Note: This is the second post in my Freedom within a Framework series, which is about enabling the coexistence of enterprise and opportunistic applications. You can read the introductory post here.

As I stated in my introductory post, I believe that it is possible to achieve a balance between the need for stability in enterprise applications, and the need for quick and agile innovation in opportunistic applications. They key to this balance lies is in determining where the domain of control for IT can safely transition into a environment of open access to information. This is a “line of demarcation” that allows for a clean separation of certain types of applications. The best way to picture this concept is to imagine a line on an X-axis, with control of technology at the left side, and anarchy at the right. “Command and Control IT” typically lives as close to the left as is possible, while the world of “consumer-driven IT” lives quite far to the right. There are opposed to be sure, but it is possible for IT to reconcile these differences and foster both sides by creating a shared understanding around which classes applications should be enterprise-class and which can and should be treated as opportunistic.

Another way to visualize this concept is with the “Long Tail,” which is depicted in Figure 1 below. The “Long Tail” was a term coined by Chris Anderson in Wired Magazine to describe how the business models of companies like Amazon or Netflix enables them to profitably offer a wider range of goods and services than traditional organizations. The concept (also referred to as a heavy-tail or Pareto distribution) is a well-known statistical occurrence where a high-frequency population (depicted by the region in green below) is followed by a very long low-frequency population that gradually diminishes in area (or “tails off”). In many cases, the long tail portion of the graph, colored in yellow below, can actually represent the majority of the area under the line in the graph, even though the frequency is lower along that portion of the line than it is in the green area.

Figure 1 - The Long Tail

When applied to Amazon and Netflix, this concept is used to illustrate that organizations with powerful distribution channels can make just as much or more selling ten copies each of 10,000 obscure books as they could selling 100,000 copies of one best-selling book. The application to many organizations is just as powerful when information is the product. Assume for a moment that the green portion of the graph represents enterprise-class applications with a large internal user base and the “long tail” or yellow portion represents opportunistic applications with a much smaller number of users. This is depicted in figure 2 below.

Figure 2 - The Long Tail for Applications

In this scenario, the “long tail” theory argues that an organization could serve more users with several hundred opportunistic applications than it does with a small number of enterprise-class applications, but at a much lower cost. Thus, a “long tail” model can enable an information-driven organization to serve its customer base effectively without greatly increasing the cost of software delivery. Such a model does so by enabling the kinds of opportunistic development which most IT organizations would likely never have the bandwidth or justification to pursue because they are applications which are tactical in nature and which may only serve a small number of users.

While a “Long Tail” mindset enables us to create a clear line of demarcation, simply classifying one type of application or information set as enterprise and another as opportunistic isn’t enough. It is entirely possible for IT to pursue this demarcation with good intentions, and then stifle innovation by requiring that all applications, including opportunistic ones, be developed using only one type of platform or programming language. Thus, another key to creating “Freedom within a Framework” is that IT must give up as much control as is possible, while at the same time recognizing the assets and information over which the enterprise should retain control. In my next post, I’ll discuss the concept of an IFaP architecture which, I believe, provides a powerful architecture for enabling open innovation while, at the same time, providing IT with a framework to manage its information assets.

For the past several weeks, we’ve been working on creating a viewpoint of our future-state architecture that enables a greater degree of low-hurdle innovation with technology than we currently enable. The goal is to enable anyone across the globe, inside of the organization or out, to make use of public information we provide to create applications of value, even if that value is only seen by a single individual. Call it Web 2.0; Call it Enterprise 2.0. Call it what you will. We’re calling it either Freedom within a Framework or the Framework for Rapid and Empowering Development (FRED) depending on to whom we’re currently pitching the idea. The latter is our EA marketing savvy at work…

The idea is simple: We want to create an environment when enterprise applications can be created and managed in an enterprise way, and opportunistic applications (i.e. ad-hoc process applications and mashups) can be created freely and with little to no involvement from the IT organization. IT does what it does best, but explicitly steps back from “owning” all information and technology in an organization. From concept to implementation, I believe that one way to foster such an environment is to allow the world of WS-* and the world of REST to co-exist within the enterprise. Rather than an either/or decision, we want enable and encourage both styles for certain types of situations.

