Sunday, July 13, 2008

Risks in Composite Applications

Here is my recent experience on Composite Applications. Yes, Composite Applications are cousin brothers of Mashups in Enterprise World! :-). While Mashups are situational apps that are predominantly built using Web Interfaces (SOAP/REST), Composite Applications are custom applications that are defined around existing assets in the enterprise. The assets can belong to any technology and be available in any consumable form, not necessarily in the form of Web Services.
If you google for Composite Applications, You will get different definitions from different vendors each of them woven around their own set of products/technology stack. But, Ultimately they all define the same. These are the applications that are composed to serve the unstructured needs of the customer. For the same reason, you will find Microsoft weaves around Office Business Applications, IBM tells the story around Lotus Notes and SAP has Adobe Forms. And have a look at this Microsoft blog which explains the architectural differences between traditional apps and composite apps.
Of couse, the very idea of 'Composing' apps (and not 'building' apps) looks tempting and interesting!. Of couse, the idea of getting apps to the clients, instead of clients reaching out to apps, looks enriching and rewarding!.
Some of the interesting apps could be - clients accessing a purchase order information from SAP without even leaving his Microsoft Outlook and working through the Order collaboratively with his peers.
But, be warned for the following reasons:
- We are increasing the number of tiers in the application. Two-Tier / Three-tier no longer hold good.
- We are increasing the number of COTS in one vertical slice of the application. Its no longer pure custom app (100% coded). You will have participants from multiple platforms/products/technologies in a single business process.
- Security. The whole game would be easy if all the tiers in the app belong to single vendor/single technology/single OS. The moment where we compose the app out of assets from different participants, the security reconciliation of ID and Roles will be cumbersome!. In my recent experience, I realized that a Security platform, something like TransactionMinder, that would ensure end-to-end security across all tiers will help.
- System Management. If your custom apps have some footprint of desktop elements, then we are going a couple of decades back (unknowingly) in the app architectures. Performance - In Three tier web apps themselves, there is no single product/tool that is available in the market that would give me end-to-end performance of a vertical slice in the app. Imagine the amount of complexity involved in tracking the performance and other SLAs in a multi-tiered composite apps!.
- Last but not the least - the composite apps are pervasive and multi-channel enabled. We need new set of tools and techniques to manage the SLAs across channels for a single business capability that is exposed as composite!.

No comments: