| | | RssFeeds
 
Get NetworkComputing Connect Search   Search Search
 
NWC Print
Aug 2008
Beyond Headlines
Buzzcut
Editorial
Cover Story
On the Record
Inshort
In-Depth
Down to Business
Techmall
Last Mile
Archieve
 

Cover Story

 

 Mashed Up (Or Half-Baked?)

 

Enterprise mashups could be the next big movement in SOA innovation—or a recipe for disaster

 By Andy Dornan

 

Everyone talks about aligning IT with business goals, but alignment is usually as far as it goes. IT and line of business remain largely separate, even if their aims are in sync. Promoters of enterprise mashups want to bring these camps closer, erasing some divisions by empowering otherwise non-technical staff to develop their own applications. 


But many IT pros are wary, and with good reason. Mashups continue the trend of innovation being led by consumers, not business. Google Gadgets, Yahoo Pipes, and countless other sites have turned the Web into an open platform. Millions of amateur developers are mixing Web services into new applications far more quickly than can be done within a service-oriented architecture, the closest enterprise equivalent.

But unlike previous consumer fads that infiltrated the enterprise, mashups represent more than just a security threat, a way to increase employee satisfaction, and/or a chance to get technology on the cheap. Staffers who embrace mashup sites and tools represent a rich, untapped source of business innovation. 

Not every IT department wants to empower its employees to that extent, of course. In our online reader poll for this article, fewer than half of respondents say they’re considering letting non-IT staff build applications. But don’t  dismiss the technology out of hand: Even in environments where every desktop is locked down, mashups can still add value. By integrating different applications or data sources into a single front end, they can boost productivity, simplify workflows, and let enterprise applications benefit from Web services on the public Internet.

As for who exactly will build mashups, remember that as with IM, this technology was brought into the workplace by people who’ve never known a world without the Internet, think e-mail is outdated, and prefer RSS or widgets over Web sites. For now, the number of employees likely to construct complex mashups is limited. APIs require knowledge of JavaScript, and even tools vendors that want to make programming skills unnecessary aren’t targeting everyone. 

To build really useful mashups, users must understand the underlying business process. Serena Software, for example, is aiming for people who use business process management software or write Excel macros.

The first Web mashups used  Google Maps, and Google’s Ajax API is still a favorite of many sites. Microsoft and Yahoo now have similar services, with Yahoo presenting a Flash-based option. 

In the enterprise, network management applications have begun letting IT overlay data on a map. Wireless mesh vendor Tropos Networks, for example, imports Google Maps data into its browser-based management console, giving network admins a real-time view of every radio node’s coverage and activity. Tracking of individual users and client devices is planned for a future release. Competitors SkyPilot and Strix Systems use Google’s Earth application to do much the same thing outside a browser.

And general search is considered even more useful in the enterprise. More than half of all survey respondents who are building mashups have incorporated access to Google search. The likely reason for Google’s popularity? Its relatively simple API, which lets developers incorporate the engine with just a few lines of code. For example, a Web page or an app that displays a list of sales prospects could automatically search the Web for more information on a person or company, either whenever the page is viewed, or with a single click. It would be easy to provide this feature manually, of course, but a mashup avoids cutting, pasting and switching among browser windows, all of which can be a big productivity drain over time.

Integration with business partners’ systems is less mature, though the package-shipping industry is a clear leader in offering mashable APIs. More than a quarter of poll respondents have built mashups using FedEx’s service, with slightly fewer turning to UPS. Both shippers offer Web services that access their internal billing and package-tracking applications. 

Services from e-commerce sites like Amazon.com and eBay are popular among small businesses, but a niche in the enterprise. Some enterprise mashups do integrate with AOL, thanks to its XML API that can return an IM user’s presence status.

But mashing up services from the public Internet is only half the story—and one where enterprises are always likely to lag behind mashup sites that are actually on the Internet. 


SOA’s ‘Last Mile’
For large companies, the greatest value often comes from integrating internal enterprise apps, a daunting task. Whereas most public Web sites have APIs that allow access through XML or JavaScript, enterprise applications must be service-enabled one by one. There are also security and admission-control issues whenever an internal application is making data easier to retrieve, even if only for within the enterprise.

This is where SOA comes in. Specialized enterprise mashup vendors have been joined by a growing number of larger SOA players, most of whom see mashups as the ‘last mile’ of SOA, a way to make the architecture accessible to end users. Whereas the Web services in SOA are usually designed for servers communicating with one another, mashups almost always involve client machines too.

All this extending is causing some growing pains. Most SOA suites are designed to use SOAP, support for which isn’t built into most Web browsers or client-side run-times like Java and Flash. Mashups on the public Internet tend to use RSS for data, with custom formats for more complex APIs, usually developed on an ad hoc basis by Web service providers.

SOA’s focus on servers also ignores files stored on desktops, largely because the IT departments that build SOA applications often aren’t in a position to understand or interpret data within an accounting spreadsheet or a sales presentation. Many mashup vendors, on the other hand, see these files as rich sources of mashable data—end users tend to service-enable files they know are important, by adding Ajax or XML APIs so the data is accessible through a Web service. Newly service-enabled files can then be shared with other users, saving the corporate e-mail server from choking on large attachments without turning to SharePoint-style collaboration software.

The result of service-enabling files and the need to manage the resulting Web services can be a SOA-like system based on RSS instead of SOAP. Attensa, Serendipity Software, and /n Software all sell products, roughly equivalent to the enterprise service bus in SOA, aimed at creating, routing and managing behind-the-scenes RSS feeds rather than building front-end mashups. The ability to turn files into feeds is also included in some mashup suites, notably those from IBM and Kapow Technologies, while Denodo Technologies’ data mashup suite competes head on with ESBs, offering service-enablement for databases and legacy servers.

Most RSS service-enablement tools also can create feeds based on screen scraping, letting mashups use data from Web sites that don’t offer their own feeds or Web services APIs. This can be a convenient way to service-enable intranets, but beware of copyright issues with third-party Web sites. This also highlights a risk with mashups in general: any change to the site’s format can affect the RSS feed and perhaps break applications that rely on it.

Changes can be a problem even with intranet sites or internal apps because mashups almost always involve using a service or application for something that it wasn’t designed to do. That’s generally a good thing—it’s almost the definition of innovation—but it also means that upgrades can lead to incompatibilities, particularly if a mashup comes to depend on ‘bugs’ in the underlying service.

The only way to avoid this is good old-fashioned quality assurance. Ensure that services are exposed through carefully crafted and rigorously tested APIs; this is part of the motivation behind SOAP and the WS-* stack. Unfortunately, testing slows development, which is why SOA often looks—and is—stodgy and bureaucratic compared with mashups and Web 2.0. There’s always a trade-off. 


Self-Service IT
There are three main types of mashups: presentation, data, and logic. Presentation mashups are the simplest; Web portals are a good example. Data mashups gather information from multiple sources and aggregate it for easy comparison, while logic mashups, generally the most complex, involve programming to connect two or more applications. (See more on mashups at nwc.com/go/mashbasics.)

Low barriers to entry mean that specialized enterprise mashup products aren’t required. A mashup can be hosted on any Web server and developed with the same tools as any other Web-based app. This is what most respondents to our poll are doing. The most popular platform is Microsoft’s ASP .Net, with Adobe’s Flex, Google’s free Web toolkit, and the open source Ajax framework Ruby on Rails also ranking high. Other alternatives include Curl and Nexaweb’s framework, which can combine Java, Flash and Ajax.

Still, dedicated mashup platforms have several advantages, especially for enterprises that embrace the concept of users as developers. Their main value is in ease of use and security: non-IT people need a platform that closely resembles familiar Web sites or Office applications, while IT needs a way to track mashups or their component Web services to prevent data leakage. Centralized management can also encourage re-use.

Enterprise mashup vendors Coghead, JackBe, and Kapow all offer drag-and-drop development environments aimed at business staff. Coghead and JackBe aim at all three mashup types, from the simplest presentation-based portals to full applications that include business logic. Kapow is the enterprise version of data mashup Web site Dapper and features a large number of pre-built, open source mashups at its OpenKapow Web site.
Larger players BEA, IBM and Oracle arrived in the market later, and BEA’s AquaLogic Pages/Ensemble is the only product officially shipping now. IBM’s Mashup Hub and Oracle’s WebCenter Composer are both due before year’s end. All emphasize centralized management and integration with other SOA tools, with IBM looking to link up much of its other software, including Lotus Domino.

BEA is focused on presentation mashups from pre-built widgets or Web URLs, all of which can be centrally tracked for security compliance. Oracle’s WebCenter, the most ambitious of the three, will let users edit JSF (Java Server Faces) files directly. Each user’s changes are stored separately, ensuring that no one can damage the underlying application. Microsoft also has a mashup tool in beta, Popfly, aimed at both Internet and enterprise use.

For organizations that don’t want to maintain mashup servers, several vendors offer hosted mashup services. Salesforce.com has an early lead in this area, thanks in part to its history as a software-as-a-service provider, and in part to its role in setting up AppExchange, an online marketplace where other SaaS vendors’ technologies can be integrated with its own. Launched in January 2006, AppExchange now includes more than 300 apps from 200 vendors ranging from small independent software developers to large tech companies. As you’d expect, given Salesforce’s CRM roots, many of the services available through AppExchange relate to sales and lead management, but the site also offers diverse business apps aimed at everything from accounting to project management to office suites.

AppExchange does highlight the security and privacy issues inherent in hosted mashups, which in some cases require sharing internal data with multiple service providers. Although many customers trust Salesforce with their most sensitive data, other providers on AppExchange are less well-known. The more hosted applications data is exposed to, the greater the risk that it will leak out.

Internally hosted mashups don’t pose as much of a threat, though as with search engine queries, they can still reveal private information to snoopers. For example, calls to a mapping API can disclose customer addresses to the map service provider. Even worse, if a link isn’t encrypted, data can be sniffed by anyone as it traverses the Internet. And encryption isn't always available. While most account-based services support SSL, many free Web service APIs from public sites don't because they don’t need to authenticate users.