The culmination of our work around this idea was a paper published internally at the end of November, along with a demo that provides an example RESTful interface (which depends on our existing SOA) and a couple of applications which consume information presented by those interfaces.

Over the next few weeks, I plan to post excerpts from this paper and some of the meat from the demos. My intent in doing so is twofold:

1) To posit an alternative to the REST vs. WS-* debate. I am certainly not the first to argue for cohabitation of these styles. I only wish to add my voice and provide another perspective.

2) To obtain feedback from Enterprise and SOA Architects who have either already considered, are considering, or have implemented a similar design. I’d love to hear feedback in the coming weeks from anyone wanting to way in on any of the topics below.

I’ll publish the first post tomorrow, and the subsequent ones every couple of days after that. Here are the topics I plan to post about, in order:

• Embracing the Long Tail
• IFaPs: Enabling the Long Tail and Protecting the Enterprise
• REST: The Entry Point for Innovation
• Benefits of a RESTful Interface
• REST and Security
• A Demo RESTful Interface
• Demo Opportunistic Applications

As I add posts, I’ll return to this post and add the hyperlinks.

Looking forward to the discussion!

I’m sitting in a session at the Gartner EA Summit entitled “Security Architecture Best Practices.” I’ll be the first to admit that I don’t pay enough attention to the Security side of Enterprise Architecture, which is why I am in this session and plan on attending another complementary session tomorrow. I am surprised to see that, though there are 600 people at this portion of the Summit, there are only about 50 people in this room. So is EA really that far behind the curve in getting on board with Security? What are we all doing beyond adding a vertical “Security” bar to our models? Not much, in my case, but I am feeling that that ought to change, especially in light of some things I am starting to work on which I will blog more about in the coming weeks.

I know that James McGovern cares about security. In fact, he has stated before that he sees it as a form of competitive advantage, which, if true, explains why there are only 50 people in this room. I would expect that to grow year by year.

As for the session itself, so far so good. One salient point that I’ve heard Gartner preach before, but am now seeing tied to the Security space is that the “Consumerization of IT” should lead us to drive our Security Architecture and Design to enable choice and distributable trust. Personally, I feel that lock down security, the knee-jerk of most Enterprises, is an over-engineering step that will leave us inflexible and closed off from a younger generation of employees and consumers. Thus, I’m glad to see that backed up with some analysis from Gartner.

I’m glad to see Gartner offering sessions such as this in to an EA audience. My advice to them is to continue to offer sessions like this, even if the attendance from this year’s summit doesn’t suggest that there is an interest. Those numbers will grow.

The Microsoft Architecture Journal has been one of my favorite print periodicals lately. The articles are top-notch, relevant and very well-written. If you don’t have a subscription, I would highly recommend it, even if you’re not in an MS shop. Yes, there is a Microsoft bent, but there are also some gems that, I feel, have been universally relevant.

I noticed in Simon Guest’s blog this morning, that Microsoft has released an Architecture Journal Reader that provides digital access to all thirteen issues of the journal, with search, favorites, annotation, etc. I’ve already downloaded it and It will be nice to have all of that information closer at hand. You can download a beta of the reader here, and go check out Simon’s post here.

…and I’ll charge you an arm and a leg to make it better. Looks like IBM is starting up a dysfunctional SOA practice. Not surprising really. Consider this quote: “Some organizations may not be happy with their service oriented architectures (SOAs). They may have “unhealthy” SOAs as a consequence of partnering with inexperienced system integrators. They may have proprietary SOA technology in the mix, and it may be difficult to scale operations.”

They will probably make a killing since no one agrees on what SOA really means and all IBM has to do is figure out what you think it is, then convince a few key executives that that’s the wrong idea, thus rendering them instantly unhappy. It was bad enough when selling the buzzword ruled the day, but selling the band-aid will be worse, I fear. This, my friends, is why we never should have let our executives hear “SOA” in the first place. 

Here’s a question: what happens if an organization worked with IBM as their Systems integrator in the first place and is now unhappy with what they got? Would IBM ride in to rescue that organization too? <unrealistic>Maybe for the sake of good-will and a case-study, they’d do it for free.</unrealistic> I wonder how IBM would sell that engagement? Probably by blaming your internal management.

I can’t help but think that this is a case of selling me poison, then following that up by telling me I have a deadly poison in my system and that you just so happen to have the antidote. Not that I am calling SOA poison in any way. Conceptually, it’s just the opposite.

Maybe I’m overreacting or being too negative here. Any one care to chime in with excitement about this announcement?

From December 3-7, Gartner will be holding two back-to-back summits on Application Architecture, Development and Integration and Enterprise Architecture at the Rio in Last Vegas. It looks to be a informative week with some valuable sessions and insight. Todd Biske will be there in two panel discussions and I am looking forward to both of those, along with a number of others currently on the agenda.

Aside from the sessions, I’ve found that I gain the most value from these events when I have a chance to interact with other attendees. Are any other folks reading this planning to attend? If so, drop me a line in the comment section or via email at bsatrom at gmail dot com and we can try to connect during the week. I am always looking to gain the perspective of others in the opportunities and challenges that my EA group faces, as well as hear about the exciting and innovative things that other enterprises are doing. Hope to see you there!

Last week, Jean-Jacques Dubray published an article on InfoQ regarding Microsoft’s recent announcement of Oslo, a strategy designed to “…take composite applications to the mainstream.” Rather than revolving around a single product, Oslo sets strategic direction for Visual Studio, BizTalk, the .Net Framework, Microsoft System Center and a new product called BizTalk Services. On a side note: Arnon Rotem-Gal-Oz hopes that this final project’s association with BizTalk is more about branding than actual product similarity, a sentiment I share.

After posting this article, Jean-Jacques sent me an email and asked me to share some of my thoughts on Olso for a follow-up article to be published at InfoQ. I sent my thoughts along on Friday, but thought that I would post them here as well.

When we developed a long-term strategy for Composite Applications at my organization, it was obvious that while Microsoft technologies would have a major role to play in many areas of our future-state architecture, there were several vital pieces missing in the Microsoft stack that we would likely need to find elsewhere. I’ve always felt that we weren’t alone in that sentiment, and the Oslo announcement suggests that Microsoft is also well aware of the gaps in their current offerings. While products like Dynamics CRM and MOSS 2007 offer composition scenarios which I regularly point to as examples of end-user and/ or business analyst composition, Microsoft has long been missing the technologies to unify these experiences under a common framework. Though missing in the products themselves, the Composite Applications vision is one that I have seen preached by Microsoft Architects and blogger’s like Mike Walker and others who seem to have a good grasp on the long-term potential of composite applications. The good news about the Oslo announcement is that those individuals are no  longer in the minority. With Oslo, I believe Microsoft has unveiled merely the beginning of a unification strategy that enables composite applications. I believe that this bodes well for clients and non-clients of Microsoft alike.

That being said, There are two reasons why I’m a bit skeptical about the Oslo announcement: For starters, I believe that Microsoft’s stated vision for Composite Applications is too narrow. While the Software + Services and SOA visions are needed, I believe that the end goal of any Composite Applications strategy should be to gradually enable composition up the stack toward the end-user. This is done first by providing a SOA which enables true service and process composition, then by extending those principles to developers of customer applications, business analysts and, ultimately, end users. Oslo speaks well to the former, but the latter is auspiciously missing. I actually don’t believe that such a goal is absent in the halls of Microsoft, but I do believe that it hasn’t permeated across the organization and thus, isn’t given a place in the conversation yet.

The second reason I am hesitant to praise Microsoft for the Oslo vision is because their announcement is related to technologies which are anywhere from 1 year to 3 years or more away from release. Most of the tool updates are two releases away. Microsoft is correct when they say in their press releases that 21st century business is moving faster than IT can deliver, but that statement is true today. Organizations need solutions today, not announcements of solutions coming tomorrow. My organization, for example, cannot wait for a repository to manage models, metadata and services (one of the gaps we knew about in our strategy) when our ability to manage all three is already beyond our control. I honestly believe that Microsoft’s vision for Oslo is a good one, but they are just now announcing plans to provide functionality that most organizations already know they need, which puts them at a disadvantage with those organizations. I can see a day in my company where many of the pieces in the Oslo stack make their way into our architecture, but today we need to keep moving. Of course, the good news is that when SOA and composite applications are done right, vendor lock-in is reduced and organizations can focus on delivering for the business today instead of waiting for the remaining puzzle pieces to fall in place tomorrow.

For the past couple of weeks, I have been doing an in-depth look at various mobile communication technologies (SMS, EMS, MMS, etc.) for the purposes of incorporating these technologies into our existing strategies. While the scenarios vary, most of the use-cases driving us to SMS et al. revolve around information delivery in areas where Internet connectivity is problematic, yet cell phones abound. It sounds counter-intuitive maybe, but in many regions (like Africa for example), it’s far easier to put up a cell tower than it is to lay cable of any kind. Thus, mobile technology can be found in many places where land lines and Internet access cannot.

Being the agenda-pusher that I am, I can’t pass up an opportunity to integrate this technology study with work I have already done and am doing. Since my biggest interest right now is in the Composite Applications space, I wanted to use one of the demos in this study to prove out (to some degree) the composition argument I have been making both in this blog and internally. Thus, I created a demo scenario for this study that sends a 1-way, application-originated SMS Text Message through an SMS Gateway (Clickatell in this case) to a mobile subscriber when a particular field on a list in MOSS is changed. Now, this scenario isn’t rocket science, nor is it earth-shattering. What it is, however, is me taking my own medicine. If I’m going to preach the Composite Applications gospel, I’d better try it on for size myself. Here’s how I implemented the scenario:

I started by creating a stand-alone custom activity in Windows Workflow Foundation. The code, with some key details removed, is included below. Note: In order use this yourself, you’ll need access to an SMS Gateway (like Clickatell, which is used here) and access to their HTTP API, if they have one. Not the only way to send a text message, I know, but SS7 Gateways can provide guaranteed message delivery to the subscriber.

using System;
using System.ComponentModel;
using System.IO;
using System.Net;
using System.Text;
using System.Workflow.ComponentModel;
using System.Workflow.ComponentModel.Design;

namespace MyCompany.Workflow.Messaging.Activities
{
    public class SendSMSActivity : Activity
    {
        public static DependencyProperty NumberProperty =
            DependencyProperty.Register(“Number”, typeof(System.String),
            typeof(SendSMSActivity));
        public static DependencyProperty MessageProperty =
            DependencyProperty.Register(“Message”, typeof(System.String),
            typeof(SendSMSActivity));

        [DesignerSerializationVisibilityAttribute
            (DesignerSerializationVisibility.Visible)]
        [BrowsableAttribute(true)]
        [DescriptionAttribute("Destination number of SMS message")]
        [CategoryAttribute("SendSMSActivity Number Property")]
        public string Number
        {
            get
            {
                return ((string)(base.GetValue(SendSMSActivity.NumberProperty)));
            }
            set
            {
                base.SetValue(SendSMSActivity.NumberProperty, value);
            }
        }

        [DesignerSerializationVisibilityAttribute
            (DesignerSerializationVisibility.Visible)]
        [BrowsableAttribute(true)]
        [DescriptionAttribute("Text of SMS message")]
        [CategoryAttribute("SendSMSActivity Message Property")]
        public string Message
        {
            get
            {
                return ((string)(base.GetValue(SendSMSActivity.MessageProperty)));
            }
            set
            {
                base.SetValue(SendSMSActivity.MessageProperty, value);
            }
        }

        protected override ActivityExecutionStatus
            Execute(ActivityExecutionContext context)
        {
            string response;

            try
            {
                // Send the SMS Message
                response = SendSMS(Number, Message);
            }
            catch (Exception e)
            {
                response = e.Message;
            }

            // Raise the PageFinished event back to the host
            messageSentEvent(null, new MessageSentEventArgs(response));

            // Notify the runtime that the activity has finished
            return ActivityExecutionStatus.Closed;
        }

        public delegate void MessageSentEventHandler(object sender,
            MessageSentEventArgs e);

        private event MessageSentEventHandler messageSentEvent;
        public event MessageSentEventHandler MessageSent
        {
            add
            {
                messageSentEvent += value;
            }
            remove
            {
                messageSentEvent -= value;
            }
        }

        public string SendSMS(string number, string text)
        {
            WebClient apiRequest = new WebClient();
            apiRequest.Credentials = CredentialCache.DefaultCredentials;

            //Add a user agent header in case the requested URI contains a query
            apiRequest.Headers.Add(“user-agent”,
            “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 2.0.50727;)”);

            //Add the SMS details to the apiRequest object
            apiRequest.QueryString.Add(“user”, “xxxxx”);
            apiRequest.QueryString.Add(“password”, “xxxxx”);
            apiRequest.QueryString.Add(“api_id”, “xxxxx”);
            apiRequest.QueryString.Add(“to”, number);
            apiRequest.QueryString.Add(“text”, text);

            string baseURI = “http://api.clickatell.com/http/sendmsg”;

            Stream responseStream = apiRequest.OpenRead(baseURI);
            StreamReader reader = new StreamReader(responseStream);
            string responseCode = reader.ReadToEnd();

            //Clean up in-memory objects
            reader.Close();
            responseStream.Close();

            return (responseCode);
        }
    }

    public class MessageSentEventArgs
    {
        private string response;
        public string Response
        {
            get { return response; }
        }

        public MessageSentEventArgs(string response)
        {
            this.response = response;
        }
    }
}

Like I said, nothing earth-shattering. However (and I won’t go into the details of WF here as there are plenty of good resources that do that) the end-result is a stand-alone Workflow Foundation Activity which encapsulates the business logic for distributing an SMS Text Message via our Gateway provider and which can be hosted in any application that provides the WF runtime. This Activity can easily be dropped into a container Sequential or State-Machine Workflow project (as I did when testing this activity on my machine), or it can be deployed to MOSS as a stand-alone activity which can be included in a Workflow built using SharePoint Designer. Two scenarios with different composers, both using the same asset. That’s the vision of Composite Applications. (As an aside, with the recent Oslo announcement, I imagine that we’re not far from a day where that same activity could be also be reused in BizTalk and Microsoft CRM, among others).

So what do those scenarios look like? For the developer adding a custom activity to a WF Workflow, it’s a simple matter of dragging the activity from the Toolbox to the designer, then binding to the DependencyProperties (Number and Message in this case) and creating an event-handler to receive the event raised by the activity (in this case, sendSMSActivity_MessageSent). See the image below for an example:

For an individual slinging SharePoint Designer, the experience is different, but also quite powerful. However, The first step I must take as an activity developer is to deploy said activity to the MOSS server. This requires deploying the Activity assembly to the GAC on the MOSS server, adding said assembly as a safe control in the web.config file, and adding the Activity to the WSS.actions file (or a new .actions file in the same directory, which is probably a better idea), which SharePoint designer uses to load up the list of available workflow actions. All of this can be done via a feature in SharePoint (I know that the first two can and I think that the last can, so feel free to comment if I am incorrect). Here is the code for the WSS.ACTIONS file (Added in the <Actions> section):

<Action Name=“Send an SMS Text Message”
  ClassName=“MyCompany.Workflow.Messaging.Activities.SendSMSActivity”
  Assembly=“MyCompany.Workflow.Messaging.Activities, Version=1.0.0.0,
    Culture=neutral, PublicKeyToken=fe2315b70tbc147c”
  AppliesTo=“all”
  Category=“Messaging Actions“>
  <RuleDesigner Sentence=“Send %1 to number %2“>
    <FieldBind Field=“Message“ Text=“this message“ DesignerType=“TextBox“ Id=“1“/>
    <FieldBind Field=“Number“ Text=“this number“ DesignerType=“TextBox“ Id=“2“/>
  </RuleDesigner>
  <Parameters>
    <Parameter Name=“Number“ Type=“System.String, mscorlib“ Direction=“In“ />
    <Parameter Name=“Message“ Type=“System.String, mscorlib“ Direction=“In“ />
  </Parameters>
</Action>

Once that entry has been added, the activity is ready to be included in an SP Designer workflow. In this example, I bound the workflow to a custom list created in a demo site, set a condition to check the value of a key field, then added the “Send SMS Message” activity and configured its inputs. In this case, the message is constructed from existing information in the list and the destination number is determined by looking up the mobile phone of a user in another list. An image of the Workflow Designer Wizard in SP Designer can be seen below:

If the workflow validates, we’re in business and the activity will run each time a list item is added or updated and the field in question isn’t blank. Here is the Workflows application page, as seen from MOSS itself:

In addition, that activity is now available to include in any workflow where sending an SMS notification is a requirement. You be the judge if this is a blessing or a curse… In either case my hope is that this post illustrates the power of composition. And MOSS is just an example in this case, not the end-all for composition by any means. What important in any composition scenario is a platform and technologies that provide the ability to create reusable assets and then reuse those assets across tiers and containers.

Saw this post from Brady Forest on O’Reilly Radar, which points to the official announcement on the AWS blog. This may not mean as much to many of you who have been using S3 for a while now, but it’s big news for a guy like me because I know better than to bring technologies like S3, EC2 and Mechanical Turk into any serious internal conversation unless I can say “yes” to that SLA question. Looks like AWS is getting ready for prime time. And why not? Most of us have been expecting this for a while now.

I will echo Arthur’s request for more to the SLA, specifically for stats on uptime and availability. I think that all services should provide information like this to be as clear as possible in letting you know what you are getting by consuming said service (and our internal guidelines say as much), but this kind of information is especially vital with services in the cloud. I’m confident that they’ll get there, but in the meantime, I’ll echo that feature request.

On another note, why the heck is O’Reilly charging $149 for a glorified whitepaper on developing applications for Facebook? I use Facebook. I like Facebook. I think there is something to be said about developing applications for it… in certain situations. But could we just take a moment to breathe here before they hype train carries us all away?

• SOA: Sometimes it IS about the technology - Both Nick’s post and Andrew McAfee’s original are worth a read and right on. I think the pearl of wisdom is for all of us to stop advocating one extreme or the other (”x is about technology” vs “x is not”) all the time and start using wisdom, common sense and a willingness to either talk about technology (when the situation calls for it, as Nick describes when one must know which “… goals are realistically achievable given current technology trends”) or leave technology out of the discussion (when the situation calls for us to convey to the business that we truly get their business need and aren’t simply looking for a way to implement the cool new technology).
• Why Microsoft Should Not Support SCA - Bottom line as I read this: Microsoft doesn’t benefit and neither does anyone else. It makes sense, but David certainly makes SCA seem like less of a “big deal” standard than others want us to believe. Not sure what I think yet, but  I would highly recommend David’s Introducing SCA article. It’s a good read and provides a good overview of some big technology movements outside of the Microsoft world.

• Green Datacenter Initiative - The idea of “Green IT” is becoming a bigger and bigger deal as more organizations realize that Global Warming is not a joke (it never was) and that the measure corporate ethics and responsibility will increasingly include the impact of their IT organization on the environment. As Simon says, the measurement technology isn’t there yet, but why not start grassroots with your own PC. Downloaded the LocalCooling app Simon links to and get an idea of how little things we all do as individuals does have an impact.