The Role of EA in Federal IT Development

Dave Mayo, Everware-CBDI

January 2013

“There is more value created with overall alignment than with local excellence.”                                                                                                                                             –                                                              -- Don Reinertsen

As I look back on over a decade of EA in the federal government, I must say I am disappointed in the results so far.  In my experience as an EA practitioner, I have boiled down the role of EA to two areas:  (1) Support decision-making by the business (mission) and IT leadership – EA provides a repository of information about enterprise components and their interrelationships in the form of a set of models that can be queried to gain valuable insights; and (2) Provide guidance to IT to develop & deploy assets that support the business.  The role of EA here is to help eliminate (or at least reduce) redundancy, inconsistency, and inefficiency in IT and to promote alignment, sharing (reuse) and interoperability across the enterprise.  The first of these is an analytical role along the lines of business intelligence (BI), using the EA repository as the knowledgebase.  The second is a prescriptive role to evolve the portfolio of IT assets in the strategic direction of the enterprise (based on the EA Target Architecture).

Unfortunately, EA in practice seems to have come down to two completely different things: (1) A compliance exercise to meet the evaluation criteria of OMB and GAO.  Never mind the fact that both evaluation methods are intended to get agencies to undertake “real” EA.  Agencies seem intent on doing as little as possible to score well on OMB and GAO assessments.   (2) A descriptive exercise that typically focuses on the as-is situation.  Although, “this is what we look like” does have some value, it is limited and the exercise is very costly (ask DoD about the billion dollars spent on the Business Systems Modernization program).  But the primary shortcoming across many EA programs is the lack of the intention to be prescriptive, combined with the governance to make it happen.  It is the second role and shortcoming that I wish to address here – EA should provide the foundation for application development (AD) and modernization. 

The role of EA in AD lies in transforming abstract business requirements from the problem space into concrete solutions that address these requirements – while keeping all of the capabilities and solutions synchronized to provide traceability.  The most successful organizations have adopted the SOA architectural style and apply it at all levels of this transformation.  At the highest level, it involves depicting business requirements as capabilities - discrete units of process, data and technology that allow you to accomplish something of value.  Modeling capabilities (and their dependencies) is an important part of the Business Architecture because it starts the componentization thought-process.    As you move across the problem/solution divide, these capabilities are transformed into the services or solutions that implement them. 

EA has two roles in this transformation.  The first is to establish the rules and parameters to guide the transformation. This includes setting standards, similar to building codes, that must be adopted by development teams. These include standards for development patterns, semantics and deployment platforms, among others.  While constraining, these standards actually foster creativity and accelerate development because the teams don't have to reinvent/readdress these issues – in the same way that inventors of electrical appliances don’t have to worry about how to get electricity to the appliance.  The second role for EA deals with the big picture.  It is to produce the overall (target) architecture of solutions, and the services they consume, so that the development teams can build them out – similar to a “table-top” model of a building or a community that shows how everything fits together without providing the internal detail of each piece.  The overall solution architecture as well as the EA rules and constraints are provided to the acquisition process to be incorporated into contract language that directs the design and development of solutions. The solution architecture from the EA and the services consumed by the solution are provided for incorporation in the RFPs and define what the contractors are to build.

At the Solution Engineering phase of a program, EA should provide the definitional clarity described above (denoting the components of the architecture, their definitions, boundaries, and how they interoperate) as well as more detailed artifacts to guide design and development, including reference architectures and principles that identify patterns and platforms that can/must be used by design/development teams.  An example of a very successful architecture principle at a high level is that all functionality must be service based, that all interactions will occur through the service interfaces and that all service interfaces must be externalizable.  Amazon used this principle to implement all capabilities as services and in the process created a business platform to integrate all internal and external offerings.   (ref. Amazon;  see Steve Yegge’s Rant, 2011).

During design and development, the EA team should perform compliance reviews at appropriate stage gates to determine that the program is building out the components of the architecture and is complying with the rules and constraints.  Today, most EA programs review development progress “from an architectural perspective”.  But without a model to compare it to, the results are weak at best.  In many cases, development programs claim compliance with the EA because they can “map” their application to the Reference Models, rather than demonstrating that they are actually building out a part of a segment/domain architecture that will be reusable by others.

