Enterprise IT Watch Blog

March 1, 2010  4:28 PM

A-Commerce: 10 Ways APIs will change IT Operations

Guest Author Profile: Guest Author

Editor’s Note: Today’s guest post is by Sam Ramji, vice president of Sonoa Systems and former head of open source strategy for Microsoft. If you liked what you read, he has his own blog or you can follow him on Twitter. -MM

You’ve probably heard that Twitter’s API has been the primary driver for the fast growth and rapid morphing of Twitter’s service.  You may know that eBay and Salesforce.com get over 60% of their usage via APIs.  And in the last couple of months, you may have heard people at your company in marketing, business development, or software engineering talking about your own API.  If not, you will soon.

If you’re in the retail industry, this is going to make you very busy for the next few years.  APIs are a technology buzzword that basically equate to a new way to use the web.  In the 90s every retailer went “online” to take advantage of the cost of sales and margin improvements that came from having an e-commerce channel.  These sites enabled companies to “sell direct to millions of new customers”, and those who got online later had to race to catch up just to protect their businesses.

Now in the 2010’s there’s a new way to use the web – a-commerce, or commerce via APIs.  Mobile app and web app developers can use APIs to build very cool new applications that look and behave totally unlike your core website, but use your commerce engine just like a regular affiliate.  This lets them get to consumers who would never have come to your website, but love to use the app and therefore your company makes money.

While at first this may sound like nothing new, it turns out that there are a lot of new issues to manage.
The 10 New Factors of A-Commerce for IT Operations

1. Performance: API-driven demand patterns & load on infrastructure are really different from web-driven demand.  Developers will often wrap a database object directly in an API rather than shielding it with a web page that limits the number of rows that will be returned; programs will use that API in unpredictable ways that will load your system differently.  Added to that, many more new concurrent connections from thousands of new sources will be simultaneously hitting your backend servers.

2. Analytics: Channel sprawl is a good thing for margin, but tough on reporting.  There are multiple channels that affiliates are coming through – iPhone apps, tablets, web apps – and you’ll need to provide a combined view on their activity.  API traffic cannot be seen by Google Analytics or any existing web tool so you will need to figure this out.

3. Auditing: Recording the sources of the a-commerce transactions and integrating with affiliate management services to pay a-commerce partners is important.  Payment disputes will happen and you need to have a trail of data to show what happened in your systems.

4. Seasonality: Preparing for holiday rush is critical in order to run a trustworthy a-commerce service.  This requires not just performance forecasting and knowing what can be cached, but how to throttle low-value requests when high-value purchases are in the queue.

5. Security: The number of usernames and passwords are going to explode.  Don’t make users and developers build a new username and password to use your system.  By making OAuth the standard you can let users and developers log in using their Twitter or Facebook accounts.  This will save you a ton of hassle managing password resets and angry users.

6. Protection: Prioritizing traffic between web visitors and API users – who has priority when your infrastructure is under load?  Additionally, protecting against a-commerce threats requires filtering out XML header bombs, SQL injection attacks that come in via the API, and other new forms of attack.

7. Privacy: Ensuring that sensitive data isn’t exposed incorrectly requires knowing and controlling what customer and commerce data is leaving the firewall, staying in compliance, and ensuring PCI standards are met.  In an API world, this data is hidden in XML and JSON formats which you will need to scan and manage.

8. Evolution: Unlike a website which is under your control, or under the terms of “caveat emptor” when you are being webscraped, now there are affiliates who are depending on the API working a certain way.  When the development team changes their code and builds a new version of the API, you need to be prepared to manage apps that break.

9. Provability: SLAs multiply in this scenario.  Make sure that you can prove that your service was up and responding when upper management comes looking for who to blame when things go wrong for a high-priority a-commerce affiliate.

10. Debugging: this used to be something that just the internal development team handled by themselves; you may or may not have been involved.  Now there are a ton of new developers trying to figure out how to use your service, sending malformed requests, generating errors.

The specific combination of analytics, debugging, provability, and protection will come in extremely handy during the winter holiday season – being able to understand traffic spikes, identify misuse of your platform and removing that traffic while letting the good transactions continue to flow will be crucial in preventing downtime and maximizing revenue generating CPU cycles.

In the next articles in this series, we’ll dive deeper into each of the 10 issues listed above.  Let us know which ones you’re most interested in and we’ll cover those first!

Sam brings over 15 years of industry experience in enterprise software, product development, and open source strategy.  Prior to Sonoa, Ramji led open source strategy across Microsoft. He was a founding member of the AquaLogic product team and has built large-scale enterprise and Web-scale applications, leading the Ofoto engineering team through its acquisition by Kodak. Other experience includes hands-on development of client, client-server and distributed applications on Unix, Windows and Macintosh at companies ranging from Broderbund to Fair Isaac. Sam holds a Bachelor of Science degree in Cognitive Science from the University of California at San Diego, and is a member of the Institute for Generative Leadership.

February 25, 2010  11:44 PM

Former SalesForce CEO: The Cloud is Coming

Michael Morisy Michael Morisy Profile: Michael Morisy

SalesForce.com has been the darling of the enterprise SaaS industry, with explosive growth that has eaten away at traditional CRM vendors’ marketshare. The company’s now poised, with Force.com, to extend its dominance even farther, but former CEO Steve Cakebread says that the cloud arena is just starting to get interesting.

He said that since leaving SalesForce.com, he’s been consulting with eHealth companies, portfolio managers and Xactly, a SaaS-based sales compensation company, where he is now the chief financial and administrative officer.

Almost all of those conversations focus on one topic: The cloud will change the future of enterprise IT.

“My long-term view of the [SaaS] industry is that over the next to 10-15 years, it replaces on-premise software completely,” Cakebread said in a recent interview with the IT Watch Blog. “There’s a lot that needs to come out before then, but I’m pretty convinced today that with the architectures being put in place that nothing needs to be run on premise.”

According to Cakebread, it just makes too much sense: “Every CIO is worried about redundancy and disaster recovery. if you’re using a couple different SaaS providers, that’s something you don’t have to worry about.”

Make sure they have a solid, distributed network of data centers, and CIOs can sleep a little easier knowing that even if a cable is cut by a careless backhoe or a data center burns down, their data is safe and accessible somewhere, somehow.

Of course, with cloud computing, one chief concern (just read the ITKE forums) is security. Denny Cherry captured a prevalent feeling when he wrote that, ” If you need to be sure that your data is secure, then a Cloud platform may not be the correct choice.”

Cakebread disagrees, however, saying that more cloud vendors are becoming open about their security practices and willing to work with companies.

“The larger companies allow your IT security people to come in and look at the setup, and they come away feeling comfortable the security was as good or greater than what they have internally,” he said. The same goes with uptimee. He had the same message on uptime, performance and interoperability: No, the cloud may not be perfect, and you’ll have downtime when your Internet is down, but the uptime and reliability is still, in many cases, better than what companies are getting today so why not go with cloud?

He also said that there’s one area ripe for SaaS conquest: ERP. While there are some players in the field, like NetSuite, it’s a hugely complicated problem because of the integration, security, and uptime required. That complexity means it’s also a huge potential win for whoever can master it first and seize marketshare.

“Right now, everyone builds their tools around their core ERP,” Cakebread said. “There are vendors there, but they need to make their applications worldclass and robust.”

February 22, 2010  12:24 PM

Are you prepping for the post-E-mail era?

Michael Morisy Michael Morisy Profile: Michael Morisy

“You may say that I’m a dreamer, but I’m not the only one.” – Imagine, by John Lennon

It’s not uncommon for office workers to pine for the days before e-mail everywhere, particularly those workers tethered to the office 24/7 by the BlackBerry and its incessant e-mail chirps, buzzes or beeps. But maybe they can now start taking heart from the promise of a post-e-mail era.

Who else is dreaming with them? Well, Microsoft’s Outlook team for one. Microsoft’s Social Connector doesn’t quite put social networking on an even level with e-mail, but it’s getting pretty close: It crawls your social networks and even internal tools to present context relevant data right in Outlook, which for millions literally defines what e-mail is.

I use the term “post-e-mail” loosely and, even then, hesitatingly. For years, we’ve been promised the “post-paper” office, only to find that the proliferation of computers actually increased paper usage. But the importance of paper files certainly has decreased over the years, and by throwing social networking into it’s main communications mix, Microsoft is likely signaling that e-mail is likely taking the same path. In other words, your e-mail cup will still runneth well over, but you’ll have a wider selection at the bar to choose from.

More on Outlook Social Connector:

February 18, 2010  12:38 PM

Playing project management poker

Michael Morisy Michael Morisy Profile: Michael Morisy

Project management is incredibly simple until you actually have to do it, which is why books, seminars and other aids abound. I’d heard of T-Shirt Sizing before, where team members are asked to help estimate and prioritize project elements using relative measures, rather than guessing the absolute time or manpower needed. Yvette Francino uncovered another project estimation technique, Project management poker:

Planning Poker is a technique where each team member use cards with a range of numbers to estimate effort. Typically the numbers do not progress incrementally, but are more spread apart, the higher they get. The Fibonacci series (0, 1, 2, 3, 5, 8, 13, 21, …) can be used for this. The reasoning behind this is that the larger the numbers get, the more uncertainty there is.  Cohn gave us each a deck of cards and had us do an exercise in which we were given several tasks and then work in teams to estimate those tasks using the cards. If we didn’t agree on the first pass, we would explain our reasoning and vote again. In all cases, we were able to reach consensus quickly.  Cohn even has made a free planning poker tool available for distributed agile teams.

Yvette has posted some videos that more fully explain why poker planning works, and there’s even a free tool to try it with your team online. While that tool is specific for Agile development teams, I would love to hear if you think, or any other project estimation techniques, are useful in your department when plotting out major projects.

February 17, 2010  1:28 PM

Enabling RESTful Web Services in the Enterprise

Guest Author Profile: Guest Author

Today’s guest blog post by Francois Lascelles tackles why RESTful web services matter in the enterprise, and why they’re going to matter even more in the new future. Francois is the technical director of Europe for Layer 7 Technologies, and he also blogs at SYS-CON. -Michael

As the ‘old SOA’ post-mortem reality settles, many enterprise architects are turning their attention to WOA (Web Oriented Architecture) and more lightweight REST-style Web services. REST lowers the bar of complexity for exposing Web service-type APIs. What started off as a grassroots movement is now maturing fast: RESTful Web services support is growing, standards are emerging and the debates on the comparative merits of REST vs. WS-* have given place to inclusion and rapprochement.

Cloud-based deployments are especially well-suited for RESTful Web services. Enterprises already use SaaS (Software as a Service) applications, which expose their own REST-style APIs. PaaS (Platform as a Service) offerings enable enterprises to expose their own cloud-side services. These, along with on-premise deployed services, partner services and others, constitute the new distributed SOA upon which enterprises are increasingly relying.

What can the enterprise do to leverage such deployment patterns and address security concerns? The security considerations about enterprise services being exposed, whether on or off premise, are equally important for RESTful Web services as for their WS-* counterparts.

A crucial factor to enable the management of security is standards. This is especially true in the context of a distributed SOA where an ecosystem of service zones interact with each other under varying authority. A case in point: two dominant cloud-based application platforms today—AWS and Azure. Both platforms define an HMAC-based authentication scheme but both versions are home-baked and incompatible with each other. Emerging standards will be essential to ensure consistency and richer security management. The so-called Enterprise vs. OpenSource identity ‘camps’ are not mutually exclusive. Standards like OAuth and OpenID should be considered by the enterprise; their application is broader than just social media. Along the same lines, it would be useful to define a new SAML binding specification that would be tailored to RESTful Web services.

Because RESTful Web services have a strong transport-level orientation, they tend to be network infrastructure-friendly. Yet, just as for WS-* services, these RESTful Web services receive payloads and potential message-level threats such as injections and parser attacks. Network-focused types of infrastructure do not address the content-level inspection needed. Consider SOA specialized perimeter gateways that detect message-level threats, validate compliance for XML structures, implement emerging standards such as JSON Schema Validation, enable the enforcement of rules that take into consideration identity, URIs, HTTP Verbs, etc: the ability to virtualize service endpoints at the edge is an important aspect of securing and managing their use.

As standards continue to mature and infrastructure increasingly focuses on addressing RESTful Web service use cases, expect REST to increase its footprint in the enterprise landscape in the near future.

Francois Lascelles works for Layer 7 Technologies, an Enterprise SOA and Cloud infrastructure provider. As the Technical Director, Europe for Layer 7, Francois advises global corporations and governments in designing and implementing secure SOA and cloud based solutions. Francois joined Layer 7 in its first days back in 2002 and has been contributing ever since to the evolution of the SecureSpan SOA infrastructure product line. Francois is co-author of Prentice Hall’s upcoming SOA Security book.

Interested in guest blogging for the IT Watch Blog? Contact Michael Morisy at Michael@ITKnowledgeExchange.com.

February 16, 2010  9:46 AM

RIM’s new BlackBerry Enterprise Server Express throws a bone to consumerized IT departments

Michael Morisy Michael Morisy Profile: Michael Morisy

Research In Motion (RIM)’s new product features two words you don’t often see together: “Enterprise” and “Express.” Along with telecoms, good enterprise relations have long been RIM’s bread and butter, with the smartphone giant preferring to deploy its phone fleet through the proper channels, but with more end users choosing, purchasing, and bringing in their smartphones to the office, RIM’s now offering a “lightweight” version of its pricey BlackBerry Enterprise Server at a surprising price point: Free.

From the official RIM announcement:

The new BlackBerry Enterprise Server Express software will be provided free of charge in order to address two key market opportunities. First, the software offers economical advantages to small and mid-sized businesses (SMBs) that desire the enterprise-grade security and manageability of BlackBerry® Enterprise Server but don’t require all of its advanced features. Second, more and more consumers are purchasing BlackBerry smartphones and the free BlackBerry Enterprise Server Express software provides a cost-effective solution that enables IT departments to meet the growing demand from employees to be able to connect their personal BlackBerry smartphones to their work email.

The offering boasts “over 35 IT controls and policies, including the ability to remotely wipe a smartphone and enforce and reset passwords,” which covers a variety of basic business needs, and which could be a great introduction to the hundreds of management and integration features that the full BES offers.

February 11, 2010  9:23 AM

Could Google’s Buzz be a corporate Valentine?

Michael Morisy Michael Morisy Profile: Michael Morisy

If you use GMail, or stay current on the latest tech trends, you’ve seen Google Buzz, Google’s latest foray into real-time updates and social networking. Reactions have been mixed, unsurprisingly, but one analyst who doesn’t see too much potential overall writes that the app might find a niche audience with enterprises looking to jump start internal social computing programs.

Irwin Lazar, vice president of communications research at Nemertes Research, wrote on his Enterprise 2.0 blog that he doesn’t “see it replacing Facebook (or even LinkedIn),”

Where Buzz, I think, has the greatest appeal is in creating a social community within companies using Gmail or Google apps as their corporate messaging environment. Buzz just fired a shot across the bow of all the social computing software or service vendors targeting SMBs. If you are already paying for a corporate Gmail service, you just got a whole suite of social tools as well.

Forget attacking Facebook and LinkedIn, in other words. It’s Yammer and Salesforce Chatter that Buzz could send packing.

Does Buzz have potential in your enterprise, or is it just another potential productivity hazard? I want to hear your thoughts in the comments or directly at Michael@ITKnowledgeExchange.com. I’m happy to keep your name and company confidential if asked.

February 4, 2010  12:58 AM

Guide to Enterprise Cloud Computing

Michael Morisy Michael Morisy Profile: Michael Morisy

Here at ITKnowledgeExchange, we’ve been working furiously to bring together the best resources on what’s in store for cloud computing in 2010. It is, after all, a rather pie-in-the-sky concept and it’s impossible to even define what “cloud computing” means without stepping on someone’s toes. In fact, in a recent discussion with an analyst, I was told that cloud computing was progressing despite its image: When pared down to a specific offering (Backup-as-a-Service, for example) the cloud became much more palatable than general “software-as-a-service” offerings in opinion polls of IT buyers.

We’ll dive into why, and the who, what, where, and when, throughout the rest of February, and in the meantime take a look through this guide to cloud computing and let me know what’s helpful and what you would like to know more about.

Frequently Asked Questions about Enterprise Cloud Computing:

Still have unanswered questions? See what others are asking about cloud computing or ask your own IT question in our forums!

For a deeper dive, take a look at some of these excellent cloud computing book recommendations we’ve pulled together, or suggest your own:

Books on Enterprise Cloud Computing:

Have another suggestion for this list? E-mail me at Michael@ITKnowledgeExchange.com or leave it in the comments.

Want to connect directly with experts? Read their blogs to hear straight from the horse’s mouth: The pioneers, chearleaders and critics of cloud computing are often just a click away, and we’ve helped to organize the best of the best.

Top Cloud Computing Bloggers:

The list is a work in progress, so leave a message in the comments if you know of a blog to add.

What else would make this guide useful to you? Let me know in the comments or e-mail me directly at Michael@ITKnowledgeExchange.com with any additions, corrections or suggestions.

February 3, 2010  11:53 PM

The Watch Blog’s Guide to the Cloud Computing Blogosphere

Michael Morisy Michael Morisy Profile: Michael Morisy

Note: I’ll be coming back and updating this list throughout February (and beyond!), so if you have suggestions to add, please leave them in the comments or e-mail me at Michael@ITKnowledgeExchange.com. Thanks! -Michael

Looking for the best reading on cloud computing? Look no further: As part of our all-in-one guide on cloud computing, we’re collecting the best blogs on cloud computing, categorized to help you find the information you need. Know a great resource that’s missing? E-mail me at Michael@ITKnowledgeExchange.com.

IT Trade Publication Blogs

InfoWorld’s Cloud Computing by David Linthicum
SearchCloudComputing’s The Troposphere by Carl Brooks
The latest cloud computing posts on the IT Knowledge Exchange network.

Official Vendor Blogs

apigee’s blog
enStratus’ The Cloud Blog by George Reese
f5’s Two Different Socks by Lori MacVittie

Personal(ish) Cloud Blogs

What Do You Care What Other People Think? by Sam Ramji
Rational Survivability by Christopher Hoff
The Wisdom of Clouds by James Urquhart


Gartner’s Thomas Bittman (Rarely updated)
Forrester’s James Staten (Rarely updated)


TMForum’s Cloud Services Initiative Group

February 3, 2010  7:25 PM

Tech books on cloud computing

Michael Morisy Michael Morisy Profile: Michael Morisy

Looking to brush up on cloud computing? I’ve polled analysts, IT professionals, publishers and Amazon to bring you some of the top reads on cloud computing. See something we missed? Let me know and we’ll add it to our list!

Top reads so far (click the title for more information):

Cloud Application Architectures: Building Applications and Infrastructure in the Cloud

  • Author: George Reese
  • Publisher: O’Reilly

From the Publisher:

If you’re involved in planning IT infrastructure as a network or system architect, system administrator, or developer, this book will help you adapt your skills to work with these highly scalable, highly redundant infrastructure services. Cloud Application Architectures will help you determine whether and how to put your applications into these virtualized services, with critical guidance on issues of cost, availability, performance, scaling, privacy, and security.

From Readers:

George Reese has put together an exceptional overview of developing applications and infrastructures in the cloud. His professional experience and understanding of the topic is obvious in the way he writes. While the book is certainly centered on Amazon’s cloud services, I feel that the central concepts are still quite applicable to cloud computing in general. Cloud Application Architectures is a must for IT managers and developers alike, as the topics covered span both the business and technical facets of moving into the cloud. As usual, O’Reilly has done it again by publishing a well written and informative title that no doubt will prove invaluable to its readers.

–Brandon Ching, at Restrained Freedom. Read Brandon’s full review.

Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide

From the Publisher:

Writing for IT executives, architects, and developers alike, world-renowned expert David S. Linthicum explains why the days of managing IT organizations as private fortresses will rapidly disappear as IT inevitably becomes a global community. He demonstrates how to run IT when critical elements of customer, product, and business data and processes extend far beyond the firewall—and how to use all that information to deliver real-time answers about everything from an individual customer’s credit to the location of a specific cargo container.

From Readers:

My review in a nutshell: This is a very well-written, easy-to-read book, targeted at IT managers, that provides a robust overview of Cloud Computing and its relationship to SOA, and the core basics of a game plan for leveraging it.

–Todd Biske, at Outside the Box. Read Todd’s full review.

P.S.: David’s doing a live webcast on cloud computing Tuesday, February 9th, over at Safari Books. A few participants will get a free copy of his book.

Cloud Computing: Web-Based Applications That Change the Way You Work and Collaborate Online

From the Publisher:

Michael Miller is known for his casual, easy-to-read writing style and his ability to explain a wide variety of complex topics to an everyday audience. Mr. Miller has written more than 80 nonfiction books over the past two decades, with more than a million copies in print. His books for Que include Absolute Beginner’s Guide to Computer Basics, Googlepedia: The Ultimate Google Resource, and Is It Safe?: Protecting Your Computer, Your Business, and Yourself Online.

From Readers:
None so far! E-mail Michael@ITKnowledgeExchange.com if you’d like your review featured here.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: