Oracle Integration

SOA Software’s Service Manager™ integrates with Oracle’s BPEL Business Process Manager and related products. With Oracle exposing and consuming Web services as part of their next-generation of eBusiness Suite, version 11.5.10, the Service Manager provides Oracle customers with the ability to implement Web services with end-to-end security, location transparency, SLAs, and quality of service. With the Service Manager, Oracle’s process tools can now enable the benefits of an SOA by abstracting all the complexity of consuming Web services away from the process tools, bringing true agility for the first time to a loosely coupled heterogeneous environment.

Integration with Oracle eBusiness Suite 11.5.10
As a comprehensive platform for XML and Web services security and management, the Service Manager can be used to extend the functionality of the Oracle eBusiness Suite 11.5.10 Process Manager and enable a secure, manageable Service-Oriented Architecture that leverages Oracle technology. The Service Manager provides the following security and management functionality for Web services exposed in your enterprise through Oracle 11.5.10:

Centralized Policy Management
Performance Monitoring and Reporting
Security Enablement, Enforcement and Auditing
Provisioning, Contracts and SLA management
Web Services Publishing, Search and Discovery via UDDI
Multi-protocol message transport for quality-of-service

Integration with Oracle BPEL Process Manager
SOA Software’s Service Manager can be used to extend the functionality of the Oracle BPEL Process Manager and enable a complete Business Process Management solution based on Web services.

Securing and Managing the BPEL workflow - SOA Software’s Management Point™ can be used to secure and manage the BPEL workflow because the BPEL workflow is a Web service defined using a WSDL. As a result, the communication/invocation from a client application that uses SOA Software’s Gateway™ can be secured and monitored.
Securing and Managing Web Services that are part of the BPEL workflow - In this scenario, the Management Point is used to secure and manage the underlying Web services that are part of the BPEL workflow. The BPEL workflow may have several Web services with various security and monitoring requirements which can all be managed using the Management Point.
Monitoring the BPEL workflow with SLAs - The Service Manager has the ability to monitor Web service performance and enforce SLAs that are associated with the BPEL workflow. The DESM can generate alerts in case of SLA violations.

Enterprise Architect Summit 2008

If you have responsibility for managing IT infrastructures, designing and implementing enterprise architectures, or implementing strategic software or systems, come to the Enterprise Architect Summit this October. Here you will hear talks from top industry experts on enterprise architecture methodologies, service-oriented architecture implementations, and innovative new techniques for building systems that last. You’ll have many networking opportunities with peers from other organizations, enabling you to share ideas and hear firsthand about what approaches worked and why. You’ll take away expert analyses, a dynamic network of enterprise architecture peers, and new concepts ready to implement.

SOA Software Expands European Operations

Los Angeles, Calif. – September 29, 2008 – SOA Software, the leading Integrated SOA Governance vendor announced today that it has hired Wolf Gilbert; an executive from Microsoft Corporation to lead its rapid expansion into the European market.

Mr. Gilbert, joining SOA Software as Vice President for European Operations, combines strong business credentials with a deep technology background. He holds an MBA from Southern Methodist University. Mr. Gilbert designed and built one of the first ever Java-based ORB’s and spent most of the last decade as an Architect for Microsoft. Mr. Gilbert helped design Windows Server 2003 and had a hand in the development of SQL Server 2005. It was during this time at Microsoft that Mr. Gilbert discovered his true passion for Service Oriented Architecture and he helped cultivate this passion in others at Microsoft; Mr. Gilbert was a co-founder of Microsoft’s SOA Solutions Team and the Chief Architect behind its Managed Services Engine.

SOA Software has seen extraordinary growth in the US market over the last 3 years. SOA Software sees the opportunity for accelerated growth through the European market and is bringing Mr. Gilbert on board to build European Operations and drive this growth.

“We are very pleased with the way our business has grown through our strong execution in the US marketplace,” said Paul Gigg, president and CEO of SOA Software. “Customer demand in Europe is accelerating our expansion and we are excited to be able to bring on board an executive of Wolf’s caliber and background to lead this effort.”

Customers use SOA Software products to accelerate their adoption of SOA. The company’s products provide a comprehensive Integrated SOA Governance Automation solution. They offer lifecycle governance, security, management and mediation of SOA, ensuring the security, reliability, performance and ease of development of service-oriented business applications. The company provides the industry’s fastest and most scalable solution for platform-independent Integrated SOA Governance Automation, the critical element enabling large customers to connect and control SOA platform components from multiple vendors.

“Although European companies face some unique challenges, the underlying themes are very similar to those of their US counterparts,” said Wolf Gilbert, vice president of European operations for SOA Software. “I am confident that SOA Software has the right products to address these challenges, combined with uncommon agility and ability to execute.”

SOA Software™ is the only company offering a comprehensive Integrated SOA Governance Automation solution addressing SOA security and management together with Legacy and B2B Web services requirements. SOA Software’s Repository Manager™, Policy Manager™, and Service Manager™ combine to form a comprehensive Integrated SOA Governance Automation solution, with SOLA™ providing a governable Mainframe SOA platform.

About SOA Software
The world’s largest companies including Merrill Lynch, Verizon, and Pfizer use SOA Software to quickly and confidently realize the value of SOA. SOA Software’s platform-independent Integrated SOA Governance and Mainframe SOA products process over 2.5 billion mission critical transactions per month, ensuring the relevance, security, reliability, and performance of services and applications. For more information, please visit http://www.soa.com.

SOA Software, Policy Manager, Repository Manager, Service Manager, and SOLA are trademarks of SOA Software, Inc. All other product and company names herein may be trademarks and/or registered trademarks of their registered owners.

Compuware and SOA Software Partner for Mainframe SOA

Los Angeles, Calif. – September 16, 2008-- SOA Software, the leading Integrated SOA Governance vendor, and Compuware, one of the world’s largest independent software and services companies announced today they are partnering to accelerate the adoption of mainframe SOA. This partnership will help mainframe users adopt SOA quickly and safely by leveraging the technology and expertise of two leaders in this field.

Compuware brings extensive mainframe expertise to the table, with a large SOA practice focusing on enabling Systems by leveraging Service-Oriented Architecture principles.

Compuware and SOA Software help companies modernize and leverage their mainframe environments by allowing business-critical mainframe applications to become first class participants in a Service-Oriented Architecture. This joint solution leverages Compuware’s centers of excellence, technology and best practices to assist clients in realizing the benefits of modernizing their extensive investments in legacy architecture. Using SOA Software’s acclaimed SOLA integration solution, Compuware assists clients by discovering, building, optimizing, testing and deploying enterprise mainframe applications as web services.

Compuware offers a set of products and a comprehensive list of professional services that can be tailored to specific business needs, for both mainframe and distributed environments.

Legacy discovery and rationalization
Production service enablement
Enterprise service integration
Service quality assurance and testing
Legacy optimization

“SOA Software is pleased to partner with Compuware, a leader in mainframe technology and integration services,” said Roberto Medrano, executive vice president of SOA Software. “The mainframe forms a critical piece of most large companies’ technology infrastructure, and we are excited about the opportunity this partnership provides to help companies leverage their mainframe systems as part of modern applications.”

SOA Software’s SOLA is the most complete mainframe Service Oriented Architecture (SOA) solution in the industry. SOLA solves today’s most critical problem, making mainframe applications part of a SOA in a cost effective manner. SOLA provides customers with a fast and easy process to expose mainframe applications as secure Web Services, and allows mainframe applications to consume Web Services. Using SOLA, customers can leverage billions of dollars of existing mainframe investments when building an enterprise SOA. The SOLA runtime environment runs entirely on the mainframe, eliminating the need for expensive, unreliable and unnecessary middleware. This, coupled with SOLA’s Development Studio, vastly increases developer productivity, providing faster time to market and lower application development cost. The combination of a highly optimized runtime, no middleware and improved productivity provide the lowest Total Cost of Ownership (TCO) in the industry.

“Over the last 35 years Compuware has focused on delivering measurable business value to 90% of the Fortune and Global Fortune 100 companies. We are excited about bringing the SOA organization’s products as an accelerator within Compuware’s (SOA) Service Oriented Architecture strategy,” comments Vice President of Professional Services, Pat Greenwood. “Our clients look to us to leverage their existing environment for enterprise-wide application sharing, the SOLA product aligns within our go-to-market strategy in that it enables us to expose our client’s assets in an accelerated delivery model. This partnership fits within Compuware’s strategic approach of developing end-to-end enterprise solutions which leverage our clients’ investments in their mainframe environments.”
The first deliverable from this relationship is a joint seminar series starting on Thursday October 16th in Montreal, Canada. The seminar series will examine the role of the mainframe in enterprise SOA, and will describe the value and benefit of the joint Compuware/SOA Software solutions. If you wish to attend, please contact us at
For more information about this partnership please visit: http://www.soa.com/mainframe for SOA Software’s SOLA, and http://www.compuware.ca/en/solutions/soa/offering.htm for Compuware professional services

About Compuware
Founded in 1973, Compuware is one of the world’s largest independent service/software companies, with annual revenue exceeding $1 billion. We have more than 23,000 customers in 93 countries, and serve the world’s largest IT organizations—including 95 percent of the Fortune 100. We offer a powerful set of integrated enterprise IT solutions to accelerate the development, improve the quality and enhance the performance of business-driving applications. With offices in 60+ locations worldwide, Compuware is a global industry leader in providing business value through software and professional services that optimize productivity and reduce costs throughout the IT life cycle.