Power To the People
While most apps on AppExchange are created by SaaS providers and vendors, other sites explicitly target end users as developers. Salesforce competitor LongJump, for example, is working on a hosted platform, still in closed beta, aimed at empowering non-developers to build applications. Like Microsoft’s Popfly, LongJump isn’t aimed just at intranets: Apps hosted on its platform can be shared publicly or offered for sale.

Serena Software has gone further than most SaaS vendors, aiming to compete with Coghead, IBM and Kapow. Its Vail service is intended to fully integrate with an enterprise’s own SOA or other Web services, connecting to them through secure links. Serena also offers a freely downloadable mashup development environment aimed at end users.

Using outsourced software to integrate internally hosted servers may seem unnecessary, but Serena argues that hosted services eventually will replace most internal servers. Whether or not you buy that, SOA and mashups definitely make it easier to mix hosted services with internal apps, so outsourcing the mashup server itself will make sense for some organizations.

Mashups can also be created without any server or service at all—although their roots on the Internet mean that most mashups are Web-based, there’s no reason they have to be. For example, OpenSpan offers a mashup tool that runs locally on Windows PCs, meaning it can interface directly with native Windows applications. Instead of converting files to RSS feeds, it monitors how applications interact with Windows APIs and can also intercept them, giving it complete control of an application’s user interface, I/O, and use of shared system resources.


Get Ready
Before opening the door to mashup technologies, you need to make several important decisions, over and above the question of who’ll develop applications.

  • IT needs to determine which data sources will be approved for mashing. Public Web sites and APIs like Google Maps are obvious picks, but the real value in an enterprise could come from combining these with intranet and extranet Web services.

  • Next, where will the mashing up happen? Though mashups are associated with browser-based applications, enterprises with SOAs have the option of server-based tools or desktop-centric integration software.

  • If you go with browser-based mashups, decide whether to host the new applications on an existing Web server, buy one of the new dedicated mashup platforms, or farm out the whole thing. 

  • Finally, there are a huge number of development platforms and tools, many of them free. Ajax’s widespread browser compatibility makes it the obvious choice for most Internet apps, but this isn’t an issue for intranet developers who can control their client’s platform.  
Print this Page   E-mail this Page
RATE THIS ARTICLE
 Worse   Better 
Comment:*
First Name:*
Last Name:*
Company:
City:*
E-mail:*
Verification Code:*

Type the characters you see in the picture above.
 
  Reset

Comments >>
1
No Comments to display

Disclaimer >>
Messages posted on this Web site under the `Comments' area are solely the opinions of those who have posted them and do not necessarily reflect the opinions of UBM India Pvt. Ltd.(CMP) or its site www.networkcomputing.in . Gossip, mud slinging and malicious attacks on individuals and organizations are strictly prohibited. UBM India Pvt.Ltd .(CMP) and www.networkcomputing.in can not be held responsible for errors or omissions in content, nor for the authenticity of the user/company name or email addresses associated with posted messages. UBM India Pvt.Ltd. (CMP) reserves the right to edit or remove messages containing inappropriate language or any other material that could be construed as libelous, potentially libelous, or otherwise offensive or inappropriate. UBM India Pvt.Ltd.(CMP) and www.networkcomputing.in do not endorse the products and services or any other offerings mentioned in these messages.
 
 CIO Perspectives >>

“User is the King. Ultimately it is the user who will come back and inform whether a technology is benefiting the company or not.”

Shirish Gariba, CIO, Elbee Express

 

More: CIO Perspectives >>


 FEATURED STORIES >>

Largest Core Banking Rollout in Indian Co-operative Banking Sector

Punjab State Co-op Bank has selected Flexcube, Oracle Database and Oracle Financial Services OnDemand to replace manual processes and enhance efficiency by maintaining customer intimacy  created over the years

 

What Linux Will Look Like In 2012

Our open source expert foresees the future of Linux: By 2012 the OS will have matured into three basic usage models. Web-based apps rule, virtualization is a breeze, and command-line hacking for basic system configuration is a thing of the past

 

Icahn Would Sell Yahoo's Search Business to Microsoft for $1 Billion

Under Icahn's plan, Microsoft also would pay billions of dollars to become the exclusive search provider on all Yahoo sites for a term of 5 years

CAST YOUR VOTE>>
Has the security risk to your organization increased in the past one year?



View Polls Archive
ADVERTISEMENTS >>
 
News | Server & Storage | Network Infrastructure | Information Security | Enterprise Applications | Connectivity & Convergence | Whitepaper | Management
International Partners: Germany
Media Kits | Reprints | Privacy Statement | California Privacy Rights | Copyright © 2007 CMP Media LLC | Terms of Service
Content Management System By AdwebTech | Search Engine Optimization By AdwebTech & eBrandz | Web Hosting By AdwebTech & Hostway
Powered By: ssCMS 2.2.0.0