Enterprise Architecture Tools: Why are IBM, HP, Microsoft, CA and others absent?

Enterprise Architecture tools are often used to analyze and optimize the portfolio of business strategies, organizational structures, business processes, tasks and activities, information flows, applications, systems, and technology infrastructure.

Many of these tools have been designed with different architecture goals such as modeling, storing, managing and sharing information.

These tools can be classified in two main categories: EA repositories, EA-modeling suites (Business & IT) including some EA models.

Choosing a category depends mainly on the approach toward:
· EA top-to-bottom approach
· EA bottom-up approach
and the relationships with existing development and modeling tools.


Looking at the various acquisitions from big names these last years and the increasing interest in IT Governance, we observed several vendors trying to extend their tools portfolio going from modeling to service management, from project management to portfolio management.

IBM acquired in 2002 Holosofx, a business process modeling capabilities product to extend Web sphere Business Integration which then was re-branded to Websphere Business Modeler, a component for the modeling of a Business Architecture. CA acquired in 2005 Niku’s Project Portfolio Management (PPM). HP acquired in 2006 Mercury and Peregrine, companies having IT Service Management, Project Portfolio Management (PPM), and SOA Governance solutions.

Project Portfolio Management and Enterprise Architecture

PPM and Enterprise Architecture should be integrated in some way. All investments which support a Business strategy should be organized. A categorization model has to be used, followed by an evaluation and a prioritization. Once approved, the investments or demands become projects. But, how to decide when and how to make changes? How do we understand what can and can not be changed? What are the opportunities?




This is where the impact analysis and the “What if” scenarios enable to analyzethe company’s portfolio and assess the business contribution of each proposal, project, or application to an entire portfolio which needs also to be governed and managed.

An investment, a new demand should also be validated against an Enterprise Architecture. What are the impacts on the Business Architecture, the Business Processes? Does that make sense for a company to add new layers of information to an existing Information Architecture? In the context of a new solution, how does the new application affect the existing Application Architecture? Same thoughts apply on the technology architecture.

Very often Portfolio Management teams do not take into consideration these issues and may only focus on real-time visibility into resources, budgets, costs, programs, projects, and overall IT demand, but without considering impacts on the architecture.

Mature IT Governance would consider a strong interaction between a PPM team and an EA team. Once validated, an investment or a demand should be routed to the Enterprise Architecture team (can vary on the size and the scope), which add value to the first level evaluation. After a second level validation, the EA team using preferably an EA tool where specific architecture views and viewpoints have bee documented, is in a position to deliver recommendations to the PPM team.

We then go back to the company’s PPM process which adapts if necessary the budget, the costs, the resources and the program. There can be situations where the impact analysis detects side effects, or identify alternatives (may be for example the re-use of existing functions), or recommend to abandon the initiative.

Some companies which have implemented an automated process with a PPM solution would be tempted to also integrate the activities related to an Enterprise Architecture impact analysis.

Enterprise Architecture teams often use tools but rarely in an integrated way with the customer or other teams such as a PPM team. The kind of tools like Mega, Casewise, Metis-Troux technologies do not integrate yet with PPM solutions. Eventually we can consider an evolution in that direction from Telelogic which started a while ago to integrate Popkin with DOORS, the latest being maybe more a Demand Management solution than a PPM solution.

So now where are the IBM, HP, CA, and others?

Wouldn’t that make sense to use the Rational RequisitePro with Rational Portfolio Manager integrated with an EA Tool? Wouldn’t that make sense to have HP-Mercury ITG integrated with an EA Tool knowing that Systinet is an SOA governance platform and SOA surely linked to an EA program? Wouldn’t that make sense to have CA-Niku integrated with also an EA tool?

With all the small EA vendors proposing standalone products, there is a high chance that the “big names” will consider new acquisitions and the integration of EA solutions.

Service Level Management and SOA. more confusion?

Service Level management in an ITSM context

Everyone into ITSM may use the Service Level Management process to maintain and improve IT Service quality through a constant cycle of agreeing, monitoring and reporting to meet the customer’s business objectives.

Service Level Management is the name given to the processes of planning, coordinating, drafting, agreeing, monitoring and reporting on SLAs, and on the on-going review of service achievements to ensure that the required and cost-justifiable service quality is maintained and gradually improved.

One of the activities related to that process, is the creation of a Service Catalogue which was subject to another post: “Service Catalog, what do you exactly mean?” where I tried to distinguish the different types of catalogues when we refer to either an ITSM or an SOA environment.

Most of the time companies which have implemented a service desk have a SLM module which allows defining different kinds of level agreements:

• Service Level Agreement (SLA): Which are written agreement between an IT service provider and the IT customer. SLAs are normally used for internal customers
  
• Operational Level Agreement (OLA): Which are agreement between two internal IT areas/departments e.g. Network Management and Operations
  
• Underpinning contract: Which are contract between an external supplier providing services to an IT department
  

Many vendors have dedicated modules which manage the SLM lifecycle with requirements collections, monitoring, escalation, and various dashboards. These modules are obviously linked to other ITIL processes and information is kept in the CMDB. Among various solutions we have different SLM modules from HP-Mercury, HP-Peregrine ServiceCenter, CA Unicenter Service Assure, BMC Service Level Management, Assyst for Service Level management, Expertdesk.

These solutions allow managing the end to end SLM process in an efficient manner through an ITSM view and sometimes the content is routed to a Business Service Management solution or specific modules managing SLAs in dedicated dashboards such as Tivoli Service Level Advisor among other system management solutions.

Service Level management in a SOA context

In a previous post I was referring to one of the intersection between ITSM and SOA. “Amberpoint proposes a module to manage web services, their performance and availability. It can monitor failures, send alerts, display useful information related to problematic web services, automate performance and so on.

HP Mercury Systinet 2 has a module title Contract/Consumer Management which promotes trust between consumers and providers by facilitating service-level agreements and other terms and conditions that bind these two key stakeholders.

Progress Actional Looking Glass provides dashboard and reports which define, sort and prioritize by business or IT metrics (customer, transaction or service type). SLAs are also monitored, managed, measured and alerts are generated. We can also easily monitor and report on SLA's for a specific customer or class of customer such as gold, silver, etc.

For some consistency we should differentiates SLAs in an ITSM framework from SLAs in a SOA. For these reasons a good thing would be to create a new acronym: WSLA for Web Service Level Agreement!!

A WSLA could either be attached to a specific service or to a composite service. WSLAs should then be linked to SLAs. An end user does not have to know what the underlying architecture of his applications is. The Service Level Manager (if such a position exists…) has to negotiate with the customer SLAs. If an IT service is based on various technologies including SOA, he should take into considerations OLAs, Underpinning contracts and WSLAs!!!

WSLAs could also be attached to Underpinning Contracts is web services are either 2rd party services or hosted externally.

Most of the SLM activities remain the same however some of them may differ:

The Service Level Requirement activity will have to be taken into consideration the definition of the WSLAs. It will not be necessary to specify to the customer the underlying technology.

The building of the Web Service Catalogue is different from the Service Catalogue and probably the responsibility should be shared between the SLM manager and the SOA experts.

The SLAs creation and review taking into consideration OLAs and UCs should also consider WSLAs. If possible a hierarchy should be built.

Monitoring should be done at two levels:

• At the SOA level (eventually in SOA center of excellence or an operation dedicated team


• At the ITSM Level (the Service Manager should have a global view on all IT services)

Coming back to Service Level Management and solutions available in the Service Desk arena, companies should be able to only deliver one and only one SLA per service and monitor it. IT and business dashboards should aggregate all underlying categories of SLAs. In other words SOA Governance vendors should be able to provides APIs to upload data related to WSLAs into any IT Service Desk/System Management solution covering the SLM process.

Achieving IT Operational Excelllence

You may be interested in an article I wrote for a magazine: Pharma Focus Asia Issue 4 2007 titled :

Operational Excellence: IT governance, Enterprise Architecture and service management, which explains what are the components of such a program in my company.

