Summary
I am reviewing this book primarily in the context of Service-Oriented Architecture (SOA) for Libraries, which is a rather dramatically different audience than it is intended for.
I recommend the first three chapters of this book, along with the "loosely coupled" section of chapter 5 as a good introduction to this topic. As well, Chapter 11, on SOA Governance, is excellent. However, its main audience is large organizations (who are the main current adopters of SOA), so much of the content may not apply to libraries, particular those with limited technical resources.
Although the Dummies books proclaim "A Reference for the Rest of Us", this book would really more accurately be titled "SOA for Dummies... Who Work at Giant Fortune 500 Companies". Much of the technology and processes they present are beyond the reach of all but the largest organizations.
To my surprise and dismay, there isn't a single mention of Enterprise Architecture (EA) in this book, whereas I feel that for the scale of organization this book targets, EA is absolutely essential. Without EA, the scale of activities and technology described in this book is impossible.
There is also a very important discussion that needs to be had about agility versus structure. I am not convinced you can maintain organizational agility as a goal, with the complexity of the management and technology structures this book describes. The book does not address this issue at all.
Overall the flow of the book is a bit uneven, both in terms of writing style and in content, and it doesn't present a coherent "SOA story". To some extent this is due to the nature of the Dummies books, where they want each chapter to stand alone. I found it made for a bit of a "here's an important concept" ... "and here's another one, with some vague undefined relationship to the previous one".
This book will mostly give you a lot of "why" and "what" about SOA, not a lot of "how". That is the nature of the beast, however - I don't think there's any other way to present it, with out it being a 3000 page book.
The companion website www.dummies.com/go/soafordummies is highly promoted on the front and back covers of the book but it does not seem to exist, which seems like a bit of rather bad planning.
Sidebar
UPDATE 2007-08-09:
If you're coming here from SOA Center, you may be expecting Beth Gold-Bernstein's review.
The SOA Center link is currently wrong. She blogs at ebizq:
July 24, 2007 Beth Gold-Bernstein SOA for Dummies
July 31, 2007 Beth Gold-Bernstein Reactions to SOA for Dummies Book Review (in which she refers to my review as having some similar points to hers)
I did leave a comment on SOA Center correcting the link, but it has not been posted.
ENDUPDATE
Details
I don't come to this book with a blank slate, quite the opposite, I've been trying to find ways of clearly explaining SOA to both business people and technical people for the past few years.
Just to stake my prior claim, I think I did a pretty good job in my December 9, 2005 presentation "Service-Oriented Architecture Methods to develop Networked Library Services" (video, PowerPoint) which predates this book by about a year.
It is a difficult story to tell to be sure. To my mind, SOA sits at an intersection of Enterprise Architecture, software engineering, Web Services, business and technology. So in a way, the challenge is "let's take a bunch of things that people don't understand, and try to explain a layer on top of them, that depends on all of them".
Also, in the interests of transparency, the informal style used in this book is not one that I enjoy for learning. My ideal informational book is just facts piled upon facts - I don't need a story, or to be put at ease.
I tried in my analysis to ignore that stylistic aspect, as well as trying to come with as blank a slate as possible, keeping in mind I've been deep into SOA for the past couple years.
Here are my thoughts, chapter by chapter.
Chapter 1 - SOA What? (this makes more sense if you pronounce it so-a, as the authors do, rather than S-O-A)
All of Chapter 1 (PDF) is available free online from Wiley.
They talk about their audience, but I do think they make a mistake in not scoping the book. The full SOA they describe in the book's 300+ pages is one that could only be used by a large organization. Think, General Motors revising their information technology, not Bob's Corner Store. They should have made it clear that you can adopt some SOA concepts, without going to the full, complex, vendor-rich (and vendor-enriching) extent that they document.
For example, they start out with some clear explanations about how SOA is an enabler for business to work better with the IT department. You may at that point be thinking, "my problem is not working with the IT department, my problem is I don't have an IT department".
So in reading the book, be mindful of their audience. And also, I suggest you think of how SOA could help the entire community of libraries, collectively, if the scale of your individual organization is not appropriate for SOA.
They do extract good key points, like the fact that reuse is at the core of the SOA goals and methodology. At this level, they face a challenge that I don't think there is a good solution for, which is that you have to talk a lot at the beginning about SOA "why" and "what", without being able to easily walk through a lot of SOA "how".
I also think that their definition of SOA is a bit over-broad. Some of what they describe as SOA is what I would consider Enterprise Architecture (EA). Now, I certainly think SOA works best within an EA context, but there doesn't seem to be any mention of EA at all. So I disagree when they say
1. The IT organization will partner with the line of business managers to create a high-level map of what the business will look like.
That surely needs to be done, but that's EA, not SOA. To me, Service-Oriented Architecture is just the architecture of the services, not all the processes of business process analysis as well.
Chapter 2 - Noah's Architecture (oh I get it -- literally, just now - it's a play on words, see. sigh. I spent the entire chapter wondering, what does Noah have to do with it?)
So at this point, the conceptual assault really gets underway. To get to the heights of SOA, you have to build concept upon concept. Unfortunately, each one of those concepts could be a book in itself, and here they get a couple pages at best. I'm not being critical - I don't see any other way you could do this, and it's the same approach I have used, but I can imagine it being overwhelming reading for someone coming from outside a software engineering background.
They give an ok explanation of software architecture, and hit the high points of the history of software engineering that got us here. I liked their mentions of business logic and the key concept of separation of concerns. Again, they are talking about big organizations, for example, on page 16, they state
In the Good Old Days, a business unit would ask the IT department to create an application to solve a specific problem. To accomplish this goal, the IT department would write a set of customized programs.
This is absolutely, 100% true. For a certain scale of organization. If you're thinking instead, as I mentioned before, "I wish I had business units. Or an IT department." then SOA may not be a good match for you.
They then take a bit of a side trip into components. I'm not sure I would have used this terminology. It's certainly true that we tend to run out of useful worlds to describe certain concepts, but to me components are about a specific subfield of software engineering, Component Based Design. Software components have a very specific meaning, a meaning which is different from the one given in this book.
This is important, because if you read this book and say "component" to an IT person, they may not have the same understanding that you got from the book. In a similar channel, the use of "plumbing layer", which is continued throughout the book, is most unfortunate. "Infrastructure" would have been a much better choice. Whatever dubious merit there is in the informal term of "plumbing" is going to be lost the first time a non-tech person uses the word to a technical person, and the technical person thinks "Plumbing? What the heck? Is this guy an idiot?"
At this level, there does have to be a bit of "hand-waving" over the explanations, this is particularly egregious (although the authors themselves acknowledge this somewhat) in the "simple adapter" explanation. Adapters are probably some of the most complex challenges an organization faces in transitioning to SOA.
I did enjoy the brief excursion into "application archaeology", particularly since my original SOA presentation on SOA had a slide or two on this concept, with a nice quote from Vernor Vinge's writings, but I had to take the whole segment out because people said "application archaeology, what the heck were you talking about there?" (I'll try to dig up the quote, it's excellent.)
I'm also not a super big fan of the "black box" terminology used, but it does capture the concept well enough I suppose.
Chapter 3 - Not So Simple SOA
A bit of a jump from components to Web Services, with a bit more handwaving. I also didn't like the strong link between Web Services and SOA. While their statement that SOA is not Web Services enhanced (or I guess I should say "is not Web Services 2.0") is certainly true, it's also true that you can do SOA without Web Services at all. The two are, as we say, loosely coupled.
There's also a bit of a jumble about business processes, I'm not sure it fits well within this chapter.
Finally, while silos are mentioned, I think they really missed an opportunity to emphasize a key failure of siloed software - that it locks up useful services deep inside the silo, where no one can get at them. This aspect is mentioned only in passing.
All those caveats aside, I did feel that Chapters 1-3 are about as good a clear explanation of this extremely layered concept that you can get (well, that is to say, almost as good as my explanation :)
You should really jump from Chapter 3 right to Chapter 5, I'm not sure why they placed Chapter 4 here.
Chapter 4 - SOA Sophistication
Woo boy. Chapter 4. If you are coming from a small organization, or a non-technology background, your service experience of chapter 4 will be akin to hitting a brick wall. Chapter 4 layers on the SOA "essentials" at a breakneck pace, presenting as essential elements of SOA things that are, each of them alone, HUGE complex business activities. We are definitely into the General Motors scale here. The Galactic Motors scale, in fact.
Let me make it immediately clear: I do not personally believe you need all of the stuff they describe in order to use SOA, and to participate usefully in an SOA. The basic SOA methodology can be used by almost any organization that has at least some idea of its basic business functions (and some business decisionmakers) and a small IT group to design and build services.
So, what are the bricks in the giant Chapter 4 wall?
