Shrinking the Enterprise with SOA

Shrinking the Enterprise with SOA
• Cognizant 20-20 Insights

Shrinking the Enterprise with SOA
A framework to help companies to more effectively create a
distributed service-oriented architecture that reduces costs,
optimizes infrastructure and facilitates more manageable
sharing of services across the enterprise.

      Executive Summary                                           prises. There are many parameters to assess.
                                                                  For example, customer information or product
      The concept of a service-oriented architecture
                                                                  details can be maintained in many places, but
      (SOA) has been around more than 15 years. There
                                                                  finding the right information requires locating
      are several ways to handle an SOA, but some
                                                                  the appropriate team and numerous detailed
      approaches are complex to maintain and difficult
      to sustain over time. This white paper addresses
      the challenges and provides simplified solutions        •   Accessing data: To access data across the
      to maintain data that enable the free flow of infor-        enterprise, organizations typically face the fol-
      mation across the enterprise.                               lowing challenges:

      Visualizing data in any organization is critical            >> Inconsistent standards.
      in establishing the infrastructure required to              >> Data trapped in legacy applications with
      simplify SOA support. Organizations typically                 minimal and non-customized interfaces.
      have numerous data points. The smoothest
      possible transition is possible if each data point in
                                                                  >> A lack of separate applications or back-end
                                                                    jobs to maintain the data.
      an organization can communicate in a universal
      language such as XML or JSON. Pushing them                  >> Reading the data in the right format requires
      to Web-services architecture ensures that every               additional development work.
      data point in an organization is accessible and         •   Data security challenges: In reality, enter-
      secured.                                                    prise SOA is much more difficult because
                                                                  services may be deployed across multiple do-
      Data challenges enterprises face include:
                                                                  mains of ownership. To make interactions pos-
                                                                  sible, mechanisms have to be present to con-
      •   Redundancy: Much of the data that flows
                                                                  vey semantics, to declare and enforce policies
          across an organization is redundant. In fact,
                                                                  and contracts and to use constraints for data
          applications, hardware, resources, time and
                                                                  passed in and out of the services as well as ex-
          other related resources used for maintaining
                                                                  pressions for the behavior models of services.
          and provisioning are often redundant in ways
                                                                  The ability to understand both the structure
          that are difficult for organizations to detect.
                                                                  and semantics of data passing between service
      •   Finding the right data: Locating data is an-            end points is essential for all parties involved.
          other painful and difficult task in many enter-

      cognizant 20-20 insights | may 2014
•   Monitoring the services developed in SOA:           data. Moreover, some organizations lack data
    As a result of this challenge, many specialized     access standards, and in some cases the code is
    platforms are evolving to meet these needs.         so closed that it’s difficult to understand the logic
                                                        that underlies it.
A Framework, Tools and Dashboard
to Visualize SOA                                        All of the above problems are common. This white
How can organizations address the above                 paper focuses on remedies for them.
problems? Our work with companies across indus-
tries over the last dozen years on SOA projects         Defining and Designing an Effective
makes clear that organizations need to build a          Enterprise SOA Solution
framework with a set of tools that are portable,        The building blocks within our SOA framework
easily customizable and generic to deploy. Web          used to address the aforementioned challenges
services offer great promise to reduce complex-         are as follows:
ity and enhance application interoperability. Many
organizations typically end up with numerous            •   Portal.
useful Web services and are often unaware which
ones provide what functionality due to a lack of        •   Security bots.

tools and architecture.                                 •   SLA management.

Many organizations recognize that their Web             •   Search indexer.
services and functionality are either partially or      •   Dashboard.
fully built-in with at least more than five applica-
                                                        •   Executive dashboard.
tions. As a result, data often becomes redundant
and has multiple sources for the same informa-          •   Agent brokers.
tion, despite the fact that many organizations          •   Data sniffer.
have strong policies to control and secure the
                                                        •   Data pickers.

Anatomy of an SOA Solution

                                     Monitoring/Event Management

                                          Process/Orchestration                                 Governance


                                        Data Services/Messaging

                                              Data Abstraction

                     Data              Data                   Legacy          Legacy

                      Internet-Based          New Services

Figure 1

                        cognizant 20-20 insights        2
A general SOA framework can be deployed at                 SOA Portal
organizations (see Figure 1). To understand how            The portal’s main purpose is to register services
SOA works, please refer to other white papers              (using industry conventions) and validate func-
and articles across the Internet.                          tionality. The description of the Web services and
                                                           their taxonomy and details will help other devel-
To design an effective solution for framework
                                                           opers find the right components. Every enter-
SOA, organizations need to consider numerous
                                                           prise Web service must be registered so it can be
factors. One of the critical objectives is to create a
                                                           properly monitored (see Figure 2).
cost-effective, portable and generic solution that
can be deployed across enterprises.                        Agents and Brokers
                                                           Once the Web service is registered, certain back-
To keep maintenance costs low, our SOA
                                                           ground processes are necessary for it to be part
framework uses a decentralized, agent-based
                                                           of an enterprise SOA. Agents and brokers are
approach compared with a broker-based system
                                                           installed on the server where the Web service
where all service requests are handled by a server
                                                           is located. Agents and brokers are a set of light-
or set of servers. Custom-developed agents
                                                           weight components that decentralize SOA layout.
or small code libraries sit on all its application
                                                           Agents are mainly created in J2EE and .Net to
servers to intercept various pieces of information
                                                           conform with the way most Web services are
about the services, such as usage, response time
                                                           constructed. Five different activities are handled
and IP address. As these data points flow back
                                                           by an agent once installed on the server of the
and forth, they are recorded and stored locally
                                                           hosted Web service.
and transmitted on a regular basis via a log file to
the framework database. The agents support the             Services are instrumented via the SOA framework
subscription, management and dashboard layers              agent to provide secure access control and moni-
over the top of the existing SOA framework. The            toring of service usage events. In this approach,
subscription layer allows developers to publish            the SOA framework infrastructure is highly dis-
and consume Web services and to set up SLAs                tributed, with agents colocated within application
regarding their service.                                   containers (the Java or .NET application engines
                                                           on which the application services run within the
A decentralized SOA framework covers four
                                                           organization’s infrastructure). This arrangement
                                                           allows the SOA framework to scale horizontally
•   Portal.                                                in conjunction with the application infrastructure.
•   Dashboard.                                             Agents are added only when new services are
                                                           exposed. The centralized broker model does not
•   Brokers.
                                                           require agents, and therefore does not intrude on
•   Agents.                                                the actual application.

Building an Effective SOA

      Developer                                                                            Web Service
       Develops               SOA Publishes        Web Service             Providers
                              After Validation     Is Ready for
                                                                                          Is Ready to Be
      Web Service                                    Discovery                               Consumed

                                                    Web Services      Web Service
     Registers in SOA     SLA Is Applied.            Subscription   Approval Process

Figure 2

                        cognizant 20-20 insights            3
At a Glance: SOA Portal

                       Developers                        WSDL
      Dashboard          Portal         SLA Details     Extractors      WS Search        Help Tools

Figure 3

•   Security Management: The SOA framework                  a second layer of security. Services that are
    uses “username tokens” (based on Web                    exposed to external customers and partners are
    services WS-Security model) to provide authen-          accessed via public-network-facing gateways.
    tication and authorization. Depending on how            These gateways use username tokens for
    the service is instrumented, these activities are       authentication and authorization; they also
    performed at run-time by the agent or by the            require “digital-signature”-based encryption
    centralized broker. Agents and the broker have          for privacy protection and data integrity.
    the ability to cache the credentials and authen-
                                                        SOA Framework: Return on Investment
    tication information to improve performance.
    The security service itself is deployed as a        The benefits and returns on investment for a SOA
    framework service that is accessed by agents        framework can be broadly classified into three
    and the broker.                                     categories:

    For services that are used across business          •   The cost and “speed to market” benefits
    units, a two-way secure sockets layer (SSL) at          associated with reuse of services.
    the transport layer is usually added to provide