The article will soon be downloadable from http://www.pharmafocusasia.com/magazine/ (issue 4), but I'm copying its content:

IT governance defines a structure of relationships, processes and measures to direct and control IT in order to achieve the enterprise's goals.

IT governance is currently a key topic for many IT functions. Its definition varies very often, but key themes remain essential for all companies: effectiveness, efficiency and reliability. Business value and risk mitigation are also at the centre of this domain. It represents a significant part of enterprise governance, and due to the horizontal nature of IT, wherein almost everyone in the enterpriseuses IT assets to complete their responsibilities, the impact of effective IT governance is most visible.

IT governance defines a structure of relationships, processes and measures to direct and control IT assets (e.g. people, finance, infrastructure) in order to achieve the enterprise's goals by adding value while balancing risk with return. It helps to define roles and responsibilities and specify accountability framework to encourage desirable behaviour in IT and accountability for the use of IT assets. ITgovernance also helps to standardise best practices and define monitoring methods.

For XXXXX International SA, IT governance has always been the responsibility of the IT management team, being an integral part of XXXXX's governance, and consists of the leadership and organisational structures and processes that ensure that the IT function sustains and extends the company’s strategies and objectives to deliver value. IT does this within acceptable risk boundarieswhile taking into account culture, organisational structure and maturity.

For the XXXXX IT function, IT governance ensures that delivery expectations are fulfilled, IT resource deployment is continuously planned, targeted and optimised while IT performance is measurable and that the risks are minimised.Among the various components of an IT governance framework, the following domains were retained as being key themes to reach a high level of quality and excellence through continuous improvement:

• Quality management
• Balance scorecard
• Risk management
• Skills management
• Project and portfolio management
• Service management
• Enterprise Architecture
• Information security management
• Audit management
• IT performance and value management

Quality management was initially the main focus for IT, and since 1999, has been certified worldwide in ISO 9001. For the last two years, quality management has also included risk management(identifying risks from strategy down to operations and providing mitigation) as well as skills management (ensuring that the staff in the IT function have the appropriate skills in line with the strategy).Since 2001, IT measures its business alignment, which is highly integrated within the business strategy, using the IT balance scorecard tool. For more than three years, service management and IT Infrastructure Library (ITIL) have been the drivers to improve the quality of services for the end users. XXXXX's IT function deployed the ITIL processes covering both service support and service delivery. Thepurpose of this initiative was to:

• Increase customer satisfaction with IT
• Enhance communication with clients
• Achieve higher reliability in missioncritical systems and infrastructure
• Improve the cost-benefit of services
• Create a “common sense” among staff

These processes are mostly supported by tools from HP-Peregrine and IBM Tivoli. Project management has always been a key practice for IT people. Based on a traditional System Development Life Cycle (SDLC), the methodology has been widely used by the IT function for manyyears. All projects have to comply with documentation, templates and checkpoints where project progress is monitored.Committees validate the various steps of the methodology and give their approval to move to the next phase.

Portfolio management is known internally as the “Funnel”. The portfolio governance process starts when a business user requests or suggests a new capability. The request is automatically routed to aninformation manager (internal relationship manager), then to a business analyst or team for an initial business case before being routed to the IT management committee for review and scoring. The ITmanagement team then evaluates the prioritised, ranked projects to determine the proper portfolio mix and whether to accept the recent request. The “Funnel” is:

• A categorisation model
• A common language for business and IT to:

> Support business strategy
> Organise investments
> Evaluate and prioritise IT projects
> Govern and manage applications portfolio
> Decide when and how to make changes
> Understand what can and cannot be changed
> Provide real-time visibility into resources, budgets, costs, programmes, projects, and overall IT demand

• An input to the IT strategic planSolutions from HP-Mercury help XXXXX to support both project and portfolio management. An Enterprise Architecture (EA) consists of the vision, principles, standards and processes thatguide the purchase, design and deployment of technology within an enterprise. EA describes the interrelationships between business processes, information, applications and underlying infrastructurefor that enterprise, and provides best practices for technology purchase, design and deployment. EA structures and processes govern adherence to an organisation’s technology strategy and provide amanaged environment for the use of new technology.