- Enterprise Service Bus (ESB)
- SOA Registry
- Workflow Engine
- Service Broker
- SOA Supervisor (about which, I have more to say)
- Business Process Management (BPM)
- Service Level Agreements (SLAs)
- Automated Service Monitoring (related to SOA Supervisor)
In looking at that list, my first reaction is "hmm, are there any 30 million dollar cheques I haven't cashed yet?" and secondly, that almost anyone, even someone from a large organization, who reads this chapter is at great danger of rejecting SOA out of hand. You're telling me that SOA is going to improve my organization by adding re-use and handling complexity, and you want me to add a gigantic laundry list of complex technologies (many of which don't yet fully exist) to my organization? No thanks. Call me in 10 years when you've got it all figured out.
Now I want to be clear: all of these are important aspects to consider, and many of them will need to be adopted, by very large organizations with huge numbers of services. But I imagine that most libraries will have a handful of services - the basic functions that the ILS performed, plus a few others. That doesn't require anywhere near the scale described in Chapter 4.
I have certainly advocated that the most important piece I think will need to be layered on the base SOA is workflow, the orchestration server (you can listen to my presentation - yes, I will put the slides online eventually too).
I also want to address the SOA Supervisor, and the whole idea of automatically monitoring Service-Level Agreements. I think this is very deep voodoo. I am quite happy to be corrected, but I think this capability does not exist in any meaningful, easy-to-use, standardized way today. To me, for SOA Supervisor, you might as well read SOA Magician, or SOA Magic Box. It simply is not possible to perform most of the supervisory functions they describe, and even attempting to do so would be hugely complex and vastly expensive.
Chapter 5 - Loose Coupling and Federation
The loose coupling part of this chapter is good, but it really should have been separated out and put after chapter 3. The Federation part only applies, as is often the case in this book, to very large organizations, that are so complex and diverse that they need to have multiple, federated, SOA domains, with a different set of rules applying in each one - think IBM HR SOA domain and IBM Supercomputing SOA domain.
(Note to CISTI architects: not the same as our domain concept.)
There is a bit of an overlong excursion into software-as-a-service (SAAS). I think it could have been covered quite well by just saying "you may want to use external services, as well as your own internal ones".
I disagree quite strongly with the concluding section, which asserts that SOA is part of the industrialization of software development. I certainly agree, and I have in fact asserted that SOA is simply our latest understanding of how best to do software development, but industrialization is way, way too strong a term. Software is not constrained by the physical world, that's why you can't build software the way you build a bridge or a car. I'm certain that Toyota knows, second-by-second and gram-by-gram, what is happening as a vehicle moves along its assembly line. That is simply impossible for software, and it will probably never be possible.
Chapter 6 - XML
To be quite honest, I don't really understand the emphasis placed on XML within SOA. Thomas Erl certainly uses it as the keystone of the explanations he gives in his talks and books. To me, you could get by with two sentences: "Software design works best when you can use standards. XML provides the ability to create data standards."
This chapter goes into way way more than I think you need to know (for SOA purposes) about XML, SOAP, WSDL, UDDI and even (oddly thrown in) HTTP. It also seems to express a view of XML as a sort of "magic glue" that ties different programming languages and systems together. Um, we were able to connect systems together in the bad old pre-XML days. We called it "using APIs".
Chapter 7 - Dealing with Adapters
This chapter starts out with a strong statement, unfortunately, one I disagree with
Adapters make SOA possible. No adapters, no SOA -- it's as simple as that.
Um. No. I recognize that not all is green fields, but not all is layers and layers of legacy either. This is coming from big corporation, banking thinking. It is certainly true that when I enter a number on my bank's customer self-service website, it is going through layer upon layer of adapters, ending up at a mainframe Which Must Never Be Touched.
But for example, library catalogues? You'd have to be mad to build adapters to catalogues. Blow them up, replace them with a green field of services.
This chapter also creates a dependency between adapters and service registry and service brokers. This is unnecessary. It also continues the early "simple adapter" nonsense, on page 93
Technically, building an adapter isn't too difficult.
Um. Yes it is. What they're talking about is API Adapters. My mainframe interface takes some ancient binary IBM format, and I wrap it with an XML adapter interface. That isn't too difficult, yes.
But most of the problems facing libraries, at least, is that there is no interface. There's nothing to easily adapt. You have to write an entire interface layer. That is hugely complex. I have to imagine this also applies widely outside the library technology context.
I have to admit my final written note on this chapter reads, simply: this chapter is baloney.