  

The bottom line is that AD should operate in a manner like most construction industries – develop an architecture and then build it, preferably by assembling solutions from pre-built components.  If the architecture is service based, it will be modifiable on an incremental basis and thus should stand the test of time.  If the solution components are specified and modeled in a rigorous manner, then automation (eg, code generation) can accelerate the process and facilitate the maintenance/enhancement process. 

This is the concept that we at Everware-CBDI have based our core competencies on.  We call it Service Oriented Application Modernization (SOAM) and it bridges EA and solution development.  SOAM consists of four disciplines: SOA, Agile Development, Model Driven Development, and Portfolio Transition Engineering.  This approach rapidly evolves the suite of IT assets to a set of rationalized, reusable components that can be reconfigured to address new challenges.   In the process we are able to align development results with the business goals and objectives. 

Agile IT: The Solution to the 25 Point Plan

In my last blog, I analyzed the 25 point plan for Federal IT reform from Vivek Kundra, inferring the four objectives for the Plan. In this blog, I outline the solution for achieving the objectives – something we at Everware-CBDI refer to as Service Oriented Application Modernization (SOAM). Recalling that the objectives of the Plan were to (1) increase IT cost effectiveness, (2) provide better IT support to the business/mission, (3) reduce development risk and cycletimes, and (4) reduce redundancy and inconsistency through reuse, an evolutionary modernization program is the necessary foundation. The era of large, all-or-nothing software development programs is over. In its place iterative, incremental, spiral, agile and other light methodologies are taking over. The goal is Agile IT – a portfolio of IT resources that not only aligns with business change, but is actually capable of enabling it.

Agile IT is an elusive term – especially in the Federal space – almost an oxymoron. However, there is an approach that we have applied successfully that contains the core components of Agile IT. Our SOAM combines best practices from Service Oriented Architecture (SOA), Model-Driven Development (MDD) and Agile Methods. At first glance, these might seem to be incongruous, even diametrically opposed, however, we have found that each provides a balance to the others and the result is highly synergistic.

For example, Agile Methods are adept at quickly creating software to serve specific purposes. However, Agile teams often begin with little or no formal documentation (eg, requirements or architecture) – the emphasis is on producing functionality (code) quickly that can be assessed by knowledgeable and empowered users. Therein lies the beauty of Agile: the solution evolves based on rapid feedback from users into the development process. But what if you don’t have access to knowledgeable users who are empowered to make decisions about the design for the entire organization (which is typically the case for government projects)? What’s more, Agile works best with small teams of highly-skilled developers who are well versed in the tools across the lifecycle and technology stack. The result is that Agile is more difficult to scale. You can’t just grow the team size – it becomes unwieldy. And if you have multiple teams, then you have communication/coordination issues. That is where SOA comes in.

SOA is an architectural style in which solutions to user needs are composed from services (imagine that!) that are accessed via well-defined interfaces. SOA allows the solution to be designed as a collection of interacting modules that can be reused in multiple ways. There are many benefits derived from SOA – such as lower cost from not having to build functionality (again), greater consistency in the enforcement of business rules, flexibility from the plug and play nature of services, and better alignment with the business needs. But for the development process, the key advantage is the ability to divide a solution into independent modules that are well insulated from each other. Obviously, you need other teams to integrate the modules into the solutions (à la “twin track” development); but, with an overarching service oriented architecture, the objectives of each team and their interrelationships should be clear.