SOA Software Demonstrates Performance and Reliability in SAP® Co-Innovation Lab

Las Vegas, NV – September 9, 2008 – SOA Software, the leading Integrated SOA Governance vendor, announced today that it is working in the SAP® Co-Innovation Lab, where it collaborates side-by-side with SAP to provide comprehensive Integrated SOA Governance Automation solutions for customers. SOA Software has demonstrated the exceptional performance and reliability of its SOA Governance solutions for use with SAP solutions to Fortune 1000 customers, and continues to work with the SAP Co-Innovation Lab team and customers to define and showcase advanced SOA Governance Automation use cases. Today’s announcement was made at SAP TechEd 2008 Las Vegas, where SOA Software is exhibiting in booth 83.

The SAP Co-Innovation Lab is a hands-on working environment for SAP, its customers and partners to build and execute joint projects, enabling them to co-innovate new business applications and technology solutions to address specific customer needs. SOA Software is working closely with SAP at the lab to demonstrate how its products provide Integrated SOA Governance Automation capabilities in support of enterprise service-oriented architecture (enterprise SOA) when used with the SAP NetWeaver® technology platform. This allows customers to more confidently use SAP NetWeaver and SAP enterprise services as part of a heterogeneous enterprise SOA environment, sharing services with other commercial SOA platforms from vendors including IBM, Microsoft, BEA, Oracle, RedHat and other open source providers.

“We’ve been pleased to work with SOA Software in the SAP Co-Innovation Lab,” said Scott Campbell, vice president of the Co-Innovation Labs Network at SAP. “Our customers value the opportunity to work side-by-side with SAP and SOA Software in the lab to gain strategic insights for adopting, managing and governing enterprise services – it’s the power of our ecosystem at work.”

Customers benefit in the following ways from the use of SOA Software’s Integrated SOA Governance Automation solution with SAP NetWeaver in an enterprise SOA environment:

More easily identify, design and build their own services using SAP NetWeaver that are relevant and consumable to non-SAP applications, such as the applications they design, build and deploy using technologies from other vendors such as Microsoft and IBM
Make services they expose from applications running on SAP NetWeaver visible to and compliant with enterprise policies that are defined, enforced and audited across other platforms. This helps the services they design and build using other platforms from other vendors and open source environments visible to and compliant with enterprise policies that are defined, enforced and audited across SAP NetWeaver
Further promote and formalize consistent alignment between demand from service consumers and the supply of services through Consumer Contract Provisioning

SOA Software’s platform-independent, Integrated SOA Governance Automation solution promotes the use of best practices throughout an enterprise SOA environment regardless of where services and consumers are designed, built, deployed and operated. Policy Manager, Repository Manager and Service Manager integrate with development and run-time products from most commercial platforms from vendors including SAP, Microsoft, IBM and BEA, as well as RedHat and other open source providers.

“The Co-Innovation Lab provides us with the opportunity to demonstrate and validate our governance integration with SAP solutions to better meet the needs of customers,” said Frank Martinez, executive vice president at SOA Software. “Customers like Ingram Micro leverage our products so they can more confidently use SAP NetWeaver and SAP enterprise services included as a part of a heterogeneous enterprise SOA environment.”

About SOA Software
The world’s largest companies including Merrill Lynch, Verizon, and Pfizer use SOA Software to quickly and confidently realize the value of SOA. SOA Software’s platform-independent Integrated SOA Governance and Mainframe SOA products process over 2.5 billion mission critical transactions per month, ensuring the relevance, security, reliability, and performance of services and applications. For more information, please visit http://www.soa.com.

SOA Software Announces Record Growth in Production Environments

Los Angeles, Calif., Sept 3, 2008—SOA Software, a leading Integrated SOA Governance Automation vendor, announced today that the number of transactions processed by its systems each month grew by 400%, to over 2.5 billion transactions a month. The growth was due to the expansion of existing production systems and the deployment into production of new SOA Governance systems.

SOA Software attributes this dramatic growth in production usage to the rapid expansion of the market driving demand for SOA Governance solutions, the maturity and performance of SOA Software’s products, the SOA Governance Certification with major Platform vendors such as IBM, JBoss, Microsoft and SAP, and its ability to meet the needs of the most demanding customer environments.

Using SOA Software’s products, enterprises can align people, processes and technology to deliver a successful SOA program. SOA Software’s products reduce the cost and risk in an enterprise SOA program, helping customers build the right services, build services the right way, and run services the right way by providing a platform-independent Integrated SOA Governance Automation solution. SOA Software’s products offer exceptionally low-latency, coupled with the ability to scale nearly limitlessly, while ensuring the availability and security of enterprise services.

In a further strengthening of SOA Software’s market position, the company has certified IBM, Microsoft, SAP, and RedHat JBoss through its Governed Service Platform Certification Program providing customers and integrators with the confidence to use these platforms as part of a heterogeneous enterprise SOA environment.

Our Governed Service Platform Certification program gives companies the confidence to implement SOA solutions at scale in mission critical production environments,” said Paul Gigg, president and chief executive officer of SOA Software. “SOA Software continues to set the pace for deployed SOA Governance production systems.”

About SOA Software

The world’s largest companies including Merrill Lynch, Verizon, and Pfizer use SOA Software to quickly and confidently realize the value of SOA. SOA Software’s platform-independent Integrated SOA Governance and Mainframe SOA products process over 2.5 billion mission critical transactions per month, ensuring the relevance, security, reliability, and performance of services and applications. For more information, please visit http://www.soa.com.

Compuware

Founded in 1973, Compuware is one of the world’s largest independent service/software companies, with annual revenue exceeding $1 billion. We have more than 23,000 customers in 93 countries, and serve the world’s largest IT organizations—including 95 percent of the Fortune 100. We offer a powerful set of integrated enterprise IT solutions to accelerate the development, improve the quality and enhance the performance of business-driving applications. With offices in 60+ locations worldwide, Compuware is a global industry leader in providing business value through software and professional services that optimize productivity and reduce costs throughout the IT life cycle.

http://www.compuware.ca/en/solutions/soa/offering.htm

SOA Software Selected by AlwaysOn as Top Private Company For The Third Consecutive Year

Los Angeles, Calif., July 21st, 2008—SOA Software, a leading Integrated SOA Governance Automation vendor today announced that for the third straight year, it has been chosen by AlwaysOn as one of the prestigious AO Global 250 Winners. Inclusion in the AO Global 250 signifies major developments in the creation of new business opportunities in the global technology industries. SOA Software was specially selected by the AlwaysOn editorial team and other industry experts spanning the globe, based on a set of five criteria: innovation, market potential, commercialization, stakeholder value, and media buzz.

SOA Software and the AlwaysOn Global 250 Top Private Companies will be honored at the AlwaysOn & STVP Summit at Stanford scheduled to occur on July 22-24, 2008 at Stanford University. This two-and-a-half day executive event highlights the significant economic, political and commercial trends disrupting the global technology industries and features the most innovative companies, eminent technologists, influential investors and journalists in keynote presentations, panel debates and private company CEO showcases. Fifty of the top CEOs from the AO Global 250 will present their market strategies to a panel of industry experts in a “CEO Showcase.” SOA Software will be presenting on July 23, 2008.

“The AO Global 250 winners have excelled in key strategic areas in the global technology markets,” said Tony Perkins, founder and CEO of AlwaysOn. “We congratulate them for their success in introducing new tools, services, and platforms that are driving the next phase of innovation and creating real value at an economically uncertain time.”

The AO Global 250 was selected from over hundreds of companies, nominated by a panel of industry experts in the online technology, media, entertainment, enterprise and greentech sectors from around the world. A full list of all the AO Global 250 winners can be found on the AlwaysOn Web site at http://alwayson.goingon.com/permalink/post/27959

With the Always On recognition at the upcoming Summit, SOA Software joins a prestigious group of organizations and individuals who provide successful cutting edge products and services in the technology industry. Since 2002, SOA Software has provided its customers with products to accelerate their adoption of SOA. The company’s products provide a comprehensive Integrated SOA Governance Automation solution. They offer lifecycle governance, security, management and mediation of SOA, ensuring the security, reliability, performance and ease of development of service-oriented business applications. The company provides the industry’s fastest and most scalable solution for platform-independent Integrated SOA Governance Automation.

“SOA Software is particularly proud to be recognized by AlwaysOn for three years in a row,” said Paul Gigg, President and CEO of SOA Software. “This recognition serves as a testament to our success in the marketplace. We will continue doing what we do well- being an SOA industry thought leader and providing the very best Integrated SOA Governance products and services that help companies maximize their SOA investments”

About SOA Software

SOA Software’s industry-leading Integrated SOA Governance Automation products provide accountability and control over enterprise SOA programs. The world’s leading organizations including Merrill Lynch, Verizon, and Pfizer rely on SOA Software’s collaborative lifecycle solutions to build the right services the right way, and to protect their investments by ensuring the performance, availability and security of services on all their distributed and mainframe platforms. For more information, please visit http://www.soa.com.

About AlwaysOn

AlwaysOn ignited the open-media revolution in early 2003 by being the first media brand to launch a community blog network. In 2004, AlwaysOn continued to lead the industry in innovation by engaging its bloggers in a social network. AlwaysOn is also revolutionizing the media business by applying its open-media principles to its executive event series (Stanford Summit, OnHollywood, OnMedia, GoingGreen, NordicGreen, and Venture Summit East and West) and quarterly print “blogozine”. No other media brand has dared to create such open interaction with its readers and event participants.

Pricing

Pricing available upon request. Please contact a sales representative at .

SOA Software is licensed per user and per CPU, based upon the modules required. Enterprise site pricing is available for larger customers.

Always On Global 250 Award Winner 2008

SOA Software is proud to announce a third consecutive year winning an Always On Award
web site

Enterprise SOA and the Mainframe Solutions

Jump to:

What is Mainframe SOA?
Essential Components of Mainframe SOA
SOLA - the only Mainframe SOA Solution
Build Your Own
SOLA - Fully Assembled, Governance Built In
Enterprise SOA is more than just a jigsaw puzzle
Why can “free” be expensive?
SOLA Cost Savings
SOLA Performance - CPU time is money
SOLA Stability
SOLA Features and Advantages
SOLA Development Environment
SOLA Deployment Container
Future Releases
SOLA Governance

What is Mainframe SOA?

The terms Web Services and SOA are often used interchangeably, but the reality is that they’re quite different. Let’s begin by describing what SOA isn’t, and we’ll leave that to Joe McKendrick and Dave Linthicum:

An effective, functioning service-oriented architecture requires governance, and the ability to share services across multiple business units and enterprises. It’s easy to build Web services. You could build 10 of them in an afternoon. But, then you end up with a JBOWS architecture (Just a Bunch of Web Services), which will grow into a different sort of SOA; a Spaghetti-Oriented Architecture.
Joe McKendrick, analyst and editor with Webservices.org
SOA is a true systemic change in the way you approach enterprise architecture. That’s where the value is, and not just Web service-enabling your systems, or purchasing and implementing products with the “SOA hype label” bound to them.
Dave Linthicum, well known author, professor and writer

So what is Mainframe SOA, and how can you achieve it? The answer is surprisingly simple; Service Oriented Architecture is an architectural methodology for the loose coupling and management of services. The emphasis in SOA is on the “A”. SOA uses loosely coupled, interoperable and composeable services. These services have well-defined interfaces as well as QoS attributes (or policies) on how these interfaces can be used by Service Consumers.

SOA is concerned with manageability, reliability, security and change management. Collectively these terms are known as “Governance”. In order to bring SOA to a mainframe environment, companies must apply Governance to any implementation of Web Services.

Essential Components of Mainframe SOA:

It’s essential that your SOA solution considers the following categories. Failure to do so can lead to an ungoverned mess, or “Just a Bunch Of Web Services”

SOAP & XML Capability: SOAP and XML capability (commonly called “web services”) is the foundation of SOA. Many vendors only offer mainframe web services, ignoring the other components of SOA.

Security: security is essential when integrating mainframe applications, especially those dealing with sensitive data. The only viable solution to Web Services security is to use WS-Security, which is the widely accepted standard for securing services.

Policy Management: policy management is the heart of SOA governance. A policy can define how a service can be used, who can use it, what security is required and much, much more. Policy management based on WS-Policy standards is essential.

Registry: the Holy Grail of SOA is reuse. The key to reuse is discovery of services. This is accomplished by publishing services in a Registry. A registry provides for reuse and discovery and is an essential ingredient in SOA governance.

Monitoring, Logging & Audit Controls: effective Governance requires measurement, for without measurement you will be unable to judge whether your services are meeting service level agreements. Monitoring, logging and audit capability are essential building blocks of Governance.

Development Tools: it is impossible to develop services without the use of a comprehensive development tool. The tool needs to be powerful and it must allow management of your SOA. It must be easy to use; there shouldn’t be a steep learning curve requiring extensive training. Finally, it should not consume enormous resources on a developer’s work station (ideally it should be “thin client”).

Support for Architectural Standards: a viable SOA must be adaptable to a wide range of architectural standards, particularly yours. Features such as flexible web service development (bottom-up, top-down or meet-in-the middle), configurable dictionary, customizable access and environments, etc. are all hallmarks of an adaptable SOA. The bottom line is that your solution should fit the way you do things, not the other way around.

Change and Release Management: an often overlooked aspect of service development is the “service lifecycle”. Integrated change and release management is essential to allow you to effectively manage change in your environment. Ideally your SOA solution should integrate into your existing change management procedures, and should provide you with impact analysis when a service is changed.

Workflow Management: orchestration is perhaps the most misunderstood aspect of service development. Some people consider that a 3270 business transaction, because it involves a conversation, requires a proprietary orchestration tool to make it work. In fact, a better approach is to use a tool that is smart enough to understand a “business use case”, and to publish that as an atomic service, without the need for proprietary orchestration to “glue together” the screen transitions. It is services themselves that need to be orchestrated, and that orchestration should be performed using industry standard techniques. The only acceptable technique for orchestration is to compose services using “Business Process Execution Language (BPEL).

SOLA - the only Mainframe SOA Solution

More than ten years after the predicted demise of the mainframe, the platform is anything but dead. The bulk of the Fortune 1000 still run the majority of their critical systems on the mainframe, and these companies do so because the mainframe is reliable, scalable and efficient – the average mainframe application offers considerably lower TCO than an equivalent distributed application, and does so at lower risk.

The challenge facing corporate IT departments today is how to leverage exiting investments in mainframe systems and applications by allowing them to be active participants in enterprise wide SOA. Most importantly, the mainframe must participate in SOA without compromising its advantages in performance, reliability or cost effectiveness. To truly leverage the mainframe, it must become a first class participant in an enterprise SOA.

SOLA is the market’s most complete mainframe SOA solution. SOLA is the fastest, most reliable, most efficient and most economical mainframe SOA enablement platform. It is the only mainframe SOA product that’s used in high volume (10,000,000+ transactions per day) mission critical applications by some of the best known firms on the Fortune 500.

Build Your Own

There are several vendors in the space that offer mainframe web services coupled with one or more components of mainframe SOA. IBM’s CICS TS v3.x also provides SOAP and XML capability upon which a solution can be built.

Regardless of which option you chose, if you do not buy a complete SOA solution, you will be faced with the daunting task of integrating several components to create a viable mainframe SOA. As mainframe SOA is relatively new, not every category has a matching product.

SOLA - Fully Assembled, Governance Built In

SOLA is the only product in the space that offers a complete mainframe SOA solution out of the box. SOLA provides proven, quick, efficient and cost effective application integration by publishing legacy applications as Web Services and providing every single component of a viable mainframe SOA.

SOLA is the only enterprise class mainframe SOA solution.
SOLA offers end-to-end governance and unlimited scalability.
SOLA runs the world’s largest mainframe SOA implementations.
SOLA offers integrated monitoring, logging, auditing, WS-Security and WS-Policy on the mainframe
SOLA implements the entire SOAP stack on the mainframe, inheriting the mainframe platform’s legendary speed, reliability, scalability and manageability.
SOLA offers a complete SOA solution; there is no need to integrate multiple products when building an enterprise-class SOA .
SOLA is the only mainframe SOA product to offer closed-loop Governance automation.
SOLA is the only secure, standards-based, and governable product in the space.

Enterprise SOA is more than just a jigsaw puzzle

As important as the essential components of enterprise SOA are, they are a single dimension of a more complex issue. SOLA was designed from the ground up to address the entire spectrum of mainframe SOA issues.

Solid Foundation: building a successful mainframe SOA must start with a solid foundation. The 9 essential components of enterprise SOA make for a good beginning, but SOLA goes far beyond.

Human Assets: what good is leveraging technology assets if you ignore human assets? SOLA tasks the right people with the right jobs.

Mainframe developers expose mainframe applications as services
Distributed developers incorporate services into composite applications
Training, development and support costs can far exceed the cost of the solution itself

Scalability and Adaptability: a good solution should be flexible; it should be able to adapt to just about anyone’s enterprise standards, no matter how strict, and allow for unhindered growth. SOLA is standards-based and built for the enterprise. As its run time is entirely mainframe based, it inherits the mainframe’s legendary scalability and fault tolerance.

Streamlined Infrastructure: you shouldn’t have to integrate your integration. A streamlined and efficient infrastructure reduces complexity and increases reliability. It can also help lower costs due to standardization and simplified support. SOLA was designed for optimum efficiency, from its mainframe run time to its batch support and ultra efficient parser, SOLA eliminates the “plumbing” that can handicap other solutions. It is also this efficiency that helps make SOLA the fastest and most cost effective product in the space.

Development: the development tool is the interface between the tool and the people that get the job done. SOLA’s development environment is as easy to use as it is powerful. Web services can be created in minutes with no programming or training required. The development environment runs in a browser and features powerful web 2.0 capabilities such as drag and drop, tab based workspaces and dynamic indexed searches. Because it is browser based, there is no workstation software to install and older workstations can be leveraged (attention to human assets and cost effectiveness at work).

Governance: industry experts believe that governance is the single most important issue facing the fledgling SOA community. From diagnosing production outages to managing changes and meeting SLAs, governance is a non negotiable requirement in a viable SOA. A solution has to either be governable by a third party tool or incorporate strong governance capabilities. SOLA does both. With WS-Security, WS-Policy, integrated monitoring, logging and auditing, and many more built in governance features, SOLA provides a comprehensive collection of governance and lifecycle management capabilities. SOLA is also fully governable; its standards based design lends itself to simple and cost effective integration with third party governance solutions.

SOLA can function as a stand-alone solution for mainframe SOA and can be governed by SOA Software’s Integrated SOA Governance Automation Solutions, Workbench and Service Manager, acting as a Certified Governed Service Platform. Certified Governed Service Platform status means that customers can be confident that their platforms won’t compromise the fidelity of the governance systems and structures defined in an enterprise SOA program. The certification process ensures that Governed Service Platforms can implement and enforce governance policies providing reporting data to enable a closed-loop audit process. The Governed Service Platform status ensures that SOLA can be consistently governed along with other enterprise service platforms.

Why can “free” be expensive?

There are other tools available to help you develop your own Mainframe SOA solution. IBM’s CICS TS v3.x provides the foundation (SOAP and XML capability) for mainframe SOA built into CICS. It is very tempting to believe that you can avoid purchasing a product and work with this “free” capability to create your own mainframe SOA.

Free can be the most expensive option:

Extended development times
Higher CPU costs
Third party solutions for monitoring and metrics
Security vulnerabilities due to complexity
Production outages due to complexity
Lower operational efficiency due to complexity
Training costs from not leveraging human assets
Hardware costs for middle-tier servers and upgrading workstations

SOLA Cost Savings

SOLA is not only cost effective, it pays for itself in short order:

Constant and ongoing savings due to low MIPS overhead
Reliable – minimizes support costs
No need to rewrite legacy apps or to write wrapper programs
No need to upgrade developer workstations
No need for cross platform skill training
Fully scalabale – no need for major overhauls to increase capacity

SOLA is proving its worth in production every day in one of the most demanding industries in the world – the financial services industry. At one customer over 200 legacy applications expose hundreds of Web Services using SOLA. Clients estimate that SOLA saved each application $0.5 to $2 million through cost avoidance and direct savings.

“We had estimated about $800K using traditional technology to build a system. But by embracing SOLA we did the project for $30K.”
John McKinley, former CTO, Merrill Lynch
“SOLA gives us a competitive advantage by allowing us to bring products to market quicker than our competitors.”
Andy Brown, former Chief Technology Architect, Merrill Lynch

SOLA Performance – CPU time is money

SOLA includes a compliant non-validating parser (the SOLA DOM parser). Extensive performance tests were conducted to estimate the impact of parsing XML on a mainframe. The results were as follows:

The SOLA assembler parser takes around 0.0001 CPU seconds to parse 1,000 bytes.
Parsing 1,000 bytes (a typical input XML message size) adds less than 1% to most transactions.
At a typical chargeback rate of $0.20 per CPU second, parsing 1,000 bytes would cost $0.000020. That amounts to a minuscule $20 to parse 1 million transactions.
SOLA is built for high performance and high transaction volume. Several customers report running up to 10 million transactions per day through SOLA.

To test the difference in performance between SOLA and CICS TS 3.2, we wrote a COBOL program containing various data types. The goal of the program was to generate a large XML response to put both products through their paces. When we attempted to import the program using CICS Web services assistant, the import failed because the program contained many unsupported data types. SOLA imported the same program without any issues.

To make the comparison fair, we altered the program to remove the data types that IBM couldn’t handle, then imported the modified program using both Web services assistant and SOLA. This program was similar to the original, but lacked some functionality because of IBM’s limitations.

We ran the program1000 times in both environments:

IBM: 46.1 seconds for 1000 web service invocations, or 0.046 CPU seconds per call.

SOLA: 7.5 seconds for 1000 web service invocations, or 0.007 CPU seconds per call.

RESULT: SOLA was approximately 615% faster than CICS TS v3.2.

SOLA Stability

Millions of transactions have been processed through SOLA during extensive stability tests. No failures were experienced. SOLA has been in production for five years – no production failures have been experienced. To date, billions of transactions have been processed by SOLA.

SOLA Features and Advantages

SOLA has several significant advantages over competitive products. Taken together these features provide lower cost and greater productivity.

SOLA Features

Leverage Human Assets
All competitive products create services from existing mainframe programs, but only SOLA leverages human assets. With SOLA the mainframe programmer – the person who knows the program the best – creates the services. Competitive approaches expect the distributed programmer – the person who knows the program the least (if at all) to create services.
Global Dictionary
One of SOLA’s many features is an integrated global dictionary that allows for the automatic translation of COBOL field names without affecting the source program. The SOLA dictionary centralizes translation services, therefore minimizing duplication of effort for developers.
Security based on WS-Security and WS-Policy
SOLA security is based on WS-Security and WS-Policy standards and implemented on the mainframe. By implementing WS standards on the mainframe, SOLA provides efficient and flexible security, obviating the need for a middle tier security agent.
Batch Capability
SOLA provides a number of significant features that are available to the z/OS batch programmer. Firstly, the SOLA DOM parser and API provide the batch programmer with methods to easily and inexpensively consume and create XML documents. Secondly, the SOLA outbound support is also available to the batch programmer, making it simple for a batch program to consume an outbound web service.
Browser based Web 2.0 development environment
With SOLA there’s no workstation software to install – the entire SOLA development toolset runs in a browser. This is a huge advantage – in our experience the majority of developers don’t have workstations that are powerful enough to run the “previous generation” development toolsets provided by competitors.

Support for Architectural Standards
Using the combination of the SOLA dictionary, WSDL-first development and powerful WSDL customization features, SOLA can publish web services that comply with any and all possible architectural standards.
WSDL-First Development
A lot of mainframe shops that are adopting SOA develop WSDL that complies with their architecture standards before creating web services. SOLA allows developers to create services that comply with an existing WSDL as well as create services from scratch that generate their own definitions. The SOLA dictionary can be leveraged to make this process faster and easier.
UDDI Directory
All services created by SOLA are automatically published to an external UDDI 3.0 registry, which ensures that services exposed by SOLA are visible and useable within the enterprise.
Standards Based
SOLA is a standards based solution, allowing interoperability across platforms, operating systems and programming languages. Being standards based also allows SOLA to expand and evolve without cumbersome enterprise-wide revisions, giving it unparalleled reusability and growth potential.
Customization APIs
SOLA provides customization APIs that allow customers to add capabilities beyond the product’s existing feature set. These APIs allow the user access to SOLA processing at various points in the SOAP stack so that processing can be manipulated by user specific application code. These APIs also support custom security exits. Custom APIs can be defined at the installation level or at the individual method level.
Orchestration
SOLA provides orchestration using BPEL (Business Process Execution Language for Web Services). BPEL is an XML based standard for designing, defining, implementing, and deploying composite web services, including business logic, sequencing, exception handling and process decomposition. BPEL is supported by the SOLA run-time engine.
Dashboard
The SOLA dashboard allows you to keep an eye on your web services, regions and more with a graphic user interface that provides at-a-glance status information, as well as access to SOLA’s monitoring, audit and error logs.
XACML Authorization
SOLA allows you to create your own authorization protocols to suit the way your organization functions rather than forcing you to adapt to a rigidly defined authorization structure.

SOLA Advantages

Publishes legacy applications as Web Services, allowing them to easily integrate with .Net, J2EE or any other development environment.
Can create web services from Commarea programs, 3270 transactions, stored procedures, Adhoc SQL and Callable APIs.
Inbound and outbound web services support (the mainframe can act as a web services server or a web services client)
Proven and Enterprise ready
Requires no middle tier hardware or software, runtime runs entirely on the mainframe for improved performance and increased reliability.
WC3-compliant Assembler XML parser for superior performance and low parsing costs.
Easy to use and deploy – “one click” creation of web-services.
Single sign-on using LDAP or SAML 2.0
Outbound services support for SSL/TLS and proxy
Supports both http and MQ transport layers
Eliminates the need for cross platform skills training (no Java or Visual Basic skills are required to publish Web Services from legacy applications using SOLA)
Includes comprehensive monitoring and error logging for easy problem diagnosis and resolution
Integrated testing and debugging tools
CICS 3.x Integration – If required, SOLA can be integrated directly into the CICS 3.x pipeline.

Furthermore, no coding is required to publish Web Services with SOLA. It is simple and easy to use with a minimal learning curve. An integrated test harness allows the developer to test and validate their Web Services with just a few mouse clicks. Finally, SOLA is proven in extensive mission critical production systems today.

SOLA is already helping to achieve the pinnacle of application integration - reuse. Business functions previously isolated in legacy applications are now open for reuse by other applications in new and innovative ways.

Other solutions require extensive middleware (hardware and software). Although the initial cost of these solutions appears economical the ongoing support and management is cost prohibitive.

SOLA Development Environment

The SOLA Development Environment uses a J2EE compliant server and requires no workstation software to be implemented. The full features of the development environment are accessible through a browser.

SOLA COMMAREA Analyzer
The SOLA COMMAREA Analyzer is used to analyze programs that expose a communications area interface. The analyzer reads a program’s compile listing, parses the COMMAREA and determines how the fields within the COMMAREA are used. It then produces a WSDL file documenting the interface, a test harness and a run-time metadata template. The template can be moved to production using standard change management procedures. The program will be automatically documented in the SOLA directory.

SOLA 3270 Analyzer
The SOLA 3270 Analyzer implements an interactive graphical interface. Using this tool, developers execute the application by going through the application’s screens/maps. SOLA automatically records the interactions and aggregates them into a single web service (e.g. a multi-screen update transaction will be published as a single web service). It then produces a WSDL file documenting the interface, a test harness and a run-time metadata template. The template can be moved to production using standard change management procedures. The aggregated transaction is automatically documented in the SOLA directory.

SOLA Outbound Analyzer
The SOLA Outbound Analyzer allows developers to import the WSDL representing an external web service and then analyze the operations of that service to create callable methods. The analysis automatically creates COBOL or PL/I copybooks that represent the interface to the operations. This approach allows programmers to execute an external Web Service with a simple “CICS Link” command.

The SOLA UDDI Directory
The SOLA UDDI Directory is maintained in DB2. All Web Services created by SOLA are fully documented in the SOLA Directory and are organized by project. Since it is a UDDI directory, it is searchable in a variety of ways.

The SOLA Testing Facilities
SOLA automatically creates a test harness for every Web Service created. This is an extremely helpful tool for the Web Service creator (usually a COBOL programmer), as it allows for the testing of new Web Services before deployment.

SOLA Deployment Container

MRO
SOLA can run using standard CICS multiple region operation (MRO). The http/MQ listener runs in a listening region, dispatching the host application programs in application owning regions. SOLA handles the communication of data between the listening and application regions. Although CICS has a limit of 32K that can be passed between the listener and application regions, SOLA can accept requests and deliver responses that exceed this limit.

Error Logging
SOLA provides full error logging. Error logging reports are available through a Web reporting tool and are also provided as a Web Service.

Monitoring
SOLA monitors every transaction that it handles. Monitor reports are available through a Web reporting tool and are also provided as a Web Service.

Auditing
SOLA provides an optional auditing facility, which records both input and output SOAP messages for audited transactions. The facility is extremely useful for problem diagnosis. Auditing is controlled using WS-Policy.

Security
SOLA has the most powerful and most versatile security in the industry, using Symmetric and Asymmetric encryption (WS Security, & SAML 2.0 etc.) and by providing mapping between various identities to the mainframe security paradigm (for example, mapping from SAML 2.0, X509, AD/LDAP to mainframe RACF/ACF2/TOP-Secret). Furthermore, the user’s authorization choices range from most basic available on the mainframe such as RACF to XACML PDP residing on or off of the mainframe.

Transport Mechanism
SOLA offers http/s and MQ as transports.

Outbound SOAP requests
SOLA provides the ability for the programmer to issue an outbound SOAP request to an external system. That SOAP request is transported by http, https (SSL) or MQ to the external system. The requesting program can be running either in CICS or batch.

Configuration
SOLA takes advantage of the full scalability and fail-over features of parallel sysplex. SOLA introduces no affinities, allowing the workload manager to run transactions on any system in the sysplex.

Future Releases

Additional standards, such as WSDM and WS-Addressing are planned for future releases.

SOLA Governance

SOLA is the only mainframe SOA product to offer closed-loop Governance automation. A service is automatically governed from the point of creation because it inherits a security policy. Policy, by means of WS-PolicyAttachment, is associated with the service though all phases of the Software Development Lifecycle. It is not possible to create or run an ungoverned service.

On top of this, SOLA’s built in monitoring, logging and auditing capabilities, as well as its standards based architecture combine to make SOLA fully governable by external governance products like SOA’s Workbench.

Webinar - SOA GOV CON - Keys to Business-Critical: SOA Governance

Recorded July 17th, 2008, 12 Noon EST
The Top SOA Governance vendors have agreed to answer the 5 Tough Questions:

Does SOA Governance help me with both IT and business assets?
How Can SOA Governance help me comply and define SLAs for business, policy?
Compare SOA Lifecycle with Software Development Lifecycle. What’s the same? What’s different?
How do I test updates to existing live SOA services?
What are the Best Practices for designing & managing long-running transactions?

Attend & Learn:

SOA Roadmaps for quick, demonstratable ROI
Design, Test, and Deploy SOA for powerful results
Streamlined Policy Enforcement
Time-Saving SOA Troubleshooting
The SOA 3 Month / 3 Year Rule
Managing Your SOA
Critical Rainy Day Strategies

Learn more and register for this event

Washington Mutual

Web site

SOA Software Update - June 2008

Software Architect

Deliver world-class top-notch architecture and design for the SOA infrastructure product modules.

Job Specifications:

Deliver world-class top-notch quality architecture and design for the product.
Documenting the architecture and high-level design developed for product.
Participate in implementation aspects of core of the Service Manager modules being developed in India branch.
Mentor the remaining engineering team in India in delivering the quality work.
Explain the architecture and design and rational behind the architecture/design to the remaining engineering team so they can do quality implementation of the design.
Participate and perform the code reviews of the work done.
Work closely with US architecture and design team in understanding how the whole of the product works and architecture followed in whole of the product.

Job Requirements:

Must have experience of architecting and designing either completely and parts of 2 to 3 large enterprise products.
Must have experience mentoring the technical team.
Must have extensive (6-9 years of) experience in the area of J2SE (JDBC, Java Threads), J2EE (JMS, JNDI) and XML (JAXP, DOM, SAX, XMLSchema, XPath, XSLT, SOAP, UDDI, WSDL) technologies.
Must have experience in architecting/designing products involving Oracle and SQL Server database.
Must be able to design the efficient database schemas. Must be able to write efficient database queries using JDBC.
Must have experience in the area of Java Security and XML security.
Must have experience of designing product with distributed components (especially, Web Services)
Must have developed/deployed some Web Services.
Must be savvy with respect to specifications in the area of Web Services and XML
Must have experience in using Configuration management tools, including version management software. Knowledge of SVN is a big plus.
Must have experience (2-3 projects) of documenting technical architecture and high-level design of the work performed. Must have experience in using modeling tools like Rational, etc…
Must possess excellent verbal and written communication skills.
Must have desire to excel, flexibility to work hard and skills and know-how to motivate the team to achieve excellence.

Engineering Manager

Be part of the Engineering division of an Indian subsidiary of a US-based successful company developing state-of the art products in the area of SOA infrastructure.

Job Specifications:

Manage the Engineering division of SOA Software, India office.
Decision maker of the equipment to be procured for engineering needs with the help of members of the team.
Responsible for reviews of the members of engineering department.
Responsible for day-to-day management of engineering department with the help of Project Manager.
Responsible for processes to be followed in the engineering department.
Responsible for all deliveries from India office with respect to development and maintenance aspects of the product.
Work with QA management and product management to form a release management team.

Job Requirements:

Must have experience in engineering management role of an enterprise product.
Must have technical understanding of the enterprise products architecture.
Must have the experience of various tools used in development of enterprise products with distributed architecture.
Must have experience in managing engineering teams of at least 15-20 in size.
Must have good documentation skills to document the processes to be followed in the engineering department.
Must be willing to and able to be hands-on when needed on the product development and maintenance.
Must have desire to excel, flexibility to work hard to achieve excellence.
Must have experience in working with distributed team structure.
Must possess excellent verbal and written communication skills.

Project Manager

Be part of the Engineering division of an Indian subsidiary of a US-based successful company developing state-of the art products in the area of SOA infrastructure.

Job Specifications:

Responsible for management of various deliverables from India office.
Work with leads in development team to find the task list and to estimate for each task to prepare the project plan.
Track the status on regular basis.
Manage the risks for deliverables and take the mitigation steps necessary.
Responsible for achieving the deliveries within the acceptable quality and timelines with the help of development team members.
Report status on regular basis to Engineering Manager and to US team.

Job Requirements:

Must have experience in project management of the software product development team.
Must have managed deliveries involving teams of size 15 to 20 people.
Must have technical understand of the J2EE enterprise products with distributed architecture.
Experience in XML, web services and SOA architecture is a big plus.
Experience in Indian subsidiary of US a company is a big plus.
Must have interacted with oversees clients (Clients in US is a big plus) for deliveries.
Must be an expert in Project management concepts. PMP certification is a plus.
Must be an expert in using Microsoft Project to track the project plans.
Must have the ability to manage concurrent small projects with overlapping resources.
Must have desire to excel, flexibility to work hard to achieve excellence.
Must have experience in working with distributed team structure.
Must possess excellent verbal and written communication skills.

Consumer Contract Provisioning

The idea of a consumer contract for SOA closely models the idea of a business contract. It defines the terms of a relationship between a consumer, or group of consumers, and a service, or set of services. These terms should include:

The policies the consumer(s) agree to comply with
The access rights the service(s) will provide the consumer(s)
The service levels the provider commits to delivering to the consumer(s)
Any mediation the provider(s) and consumer(s) agree to and require

The SOA Governance solution has two important roles to play in the contract process:

Contract negotiation – the Governance solution should provide a workflow model allowing potential consumers to interact with service providers to request and negotiate access to, and specific service levels for, a service or set of services.
Contract enforcement – the Governance solution should enforce the contract at run-time. It should seamlessly ensure that the provider meets agreed upon service levels, that any required mediations are delivered, that the consumer(s) are complying with required policies and that the access rights and times are enforced and complied with.

SOA Software’s Policy Manager provides a flexible contract negotiation workflow process that allows a potential consumer to request access to a service and negotiate SLAs, policies, and access rights.

Service Manager enforces contracts to ensure that consumers without a contract cannot access a service, and monitor, manage, and report on contract terms, including SLAs, for each consumer.

For more information about SOA Software’s market-leading products, click here.

Compliance Validation

One of the important roles of a governance automation solution is determining an asset’s compliance with defined enterprise policies. For example, an organization might require that a service have a design document, a description, be properly categorized, and have a defined business case before it can be promoted from the design stage to the development stage of the lifecycle. The SOA lifecycle governance automation system provides an easy way to define and manage compliance policies and associate these policies with lifecycle stages, categories, and other taxonomy or folksonomy structures and types.

SOA Software’s Policy Manager provides a powerful compliance policy definition, management, and validation framework. It defines policies as sets of rules, with individual rules capable of processing a static service context in the repository, or dynamically captures message data from Service Manager. Rules are written in XQuery, Java Script, or as Java Classes. Policy Manager provides a set of policies out of the box, including WS-I Basic Profile validation, and publishes the policy language, context, and APIs to partners. Our partners have created a library of “policy packs” for various compliance definition policy sets.

For more information about SOA Software’s market-leading products, click here.

Governance Automation

Enterprise architecture approvals processes for application development typically involve periodic architecture review board meetings that review proposals and designs to make decisions about whether or not to fund particular projects. In many cases these architecture review board meetings happen every 4 to 8 weeks, which is fine for large application development projects, but doesn’t scale to meet the needs of service development processes. Imagine the development process for a service which can take as little as a few days or even hours, being held up for 4-8 weeks at each stage of its lifecycle, because it needed approval at an architecture review board before proceeding. Similarly, imagine an architecture review board reviewing designs and business proposals for hundreds of services rather than the 2 or 3 applications they are used to managing. Clearly the current processes are not agile enough, and do not scale well enough, but you can’t simply remove these processes.

This is where Integrated SOA Governance Automation (ISGA) solutions come in. By implementing the existing governance processes through simple, role-based workflow solutions with integrated policy compliance validation checks, ISGA solutions allow companies to maintain their current levels of control without introducing roadblocks, or causing current processes to stall.

SOA Software’s Repository Manager and Policy Manager products combine to provide a comprehensive Integrated SOA Governance Automation solution. The solution provides:

Asset lifecycle management processes
Consumer contract provisioning processes
Approvals workflow processes
Continuous compliance and validation

For more information about SOA Software’s market-leading products, click here.

Service Lifecycle Management

Services, like all other development assets and applications have their own lifecycle and as such need to be managed through their lifecycle state transitions. A Service lifecycle generally models a typical SDLC with stages including design, development, test, QA, production, and deprecation. Many organizations will add versioning into the process between production and deprecation, although in reality each new version of a service will have its own lifecycle.

An SOA Governance product must be able to manage the lifecycle stage of a service and should provide a workflow-based process for migrating services between stages. Often this process will closely mirror the original publication process described above. It will include a set of policies that define criteria a service must meet before it can be migrated. It will also in many cases include manual approval steps.

The lifecycle stage of a service should be used to determine who can discover the service in the registry and who can access the service at run-time. It should also define which policy set is used to determine the run-time capabilities and requirements for accessing the service.

In the context of lifecycle management, the act of publishing a service to a registry so that it can be found by a broad audience of interested parties may seem like a simple enough task. In fact, this is one of the most basic, and yet most important functions of an SOA Governance solution.

The essence of governance can be easily captured in the phrase “encouraging desired behavior.” This simple concept provides a backdrop to help understand what a governance solution should be focusing on, and the capabilities it should provide. Essentially it is not enough to merely provide a stick with which to beat developers and architects, we must also provide a carrot to encourage people to participate in governance processes.

With this in mind, we need to think about what is the desired behavior for the participants in an SOA. For many organizations, one of the most important aspects of SOA Governance is the process of ensuring that the services that are published are appropriate. “Appropriate” in this context is another word a little like “desired.” It can mean many things, but the reality is that an “appropriate” service is a service that meets a set of criteria defined by the enterprise, often including the following:

Is not a duplicate of, or similar to an existing service
Meets design criteria for transport, operation type, schema, etc
Is at an appropriate level of business functionality granularity (e.g. a ‘top-down’ design rather than ‘bottoms-up’)
Is of broad interest and therefore likely to be reused
Complies with appropriate industry standards and recommendation (e.g. WS-I basic profile)

Some of these criteria can be readily automated like WS-I basic profile compliance, others will likely require manual steps. To this end, before a service can be published it should pass through a workflow process that will verify the automatable criteria before requiring a manual approval step. A well designed SOA Governance solution will manage this workflow as a series of customizable, automatable defined process steps and will allow developers and approvers to see services at appropriate phases of this process.

SOA Software’s Repository Manager and Policy Manager products combine to provide a comprehensive SOA Lifecycle Management solution. They share a common state-machine, and common meta-model providing seamless SOA asset lifecycle management capabilities.

For more information about SOA Software’s market-leading products, click here.

Architecture and Compliance

As enterprises move towards SOA, their enterprise architecture teams take on an increasingly important role. Integrated SOA Governance Automation solutions provide architecture teams with the ability to ensure the efficient execution of their SOA programs.

Service Lifecycle Management
Governance Automation
Compliance Validation
Consumer Contract Provisioning

For more information about SOA Software’s market-leading products, click here.

Simple Service Consumption

As the complexity of service interfaces grows to add security, reliability, and other capabilities needed for business quality services, so does the difficulty of consuming the services. Studies of the cost of building services and consumers in Fortune 500 companies shows that it can cost up to $50k to add security, reliability and monitoring capabilities to a single service, and up to $40 to add the security and reliability capabilities required to consume the service to a consuming application. As service reuse becomes more prevalent, the cost of building consumers can quickly become prohibitive.

This is why SOA Software provides its Delegate to ensure simple service consumption. Using the Delegate, consumer developers can focus on implementing the business logic of their application leaving the complexity of complying with enterprise security policies, reliability models, versioning, transport, and other implementation details to the delegate.

SOA Software’s Delegate is available in many forms, ranging from Java and C# SDKs, through plug-ins for common IDEs and handler sets for common containers. It is part of the design tools for many business process management solutions, allowing the process designer to drag and drop an “SOA service” into their process fully abstracting the process engine from the physical service implementation.

The Delegate abstracts the developer from the complexities of business quality service consumption including:

Authentication – full support for Basic Auth, SAML, X.509, Kerberos, XML-Signature, HTTPS, and all other common tokens
Privacy – full support for XML-Encryption in both raw XML and WS-Security forms supporting both encryption and decryption
Non-repudiation – full support for raw XML and WS-Security compliance XML-Signature and signature verification
PKI – provides public and private key pair management, CRL checking, certificate management
Transport – supports http, https, and JMS bindings
Reliability model – supports WS-Reliability and WS-ReliableMessaging standards as well as native message queuing reliability models
Endpoint location – provides dynamic binding to service endpoint location, policy, standards, and reliability model

For more information about SOA Software’s market-leading products, click here.

Application and Transaction Management

SOA is used to build real-world business applications, delivering real business value and solving real business problems. Faults and performance problems in a Web service might not appear to be a huge problem, but they may lead to a failure to respond to a customer, a misplaced order, or a failure to invoice or collect on a service or product that has been delivered.

The distributed nature of service-oriented applications makes it difficult to identify and diagnose problems. For example, an unacceptable delay when a customer clicks a button on a commerce site might be caused by a connection timeout in an unrelated database that provides a logging function to a Web service that is indirectly invoked by another application called by the portal.

Application support and operations teams must be alerted to these issues and must be able to identify their root cause, debug, and fix them in near real-time. These teams are often measured against Mean-Time-To-Repair, so seeing problems before they occur, and quickly finding the cause is a critical goal.

SOA Software provides an industry leading Operational Governance solution for monitoring, transaction tracking, SLA management, Quality of Service, Event management, and root case analysis.

Monitoring – Last mile, first-mile and network monitoring of messages to collect real-time performance, usage, fault and message data for any service deployed on any platform. SOA Software’s Service Manager monitors services from the perspective of the consumer to ensure that consumer specific SLA’s and usage criteria are not polluted by traffic from other consumers.
Transaction tracking – Using standards like WS-Addressing, Service Manager can track the path of a transaction across multiple messages between different consumers, services, applications, and platforms. This allows customers to identify root cause for individual transactions as well as to build a map of a whole application and all the consumers and services it is made up of.
Service Level Agreement Management – Service Manager provides comprehensive SLA capabilities with the ability to manage and monitor SLAs for consumer contracts. This unique ability ensures accurate monitoring of services from the perspective of their different consumers – one application might make more complex and larger requests that take an average of 200ms to process, where the average response time for the whole service is only 50ms. In this case, it is essential that the application is monitored from the perspective of the consumer, in order to provide an accurate assessment of service level.
Dynamic Management – Service Manager implements a comprehensive dynamic management model that can automatically adjust the infrastructure to address exceptions and service-level issues. Using the monitoring and SLA management capabilities described above, Service Manager can identify potential problems and can reroute traffic, throttle low-priority requests, or even deploy new service instances to ensure continuous operation of service-oriented applications.

SOA Software’s products are used by Fortune 500 companies to ensure continuous operation of their service-oriented applications providing a state of the art application and transaction management solution.

SOA Software’s Service Manager provides a platform-independent, policy-driven SOA monitoring and management solution to ensure the performance and reliability of services throughout an SOA. It provides SLA management, real-time and historic reporting, alert and event management, transaction tracking, and dynamic management capabilities.

For more information about SOA Software’s market-leading products, click here.

Change Impact Mitigation

A core benefit of service-orientation is the ability to reuse existing assets across multiple applications as service consumers. This reduces the time to develop new applications, increasing agility and reducing cost, but it also increases the potential for change to one application (service provider) to cause many other applications (service consumers) to fail. Development governance change management and consumer contract provisioning solutions will help address this challenge, but in many cases changes will be required so the enterprise must ensure that services consumers are effectively abstracted and protected from these changes.

Virtualization – Service virtualization provides companies with the ability to create virtual services that offer a stable interface (location, transport, standards, policies, messages) even when the physical service changes. Virtualization offers high-availability and load-balancing, performance and SLA monitoring and management, routing, versioning, and mediation capabilities to mitigate the impact of change at the provider on service consumers.
Versioning – Services go through a development lifecycle just like any application, in fact services are often published by an application that has its own lifecycle. As a natural part of this lifecycle applications and services will be versioned, and will often go through significant changes as part of this process. If the only consumers of a service are part of the same application, and as such are versioned at the same time as the service itself, then there is no challenge, however this is not the case with services that are published for general reuse. If a service is used by multiple consumers there a several models available to protect the consumers from changes to the service as part of a versioning process. One model is simply to track all the service consumers through a consumer contract provisioning process and inform them of any upcoming changes. Another model is use a virtualization solution to maintain a virtual service that models the old interface using transformation as necessary to communicate with the new interface. The best practice is to combine these two approaches using the contract model to inform consumers of change and encourage them to adopt new interfaces, while using virtualization to mitigate the impact of changes.
Mediation – As the complexity of service interfaces grow to provide enhanced security and reliability capabilities, the set of consumers capable of consuming the services shrinks. Mediation solutions provide tolerance to ensure that the widest possible set of consumers can consume a service by making sure that the service is tolerant of different message types, policies, transport, and many other variables.

SOA Software’s products are used by Fortune 500 companies to ensure continuous operation of their service-oriented applications leveraging powerful change impact mitigation capabilities.

SOA Software’s Service Manager provides a platform-independent, policy-driven SOA virtualization and mediation solution to ensure that services can be confidently consumed by applications on any platform without risk of change causing outages.

SOA Software’s Policy Manager provides comprehensive consumer contract provisioning capabilities to track service consumers and notify them of versioning events.

One of Service Manager’s core strengths is its mediation capabilities. It offers a range of mediations including:

Multi-pattern mediation (agent, delegate, proxy, relay, gateway, router, switch, pipe & filter, Policy Enforcement Point)
Messaging mediation (programming model and synchronicity) - useful when consumers and providers use differing call models. Three types of MEP mediation are configurable; Sync-Async mediation (synchronous consumer wants to access asynchronous WS providers); Async-Sync mediation (asynchronous consumer wants to access synchronous WS providers); Aynch-Async mediation (asynchronous consumer wants to access asynchronous WS providers)
Reliability mediation – useful when unreliable consumers need to consume reliable services, or when reliable consumers need to consume unreliable services.
Standards mediation - useful when the consumers use and the providers expect differing WS standards. We handle this mismatch through design time configuration. Several types of syntactic standards mediation are supported: WS-Security, WS-Addressing, WS-Routing, and WS-Reliable Messaging.
Transport mediation - useful when consumers and providers use differing transport protocols. Common examples of this are SOAP/HTTP consumers who want to call non-soap message driven apps such as POX/JMS
Asynchronous delivery – required for synchronicity mediation
Guaranteed delivery – required for reliability mediation

Service Manager can mediate between a wide range of standards, message styles (SOAP, POX, etc), message exchange patterns (REST, SOAP, MOM, etc), transports (http, https, JMS), reliablity models (WS-RM, WS-RX, MOM, etc), security tokens (SAML, Kerberos, X.509, session cookies, etc). Mediation is enabled declaratively through the standalone intermediary based on impedances between inbound messages and the requirements, capabilities, and policies of the destination service.

For more information about SOA Software’s market-leading products, click here.

B2B Service Provisioning

One of the main drivers behind SOA has always been the vision of using Web services to facilitate communication between businesses, and even drive new business models. This is a valuable use for SOA and Web services, and it does present some interesting challenges.

Security – In the early days of Web services, the ability to communicate machine to machine over port 80 to avoid firewall configuration issues was a much touted advantage. The reality, of course, is that sending XML traffic over port 80 introduces a potentially significant security risk. The standards community has created numerous specifications to offset this risk, but with it has added considerable complexity that can take away much of the advantage offered by Web services. The real challenge is to find a way to ensure the security of services leveraging standards like WS-Security and SAML, without making services so difficult to consume that partners and customers choose to go elsewhere. Another obvious risk is that for services to consumable outside the enterprise firewall, they must be accessible through the DMZ. In most cases customers will not, and should not, deploy their application containers into the DMZ, so they need to find a virtualization model that allows them to deploy services in the DMZ that proxy their application services.

Consumer Contract Management – One way to address the challenge of providing easy access to secure services is through a consumer contract provisioning model. Consumer contract provisioning is the process of requesting or offering access to a service through a negotiated contract. For more information on consumer contract provisioning please see contracts.

Identity Federation – In order to grant individuals at partner companies rights to services and business processes within your enterprise, you need to know that these people are authorized by your partner to act on their behalf. One model is for you to maintain a directory of your partner’s employees, and ask you ensure that this directory is up-to-date, although this model is bound to fail. Identity Federation offers a better solution. Through Identity Federation users within partner and customer organizations can authenticate themselves against a server in their own organization and present you with a token validated by their company. In this way you simply need to trust their company, and not the individual in question.

SOA Software’s products are used by Fortune 100 companies to provide comprehensive B2B SOA provisioning capabilities driving new business models and revenue for these companies.

SOA Software’s Service Manager provides a platform-independent, policy-driven SOA security and virtualization solution to ensure that internally published services can be confidently exposed to partners through the DMZ. SOA Software’s products implement all of the latest standards including comprehensive support for WS-Security, XML-Signature, XML-Encryption, SAML, XACML, and many others. For a list of supported standards please click here.

SOA Software’s Policy Manager provides comprehensive consumer contract request, offer, and negotiation processes to facilitate partners requesting access to services, and the enterprise offering partners access to services.

For more information about SOA Software’s market-leading products, click here.

Security

The evolution towards service-oriented architecture as the main application development and integration model for large enterprises promises great rewards in agility and cost saving, but along with these rewards come increased security risks in several areas:

Message Security – Standards-based service interactions are one of the main benefit drivers in SOA. They also introduce increased risk, because a well architected system will have no room for “security by obscurity”. The standards community has made great strides in producing specifications to ensure sender and provider authenticity and authorization, and message privacy and non-repudiation. It is now up to service platform providers and service and consumer developers to take advantage of these standards to ensure the security of their applications and data.

Interface Security – One of the goals of SOA is to create reusable business services. These services are often created by take data or business logic from existing applications and exposing it as a service. This means taking data or logic that was buried within an application and making it accessible, and in this process exposing it to potential threats.

Security Infrastructure – The move towards enterprise SOA involves the deployment of new infrastructure solutions including registry/repository, policy management, and service management, amongst others. Each of these solutions must comply with existing enterprise security policies, or the solutions designed to ensure the security of enterprise applications can themselves become potential attack points.

SOA Software’s Service Manager provides a platform-independent, policy-driven SOA security solution to ensure that all service providers enforce uniform, appropriate policies, that are implemented by all service consumers across all distributed and mainframe platforms throughout the enterprise. It provides fully featured agents to ensure last-mile security, a standalone intermediary for network-based policy enforcement and virtualization, and a client-side delegate for first-mile policy implementation.

Authentication – Service Manager provides comprehensive message, consumer and end user authentication with support for all common token types including Basic Auth, SAML, X.509, Kerberos, XML-Signature, and HTTPS. It provides a security token server for Identity Federation and token exchange, offering a SAML authority as part of this capability.

Authorization – Service Manager offers powerful service authorization capabilities support XACML as well as native integrations with most common enterprise security policy management solutions.

Privacy – Service Manager has full support for XML-Encryption in both raw XML and WS-Security forms supporting both encryption and decryption to ensure the privacy of messages.

Non-repudiation – Service Manager offers full support for raw XML and WS-Security compliance XML-Signature and signature verification to ensure message authenticity and non-repudiation.

PKI – Policy Manager provides comprehensive public and private key pair management, CRL checking, and certificate management.

SOA Software’s products implement all of the latest standards including comprehensive support for WS-Security, XML-Signature, XML-Encryption, SAML, XACML, and many others. For a list of supported standards please click here.
Service Manager integrates seamlessly with most common enterprise security solutions to maximize investment in existing systems and ensure consistent application of existing enterprise security policies. It supports:

Identity and Access Management Systems – Service Manager integrates with most common IDM solutions to federate their authentication and authorization policies and processes throughout an SOA.
Enterprise Directories – Service Manager integrates with common enterprise directories including Microsoft Active Directory and other LDAPv3 compliant solutions. It acts as a security token and policy server, delegating authentication decisions to the directories and using existing group memberships to drive role-based authorization decisions.
Security Appliances – Service Manager can provide policies for services security by common appliances (such as IBM DataPower) and monitor service usage and performance for these services.
PKI – Service Manager provides its own built-in PKI solution with a fully featured Certificate Authority. It also integrates with existing PKI solutions providing key distribution and verification.

For more information about SOA Software’s market-leading products, click here.

Operations

SOA presents a unique set of challenges to operations and security teams. We provide some examples of the challenges and solutions for many Fortune 500 corporations as they move towards SOA.

Security
B2B Service Provisioning
Application and Transaction Management
Change impact mitigation
Simple service consumption

For more information about SOA Software’s market-leading products, click here.

Extensible Asset Management

The breadth and scope of an enterprise SOA initiative can be quite daunting to a typical IT organization. New technical standards (and tools to support development against those standards), increased need for integration and regression testing to ensure stability and cross-version compatibility of deployed services, strong emphasis on proper separation of concerns (e.g., separating functional aspects from presentation aspects during analysis to eliminate blurred implementations, avoiding reimplementation of fragile existing application functionality and algorithms in decoupled services that are meant to support multiple application/composition needs), and simply the introduction of a new way of architecting and developing enterprise software forces organizations to take a much broader look at the SDAs they need to govern and disseminate.

Support for Knowledge and Executable Assets – Once an SOA initiative expands beyond the pilot stage, IT organizations need to quickly and effectively disseminate the core architectural and development principles and guidelines to the broader IT community. These knowledge assets – patterns, best practices, reference implementations – must be treated as peers alongside the executable assets – services, components, schemas – that make up an organization’s SOA. Repository Manager comes preloaded with Sun’s Core J2EE Patterns and Microsoft’s Enterprise Solution Patterns, and organizations can easily augment these knowledge assets with their own SOA guidance. This knowledge framework is delivered to the developer’s fingertips via Repository Manager’s deep IDE integration, thereby greatly increasing the likelihood of developer success as the enterprise’s SOA initiative expands in size and scope.

Incremental content enforcement based on SDLC governance stage – As a service or other SDA progresses through its SDLC, the number and scope of work products naturally increase. At its initial definition phase, a service may be little more than descriptive documentation specifying the required functionality at a high level. Use cases, design models, test plans, test results, defect lists, usage guides and many other work products accumulate as this service progresses towards staging and production deployment. Repository Manager enforces the presence of designated content at each defined governance stage, and validates that content against compliance policies through its integration with Policy Manager.

For more information about SOA Software’s market-leading products, click here.

Change Management

Within a loosely-coupled architecture such as SOA, change management takes on a two-dimensional perspective: both changes as a specific version of a service or other SDA progresses through its SDLC and changes across versions of a service must be effectively managed and governed. Most enterprise IT organizations are well versed in version-specific change and release management, but have considerably less experience in dealing with cross-version compatibility, deprecation, and staging issues that arise within an SOA initiative. The loosely-coupled nature of SOA demands additional stringency within the SDLC process as well; services must not only be correct (i.e., they function as expected) but also complete (i.e., they are discoverable, understandable, and stable from the consumption perspective).

Smart Controls™ governance automation – To be effective, SOA governance processes must incorporate as much automated compliance validation as possible while preserving ultimate decision-making authority for key role-based stakeholders in the IT organization. Governance processes must also vary by asset type (components require different validations than services, for instance), and different groups within the organization may require different levels of governance stringency. Smart Controls supports these variables through its patented event-driven governance engine. Governance processes are configured through an Eclipse-based graphical designer supporting swim-lane style process flow definitions with drag-and-drop task specifications, making it easy to specify and understand complex and demanding enterprise governance needs.

AnySource™ Federation – Click here for details on Repository Manager’s AnySource federation toolkit.

Compliance policy validation via Policy Manager™ – Development compliance policy enforcement can be an onerous task for architects and other governance stakeholders in the IT organization. Validating service interface compliance against WS-I Basic Profile, ensuring that source code conforms to style guidelines for readability and maintainability, and many other necessary policies can become overwhelming if manual validation is the only option available. Policy Manager’s flexible policy validation engine, supporting XPath, XQuery, Java, and script-based policy definitions, coupled with Repository Manager’s ability to automatically invoke Policy Manager at defined development governance checkpoints, automates this painful task, ensuring consistency and completeness for all SDAs flowing through the development governance process.

For more information about SOA Software’s market-leading products, click here.

Impact Analysis

As an organization’s SOA matures, increasing numbers of services along with applications and other SOA compositions dependent upon those services are deployed into mission-critical operational environments. Understanding end-to-end dependencies – application to service, service to schema, service to component, component to mainframe adapter to name a few – becomes crucial to ensuring stability of an organization’s SOA-based deployments.

Asset Relationship Visualization™ – As SOA-based applications and other compositions proliferate throughout the enterprise over the course of a successful SOA initiative, it becomes increasingly difficult to understand the impact of a change to any one part of the SOA deployment. Asset Relationship Visualization gives architects and other key SOA stakeholders a dynamically-generated visual view into such dependencies. Through its drag-and-drop Eclipse-based user interface, this Repository Manager option dynamically generates a dependency graph for any SDA based on asset and relationship type filtering rules configurable by the end user.

Strongly Typed Asset-to-Asset Relationships – Semantic understanding of dependencies in turn depends upon a clear understanding of the effect of those dependencies. Repository Manager’s patented dynamic SDA template infrastructure allows IT organizations to precisely define relationship types of interest and to establish validation rules that restrict establishment of such relationships to only assets meeting the semantic requirements specified by those types. For example, an “imports” relationship from a service may be restricted to schemas only, while a “consumes” relationship may allow components, mainframe adapters, and read-only data views to be bound to that same service.

For more information about SOA Software’s market-leading products, click here.

Metadata Federation

For enterprises to fully understand and effectively govern their SOA environment, they must have a complete and coherent view of the services and other SDAs touched by their SOA initiative as well as the policies and processes that guide consistent development of SOA elements. This end-to-end view must incorporate and coordinate relevant content not only from service development and deployment activities but also from service planning efforts (e.g., proposed services and their traceability to existing system capabilities) and from existing service capabilities (perhaps sourced from packaged applications and third parties).

Organizations also need to deal with the added complexities introduced through extensive offshoring/outsourcing relationships. While these relationships clearly provide value to the enterprise in terms of both cost and flexibility, if not managed properly they can lead to provider lock-in at best and development disasters at worst. Maintaining visibility and scope of control over arms-length development activities is key to deriving the most value from those relationships.

End-to-end integrated service metamodel and governance process model – Repository Manager, Policy Manager and Service Manager provide a complete solution for development and operational governance automation. By defining a common service metamodel and governance process model across these products, SOA Software gives IT organizations a significant jump start towards cross-organizational fidelity and consistency, reducing the likelihood of manual error and eliminating redundant information management within the enterprise.

AnySource™ federation – Connectivity to SCM platforms and other development tools is crucial for IT organizations to accurately represent and govern their development efforts. These development systems of record are typically managed in a siloed manner with little to no communication and coordination across products. Repository Manager’s AnySource federation toolkit allows IT organizations to define and automate extraction rules that span these products, producing complete and coherent SDAs based on SDLC triggering events (e.g., source code promotion, establishment of a version baseline). Based on the well-known open source ANT framework, AnySource presents a well-understood task model for asset automation.

Service registry federations – As services enter into staging and production environments, service definitions and supporting metadata must be provisioned into the runtime registries supporting those environments. Repository Manager supports automated provisioning of such information to leading service registries such as IBM WSRR, HP SOA Systinet, TIBCO Active Matrix Registry, and any UDDI-compliant registry. These same registries can serve as sources to bring previously ungoverned services (e.g., services deployed as part of a packaged application) under development governance via Repository Manager’s Import Center.

Federated Repository Manager installations – Highly distributed development organizations may need localized repository installations to better manage content access and latency issues. Other organizations may need to establish filtered access to selective SDA information to their outsourcing partners while at the same time maintaining consistent governance processes over the SDAs developed by those partners. Repository Manager’s sophisticated federation model enables IT organizations to establish essentially any federation topology (e.g., tree, star, unidirectional point-to-point) across any combination of physically and logically separated library installations. Filtering rules can be established over each connection within the federation, thereby ensuring that only appropriate information is passed across the connection.

For more information about SOA Software’s market-leading products, click here.

Service and Asset Discovery

The iceberg metaphor is apt when considering services within an enterprise: very few service implementations are greenfield, with the vast majority built upon one or more existing (typically strategic) capabilities already present in the enterprise or provisioned by business partners. The service interface, while important, is the small percentage of the total service that sits above the water line; mainframe and distributed applications, data views, EDI feeds, and many more software assets sit below the water line to make up the service implementation. Discovering and understanding these widely varied software development ass