     Quick Take
Leveraging Service-Oriented Architecture to Deliver Value:
The SOA Framework Experience
A company we worked with in the recent past             Finally, in addition to service reuse benefits, any
adopted a decentralized SOA framework and saw           business will find that exposing Web services
a net savings of approximately $5 million in just       (customer information, billing details and
one year from service reuse. This was achieved by       other related services) in a B2B environment
both encouraging the creation of services as well       with additional security provisions to external
as the distribution of the services via the SOA         enterprise customers can yield further benefits.
framework repository. An organizational target          For example, allowing the customer and partner
for service creation was set and was translated         applications to directly invoke services might
into targets for individual development portfolios      result in fewer calls into the operations centers
depending on their size and the nature of their         as these communications would have otherwise
development work. The SOA framework has also            been made via calls. A tremendous growth in the
enabled the retirement of legacy systems as part        use of B2B “trouble reporting” services when they
of infrastructure consolidation: Over the period,       are made available to customers and partners can
the IT budget has been slashed to half of its cost.     be achieved.

                        cognizant 20-20 insights        4
•   The cost benefits associated with system con-                                  unit communication within an organization with
    solidation and legacy system “decommission-                                    B2B partners. As the SOA framework overcomes
    ing.”                                                                          challenges, it should evolve in three ways:

•   The cost and efficiency benefits associated
                                                                                   •   Continued functional additions via framework
    with the direct exposure of these services to                                      services: Expanding the SOA framework
    external customers and B2B partners.                                               services beyond security and logging, and
The cost and “speed to market” benefits associ-                                        creating new framework services for SLA
ated with service reuse are obvious as it is usually                                   contract management, service discovery and
significantly faster to reuse a service compared to                                    even the dynamic provisioning of services.
writing it from scratch. For any of these benefits
to be realized, there must be a significant level of
                                                                                   •   Migrating from service standardization to
                                                                                       information standardization: Integrating an
adoption of services and SOA across the company.                                       SOA framework with an enterprise data
The simplicity of the SOA framework’s distributed                                      services platform to unlock information from
agent model and the associated portal environ-                                         legacy data sources and expose them as data
ment helps considerably with its service adoption.                                     services.
Looking Forward                                                                    •   Moving toward full business automation:
A distributed SOA model can be widely adopted                                          Total integration of service composition and
within any enterprise that supports service                                            business orchestration tooling into the platform
creation and management. While the internal                                            to automate entire business processes — from
adoption and growth of SOAs has been phenome-                                          contract definition to service creation.
nal, the platform has also enabled cross-business-

•   Kyle Gabhart, Bibhas Bhattacharya, Service Oriented Architecture Field Guide for Executives.




About the Author
Sameer Kulkarni is a Senior Associate, Technology Consultant and Business Analyst within Cognizant’s
Advanced Systems Group. He has 13-plus years of experience in systems analysis, programming, architec-
ture, testing and implementation across multiplatform applications. Sameer has worked as a developer
and architect on all the Microsoft technologies since 2000. He received his masters in computer applica-
tions from Pune University. Sameer can be reached at

About Cognizant
Cognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process out-
sourcing services, dedicated to helping the world’s leading companies build stronger businesses. Headquartered in
Teaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industry
and business process expertise, and a global, collaborative workforce that embodies the future of work. With over 75
development and delivery centers worldwide and approximately 178,600 employees as of March 31, 2014, Cognizant
is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among
the top performing and fastest growing companies in the world. Visit us online at or follow us on
Twitter: Cognizant.

                                         World Headquarters                  European Headquarters                 India Operations Headquarters
                                         500 Frank W. Burr Blvd.             1 Kingdom Street                      #5/535, Old Mahabalipuram Road
                                         Teaneck, NJ 07666 USA               Paddington Central                    Okkiyam Pettai, Thoraipakkam
                                         Phone: +1 201 801 0233              London W2 6BD                         Chennai, 600 096 India
                                         Fax: +1 201 801 0243                Phone: +44 (0) 20 7297 7600           Phone: +91 (0) 44 4209 6000
                                         Toll Free: +1 888 937 3277          Fax: +44 (0) 20 7121 0102             Fax: +91 (0) 44 4209 6060
                                         Email:        Email:           Email:

­­© Copyright 2014, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is
subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.
You can also read
NEXT SLIDES ... Cancel