With BPEL, it doesn't really matter whether the services are hosted by a Grand Central or by the partner companies themselves - the core architecture remains the same. A service hosting company just simplifies and localizes some of the firewall and security issues.
Note that there are several additional issues which are introduced once BPEL is used to orchestrate services hosted by trading partners or hosting companies. These issues include firewalls, security and asynchronous services and call for using a standard like WS-Security for encrypting, digitally signing and authenticating your messages in such a way that they can pass through firewalls.
To properly deal with firewalls, problems can be avoided by setting up a VPN (or dedicated link) between the BPEL process host and the service hosts or a protocol such as HTTPS that will pass through firewalls securely. Note that with asynchronous services that require callbacks, the company hosting the BPEL process needs to enable the callbacks to pass through the firewall as well, using the same protocols/standards mentioned.
This was first published in June 2003