Welcome!

Internet of Things, Smart Cities and API Security

Mamoon Yunus

Subscribe to Mamoon Yunus: eMailAlertsEmail Alerts
Get Mamoon Yunus via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Virtualization Magazine, Cloudonomics Journal, Intel XML, XML Magazine, SaaS Journal, Enterprise IT: Moving CapEx to OpEx , SOA Best Practices Digest, Government Cloud Computing, SOA in the Cloud Expo, IT Strategy, IT as a Service, CIO/CTO Update, SOA Testing

Blog Feed Post

The Guillotine Effect of Cloud Computing

Try asking your SaaS partner to put an agent in their container - good luck!

David Linthicum wrote an intriguing article titled "Cloud Computing will kill these three technologies" in which he writes obituaries for:

i) Design-Time Governance ii) Older and Smaller Clouds and iii) Tier 2 Enterprise Software Providers.

Of these predictions, the one that resonates most is design-time governance.

Design-Time Service Governance:  I am particularly happy to see this category listed on the chopping block (from David's perspective) and here is why.

Over the last decade or so, we have seen significant run-time SOA Governance deployments at the edge of an enterprise used for interacting with SaaS platforms using SOAP, XML or REST.  We have seen customers choose not use glorified UDDI registries. Instead, they have focused on using the SOA/Cloud/XML Governance Gateway as the system of truth for services produced and consumed (import and export WSDLs).

The Gateways serve as the catalog of services aggregated for centralize control at design-time.  Based on consumer credentials, access to only authorized services is provided to the consumer.

David is spot on in stating: "Many of the existing runtime SOA governance players support enough design and implementation capabilities that separate design-time tools are not required."  The burden of design-time SOA Governance has entirely been taken over by XML Gateways including service generation and consumption, service cataloguing, service virtualization, and most importantly, service monitoring.

Gateways are, by nature, non-intrusive and agent-less, whereas classic service monitoring companies are historically rooted in agent-based monitoring with weak gateway products, if any.  Such agent-based solutions are unlikely to work in highly distributed environments typical of cloud computing.  Try asking your SaaS partner to put an agent in their container -- good luck!

The writing is on the wall, so I quote David here directly:

Cloud computing is simply accelerating the focus on the requirement for runtime SOA governance, and sooner or later design time will fall by the wayside.

For additional technologies that face a not-so-fun-filled future, see David's ominous article: "Cloud Computing will kill these three technologies."

More Stories By Mamoon Yunus

Mamoon Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of Forum Systems, he pioneered XML Security Gateways & Firewalls and was granted a patent for XML Gateway Appliances. He has spearheaded Forum's direction and strategy for eight generations of award-winning XML Security products. Prior to Forum Systems, Yunus was a Global Systems Engineer for webMethods (NASD: WEBM) where he developed XML-based business integration and architecture plans for Global 2000 companies such as GE, Pepsi, Siemens, and Mass Mutual. He has held various high-level executive positions at Informix (acquired by IBM) and Cambridge Technology Group.

He holds two Graduate Degrees in Engineering from MIT and a BSME from Georgia Institute of Technology. InfoWorld recognized Yunus as one of four "Up and coming CTOs to watch in 2004." He is a sought-after speaker at industry conferences such as RSA, Gartner, Web Services Edge, CSI, Network Interop, and Microsoft TechEd. Yunus has the distinction of showcasing Forum Systems' entrepreneurial leadership as a case study at the MIT Sloan School of Management. He has also been featured on CNBC as Terry Bradshaw's "Pick of the Week."

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
Skip Snow 12/31/09 11:19:00 AM EST

Mamoon:

Happy new years, and greetings to your family. Great thoughts. In general I agree that not only should runtime governance, in terms of access rights, data filters, and breach notificatoins, as well as metering, should be external to the application tier.

The question of agents, and platforms is an interesting one. At an infrastructure level, in terms of storage management, federated resource management, and data life cycle management, it might be impossible to eliminate agents.

Optimally, a low level management service, could do anything that the OS could do, and thus every device, or virtual devise, would supply a standards based, secure API to do things like take snapshots of files, map file changes to storage policy, expose throttling mechanisms for each process running on a system, etc, but we are a long way from there.

Thus, at an infrastructure level I think we are stuck with agents for a while. On the other hand, on the wire there is no need for an agent.

I would love to chat with you about this, if you want to have a conversation ping me. I might just ping you in the mean time anyway.