Enterprise Architecture

• Allows alignment with the company’s business model and strategy
• Enables business changes, technologically based business opportunities
• Easier introduction of new technologies
• Allows standardisation
• Drives information/data consolidation
• Reduces enterprise-application integration complexity
• Facilitates outsourcing as appropriate
• Utilises assets more efficiently
• Provides the facility to better assess the impact of changes
• Ultimately, reduces time to market

Architecture governance is essentially a control or series of controls in the development process which is efficient when supported by good documentation (principles, guidelines, standards) and communicated effectively. To build such an Enterprise Architecture, XXXXX considered the use of both the Zachman and the Open Group TOGAF’s frameworks. Such a programme requires solid processes with ownership and accountability.

Enterprise Architecture is a component of IT governance which interacts with most of the other frameworks such as project and portfolio management, quality, maturity and security management. To manage EA, the company decided to use the Metis-Troux technologies solution.

Security management is another component of the IT governance programme, covering both information security and technical security. The BS 7799 certification was obtained in 2005 for GenevaHQ and ISO 27001 obtained on a worldwide basis in 2006. At the beginning of 2006, a new position reporting directly to the CIO was created to further develop IT performance and value management. Keydrivers for this are: optimising IT value, demonstrating IT value as a critical component of business processes, improving the quality of IT value measurement and reporting and becoming a potentialsource of innovation.

Performance management is not a stand-alone initiative; it is a process that needs to be established and fully integrated in strategic alignment with the business, value delivery and company performancemanagement. This performance framework consistently ensures that IT:

1. Is adding business value to the corporation
2. Is meeting the real customers’ real needs
3. Is running well as a business

Control Objectives for Information and related Technology (COBIT) provides a set of best practices and tools for auditing IT processes and assessing standards compliance, maturity and associatedrisks. COBIT can be associated to other frameworks, as architecture can be audited with certain KPIs.

In the frame of an IT research and innovation initiative, CMMi has been under evaluation. It is the Capability Maturity Model Integration which has been developed by the Carnegie MellonUniversity – Software Engineering Institute, a suite of products used for process improvement. It consists of best practices that address the development and maintenance of products and services covering the product life cycle from conception through delivery and maintenance.

CCMi models could be used in conjunction with all XXXXXs IT processes found in service management(ITIL), COBIT, project management (SDLC/Prince), Enterprise Architecture (Zachman-TOGAF), quality (ISO 9001), security management (ISO 27001), but the programme has not yet been considered.IT governance at XXXXX encompasses many disciplines within the organisation including IT strategy, risk management, IT service management and compliance management to name a few. Understandably, this presents a significant challenge for companies seeking to identify a starting point for their IT governance initiative. Fortunately, best practice governance guidelines and procedures do exist within the industry. Firms, moving ahead with the adoption of a standard will be well served to utilise a phased implementation project approach and start with elements of the standard that will yield their organisation the most benefits—

• Optimised IT strategy and execution
• Improve resource utilisation
• Improve planning and resourcing
• Risk assessment
• Real-time management reporting

In 2005, a benchmark with KPMG positioned XXXXX’s IT as number one among 119 other companies in the life sciences industry. In 2006, the number one position was maintained while thenumber of organisations increased to 125. This recognition states that the IT functionis using IT best practices to support the business and that XXXXX IT controls can now be classed as “excellent”.This was driven by major improvements in the areas of IT operations (incident, problem, operation, and configuration management), security (ISO27001), control assurance (risk, audit, planning management)and Sarbanes Oxley (SOX).

CMDB and SOA registries convergence

Without doubt we will see a convergence between Service Desk CMDB’s and SOA Registries and repositories. SOA Governance solutions should cover several features such as (this is not exhaustive) :

- The governance itself (design, deployment, amd the run-time)
- Policies management
- The Service Life cycle Management
o Service Deployment
o Service management and monitoring
o Service publishing
o Service specification
o Service acquisition
o Service assembly
o Service testing
o Service design
o Service integration
o Service build and test
o Service asset management and publishing
- Contract Management
- Impact Management
- The Service Discovery and mediation
- Etc.

But we can foresee more an integration in terms of relationship that a full integrated solutions. In others terms the Service Life Cyle will require a Service to be managed in Service Management terms. A Web service will have incidents, be changed be released etc…

As en example, IBM just announced Websphere Service Registry and Repository. This solution will communicate with Tivoli CCMDB which will manage Changes and Configuration.

HP which acquired Mercury and Peregrine….also acquired Systinet, another SOA Governance solution. All the first 3 vendors have their CMDB, and once eventually integrated, wouldn’t this make sense to have connections between the Systinet Repository and “one of the HP CMDB”?

Will Service Management solutions become SOA Governance platforms?

As a starting point, let’s re-define what a Configuration Management Database (CMDB) is… A CMDB is a database that holds a complete record of all configuration items (CIs) associated with the IT Infrastructure, software, hardware, including information about servers, storage devices, networks, middleware, applications and data, i.e. versions, location, documentation, components and the relationships between them.

Configuration Management which is one of the main ITIL processes requires the use of support tools, which include a CMDB. Physical and electronic libraries should be set up parallel to the CMDB to hold definitive copies of software and documentation.

Until now, several vendors have provided through their Service Desk offering, and out of the box CMDB which in some case could be altered. Among these vendors we can find, BMC-Remedy, HP, Peregrine (now HP…), Axios systems, Computer Associates, Mercury (now HP…), IBM, and many others.

Last April, some vendors like CA, BMC, IBM, and Fujitsu announced they would work toward developing "an industry standard for federating and accessing IT information" that would ideally integrate communication between disparate configuration management databases.

CMDBs have become one of central elements of enterprise IT management, so a standards-based approach to this critical functionality is necessary and valuable.

Looking at SOA and the way we define composite applications and services, we definitely need to build the latest on the top of existing IT Infrastructure, software and hardware. In other words, a CMDB could also be used to manage the catalogue of SOA Services!

I would be tempted to think that in the next 2 years, a CMDB will be a modular component, usable by either Service Management solutions, and/or SOA Governance products. A CMDB could become a sort of “plugin” available from various vendors with sets of APIs, and why not web services.

SOAs are distributed computing plans where companies often situate Web services and reuse code and other assets to create efficiencies. Vendors like IBM, Microsoft, BEA, Oracle, and Mercury are creating SOA infrastructure platforms to speed information exchange between different computing machines. A few months ago, prior to HP acquisition, Mercury acquired a SOA company named Systinet. This acquisition strengthened Mercury's position in the high growth SOA (Service-Oriented Architecture) market by giving the company leading SOA governance and lifecycle management products.

An integration point should be between the SOA metadata repositories and a configuration management database (CMDB) to manage the lifecycle through to operations. If HP considers the range of acquisition they recently did with Peregrine, Mercury...and Systinet…there would be a high probability, this integration occurs!

Another observation on this future integration is potentially visible with IBM. IBM released recently a CMDB titled Tivoli CCMDB, and also launched a management and security solutions for managing SOA based applications, IBM launched last April IT Service Management platform.

The IBM IT Service Management platform manages SOA based composite applications. It is supposed to offer an approach to defining a framework and solutions for IT service management, including extending self-managing autonomic computing to IT services.

“Tivoli CCMDB uses a Federated model that allows it to be implemented on top of an existing sources of IT data, and serves as an authoritative source of data for configuration items, their relationships, so that when a change needs to be made to any of the IT components, one can understand the impact of that change on other related components. IBM's ITSM platform along with, IBM Tivoli security and compliance products like Tivoli Access Manager and Tivoli Federated Identity Manager delivers a complete end-to-end solution for the "manage", "secure" and "compliance" of distributed SOA applications.”

IBM and HP are two companies which will probably compete in both IT Service Management and SOA. They probably understood the synergy between the two worlds, and we can predict a future new generation of CMDBs, modular, accessible from web services, and used for several companies needs: Service Management and SOA Governance.