Harnessing the distributed resources of cloud computing to expand a service-oriented architecture (SOA) is something experts, vendors and industry professionals have been discussing more and more--but with reservation.
The questions that always cause hang-ups do not have easy answers. What about security? How do we get all the productivity SOA has promised?
Web services vendor, Layer 7 Technologies says with cloud on the horizon, industries can no longer afford to ignore run-time governance.
"Governance was something you could sort of ignore when you were behind the firewall," said Scott Morrison, chief architect and VP of engineering at Layer 7. "You can't put governance off in the cloud. You need security and management."
In the cloud, service monitoring and data security become key areas of concern, Morrison said. There is some monitoring provided by a number of cloud service providers, but Morrison said these metrics focus mainly on virtual machine performance, not service performance.
Precisely these sorts of concerns led Layer 7 to develop SecureSpan Gateway, Virtual Edition. Packaged as a virtual appliance, this version of SecureSpan provides a global dashboard that drills down to the operational characteristics of highly distributed services. It monitors the performance of both services and cloud service providers and provides access controls between cloud-based services and enterprise-based assets.
"Governance is really strong right now and for a couple of reasons," said Ronald Schmelzer, sr. analyst and managing partner at ZapThink. "Companies are realizing that building services and putting them up there just won't work. You want the services to be used and you want the main benefit of SOA, and that is reuse. But the flipside is, they may use these services in ways not anticipated."
Schmelzer said Layer 7 has historically done a good job with policy definition and policy management.
Regarding SOA in the cloud, Schmelzer said he sees promising signs. Companies now are looking at SOA and realizing they may need to improve their architectures. "It looks like the trend is moving to an architectural focus," said Schmelzer, "rather than IT managers just saying, 'oh let's just go buy another ESB.'"