Of course, with SOA the number of moving parts increases dramatically. Managing them is where MDD comes in. MDD uses models to document the requirements, design the solution and services, and generate the code or other executable artifacts (eg, BPEL, business rules, etc.) that become the system. Using MDD, the solution is developed at an abstract level and translated to more detailed versions. For example, typically a platform-independent version is created that is transformed to a platform-specific version by applying design patterns and platform conventions and constraints. From the platform specific models, the code is generated that become the executables of the system. In the Everware-CBDI MDD environment, some amount of code customization or extension is required (typically 10 -20%), but the generated code is intended for human consumption and hand modification. There are two key advantages from MDD in the development process. First, much of the functionality is generated – accelerating development, reducing the coding effort and associated errors, and improving the consistency of the code base. This also allows the developers to focus on customizing the code for the users’ requirements (value-added effort), rather than on the application “plumbing” that integrates all of the components of the solution. Secondly, MDD serves a coordinating role in synchronizing the efforts across all of the development teams. Changes in one module/model are automatically rippled across all related modules (avoiding the infamous ‘I fixed the error in 5 of the 6 places where it was found’ problem). This second benefit also implies more efficient maintenance for increased agility and a lower TCO of the software.

As you can see, at Everware-CBDI we have taken the agile approach a step further – developers don’t focus on producing commodity code (well, some of them do focus on specific code extensions); the focus is on refining the models from which code is generated. This is not only more efficient, it enables the rapid turnaround associated with agile methods to be combined with an architectural and engineering based approach to developing software solutions on a large scale. As, hopefully, should be clear from the above, each of these disciplines augments the others to make the approach so beneficial. The result is greatly improved productivity, flexibility of solutions, and responsiveness to the user needs – all of which support the four objectives of the 25 point plan mentioned above.

If you are interested in applying SOAM in your environment, please contact me (dmayo at everware-cbdi dot com) or check out our web site.

Dave Mayo, Everware-CBDI

The missing piece in Federal IT reform.

Vivek Kundra (Federal CIO at OMB) recently released a 25 point plan to reform Federal IT. It is an ambitious and detailed plan with timeframes and specific accountability that, if implemented, will certainly improve the planning, contracting and management of IT in the Federal government. However, while the details are there, the motivation behind the 25 points is missing – the emphasis is on action, not rationale. Now, action is good – without it nothing would get done. :-) However, I believe that more action will be undertaken if Federal IT managers understand what is behind the plan.

Having been involved in Federal IT for almost 30 years and a contributor to many IT improvement initiatives, I am going to take a shot at reading between the lines and try to discern the goals and objectives underlying the 25 point plan. First, I will try to categorize the points into a few groups (assignment of points to categories is indicated in parentheses). Obviously, some of the points can be assigned to different or additional categories, but this is probably close enough.

1. Reduce the cost of IT infrastructure (1,2,3,20)
2. Modernize government IT acquisition and contracting (4,5,13,16,25)
3. Reduce IT risks through better program management (7,8,12)
4. Identify and implement IT best practices (9,10,11,14,24)
5. Promote shared services and modular development (6,15,17)
6. Align processes for capital investment, budgeting and modular development (17, 18, 19, 20)
7. Improve IT management and oversight (22,23)

This categorization, while useful, does not really tell us what the underlying goals are. For example, there is an emphasis on shared services and modular development – but why? So, the next step is to try to abstract out the principles and goals that drive the categories and points. But, before we get to that, let’s look at the major challenges facing the Federal government with respect to IT. Here are some of the most significant.

1. Major IT program failures – billions lost due to failed program cancelations
2. Inability of applications to interoperate or share data (due to technical and semantic issues)
3. Majority of IT budget spent on O&M, leaving little to fund development of new capabilities (resulting in a large backlog of enhancement and new functionality requests)
4. Development lifecycle takes too long – driving large contracts and large contractors; requirement change during development
5. Redundancy (same capability is built into many applications) and inconsistency (enforcement of the same policy differs in multiple applications)
6. Lots of money wasted on redundant infrastructure and redundant capabilities

Ok, so let’s get to the goals and objectives behind the 25 point plan. The bottom line is the need to rationalize and modernize Federal IT management. At a high level, this includes the following.

