2003 Survivor's Guide to Business Applications

Web services technology is the exposure of specific business functions through an open standard that allows access to data from other Web-services-enabled business applications. In the past, if you wanted to access data from an application, you generally had to develop custom code to determine the application-specific protocol. With Web services, the same methods of accessing the data are offered via a defined, open protocol known as SOAP (Simple Object Access Protocol), using XML (Extensible Markup Language) to transfer data to and from the application.

Survivor's Guide to 2003

• Intro

• Security
• Mobile & Wireless

• Network & Systems

  Management

• Storage & Server

  Technology
• Infrastructure

• Business Apps

• Digital Convergence

• The Business Case

-->

This change means that access to business functions within applications is platform- and language-agnostic. SDKs are specific to languages and platforms, but Web services offer truly ubiquitous access. The technology is the more open, streamlined resurrection of CORBA. While Web services are being marketed as the panacea to the problem of lengthy development cycles, it's unlikely that Web services will encourage the reuse of code any more than the move to an object-oriented paradigm did because of two factors: trust and communication. Coders only trust their own code and are unwilling to use existing code--if they're even aware that it's available. Communication among development teams is a larger problem because teams rarely discuss with other teams the impact of a single component. The resulting component, or Web service, is unlikely to satisfy the needs of every team, likely necessitating a complete rewrite.

Web services provide much more in terms of packaged applications, as these open interfaces offer a mechanism for integration and support out of the box rather than requiring customization through coding or purchasing additional adapters.Unfortunately, Web services still don't address security or reliability very well. Web services, whether based on J2EE (Java 2 platform, Enterprise Edition) or Microsoft .Net, all take advantage of XML, which is transported between applications via SOAP. The SOAP standard, which describes how Web services are exposed and accessed, is verbose. As the number of Web services-enabled applications in your infrastructure grows, you can expect resources to work harder than ever to maintain acceptable performance. Because the standard addresses neither security nor reliability, exposing your business functions is an all-or-nothing proposition.

Markets are emerging from the security in Web services, and an abundance of solutions to the security and reliability problems will be available next year, though the field is too new for us to name any front-runners. Cape Clear Software, Blue Titan Software, Actional Corp. and even Check Point Software Technologies offer products that provide Web services security and management, and additional offerings are due in coming months.

You'll also need to take a stand on your platform--and soon. Will you use .Net or one of the many J2EE offerings such as Sun Microsystems' ONE? As with any choice that involves developers, a holy war of splendiferous proportions is already brewing. A J2EE offering has many advantages, of course. Many vendors have products, and a host of tools is available. A .Net environment locks you into a single vendor and substantially limits your choices in terms of vendor and platform support, but the development environment and languages are familiar to most developers, making it attractive in terms of training and time to deploy. It's also difficult for J2EE-based solutions to compete with the ease of development and deployment offered by Microsoft products.

While external software components such as Web services are unlikely to be integrated into your internal development efforts any time soon, the internal use of Web services for intranet portals and integration efforts will become not only acceptable but expected. And if you haven't begun to seriously evaluate Web services as a part of your architecture, you'll need to do so next year, particularly for new applications.

Web services, along with failure of CRM deployments to achieve claimed ROI, is energizing the outsourced CRM market. ASP-based CRM offerings such as Salesforce.com and UpShot are using Web services to integrate their outsourced CRM applications with Microsoft Outlook to provide more robust functionality and features. With the CRM debacle of the past year, it may be wise to consider an outsourced solution. Web services has enabled such solutions to provide the lower total cost of ownership required without sacrificing functionality. Integration efforts are always an issue in the enterprise, and that's not about to change. Most applications need technologies that let disparate systems communicate or share data. You can implement Web services to dramatically reduce the time spent on integration; however, those new products require upgrades and, in many cases, infrastructure changes.If you aren't in the market for an upgrade in the next year, you'll probably spend considerable time integrating applications, just as you may have done this year. Some of your time will go toward coding integration solutions, but more likely you'll use solutions from companies such as Data Junction Corp., IBM, Tibco Software or WebMethods to assist you in your integration tasks. If you aren't already considering integration efforts, think about changing your architectural decision processes. Spend more time designing a solution that can support your integration efforts. Insertion after implementation is much more costly and time-consuming than creating a solution that can share data across disparate applications.

The emergence of Web services as a means of integration means less professional services time, but EAI (enterprise application integration) is more than just getting two applications to play nice. It's also about those applications sharing data, and about translation between business-to-business partners. Web services make this task simpler, but still require a solution to route data. That solution is EAI. For example, you may need to route a customer order to two or more apps--order fulfillment and CRM--and EAI provides the means of getting that data to both systems. Or consider the case of exchanging data between business partners. While XML provides the standard, it does not define the format. EAI solutions can translate from a partner's format to your own and vice versa.

Open Standards Groupware

Although Microsoft holds the lion's share of the groupware market with Exchange, the challengers are lining up with open-standards solutions. "Open standards" refers to a company's commitment to implementing a product based on agreed-upon standards that provide consistent interoperability rather than a proprietary, often incompatible, technology. Support of open standards allows for modularization of groupware's components--e-mail, calendaring, instant messaging, directories--and provides a lower TCO by offering the ability to take a best-of-breed approach to building a collaborative environment rather than the traditional turnkey offerings of current groupware leaders. Gartner predicts that over the next few years, cost and reliability goals will be met only through standards-based messaging products, primarily due to the lower cost of integration, higher reliability and reduction in scheduled downtime required by turnkey groupware solutions.

The definition of groupware has expanded and now encompasses almost every aspect of messaging available, including the IM (instant messaging) paradigm. With the use of IM high in the enterprise for interoffice communication, a secure, integrated and managed IM is becoming a necessity for any successful groupware solution. Companies entrenched in groupware solutions will need to determine whether the IM solution offered by their vendor is adequate, or whether it makes sense to migrate to a standards-based implementation to more easily accommodate the rapid changes in messaging methods that will continue to take place throughout the next year.A key component of new groupware products is modularization. Companies are no longer willing to absorb the high cost of a proprietary turnkey solution and will be looking for scalable, reliable low-cost solutions for commodity services such as e-mail. Standards-based products are considered simpler to install and operate and offer a lower TCO, a necessity for IT initiatives in the next several years. These same services will be easily integrated with other traditional groupware functions via Internet standards and will include more comprehensive support for diverse deployment platforms.

Moving to an open-standards, modularized groupware solution also puts the enterprise back in the driver's seat when it comes to decisions on upgrades and deployment platforms. More than 50 percent of U.S. businesses and 30 percent of non-U.S. businesses use IM, according to Gartner, but less than 1 percent of those businesses are managing their IM environments.

Instant messaging will only increase in popularity over the next year, as employees embrace this alternative to picking up the phone or arranging a meeting. IM is faster than e-mail and can dramatically cut the cost of phone calls when remote offices are located half a country--or half the globe--away.

What will, and must, change is the management of such messaging systems. Customers demand instant access to technical, product and customer support personnel; enterprise employees use IM to contact mobile and nonmobile co-workers. Unmanaged IM is one of the easiest--and most dangerous--ways to fulfill the desire for such instant communication. The threat of viruses, hijacking of resources and misuse of the network skyrockets when a public IM is used within corporate walls. A managed IM solution provides a level of security and the ability to control and audit conversations.

You'll need to manage IM more closely in the coming year, and ISVs are ready and willing to offer you the mechanisms necessary to provide such functionality to customers and employees while they ensure that security, both at a network level and an intellectual level, is not compromised by the use of this technology. AOL's Enterprise AIM provides audit trails and security via your existing authentication infrastructure as well as encryption and monitoring capabilities. Microsoft and Yahoo both expect to have corporate versions of their software available in the first quarter of 2003. The Jabber Software Foundation offers Jabber, an open-source solution providing both servers and clients. Jabber technology can be integrated into custom enterprise applications and addresses security with SSL and PGP.HIPAA Compliance

If you're in the health sector, it will be difficult to sidestep a legal entity the size of HIPAA (Health Insurance Portability and Accountability Act). HIPAA aims to combat fraud and abuse in health care and improve health care systems by encouraging the electronic transfer of health care information. It applies to all health care providers--doctors, hospitals and pharmacists, for example--who conduct electronic transactions for health claims, health plans such as HMOs, Medicare and state Medicaid programs, and health-care clearinghouses that process health-care information. Small, self-administered health plans are excluded from HIPAA.

The act requires the U.S. Department of Health and Human Services to establish national standards for health care provider identifiers, security and electronic signatures, transaction code sets, and privacy of individually identifiable health information. The privacy rules and transaction code sets will take effect in 2003, though the rules for provider identifiers and security and electronic signatures are not final.

This is a huge beast to grapple with. The privacy rules, for example, require enterprises to inform patients of their privacy rights and how their information is used; adopt and implement clear privacy procedures; train employees regarding the privacy procedures; designate a responsible individual to oversee the procedures' adoption and implementation; and secure patient records that contain individually identifiable health information. Granted, there's already software that can provide secure access to patient records. Critical Path's directory and metadirectory technology is one example. But that's only one aspect of one rule; the rest remains a moving target on the legislative calendar.

No software vendor has an umbrella big enough to cover every aspect of HIPAA compliance. If you want a one-stop shop, you'll need to look at a consulting service, such as Phoenix Health Systems, where a number of solutions will apply to ensure network security, data integrity and privacy in the storage and transfer of health information, such as patient records.Technology editor Lori MacVittie has been a software developer, a network administrator and a member of the technical architecture team for a global transportation and logistics organization. Write to her at [email protected].Blue Titan Software: Blue Titan's Web Services Network architecture promises to make Web services reliable and address issues of security.

Cape Clear Software: Cape Clear is a contender in the development and deployment of Web services, offering integrated, cross-platform support.

F5 Networks: F5 is moving to support Application Traffic Management, including managing Web services and other application-level traffic.

Forum Systems: This network device manufacturer has the answer to your B2B XML and Web services security concerns.

Gordano: This primarily European groupware ISV is making moves in the United States to provide a complete messaging environment that addresses the management issues of Instant Messaging and is based on open standards.Nobilis Software: Beating Microsoft at its own game, Nobilis' technology takes advantage of existing Web services capabilities in Microsoft Office to integrate Office applications into a business process management suite.

Novell: Novell's purchase of Silver Stream's technology puts it smack in the middle of the J2EE Web services development and deployment arena with a fully integrated development environment and Web services platform.

Stalker Software: Stalker Software, maker of the popular CommuniGate line, has the stuff to convince you that its open-standards-based, Outlook-compatible product will provide the impetus to move you off Microsoft Exchange.

Yahoo: The search and portal giant is aiming to take over the enterprise with its corporate-class messaging product.• "Web Services: Still Seeking Standards" (TechWeb, Nov. 20, 2002)

• "Groupware Grows Up" (TechWeb, Nov. 19, 2002)• "Microsoft Follows Rivals Into Enterprise IM" (InternetWeek, Nov. 13, 2002)

• "Business Process Standard Moves Forward" (InternetWeek, Nov. 13, 2002)

• "OASIS Adds Public Key Group to the Fold" (InternetWeek, Nov. 5, 2002)

• "AOL Targets Enterprise Instant Messaging" (InternetWeek, Nov. 4, 2002)

• "Switch Over, Oracle Says" (InternetWeek, Oct. 7, 2002)• "More E-Mail Accounts at Lower Costs" (InformationWeek, Oct. 7, 2002)

• "Business Intelligence with Smarts" (Network Computing, Sept. 30, 2002)

• "Employee Provisioning" (Network Computing, Aug. 19, 2002)

• "Wanna Buy the Brooklyn Bridge?" (Network Computing, Dec. 1, 2002)

• "A Start-Up Is Born" (Network Computing, Dec. 1, 2002)• White Papers

• Research Reports

• Careers

• Books

• Training• Weblog

• Forum