COMPUTER BUSINESS REVIEW

Critical. Authoritative. Strategic.

TECHNEWS

CBR is proudly produced & published
by Technews
www.technews.co.za
Issue Date: August 2003 (es)

Cutting out the middle-tier costs

August 2003

Will Web services change the world? Will the IT industry do the impossible and actually deliver on the promise these new technologies offer? – Andrew Seldon, feature editor of eSecure, reports.

There can be no doubt that Web services is going to make an enormous mark on the application development industry, but is it going to expand its influence from its technological beginnings into the executive space?
The answer is a definite yes. Of course, executives are not going to start lathering up and going on evening SOAP courses or brushing up on their XML, but changes in the way IT is delivered and its inter-communicative abilities will change their opinion and the role IT plays in the corporation.
Imagine a world where your old mainframe still chugs away in the background doing its processing like it is supposed to; on the front-end, users interact with the corporation through PCs, PDAs and wireless laptop connections without a care about how it happens or which systems one has access to and which not; and the middle tier (that can be vastly dispersed) consists of a host of servers and platforms, each perfect for its task and completely integrated with the others.
New IT solutions can be brought in on their merits - can it do the job, how much does it cost, is there support - without the business being forced into buying a particular brand because that is what it bought last time and it will not talk to anything else. Whatever you buy will be able to send and receive data from other systems without buying expensive middleware or extensive coding.
It may sound like Utopia, and for the average harried IT manager it probably is, but this is a realistic goal of the service-oriented architecture (SOA), and Web services will be a cornerstone of SOA.
Software as a service
While the industry is currently caught up in the Web services hype phase, time will see the emphasis move to a broader acceptance of this phenomenon as people understand what Web services are and the value they can deliver.
Rick Parry, MD of Progress Software SA, says Web services will put software in its rightful place: business will recognise that software is not a magic bullet, but a service, as it should always have been.
"From a business point of view - and this could be a simplistic view, although correct - Web services simply provide a new, non-proprietary deployment mechanism for software," says Parry. "That is not to say the whole Web services industry is simple, there are very complex issues at hand here, such as security and connectivity, data and systems sharing, and communications, for example.
"The crux of the matter for any Web services vendor or developer is that it must be business value on offer, a series of business services deployed via the Internet (or any network), not technical solutions."
Good as this may sound, few applications are delivered according to the guiding principles of business value. Will the SOA delivering real value be the catalyst that will help pull IT out of a recession? Parry says that only those IT companies passionate about value delivery will be able to overcome the scepticism associated with IT.
"Businesses know they have been conned over the years: they have an infrastructure, but what value is it delivering to the business? Executives are only going to listen to people telling them how to get added value from their systems. This will require a risk-taking approach and proof-of-concept installations before money changes hands."
He adds that services will permeate the software industry in future and become the norm for delivering value. "IT is actually a services industry in which technology should be delivering services that add value to whatever the business is doing - fitting in with the business and not trying to change it."
Unfortunately, there are barriers to entry for Web services - even though they are based on open standards. One is specific to South Africa - bandwidth - and another applies globally - security and standards.
Parry says that any mechanism of delivery that requires bandwidth is going to suffer because of the expense locally - and this, unfortunately, is not likely to change.
The guarantee of security
The second issue is security and standards. Faritec's Nabeel Prior says Web services certainly make development easier, but notes there is still work to be done on the security standards. As an example of the potential of applications designed according to this architecture, he refers to a trading portal.
Nabeel Prior, Faritec
Nabeel Prior, Faritec
"Buyers can, via a Web browser, log into a system and place an order. The Web services connectivity passes that order to the relevant suppliers in a format their systems understand (Web services is all about standards), seamlessly setting the processes in motion on the supplier side. A simple message can then be sent back to the user with the relevant times, dates and payment details, etc."
It is clear why security is important in an example such as this - data must be protected. It would also be incorrect to say there are no security standards in place, as many are 'in process'. Prior says, "Microsoft, for example, has come up with numerous security standards, but these are mostly still under discussion before being adopted."
An important consideration for any person or company considering Web services is standards. If Web services are to work as planned, every vendor must support the industry standards. Any proprietary hooks will make vendor A's Web services offering incompatible with everyone else and the industry will be exactly where it is today - except another few billion would have been wasted on the idea of Web services.
Sun Microsystems SA's Lodewyk de Beer also mentions the seriousness of standards, and is relieved that all the vendors have adopted the standards laid down to date. The only 'head bashing' still happening is about security and authentication standards, and De Beer does not believe there will be any problems as the Web services' XML interface will permit communications between any XML-compatible systems - even between Java or .Net-based systems.
Yet, there are even more basic security issues one must take into consideration when looking at the Web services phenomenon - see 'Web services could reopen old vulnerabilities' below.
Internal integration issues
De Beer says Web services are a simple way to send information without requiring Corba or other similar technologies. Sun sees the real immediate strength of Web services coming from the enterprise integration space, not the Internet delivery (the part that gets the most hype).
"Web services acts as a facilitator for companies to deliver back-end services to a community of corporate users," De Beer says.
Joe Ruthven, IBM SA
Joe Ruthven, IBM SA
Joe Ruthven, business development manager for IBM SA's Software Group, also says Web services is an integration technology. However, he warns that integration is not easy and needs careful planning if corporates are to ensure they are not wasting more money. Ruthven mentions six stages of integration Web services will deliver, and companies will generally follow this order in their Web services evolution:
1. User integration.
2. Business process integration.
3. Application connectivity.
4. New application integration.
5. Information integration.
6. Security integration.
Is Web services a real solution we are likely to see in production in the real world soon? Absolutely, says Ruthven. He adds most companies are at least dabbling with Web services and many, even major software companies such as Adobe have already delivered solutions into the real world.
De Beer adds that while Web services applications are deliverable now, the one failing is in the realm of accountability: There is no guarantee of service or delivery at the moment. This means transaction and information transfers can not be verified - as yet. While this is a hindrance, for internal application purposes it is only a small segment of potential Web services developments that will be affected.
Another benefit Ruthven highlights is the ability to Web services-enable applications developed with current tools. "Websphere, for example, allows companies to develop Java applications and then, via an add-on, convert these to Web service modules at the click of a mouse."
It is the small moves that are likely to lead companies into a Web services world. An improvement here, a tweak there and when executives see the cost and time advantages, they will be sold. Nevertheless, as Parry said, it is about what business value can be delivered through software services; technology is merely the enabler.
Web services could reopen old vulnerabilities
As compelling as the business case for Web services is, South African companies should take a conservative approach to deployment until they have gained experience in the technology and the standards for security have matured.
That is the word from Pieter Pretorius, business solutions manager at managed security solutions provider, Nanoteq, part of the JSE-Listed Comparex Holdings. He says that South African companies should take a cautious approach to rolling out the technology since it could potentially reopen many of the security holes they have spent millions of Rands to plug.
Pieter Pretorius, Nanoteq
Pieter Pretorius, Nanoteq
Says Pretorius: "Unless an enterprise has invested in software specifically designed to detect and monitor Web services traffic, it risks the possibility of harmful traffic sneaking through the firewall and of internal Web services sending out sensitive data without being detected."
Gartner estimates that the use of Web services could reopen 60% to 70% of the security vulnerabilities companies have closed off in the 10 years since the Internet started to become a mainstream business communications platform.
The problem is that Web services traffic is often difficult to detect because it uses the same ports on a Web server as standard HTTP traffic, making it impossible for a standard firewall to discern the difference. Web services traffic could carry any sort of payload - including executable files containing viruses or worms.
Web services security standards are not yet set in stone. Pretorius says that by 2005, many of the outstanding issues in Web services security should be resolved. By that time, most organisations will demand that non-registered HTTP and S-HTTP traffic be inspected at the enterprise perimeter. This will need application-level inspection capabilities - particularly extensible markup language XML, SOAP and Web services - in perimeter security technologies. Until these technologies are stable and mature, organisations should take a cautious and steady approach to Web services rollouts.


Others who read this also read these articles

Search Site





Search Directory

  • Search for:





Subscribe

Previous Issues