Chapter 8 - The Registry and the Broker
We're now getting into more and more complex technology, and I'm getting more and more dubious about its actual existence and workability. To be quite frank, unless I see lots and lots of demonstrations in the real world of this stuff working, I think it is a lot of wishful technothinking. And I'm not convinced even if it was in place, it wouldn't create a huge agility barrier.
I'm in agreement with the people who say a UDDI service registry simply isn't going to be maintainable in the long term. You might as well call it "the perpetually out-of-date service registry".
Chapter 9 - Enterprise Service Bus (ESB)
I'll willingly admit to some ignorance here. We have certainly been discussion ESB at my organization, but we have yet to be convinced that it is necessary.
Again, there is a scale issue. ESB is basically the reliable message queue idea. You need a reliable message queue if every (service) message in your organization potentially has huge financial impact - that's the only thing that can justify the cost and complexity of an ESB. For a big org, or one doing heavy financial stuff, this certainly applies.
To a library, loaning books for free? If the occasional message drops, I think we can survive.
Chapter 10 - SOA Supervisor
This is currently indistinguishable from magic, which puts the lie to Arthur C. Clarke's famous maxim, because this is certainly far from being an advanced technology.
I'm not even convinced this is an existing technology.
Chapter 11 - SOA Governance
Excellent coverage of the transformational issues raised by moving to an SOA. A must read for anyone doing a serious SOA initiative.
Chapter 12 - SOA Security
I'm not entirely convinced security is part of SOA, it's a separate service or services to be defined within the architecture. But the kind of security they're talking about in this chapter is more "organization-wide complexity protection". Again, the heavy-weight approaches they indicate are appropriate only to large-scale organizations.
To get a taste, the essential pieces they recommend are:
- identity management
- software and data authentication
- audit trails
If you're not the scale or type of organization that has the above three concerns, you probably don't need to think too much about the type of security they are describing.
Chapter 13 - Where's the Data?
I have to admit a bias - I don't care about data. I know however, that many EA people, such as Jane Carbone, consider data the essential starting point of analysis. It is of course important that someone in the organization cares about the data, and this chapter has some useful guidance about the topic.
Chapter 14 - SOA Software Development
In this chapter, we get a little bit of "how". But it's not really entirely about software development.
For example, I was again surprised to see yet another way to describe Enterprise Architecture, without saying "Enterprise Architecture". This time they call it "building a business process map".
It then dives into iterative prototype development, which is all well and good, but not essential for SOA. You certainly could develop services using the waterfall model. Iterative prototype is certainly a good software development practice, but it doesn't have any strong connection to SOA in particular.
The last part of the chapter discusses Web Services and SOA testing, and this is an important topic which they cover well.
Chapter 15 - The Repository and the Registry
My concerns are as expressed about all these additional layers before:
- this is an important consideration for large organizations
- I'm not convinced anyone has technology that actually does this well in the real world
- I'm not convinced you can use it and still be agile
Chapter 16 - Do You Need a SOA?
Some relevant items for any organization, but some of their questions, e.g. #1 "Is Your Business Ecosystem Broad and Complex" apply again only to large organizations. I think you can usefully have an SOA even if your business is simple and narrow.
Chapter 17 - Making Sure SOA Happens
Useful information, if a bit generically applicable to any type of major organizational change.
Chapter 18 - SOA Entry Points
Some reasonable guidance.
Chapters 19-26 are supposedly under the rubric "Real Life with SOA". But I think more accurate would be "here are a series of chapters about major SOA vendors". I was hoping for real organizational examples, but this section (which runs from page 225 to page 308) is mostly just "here is the SOA stuff from IBM / HP / BEA / Progress / Oracle / Microsoft / SAP / JBoss". To me, it was a waste of almost 100 pages. A single page pointing to the vendor SOA websites, with perhaps some of their key articles or white papers indicated, would have sufficed.
I think you've already seen from this review that SOA is a complex enough topic that 80 pages could have been usefully deployed for more explanation and for more discussion of the "how" of SOA.
We wrap up with Chapter 27 to 29, where we get some "Part of Tens" guidance and links, including even more vendor links. My written notes conclude this part is "vaguely useful".
Overall, the book started very strong, and really could have been for the Rest of Us if they had continued in that vein, but instead it ends up being SOA for Really Big Business.
If that sounds like a good match for you, or if my review has piqued your interest, you can buy the book from my
SOA Book Store (powered by Amazon.com)
or
SOA Book Store (powered by Amazon.ca)
Wikipedia - Book Sources - ISBN 0470054352
Recent Comments