similar to the software pricing issues that one has to wonder whether these technologies won’t eventually allow us to price software in a way better aligned with the real business value provided by the software. And who knows, maybe one day management software will be used to tie salaries to business value rather than being driven by approximations such as “number of hours worked”, “number of bugs fixed”, “uptime of the server”, “number of specs produced”.

Over the last couple days, a few articles came up that help explain HP’s vision for Management of the Adaptive Enterprise, so here are the links.

Yesterday, Mark Potts published an article describing the value of SOA for enterprises and more specifically the management aspects of SOA (security, life cycle and configuration, management of infrastructure services and business services, governance, etc). BTW, the SOA practice from HP Consulting and Integration that Mark refers to at the end of his article is what I mentioned in my previous post.

Another interesting article is Alan Weissberger’s entusiastic report from GGF 14. Alan follows GGF and related OASIS activities very closely, doesn’t fall for fluff and is not easily impressed so this a testimony to the great work that Heather, Bryan, Bill and Barry did there, presenting a WSDM deep dive, the HP/IBM WSDM demos (which they also showed at IEEE ICAC in Seattle) and talking about the recently released HP/IBM/CA roadmap for management using Web services. These four should call themselves “Heather and the Bs” or “HB3″ for short if they keep touring the world showing their cool demos. Can’t wait to see them at the Shoreline Amphitheatre. Of course, Alan’s positive comments also and mainly come out of all the hard technical work that lead to this successful GGF14, including the OGSA WSRF Basic Profile.

Two more articles to finish, both about the HP/IBM/CA roadmap. I talked to the journalists for both of these articles, one form ComputerWorld and one from the Computer Business Review.

Four good articles in two days, it is very encouraging to see how the understanding of how we are unleashing the power of SOAs through adaptive management is growing. This is what the roadmap is all about, explaining the objectives to people and inviting them on board.

There is a lot to like about HP’s announcement today that the company’s consulting arm is now offering seven new SOA services (including, of course, SOA Management) and opening four SOA competency centers (see the press release and IntenetNews.com’s report). I must admit that the idea of one day moving from the software group to HP Services and working on SOA solutions in the French Riviera at Sophia Antipolis (one of the four competency centers) is not without appeal. I am now spending a lot more time with customers than I used to anyway so it wouldn’t be too wide a chasm in that respect.

Even putting aside my bias for the good life in the “Côte d’Azur”, this is very good news. Good news of course for OpenView, including our SOA Manager product, but HP Services actually only represents a relatively small portion of OpenView sales.

More importantly, the SOA specialists in HP Services can help customers build an SOA by putting together parts from all our partners (Oracle, SAP, BEA, Microsoft, etc) as well as open source. Which is how you really want to go about building an SOA. In theory it is possible to build an SOA using homogenous products from the same vendor, but in practice this is as likely as designing a reusable and well factored-out interface while having only one use case and knowing about only one client for your service. In both conditions, assumptions creep in unnoticed into your contracts and abstractions. And you end up with a more tightly coupled system, which comes back to bite you as the number of participants grow.

It’s nice to see that, while most of the tech press seems happy to copy/paste from misleading press briefing documents rather than do any checking of their own, some analysts take a little bit more time to look through the smoke. So, when Gartner looks into the recent Microsoft/Sun announcement (see “Progress Report on Sun/Microsoft Initiative Lacks Substance”) their recommendation is to “view the latest Sun/Microsoft announcement as primarily public-relations-oriented”. Similar take from Jason Bloomberg from ZapThink who thinks that this “doesn’t do anything to contradict the fact that Microsoft is the big gorilla in this relationship”. And Forrester’s Randy Heffner (quoted in “Analysts Question Microsoft-Sun Alliance”) thinks that “Bottom line: Web services interoperability is not yet part of the picture”. Oh, and by the way “the WS-Management group has yet to come clean on how they will work with the WSDM standard approved by OASIS,” Heffner also says. “Again, WS-Management is still just a specification in the hands of vendors”. Very much so. But in PR-land everything looks different. As tech journalists write these articles including insight from analysts that contradict what the tech press reported a couple days earlier, I wonder if they ever think “hum, maybe I should be the one doing reality checks on the content of press releases rather than going around collecting quotes and then the analysts would focus on real in-depth analysis rather than just doing the basic debunking work…”

This morning I learned that Microsoft and Sun had a public event where the CEOs reported on a year of working together. This is a follow-up to Greg Papadopoulos’ report on the progress of the “technical collaboration”. In that post, Greg told us about the amazing technical outcomes of the work between the two companies and, being very familiar with the specs he was referring to, I couldn’t help but point out that the result of the “technical collaboration” he was talking about looked a lot like Sun rubber-stamping a bunch of Microsoft specifications without much input from Sun engineers.

So when I heard this morning that the two companies were coming out publicly with the result of their work, I thought it would be fair for me to update my blog and include this information.

Plus, reading the press release and Greg’s Q&A session, it sounded pretty impressive and it would have been bad faith from my part to not acknowledge that indeed Greg actually had something to brag about, it just wasn’t yet public at the time. In effect, it sounded like they had found a way to make the Liberty Alliance specs and WS-Federation interoperate with one another.

From Greg’s Q&A: “In a nutshell, we resolved and aligned what Microsoft was trying to accomplish with Passport and the WS-Federation with what we’ve been doing with the Liberty Alliance. So, we’ve agreed upon a way to enable single sign-on to the Internet (whether through a .NET service or a Java Enterprise System service), and federate across those platforms based on service-level agreements and/or identity agreements between those services. That’s a major milestone.”

Yes Greg, it would have been. Except this is not what is delivered. The two specs that are supposed to support these claims are Web SSO MEX and Web SSO Interop Profile. Which are 14 and 9 pages long respectively. Now I know better than to equate length of a spec with value, but when you cut the boilerplate content out of these 14 and 9 pages, there is very little left for delivering on ambitious claims such as those Greg makes.

The reason is that these specs in no way provide interop between a system built using Liberty Alliance and a system built using WS-Federation. All they do is to allow each system to find out what spec the other uses.

One way to think about it is that we have an English speaker and a Korean speaker in the same room and they are not able to talk. What the two new specs do is put a lapel pin with a British flag on the english speakers and a lapel pin with a Korean flag on the korean speaker. Yes, this helps a bit. At least now the Korean speaker will know what the weird language that the other guy is speaking is and he can go to school and learn it. But just finding out what language the other guy speaks is a far cry from actually being able to communicate with him.

Even with these specs, a system based on Liberty Alliance and one based on WS-Federation are still incompatible and you cannot single sign-on from one to the other. Or rather, you can only if your client implements both. This is said explicitly in the Web SSO Interop Profile spec (look for the first line of page 5): “A compliant identity provider implementation MUST support both protocol suites”. Well, this isn’t interop, it’s duplication. Otherwise I could claim I have solved the problem of interoperability between English and Korean just by asking everyone to learn both languages. Not very convincing…

But of course Microsoft and Sun knew that they could get away with that in the press. For example, CNet wrote “The Web Single Sign-On Metadata Exchange Protocol and Web Single Sign-On Interoperability Profile will bridge Web identity management systems based on the Liberty and Web services specifications, the companies said”. As the Columbia Journalism Review keeps pointing out, real journalists don’t just report what people say, they check if it’s true. And in this case, it simply isn’t.

Greg Papadopoulos (Sun’s CTO) recently posted a blog entry to tell us, a year after, what’s it’s been like working with Microsoft. For those who forgot, a year ago Microsoft sent a $2 billion check to Sun to settle some legal disputes and turn Sun into a technical partner. So what kind of technical partnership is that? Well, according to Greg they’ve been making “some real architectural progress”. And he gives us four examples: WS-Addressing, WS-Management, WS-Eventing, WS-MetadataExchange. The funny thing is that for each one of these specifications Microsoft had written and publicized the specification before Sun became a partner and just put out a slightly updated version with Sun and other companies added as authors. Go ahead and check for yourself:

• WS-Addressing: the “before Sun” version (March 2004) and the “after Sun” version (August 2004)
• WS-Management: the “before Sun” version was called WMX but I can’t find a URI for it, only an overview document so on this one you’re on your own to find the “before Sun” document to compare (hint: call Microsoft, not Sun for this doc). Here is the “after Sun” version (October 2004)
• WS-Eventing: the “before Sun” version (January 2004) and the “after Sun” version (August 2004)
• WS-MetadataExchange: the “before Sun” version (March 2004) and the “after Sun” version (September 2004)

There might be a lot of in-depth technical collaboration going on between Sun and Microsoft that we are not allowed to see, but the only examples Greg has for us in his “one year later” piece make it sound a lot more like a business deal than technical collaboration. Maybe they have the CTO write about it because the CFO doesn’t have a blog?

In that same piece, Greg also tells us that “the ‘interoperate’ message is louder than even the ’standardize’ one”. This is probably why 3 of the 4 specs he brings up are proprietary specs. This explains a lot about what to expect from Sun in terms of standard support. I agreed when Sun used to say that standards are the best way to provide specifications that can be safely implemented, including by small companies and open-source projects (in financial terms, legal terms and control terms) and that this is a key promise of Web services. Simon Phipps (Sun’s chief technology evangelist) explained it well. But this was in year 1BC (Before Check). How things change.

Call it “laziness” or “smart reuse”, here is a pointer to a Web services journal opinion piece I wrote a few months back in an attempt to explain how the different efforts going on in the industry around Web services, grid, SOA management, virtualization, utility computing, <insert your favorite buzword>, fit together to provide organizations with the flexibility and efficiency they need from their IT in order to thrive. This is how it starts:

Enterprise services are created by combining infrastructure services, applications, and business processes. To be able to adapt quickly to business changes, enterprise IT must evolve from management of individual resources to management of interrelated services. [more...]