1. Make IT more cost effective (reduce the per unit cost of delivering capabilities)
2. Provide better support to the business/mission of government – enable IT agility to underscore business agility
3. Reduce the risk and cycletime associated with IT development programs
4. Reduce redundancy and improve consistency through reuse

Ok, so if this is what we want to achieve, how do we go about achieving it? Some of the ways include the following:

1. Rationalize IT platforms and infrastructure (virtualization, cloud)
2. Update the IT process (acquisition through deployment/maintenance, modular (twin-track) SDLC)
3. Improve roles and skillsets (CIOs, acquisition specialists, program managers, etc)
4. Improve communications and collaboration (government – industry, business – IT, providers – consumers, semantics, IPTs)
5. Institute evaluation and feedback mechanisms (Techstat process)

Which brings us back to the 25 point plan. Now that we understand what we are trying to achieve, let’s get on with it.

Dave Mayo, Everware-CBDI

SOA Mismatch

SOA Mismatch

With all the talk these days about how “SOA is dead,” one might wonder: What does it really mean and what could have killed it? Yes, there has been disillusionment, but there are also examples of great success. From where I sit, I see the difference as a mismatch between SOA definitions and expectations. Let me explain.

There seems to be two major competing definitions of SOA floating out there. From the top down, the definition is that SOA is an architecture of interacting services. From the bottom up, the definition is that SOA is an integration technology – a more flexible way to hook things together (such as via web services). Each of these definitions has broad-reaching implications, from planning to governance to infrastructure support. From the business perspective the holy grail is the “adaptive enterprise” – the agility to turn the business on a dime to meet the requirements of a rapidly changing environment. The first definition of SOA holds out this promise – having a collection of architected services to mix and match allows a business to reconfigure the business and supporting IT to meet new demands. From a technology perspective, the second definition provides the benefit of network flexibility – making different technologies interoperable and allowing disparate technologies to be plugged in more easily.

So, for purposes of this discussion, the question is: is what is being promised the same as what is expected? In many cases of SOA disappointment, I contend the “buyers” (typically the business side) have been told that SOA leads to organizational agility. But, the SOA implementers have set out to deploy according to the second definition. Let’s be clear; there is a lot involved in implementing SOA according to either of these definitions. So, after the initial deliverables, the team shows the business what they have produced and the response is: How does this achieve organizational agility? The problem is they are both right – just using different definitions of SOA. Unfortunately, that is probably the end of the SOA initiative for that organization.

Perhaps what we need is to start each conversation with a comparison of the definition each party is using. This might help avoid the mismatch between what is expected and what is produced.

Organizational SOA

Anybody recently tell you that SOA is an IT integration technology? Don’t believe it. SOA’s biggest selling point is agility, and you don’t get that from an integration technology. SOA is actually architecture.

Forget IT. SOA can be applied to an organization (even one devoid of IT). If we throw out the conventional definition of organizations of hierarchies and functional units and replace it with a framework of business units offering services, we can derive a service oriented organization. Starting with the products and services we provide to external parties (external customers) and the products and services we obtain from external parties (external suppliers), we have the beginning of a framework to describe the organization. If we then add sets of internal customers and suppliers and define the act of providing a product or service to a customer as a service, we have the next step – a collection of services – tasks performed for a consumer. We can then map the incoming products and services to outgoing products and services by defining processes that consist of steps in transforming inputs to outputs. The processes and steps in the process are the services previously defined. So, processes become a string of services that are orchestrated to produce outputs. Now services are a lot like processes (very fractal) with inputs, activities and outputs; and, they can consume other services, so we need some rules to prevent service conflicts and circularities. This is achieved by defining an architecture of services with layers dividing the services based on rules about which services can call which other ones (for example, a typical rule is services at a given layer cannot call services at a higher layer).

Organizations that define themselves as collections of service (org) units, achieve agility from two basic facts: (1) processes can be changed by rearranging the services or replacing a given service with a different (new?) service and (2) new products can be produced by combining existing services in new ways and adding a few additional ones. Think about an insurance company offering a new coverage product – many of the activities required are the same as for existing products and can be reused.

In IT, the concepts are the same, except that now we are talking about software components instead of organizational units and they are even more flexible – software services can be offered to multiple consumers from the same distributed component on the network (i.e., the “cloud”). All of this adds up to a significant gain in agility both on the organizational and the IT side.