The term “service” is bandied about a great deal in the development and IT world these days, but it has a few different meanings that can confuse people when discussing services.

A service, according to Forrester Research analyst Randy Heffner, can refer to either an architectural interface or a software product offered in an on-demand environment, such as or Amazon’s EC2 cloud service system. Further, cloud services, such as IaaS or SaaS, are not the same as services in a service-oriented architecture, although SOA services can be hosted in the cloud, he explained.

SOA is a callable software interface, Heffner said. A service-oriented architecture is made up of SOAP, REST and Web-based protocols that allow database operations to communicate with one another.

An example, he said, is a confirmation that a particular document has printed on a different machine or in a different office. These protocols are then hosted in a Java or a Microsoft environment, depending on what language a company’s database servers are built on.

Now, with the advent of cloud computing, SOA systems can also be hosted on these. Heffner said that the cloud is an extension of SOA deployment, not a replacement of the architectural environment. SOAP and REST protocols can now be deployed to cloud systems, such as Amazon or, in order to expose assets to business partners or others.

SOA is still a big deal
In a March 2011 Forrester survey, “SOA Adoption in 2010: Still Important, Still Strong,” Heffner found that “SOA still has strong penetration and high satisfaction rates.” He added that even though more focus is devoted to “cloud computing, mobile applications and social networking, enterprise interest in SOA-related products remains significant.”

Heffner said in his report that SOA penetration among Global 2000 enterprise companies runs at 82%, and satisfaction with SOA architectural principles is at 77% for enterprise customers and 81% for small and medium-sized businesses. He also found that utilities, telecom, finance and insurance have the highest rate of use of SOA, with a strong majority in other sectors as well.

Vendors agreed that SOA fulfills the needs of companies in these verticals, particularly as these companies dive into mobile applications and cloud computing.

Jason Bloomberg, managing partner of ZapThink, an XML industry analyst group, said that service-oriented capabilities allow for database calls to be exposed for better flexibility, with the ability to mix and match.

“SOA is an architectural approach for organizing heterogeneous systems,” he said. And it is simply how enterprise IT is done in software development companies. SOA is broadly adopted and relatively well understood. It complements cloud computing, and allows [architects] to expose capabilities and put them in the cloud, Bloomberg said.

Heffner added that cloud capabilities should be thought of as a deployment environment for SOA systems already created in companies.

Nexaweb, a provider of tools for creating SOAs and migration tools, believes deploying the SOAP and REST protocols in the cloud, not necessarily the in architecture itself, is the way of the future.

“SOA is a decoupling of the user interface from the business logic,” said Robert Gagne, vice president of engineering at Nexaweb. “Before SOA, it was tightly integrated. Now it is looser, allowing for faster services.”

But Gagne and Heffner caution SOA adopters about deploying their SOA interfaces in the cloud for several reasons, the most important being security.

“There is an IP risk. You’re putting your intellectual property out in the public infrastructure; there are compliance issues, especially with federally regulated companies; and there are control issues related to SLAs [how one controls the availability of the applications provisioned as services],” Gagne said.

Hub Vandervoort, CTO of enterprise infrastructure at Progress Software, said that SOA is still evolving, due to the new needs that arise with new technologies.

“SOA is the base for cloud,” he said, adding that any advanced technologies, including cloud hosted services, all require SOA-like principles in order to be accomplished.

“In the early days, SOA was about Web services. Now it’s about data integration and policy management; how to scale, how to secure,” Vandervoort said.

According to him, Progress’ responsive business integration (RBI) suite, which includes Sonic (the enterprise service bus), Actional (for governance) and DataXtend Semantic Integrator (for data), takes the SOA discussion beyond services.

Intelligent business operations also need SOA to evolve and are driving changes, he added. He cited design features and runtimes, and how long a Web application takes to load as examples.

A long road traveled
Software AG, another SOA provider, believes SOA is fundamentally different from when the concept was first adopted 10 years ago, according to Jignesh Shah, vice president of business infrastructure products and solutions.

He said that the adoption of SOA, now that it is mature, is seen most in different industries. He agrees with Forrester and added that the industries adopting the architecture rapidly today are telecommunications, government, financial services and healthcare companies.

SOA adoption is still a large part of TIBCO’s business as well, according to Rourke McNamara, senior director of Global Product Marketing at TIBCO.

“SOA helps customers build applications that leverage different components that already exist in their company,” he said. “It builds solutions that pull data from a bunch of different systems. SOA has gone from being a hyped term to something that everyone has to do.

“SOA and OSGi [a Java component specification] are extremely important for building composite applications.” He added that, eventually, SOA managers will be general SOA managers instead of versed on only one type of SOA architecture, like TIBCO SOA.

The future, McNamara said, is in governance and integration with standards. Governance of SOA, he said, is getting difficult as the amount of service protocols and applications built continue to grow.

“Security encryption is part of governance,” said McNamara. “As people see the number of services explode, it becomes difficult to manage [in one IT department]. The evolution is also toward maturity; to be able to work in your environment [your SOA system] out of the box.”

Todd Biske, author of the book “SOA Governance” and a software architect, said governance is the key to being successful in SOA.

“The challenge is that people think you can just build service protocols and [the architecture] will work, but some organizations’ structures may not be setup in a way that facilitates sharing,” he said.

How governance works
SOA governance is divided into two types, according to Biske. Governance, in general, is about “setting up a structure that controls all efforts of the SOA, what services will be used, and who in the company will use them,” Biske said. He added this type of SOA governance is design-time, not runtime.

“Runtime governance is more about management to ensure that [protocols] are running properly when you don’t have full visibility of the whole solution,” Biske said. He added that companies have not adopted governance policies fully, mainly because it’s not as long-term in a project-based structure, he said.

In a project-based culture, Biske said, once the project is finished, maintenance on it is handed off to another employee. In a protocol-based structure, maintenance is more of a team effort as many components need to work in order for each individual service to provide the proper end-user response.

He said that there are a variety of tools to do automated governance, although he is not a proponent of automated governance.

“There are tools to do automated enforcement, but to me that is a small part of the challenge of SOA governance,” Biske said. He said the bigger challenge is making the decisions within the company as to what systems will be made into services, who will monitor them, and how access will be granted.

Both design-time and runtime governance fall under the category of SOA governance, but he said that it is easier to have the automated tools take care of granting access and checking security protocols than to have them making real-time policy decisions.

The manual decisions of governance include how the architecture should be structured, what calls to databases should be made into services, and how to monitor access to those calls for internal staff.

IBM, Oracle, WSO2 and a variety of other companies provide software products to manage SOA protocols.

“SOA Governance—and in fact any structured IT governance—is still very patchy,” said Paul Fremantle, CTO and cofounder of WSO2.

“Some companies have excellent governance: a clear idea of which [protocols] are being used, who is using them, how available they are, a clear idea of who the owner is, and clear data definitions with plenty of reuse. But many companies have no clear view of which services are available, how reliable they are, or who runs them. Understanding the life cycle and dependencies between these services is also vital.”

WSO2 offers a governance registry, which is an “approach to cataloging and managing [protocols], data definitions and authorization policies,” Fremantle said. The company offers consulting services and software to help companies without in-house governance resources. And finally, he said, WSO2 helps clients build their governance solutions, with activity monitoring, security governance and runtime policy enforcement.

Fremantle also believes that SOA being used in cloud technologies is a growing trend.

“Yes, we are seeing a lot [of deployment of SOA] in the cloud,” he said. “The way I see it is that SOA introduced the idea of loose coupling between applications: Cloud introduces loose coupling in an orthogonal dimension, between the applications/services and the underlying hardware. Together, this is an incredibly powerful mixture.”

He added that SOA is now “business as usual for many companies. SOA is past many of the hurdles of uptake and is being used by all sizes of companies, ranging from companies with just a handful of IT staff to major enterprises.”

Fremantle said, though, that there will be changes in SOA and governance in the future.

“Firstly, we are seeing governance much more integrated into systems, making it simpler to introduce governance,” he said. “Secondly, we are seeing automated governance spread; more and more systems are becoming policy driven, whether it’s the definition of SOA service-level agreements, authorization policies or cloud deployment models.”