Learning from the pioneers
Learning from the pioneers
Enterprises considering applying web services within their organisation to help safeguard their future ought to first learn from the past, writes Brad Kasell.
When the first microwave oven appeared in department stores in the 1980's, the idea of taking only minutes to prepare the evening meal in a plastic container was greeted with some scepticism by Australians. Today, microwave cooking has become the norm in most households and has fundamentally changed the way we approach food preparation.
So too, web services is rapidly evolving from concept to reality and changing the way we work. Consider the IT infrastructure behind your own online transactions, such as banking, eBay shopping and tax returns. All utilise web services and all have become a normal process in the lives of many Australians.
A recent IDC report found 30 percent of organisations are using web services to some extent.1 And it's not just big players with big budgets who are implementing web services. Customer demand is driving the need for business integration increases.
Consequently, we are seeing smaller Australian organisations implementing multiple web services projects.
However, it hasn't all been smooth sailing and lessons learnt have been plentiful. Businesses that are yet to invest in web services can glean some valuable insight from early adopters' successes and failures. Based on the experiences of early adopters, there are four aspects to web services that will provide food for thought: when to apply web services; interoperability; security; and quality of service.
When to apply web services
The first step is to decide when to apply web services. While this might sound obvious, it is tempting for business managers to see web services as the answer to all problems. To assess the relevance of potential web services applications you should be able to answer the following questions:
• What degree of business granularity do I require in each web service? If your processes are complex, you may require many web services to achieve one function. Ask yourself, if web services will support your business practices and when they should be applied?
• How much flexibility do I need? Web services are ideal for businesses that are, or would like to be, dynamic. For example, a bank continually adds products and services to its portfolio, but it may need to derive information from different systems as its product base grows. Web services can cater for these changes simply and easily through standards-based integration.
Conversely, it is pointless choosing web services for a highly customised back end system that will never require such flexibility.
• How much data do I want to share? Many business processes have specific data handling requirements, including who can access the data and what they can do with it. Web services are able to provide a great deal of flexibility in how data is managed and/or protected, but these mechanisms can affect performance. When designing your Web service you should ensure that your data is protected in support of your business objectives.
Interoperability and the adoption of standards
Just as the microwave oven must adhere to certain operating standards, irrespective of brand, web services have followed the same trend with the emergence of industry guidelines and best practices. Indicative of a maturing market, this means that web services platforms, irrespective of supplier, are increasingly being built to meet agreed and proven standards.
When designing a web services implementation, consider consulting the Web Services Interoperability Organisation (WS-I.org), which is comprised of industry stakeholders including multiple vendors.
WSI-org has published the 'Basic Profile' - a set of guidelines for web services developers and consumers. These guidelines provide recommendations on a range of topics, such as structuring web services and security, and providing test suites and sample applications. Adoption of the WS-I guidelines as a baseline ensures consistency and helps businesses move towards seamless integration.
Securing your web services
A widely discussed and sometimes contentious topic, security can illicit strong reactions among managers and the most technologically savvy. When assessing security requirements within a web services application, consider the following:
Make security a policy-based decision and not a programmer's problem. Allowing individual developers to decide how to protect each web service could result in an inconsistent company-wide security approach. Rather, ensure your web services security policy is driven from the top of the organisation and is in accordance with business needs and not applied in an ad hoc fashion. This policy should then be consistently applied to web services by your security administrator.
Assess your security requirements according to your business needs. Ask yourself:• What do my customers and partners expect or require?
• What information am I securing? Is this for internal or external use?
• What happens if this data falls into the wrong hands?
• Do I want to encrypt all of my message content or just certain parts?
• Are there any industry or regulatory considerations?
Taking these factors into account will help ensure you implement a level of security that is appropriate.
Be aware of the extra processing associated with security, such as encryption. Establish the level of performance that is needed and determine appropriate security measures. Conflicting requirements may mean that web services are not always the best solution. Alternatively, web services' other benefits such as flexibility, speed and cost of deployment may prove it to be the ideal solution.
Quality of service
Over the past four years web services have matured, becoming less about 'will web services work?' and more about 'how can web services best meet my business needs?' Irrespective of whether you are new to web services or an early adopter, you should question the quality of your web services, in terms of performance, reliability, availability and scalability.
To enhance performance, consider using 'native binding', an approach that matches up types of requests with their respective implementations. A web services gateway is able to direct each request for a web service to the most appropriate service provider. This means that the requester does not need to know the specifics of how the service is being delivered. Such a gateway allows you to match your IT infrastructure to the anticipated demand for your web service, without changing the interface.
Ensure scalability through 'loose coupling' and 'location independence'. Being able to quickly switch implementations from one provider to another, or transparently add additional capacity means that you can be responsive to demand for that web service. Get back to basics. Web services can be relatively simple. However current business requirements mean that companies are often applying layers of complexity to a basic web services model. But are the additions necessary? You wouldn't use, for example, an industrial strength microwave oven with 72 settings, if your sole purpose was to heat soup! Similarly, keep your web services as simple as your business needs allow.
Australian businesses are currently utilising web services for integration, enhancing relationships internally and with customers and partners. The potential business benefits of web services cannot be denied. But to realise value, Web services must be governed by your business requirements, not technological advances.
When considering web services or assessing existing web services within your business, start by asking yourself questions on applicability, security, performance and familiarise yourself with the relevant standards, as well as the WS-I guidelines. Don't waste the hard earned knowledge accumulated from early adopters. Use it to enhance the business benefits that web services can provide for your company.
References1. IDC, Web Services Survey, 2002 and 2003
Related Article: