hype cychype cycle for application development 2007le for application development 2007

8/10/2019 Hype CycHype Cycle for Application Development 2007le for Application Development 2007

1/47

ResearchPublication Date: 29 June 2007 ID Number: G00147982

2007 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any formwithout prior written permission is forbidden. The information contained herein has been obtained from sources believed tobe reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. AlthoughGartner's research may discuss legal issues related to the information technology business, Gartner does not provide legaladvice or services and its research should not be construed or used as such. Gartner shall have no liability for errors,omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed hereinare subject to change without notice.

Hype Cycle for Application Development, 2007

Jim Duggan, Daniel B. Stang, Partha Iyengar, Thomas E. Murphy, Allie Young, David Norton,Mark Driver, L. Frank Kenney, Greta A. James, Mark A. Beyer, Roy W. Schulte, Yefim V. Natis,David Gootzit, Frances Karamouzis, Lorrie Scardino, Michael J. Blechar, David Newman, JosephFeiman, Neil MacDonald, Donald Feinberg, Ray Valdes, Matt Light, David W. Cearley, David W.McCoy, Jess Thompson

A shift to process and service orientation is altering staffing, tools and methods ofsoftware development. In parallel, governance, planning, control and quality assurancetechniques are being refined and strengthened to drive more predictability and meet thechallenges of global sourcing.


2/47

Publication Date: 29 June 2007/ID Number: G00147982 Page 2 of 47

2007 Gartner, Inc. and/or its Affiliates. All Rights Reserved.

TABLE OF CONTENTS

Analysis ............................................................................................................................................. 4

What You Need to Know...................................................................................................... 4The Hype Cycle .................................................................................................................... 4The Priority Matrix ................................................................................................................ 4

On the Rise........................................................................................................................... 6

Data Service Architectures...................................................................................... 6Metadata Ontology Management ............................................................................ 7Information-Centric Infrastructure............................................................................ 8

SDLC Security Methodologies ................................................................................ 9

SOA Testing .......................................................................................................... 10Collaborative Tools for the Software Development Life Cycle .............................. 10Enterprise Information Management ..................................................................... 11

Application Quality Dashboards ............................................................................ 12

Event-Driven Architecture...................................................................................... 13Metadata Repositories........................................................................................... 14RIA Platforms ........................................................................................................ 16

At the Peak......................................................................................................................... 17

Application Testing Services ................................................................................. 17SOA Governance Technologies............................................................................ 19

Globally Sourced Testing ...................................................................................... 21

Model-Driven Architectures................................................................................... 22

Scriptless Testing .................................................................................................. 23Architected, Model-Driven SODA.......................................................................... 24Enterprise Architecture Tools................................................................................ 25

Application Security Testing.................................................................................. 26Sliding Into the Trough ....................................................................................................... 27

Project and Portfolio Management ........................................................................ 27Business Application Package Testing ................................................................. 28

Agile Development Methodology........................................................................... 29Unit Testing ........................................................................................................... 30

ARAD SODA ......................................................................................................... 31

SOA....................................................................................................................... 32

Climbing the Slope ............................................................................................................. 33Enterprise Software Change and Configuration Management.............................. 33Enterprise Portals.................................................................................................. 33

Microsoft .NET Application Platform...................................................................... 34

OOA&D Methodologies ......................................................................................... 36Linux as a Mission-Critical DBMS Platform........................................................... 37Performance Testing ............................................................................................. 38Open-Source Development Tools......................................................................... 38Business Process Analysis.................................................................................... 39

Entering the Plateau........................................................................................................... 40

Automated Testing ................................................................................................ 40

Java Platform, Enterprise Edition.......................................................................... 41

Appendices......................................................................................................................... 43

Hype Cycle Phases, Benefit Ratings and Maturity Levels.................................... 45

Recommended Reading.................................................................................................................. 46


3/47


4/47



ANALYSIS

What You Need to Know

Technology and governance advances are improving the speed and quality of software delivery

and the business utility of the products. Service orientation is becoming the most commonarchitectural approach. Techniques and tools to improve the planning, measurement, control andreporting of application development and delivery activities are advancing quickly.

The Hype Cycle

Application development activities are changing in two ways: 1) process and service orientation isaltering the staffing, tooling and methods being used to carry software from business need toproduction code, and 2) governance, planning, control and quality assurance (QA) techniques arebeing refined and strengthened to drive more predictability and to meet the challenges of globalsourcing.

Figure 1. Hype Cycle for Application Development, 2007

TechnologyTrigger

Peak ofInflated

Expectations

Trough ofDisillusionment

Slope of EnlightenmentPlateau of

Productivity

time

visibility

Years to mainstream adoption:

less than 2 years 2 to 5 years 5 to 10 years more than 10 yearsobsoletebefore plateau

As of June 2007

Performance Testing

Enterprise Software Change andConfiguration Management

Unit Testing

AgileDevelopment

Methodology

Business ApplicationPackage Testing

Project and PortfolioManagement

Architected, Model-Driven SODAScriptless Testing

Model-Driven Architectures

Globally Sourced Testing

Metadata Repositories

Data Service Architectures

Application QualityDashboards

Enterprise InformationManagement

Information-CentricInfrastructure

Collaborative Tools

for the SoftwareDevelopment Life Cycle

SOA Testing

Metadata Ontology Management

Business Process Analysis

Open-SourceDevelopment Tools

Linux as a Mission-Critical DBMS Platform

OOA&D Methodologies

Enterprise Portals

Microsoft .NET Application PlatformSOA

ARAD SODA

Enterprise Architecture Tools

Event-Driven ArchitectureAutomated Testing

Java Platform, Enterprise Edition

SDLC SecurityMethodologies

SOA Governance TechnologiesApplication Security Testing

RIA Platforms

Application Testing Services

TechnologyTrigger

Peak ofInflated

Expectations



Productivity

time

visibility

TechnologyTrigger

Peak ofInflated

Expectations



ProductivityTechnology

Trigger

Peak ofInflated

Expectations



Productivity

time

visibility

time

visibility





As of June 2007

Performance Testing

Enterprise Software Change andConfiguration Management

Unit Testing

AgileDevelopment

Methodology


Project and PortfolioManagement

Architected, Model-Driven SODAScriptless Testing








Collaborative Tools

for the SoftwareDevelopment Life Cycle

SOA Testing


Business Process Analysis



OOA&D Methodologies

Enterprise Portals

Microsoft .NET Application PlatformSOA

ARAD SODA


Event-Driven ArchitectureAutomated Testing

Java Platform, Enterprise Edition


SOA Governance TechnologiesApplication Security Testing

RIA Platforms

Application Testing Services

Source: Gartner (June 2007)

The Priority Matrix

Financial effectiveness has become a major issue for many application groups. They are seekingmore-formal processes to help achieve the goal of running IT as a business, with budget


5/47



discipline and effective planning techniques that lead to predictable results. Although individuallyincremental, the convergence of changes in the governance, planning and control techniques aretransformative when taken across all topic areas.

Service-oriented architecture (SOA) leads to service-oriented development and requiressubstantial changes in staffing, tooling and practice throughout development organizations.Business process management (BPM) techniques move companies in the same direction.

Ultimately, the distinctions between service-oriented development of applications (SODA) andBPM will narrow, as both marginalize the distinctions between development time and runtimesystems and processes.

Figure 2. Matrix for Application Development, 2007

low

years o ma ns ream a op onene

moderate

high

transformational

As of June 2007

Agile DevelopmentMethodology

Metadata OntologyManagement


Application TestingServices

Enterprise SoftwareChange and ConfigurationManagement


Business ProcessAnalysis

OOA&D Methodologies

Performance Testing

Unit Testing


Model-DrivenArchitectures

Scriptless Testing


Application SecurityTesting

Architected, Model-DrivenSODA

Collaborative Tools for theSoftware DevelopmentLife Cycle

Enterprise ArchitectureTools



Microsoft .NET ApplicationPlatform

Project and Portfolio

Management

RIA Platforms

SOA GovernanceTechnologies

ARAD SODA

Automated Testing


Java Enterprise Edition


Event-Driven Architecture


Data ServiceArchitectures

SOA

SOA Testing

Enterprise Portals

more than 10 years5 to 10 years2 to 5 yearsless than 2 years

low

years o ma ns ream a op onene

moderate

high

transformational

As of June 2007

Agile DevelopmentMethodology

Metadata OntologyManagement


Application TestingServices

Enterprise SoftwareChange and ConfigurationManagement


Business ProcessAnalysis

OOA&D Methodologies

Performance Testing

Unit Testing


Model-DrivenArchitectures

Scriptless Testing


Application SecurityTesting

Architected, Model-DrivenSODA

Collaborative Tools for theSoftware DevelopmentLife Cycle

Enterprise ArchitectureTools



Microsoft .NET ApplicationPlatform

Project and Portfolio

Management

RIA Platforms

SOA GovernanceTechnologies

ARAD SODA

Automated Testing


Java Enterprise Edition




Data ServiceArchitectures

SOA

SOA Testing

Enterprise Portals

more than 10 years5 to 10 years2 to 5 yearsless than 2 years

Source: Gartner (June 2007)


6/47



On the Rise


Analysis By:Mark Beyer

Definition:Data services consist of processing routines that provide direct data manipulation

pertaining to the delivery, transformation and the logical and semantic reconciliation of data.Unlike point-to-point data integration solutions, data services de-couple data storage, security andmode of delivery from each other, as well as from individual applications, to deliver them asindependently designed and deployed functionality that can be connected via a registry orcomposite processing framework. Data services can be used in a networked fashion that isorchestrated through a composite processing model or designed separately, then reused invarious, larger-grained processes.

Position and Adoption Speed Justification:Data services are, by their nature, a new style ofdata access strategy that replaces the data management, access and storage duties currentlydeployed in an application-specific manner. Data services architecture is merely a sub-class orcategory of SOA that does not form a new architecture, but brings emphasis to the varyingservices that exist within SOA. Most of the large vendors have announced road maps and plans

to pursue some variant of the data service approach, but this is an evolutionary architectural stylethat does not warrant "rip and replace" at this time and will coexist with current application designtechniques. Disillusionment will occur as organizations realize the granularity required to deploythis type of architecture, especially relative to the differences between handling data via abusiness operational process vs. data handling via industry delivery concepts.

User Advice:Users should focus on delivering a semantic layer that portrays the use of data andinformation in the organization and, at the same time, begin developing a logical business model.The logical and semantic model should be interpreted to the physical repositories throughout theorganization creating a physical-to-logical-model reconciliation. In 2006, this technology classwas specifically focused on information in the former "structured" data class only. In 2007, initialadvances in using model-to-model (M2M) language communication via metadata operators areblended into this technology. The M2M introduction caused a temporary retrograde in thetechnology position and at the same time will accelerate its movement along the cycle. Existing

data integration vendors: extraction, transformation and loading (ETL), enterprise integrationinformation (EII) and enterprise application integration, have begun to pursue common metadatarepositories used as a core library to deploy all data delivery modes but have not built machineintelligence into optimization strategies. Organizations should eschew vendor developmentplatforms that deny or refute the requirement for interoperability.

Business Impact:Data services are not an excuse for each organization to write its own, uniquedatabase management system (DBMS), as most DBMSs both store data and provide readyaccess. Data services can sever the tight links between application interface development andthe more infrastructure-style decisions of database platforms, operating systems (OSs) andhardware. Specifically, the metadata interpretation between business process models, semanticusage models and logical/physical data models will enhance the overall adaptiveness of ITsolutions. This will create a portability of applications to lower-cost repository environments whenappropriate and create a direct corollary between the cost of information management and thevalue of the information delivered by delivering semantically consistent data and information toany available presentation format. This is opposed to the current scenario in which monolithicapplication design can drive infrastructure costs up because of their dependence on specificplatform or DBMS capabilities.

Benefit Rating:Transformational


7/47



Market Penetration:Five percent to 20% of target audience

Maturity:Emerging

Sample Vendors:Ab Initio; Business Objects; IBM; Informatica; Oracle

Recommended Reading:"The Emerging Vision for Data Services: Becoming Information-

Centric in an SOA World""Data Integration Is Key to Successful Service-Oriented Architecture Implementations"

"Service-Oriented Business Applications Require EIM Strategy"


Analysis By:Mark Beyer; Michael Blechar

Definition:Metadata ontology management addresses the problem of information assets createdby different processes, defined by different business terms and interpreted through disparatesemantics, to produce competing taxonomies. Ontology management recognizes thatsimultaneous metadata descriptions can exist for each information asset and proceeds toreconcile them. The various metadata sources include business process modeling, EII, ETL,

metadata repository technologies and others. Ontology management allows business analysts toleverage the value of these assets better, while promoting improved understanding acrossbusiness units and IT management personnel.

Position and Adoption Speed Justification:Business organizations are just embarking on theuse of metadata in determining the value of data points and information delivered throughinformation technology systems. One high business value use of metadata is found in the abilityto justify and identify how decisions were made, based on information available at any given time.The new demand for metadata that describes end-user interpretations of "fact" will force theintroduction of annotation metadata in daily workflows.

Presently, most metadata management functionality is a feature of existing metadata tools limitedto model extension with end-user defined columns and metadata versioning with no workflow oradministrative enforcement beyond the development team. With the advent of SOAs and the

active use of metadata to control services flow, it will become imperative that the businessbecomes involved in linking the BPM workflows with information management workflows. This willforce new metadata management tools development with a radically different business userinterface.

User Advice:

1. Identify data management and integration tools that include metadata repositorymanagement interfaces, supporting metadata model extensions.

2. Identify data management and integration tools that expose metadata repositories viaapplication programming interfaces (APIs) and service calls, versus metadataimport/export functionality only.

3. Acclimate business personnel to their role in creating information assets and theimportance of metadata as a precursor to introducing these practices.

4. Initiate a data administration task to capture various business ontologies of integratedinformation resources with the understanding that ontology evolves continuously.


8/47



Business Impact:Tighter integration between business process changes and IT systemschange. Business units and users will be able to relay their concerns better regarding use ofinformation assets throughout the organization. Better assessment by business analysts on therisks and benefits that accrue in the business regarding maintenance and security of informationassets.

Benefit Rating:Moderate

Market Penetration:Less than 1% of target audience

Maturity:Embryonic

Information-Centric Infrastructure

Analysis By:David Newman

Definition:Information-centric infrastructure (ICI) is a technology framework that enablesinformation producers and information consumers to organize, share and exchange any content(structured and unstructured data, for example), anytime, anywhere. It is the technology buildingblock within an organization's enterprise information management (EIM) program. Since differentsystems use different formats and different standards to share and exchange different types of

information, the technologies that make up an ICI ensure that common processes applied tocommon content will produce similar results.

Position and Adoption Speed Justification:The vision for an ICI will be adopted byorganizations seeking to bring a greater balance to their integration activities to address cost andcomplexity issues associated with silo-based, application-centric development. One of thereasons organizations cannot respond as quickly as market conditions dictate is because much ofthe information has been isolated within applications each fulfilling its own unique (process-driven) requirements. As demands for access to information sources increase, organizations willuse an ICI as their technical foundation to facilitate the convergence of different types of contentrequired by industry "ecosystems" and trade exchanges. This will help resolve issues around info-glut, and will improve application integration capabilities during migration toward SOAs.

User Advice:Recognize that different project teams use different applications, formats and

standards to exchange information. Look for common ways to normalize and extract meaningfrom all types of content so that it can be exchanged across the organization. Use existing systemanalysis and designs as starting points to develop common models, which can then be shared bydifferent processing components and system entities. Use existing methods of content-centricprocessing to identify gaps that need to be filled to support ICI requirements. For instance,determine the usefulness of the Federal Enterprise Architecture Framework Data ReferenceModel (version 2.0) to your industry regardless of whether you are a commercial orgovernment organization. Exploit the use of emerging standards (such as XML), or data andmetadata interchange and create a common components library of metadata objects based oncorporate standards, thereby promoting wide-scale reuse.

Business Impact:An ICI brings balance to many application-driven environments because it"normalizes" the chaos caused by having different and diverse standards, formats and protocols.It extracts meaning and delivers context so that each content instance can be shared and

exchanged to support a variety of business process needs by identifying, abstracting andrationalizing commonalities across content; applying semantics for information exchange andinteroperability; and implementing metadata management for discovery, reuse and repurpose.Organizations failing to invest in building out an ICI by 2015 will experience a 30% increase inoverhead costs to manage their IT operations. An ICI will make far greater use of emerging


9/47


10/47



Recommended Reading:"Security as Engineering Discipline: The SSE-CMM's Objectives,Principles and Rate of Adoption"

SOA Testing

Analysis By:Thomas Murphy

Definition:SOA testing tools are designed to assess service-oriented applications. Tools verifyXML, perform load and stress testing of services, and promote the early, continuous testing ofservices as they are developed. These products have to deal with changing standards and shouldsupport the interfaces, formats, protocols and the variety of implementations available. Althoughsimilar to traditional functional and load testing tools, these products do not rely on a userinterface for definition and should deal with issues such as long-running and parallel processes.

As these tools mature, links should occur to leverage the produced data with service governancetools, such as security and registry management tools.

Position and Adoption Speed Justification:SOA testing tools are new in the market and tendto be from relatively new companies, with improving support from the historic testing leaders.Web services definition and standards are evolving, prompting tool manufacturers to catch up.

User Advice:If you have invested in building out Web services, then you should have a solid unit

testing approach. Investigate these tools primarily to ensure load capacity for your services, todiscover failure behaviors and to speed the development of new services. Testing for servicesshould make use of an existing foundation of tests written for the underlying implementation code.Tests should be factored to enable testing of specifically affected systems when changes aremade, rather than testing the entire system. This includes that ability to unit test individualelements, as well as specific orchestrations across services.

Business Impact:Web services must be stable and reliable for applications to be built on top ofthem. They need a solid testing focus or the services will become liabilities to application stability.Because services offer a way to transform the business, these testing tools will be critical to thestrategic success of businesses.


Market Penetration:One percent to 5% of target audienceMaturity:Emerging

Sample Vendors:HP; iTKO; IBM; Mindreef; Parasoft; Solstice Software; SOASTA

Collaborative Tools for the Software Development Life Cycle

Analysis By:James Duggan

Definition:SDLC collaborative tools enable communication and collaboration across cultural,geographical and professional boundaries throughout the application life cycle. The features,which were developed in stand-alone products (such as wikis and electronic-meeting systems),are now appearing in multiple development tool markets.

The addition of collaboration features can enhance the effectiveness and efficiency of all phasesof application development, including analysis, design, construction, testing and deployment,integration, maintenance and enhancement. These features enable customer-to-developerunderstanding, as well as knowledge capture and transfer. Collaboration features complementand enhance the structured coordination tools that make up most of the application life cyclemanagement suites for example, workflow, change management and project managementsolutions.


11/47



Position and Adoption Speed Justification:Application delivery globalization in whichapplications are built and maintained by teams working all over the world is growing. However,this growth increases the risk of miscommunication and distortion. As the globalization ofapplication delivery accelerates, it raises the priorities and expedience of technology vendors'efforts to address growing demand. Broad adoption will require collaboration features to supportmultiple sites, enable federated control and remote monitoring, and incorporate intellectualproperty and asset protection.

User Advice:Coordinate tool evaluation geographically to ensure full consideration of culturaland skill differences across groups. Pilot changes in the process to ensure that distance effectsare understood.

Business Impact:Gartner expects significant mitigation of the risks posed by the globalization ofapplication delivery. Because of collaborative and globally distributed efforts, cost savings willoccur, and revenue will be produced by the new applications.

Benefit Rating:High

Market Penetration:One percent to 5% of target audience

Maturity:Emerging

Sample Vendors:BMC Software; CollabNet; Digite; iRise; Sofea; VA Software

Enterprise Information Management

Analysis By:David Newman

Definition:EIM is an integrative discipline for structuring, describing and governing informationassets, regardless of organizational and technological boundaries, to improve operationalefficiency, promote transparency and enable business insight. EIM is operationalized as aprogram with a defined charter, budget and resource plan.

Position and Adoption Speed Justification:Many organizations have silos of information:inconsistent, inaccurate and conflicting sources with no "single version of the truth." Project-levelinformation management techniques have caused issues in data quality and accessibility. This

has led to higher costs, integration complexity, risk and unnecessary duplication of data andprocess.

Results from a Gartner study confirm that EIM is in the early-adopter stage. Findings suggest thatthe EIM trend will need frameworks, case studies and maturity models to help guideorganizations through the benefit realization curve. Certain business drivers, such as compliance,will accelerate adoption as organizations look to fulfill transparency and efficiency objectives fromupstream systems to downstream applications. Other triggers for adoption include the informationmanagement implications of new development models, such as SOA. SOA places greateremphasis on a disciplined approach to information management. Enterprises will use EIM tosupport the increased demands for governance and accountability of information assets throughformalized data quality and stewardship activities. Adoption toward EIM will also increase aspressure intensifies to consolidate related technologies within organizations for managing bothstructured and unstructured information assets. Organizations will look for a common frameworkor infrastructure to converge overlapping technologies and projects in master data management,business intelligence, metadata management, data integration, information access and contentmanagement. Organizations will adopt EIM in stages, looking first at foundational activities suchas metadata management, master data management, and data mart consolidation; data qualityactivities; and data stewardship role definition.


12/47


13/47



quality and standards compliance. Project-management-office-centric tools will also includeinformation from operational and application management tools to better understand the risks,benefits and costs of applications in production, enabling improved investment choices.

Position and Adoption Speed Justification:Acquisition and competition are pushing thesetools along rapidly. Eclipse is also shaping the market with the inclusion of several underlyingframeworks and metamodels that provide a foundation for integration and reporting. However,

expectations will lead implementation quality. Continued integration with process guidance andthe rest of the life cycle will drive maturity. Vendors will still need to expand product coverage toadequately support all phases of the testing life cycle. Operational tools will take an approachoriented toward determining whether the application passed the appropriate gates to bedeployed, and portfolio tools will blend this information with operational and help-desk data tohelp determine projects. Overall, improved reporting will help organizations that use reports tolocate areas of concern and measure improvements.

User Advice:Expect to require products from multiple software vendors for three to five years,as well as a lack of overall integration of quality metrics reporting. Seek tools with extensiblerepositories and that simplify the integration of additional data sources.

Business Impact:Metrics and a better understanding of software quality can lead to betterplanning and deployment of resources.

Benefit Rating:High


Maturity:Adolescent

Sample Vendors:6th Sense Analytics; Atlassian Software Systems; Borland; Compuware;Enerjy; IBM; JetBrains; Mercury; Microsoft; Polarion


Analysis By:Roy Schulte; Yefim Natis

Definition:Event-driven architecture (EDA) is a subset of the more general topic of event

processing. EDA is an architectural style in which some of the elements of the applicationexecute in response to the arrival of event objects. An element decides whether to act and how toact based on the incoming event objects. In EDA, the event objects are delivered in messagesthat do not specify any method name (such messages are called event notifications).The eventsource does not tell the event receiver what operation to perform. An event is something thathappens (or does not happen, but was expected or thought possible). Examples include a stocktrade, customer order, address change, and a shipment arriving or failing to arrive (underspecified conditions). An event may be documented in software by creating an event object(sometimes called plain "event," which then is a second meaning for the term). An event (object)represents or records a happening ("ordinary") event. Examples of event objects include amessage from a financial data feed (a stock tick), an XML document containing an order or adatabase row. In casual discussion, programmers often call the message that conveys an eventobject an "event."

Position and Adoption Speed Justification:Computer systems have used event processing inmany different ways for decades. Event processing is moving through the Hype Cycle nowbecause its concepts are being applied more broadly and on a higher level. Business events,such as purchase orders, address changes, payments, credit card transactions or Web "clicks"are being used as a focus in application design. This contrasts to past treatments of events wherebusiness applications addressed events more indirectly, and event modeling was considered to


14/47



be secondary to data modeling, object modeling and process modeling. Businesses have alwaysbeen real-time, event-driven systems, but now more aspects of their application systems are alsoreal-time systems. EDA concepts are also used on a technical level to make application serversand other software more-efficient and scalable. The spread of other types of SOA (conventional,request/reply SOA) is also helping to pave the way for EDA because some of the concepts,middleware tools and organizational strategies are the same.

User Advice:In an era of accelerating business processes, pervasive computing and explodingdata volumes, companies must master event processing if they are to thrive. Companies shoulduse event processing in two ways: to engineer more-flexible application software through the useof message-driven processing, and to gain better insight into current business conditions throughcomplex-event processing (CEP). Architects can use available methodologies and tools to buildgood EDA applications, but must consciously impose an explicit focus on events becausestandard methodologies and tools do not yet make events first-class citizens in the developmentprocess. Companies should implement EDA as part of their SOA strategy because many of thesame middleware tools and organizational techniques (such as using an SOA center ofexcellence [COE] for EDA and for other kinds of SOA) apply. Companies should not implementrequest/reply SOA now and wait for one or two years to implement EDA SOA because arequest/reply-only SOA strategy will not be able to support some business requirements well.

Business Impact:EDA is relevant in every industry. Large companies experience literally trillionsof ordinary business events every day, although only a minority of these are represented as eventobjects, and only a tiny minority of those event objects are fully exploited for their maximuminformation value. The number and size of event streams are growing as the cost of computingand networking continues to drop. Companies now generate data on events that were neverreported in the past. The CEP type of business EDA was first used in financial trading, energytrading, supply chain management, fraud detection, homeland security, telecommunications,customer contact centers, logistics and sensor networks, such as those based on radio frequencyidentification (RFID). Event processing is a key enabler in business activity monitoring (BAM),which makes business operations more visible to end users.



Maturity:Adolescent

Sample Vendors:Actimize; Agent Logic; Agentis Software; Aleri; Avaya; Axeda; BEA Systems;coral8; Cordys; Event Zero; Exegy; firstRain; IBM; jNetX; Kabira; Kx Systems; open cloud;Oracle; Progress Software/Apama; Red Hat (Mobicents); Rhysome; SAP; SeeWhy; StreamBaseSystems; Sun; Sybase; Syndera; Synthean; Systar SA; Tibco Software; Truviso; Vayusphere;Vhayu; Vitria Technology; WareLite


Analysis By:Michael Blechar; Jess Thompson

Definition:Metadata is an abstracted level of information about the characteristics of an artifact,such as its name, location, perceived importance, quality or value to the organization, and

relationship to other artifacts. Technologies called "metadata repositories" are used to document,manage and perform analysis (such as change impact analysis and gap analysis) on metadata inthe form of artifacts representing assets that the enterprise wants to manage. Repositories covera wide spectrum of metadata/artifacts, such as those related to business processes, components,data/information, frameworks, hardware, organizational structure, services and software in


15/47



support of focus areas like application development, data architecture, data warehousing andenterprise architecture (EA).

Position and Adoption Speed Justification:Most organizations that have tried to implement asingle enterprise metadata repository have failed to meet the expected return on investment.Community-based repositories supporting business process modeling and analysis, SOA anddata integration have shown benefits in improved quality and productivity through an improved

understanding of the artifacts, impact queries and the reuse of assets such as services andcomponents. For the near future, there will be no proved, viable solution that federates multiplemetadata repositories (or federates repositories with other technologies that contain metadata,like service registries holding runtime metadata artifacts) sufficiently to satisfy the needs oforganizations.

Mainstream IT organizations will find that the most pragmatic approach to metadata managementand reporting is to have multiple, community-based repositories, which have some degree offederation and synchronization. Although it is possible to create federated queries across multiplerepositories, many organizations still may want to consolidate and aggregate selected metadatainformation from disparate sources into a "metadata warehouse" for ease of reporting and for adhoc query purposes. Leading metadata repository vendors are well-positioned to meet this need,but competitors will emerge, including large, independent software vendors (ISVs), which will look

to provide these capabilities in their tool suites. Large vendors, such as IBM, Oracle and SAP, areadding repositories or are improving their repository support for design-time and runtimeplatforms to enhance metadata management support for their development and deploymentenvironment. As a result, Gartner expects to see a broader degree of acceptance by customers,along with a consolidation in this market during the next few years. We position metadatarepositories as being two to five years from plateau, because most Global 1000 companies havepurchased metadata repositories and are not yet aggressively seeking replacements, andbecause most new buyers are less-sophisticated IT organizations looking to large ISVs toimprove their federation capabilities before committing to the new tools. As a result, mostrepository purchases will be tactical in nature based on the needs of specific communities, suchas data warehousing and SOAs.

User Advice:Owing to the diversification and consolidation of metadata management solutions,the enterprise uber-repository market no longer exists. Consider the acquisition or extension of

using a metadata repository as part of moving to SOAs, or consider implementing BPM, dataarchitecture, data warehousing and EA initiatives. Most organizations will be best-served by livingwith metadata in multiple tools or by using different repositories based on communities of interest,with some limited bridging or synchronization to promote the reuse and leveraging of knowledgeand effort. Organizations that need to approximate the capabilities of an enterprise metadatarepository are still best-served by solutions from leading repository vendors.

Business Impact:Metadata repository technology can be applied to aspects of business,enterprise, information and technical architectures, including the portfolio management andcataloging of software services and components; business models; data-warehousing ETL rules;business intelligence transformations and queries; data architecture; electronic data interchange;and outsourcing engagements.

Benefit Rating:High


Maturity:Adolescent

Sample Vendors:Allen Systems Group; BEA Systems; LogicLibrary


16/47



Recommended Reading:"Are Federated Metadata Approaches to Business ServiceRepositories Valid?"

"Best Practices for Metadata Management"

"Metadata Management Technology Integration Cautions and Considerations"

"Metadata Repositories Address Disparate Sets of Needs""The Evolving Metadata Repository Market"

RIA Platforms

Analysis By:Ray Valdes

Definition:Rich Internet Application (RIA) platforms enable organizations and software vendorsto build applications that provide a richer, more-responsive user experience compared to older-generation, "plain browser" Web platforms. RIA platforms and technologies span a range ofapproaches that, from a runtime perspective, fall into three basic categories: browser-only,enhanced browser and an outside-the-browser.

The browser-only approach is known as Ajax, which leverages the capabilities that are already

built into every modern browser (for example, Firefox, Internet Explorer, Opera and Safari), suchas the JavaScript language engine and the Document Object Model support. The Ajax approachis supported by vendors, such as Backbase, Jackbe and Tibco, and by open-source toolkits, suchas Dojo and Kabuki. The enhanced-browser approach begins with a browser and extends it witha plug-in or other browser-specific machine-executable component (unlike the JavaScript-centric

Ajax approach, which is mostly browser-independent). Examples of this approach are AdobeFlash (further enhanced by Adobe Flex server-side technology), Google Gears, MicrosoftSilverlight and the Curl RIA platform from Curl.

The outside-the-browser approach means adding some large-footprint system software to theclient operating environment, such as the Java Virtual Machine (JVM) runtime, the Microsoft .NETlanguage environment or the Adobe Integrated Runtime (AIR) software stack. On top of this stackcan be additional layers that add capabilities for client-side data persistence, automaticprovisioning and versioning of platforms and applications, and migration of server-sidecomponent models. Examples of this approach include Adobe AIR, IBM Lotus Expeditor,Microsoft Windows Presentation Foundation and Sun JavaFX.

Position and Adoption Speed Justification:Major system vendors, such as IBM and Microsoft,have been talking about a "rich client" or "smart client" alternative to plain browser-based userinterfaces since the early part of this decade. The concept and road map was driven as much bya vendor's agenda for maintaining a system software footprint on a user's devices (desktop PCs,laptops and PDAs) that was more than a basic browser, which was perceived to be commoditytechnology. However, in 2005, the use of Ajax (a "basic browser" technology) appeared on thescene and enjoyed explosive growth, blind-siding vendors' road maps based on heavyweighttechnologies (for example, Microsoft WinForms with ClickOnce technology). In 2007, there havebeen high-profile new initiatives such as Adobe AIR, Microsoft Silverlight, IBM Lotus Expeditorand Sun JavaFX that indicate a renewed effort on the part of vendors to go beyond the basic

browser.

User Advice:To gain real value from RIA technology, invest in an enhanced developmentprocess based on empirically proven usability design principles and on continuous improvementbefore investing in any user interface technology.


17/47


18/47



The rise in the use of external providers for application development especially Indianoffshore providers has raised awareness of the need for improved processes andmethodologies.

More service providers are aggressively marketing application testing services.

These factors have converged to accelerate the hype associated with application testing services.

On the demand side, organizations have great expectations when they decide to externallysource testing services but often have not considered the implications of doing so, or the way inwhich they should structure the contract and relationship. IT decision makers generally do notengage the right number and level of developers in the planning process, and keep businessusers at the periphery. This leads to integration problems and conflicts among resources, mademore significant because an external source is assessing the quality of others' work products,which often includes the products of other external sources.

On the supply side, the opportunity to leverage low-cost labor by using offshore resources in off-hours (when compared to the client's work day) testing is especially appealing to pure-playoffshore providers. They have invested in expanding their testing services to offer them as stand-alone services to an existing client base. Niche providers also emerged in offshore locations astesting specialists. When demand reached critical mass, traditional providers started to see theopportunity and began to make investments to compete with the offshore providers. Thus, therehas been a rapid proliferation of providers that claim to have application testing expertise.

Providers will accept work, especially from an existing client, in virtually any way the client wantsto scope and pay for it. This opportunistic approach perpetuates an environment that lacksstandards for scope of work, service levels, price, contractual terms and other attributes that areconsistent with an immature and hyped service offering.

User Advice:If isolating testing functions makes sense as part of your sourcing strategy, thenensure that you have a well-defined scope, clear performance requirements, measurable successcriteria and engagement with all the application and user groups that will be integral to the testingprocess. As a discrete function, the organization must have the resources, methodology andpractices in place to provide output to the testing provider, and then receive input when thefunction is completed. Many organizations can operate in this type of environment, while manyothers prefer broader accountability, such as what exists at the application level.

When evaluating providers, ensure that you give proper weighting to the level of maturity,automation and process standardization that the provider has achieved in testing services whenoffered and delivered as stand-alone services. Consider providers with dedicated business unitsfor testing with consistent revenue growth for that business area. If the business unit is relativelynew, then require the provider to demonstrate its commitment to this market. Check referencescarefully and match your specific requirements to similar engagements.

View testing as part of the application development life cycle, even if it is externally sourced as adiscrete function. Ensure alignment between the application development methodology and thetesting methodology. Build knowledge transfer into the outsourcing action plan. The selectedprovider will need to learn your methodology, and you will need to learn its. Organizations thatwant to leverage a provider's intellectual property must pay special attention to knowledge

transfer and training during the transition process.Application testing services may be purchased in various ways, and organizations need to beclear about their objectives and the value proposition of each option. Staff augmentation is usedto address resource constraints. Organizations are responsible for directing the resources andensuring the outcomes. Discrete project work is typically used in two scenarios: for a specificapplication development effort that requires independent testing or as a consulting-led project to


19/47



evaluate the efficacy of changing the way application testing is performed. These consulting-ledprojects are often described as pilot programs and will often lead to long-term outsourcingcontracts. Finally, testing services purchased through an outsourcing contract signal theorganization's commitment to leverage the market's expertise and assign delivery responsibility toan external source.

Organizations considering various sourcing options are likely to find an aggressive sales

approach to broaden the scope of application services beyond the organization's intent. In manycases, a broader scope of work might provide benefits from leveraging the provider's processmaturity to build quality into the software as opposed to simply testing the quality of the software.

Although this is a worthwhile aspiration, organizations must ensure that they are prepared toinvest in broader quality programs before engaging in relationships of this nature.

Business Impact:The major business impacts of application testing services include:

Cost savings in the discrete application development life cycle and the longer-term

The ongoing cost of maintaining the application; decreased time to implement newapplications or functionality

Increased rigor and productivity by resources throughout the development process

Improved performance of applications once they're in production

Better and more-consistent quality control processes

Many organizations do not know how much they are spending on application testing and softwareQA, nor do they understand the true cost of inadequate testing processes. Furthermore, most donot have discretionary budgets to develop world-class testing services. The lack of testing andQA standards and consistency often leads to business disruption, which can be costly. However,most organizations do not use a process that links testing failures to business disruption on a costbasis. Application testing is a case where the use of an external provider can be effective butsometimes difficult to clearly demonstrate.

Benefit Rating:Moderate


Maturity:Emerging

Sample Vendors:AppLabs Technologies; Aztecsoft; Cognizant; EDS; Hexaware; IBM; Infogain;Infosys Technologies; Keane; Satyam Computer Services; Tata Consultancy Services; Thinksoft;Wipro Technologies

SOA Governance Technologies

Analysis By:Frank Kenney

Definition:The key to being successful with your SOA projects is to understand and control yourSOA artifacts. SOA artifacts can include services, SOA policies (that is, service-level

agreements), business processes and profiles of consumers and providers. The key tounderstanding and controlling these artifacts is SOA governance. Various technologies can helpyou control how your artifacts are being used, managed, secured and tested, as well as howvisible they are. These technologies include:

SOA policy management provides the technology to create, discover, reference and sometimesenforce policies related to SOA artifacts, such as access control, performance and service levels.


20/47



SOA registries and repositories help manage metadata related to SOA artifacts (for example,services, policies, processes and profiles) and have recently evolved to include the creation anddocumentation of the relationships (that is, configurations and dependencies) between variousmetadata and artifacts.

SOA QA and validation technologies validate the individual SOA artifacts, and determine therelationships to each other within the context of an SOA deployment. For example, these

technologies will test and validate a composite service that executes specific processes, whilehaving specific policies enforced on it.

Monitoring is present throughout the individual technical domains and enables companies tostudy an SOA and its environment and provide deeper, real-time business intelligence andanalytics applications. It also helps them checking that the various governance processes areactually followed. Business activity management (BAM; see "MarketScope for Business ActivityMonitoring Platforms, 3Q06") plays a key role in the evolution and agility of an SOA and is thefoundation for future complex event processing scenarios as the SOA life cycle (a cycle ofdeveloping, testing, deploying, monitoring, analyzing and refining).

Adapters, interfaces, application program interfaces and interoperability standards enable all thetechnical domains to communicate and share information, as well as enable the governance suiteto be integrated with existing infrastructure applications, such as business applications,

integration middleware or OSs for optimal policy definition and executions.

Position and Adoption Speed Justification:SOA governance technologies, specifically theservice registry, and SOA policy enforcement (service management and service security) havebeen hyped by vendors and end users; many end users are deploying these technologies withoutcredible SOA governance organizational processes and strategies. As a result, service registriesand policy enforcement tools are often underused today (only for cataloging and XML security).With more vendors entering into OEM agreements and partnerships with best-of-breed vendors,these technologies will reach the Peak of Inflated Expectations within 12 months. However,because most SOA deployments will likely fail without proper governance, companies willeventually move to better leverage SOA governance technologies to provide visibility,manageability, monitoring security and QA.

User Advice:Regardless of the overhyping of SOA governance, companies deploying SOAsneed to first develop a strategy and process for SOA governance that encompass technologiesand organizations. Deploying a service registry for reuse and developing some policies aroundthe development of services is a good start, but companies should plan on using that registry forSOA life cycle management and for visibility into various SOA artifacts.

Business Impact:Any company or division deploying an SOA will be impacted by SOAgovernance. Entities providing software as a service, integration as a service, business-to-business services or hosting applications should take advantage of SOA governancetechnologies to enhance their offerings, better manage their SOA artifacts and obtain competitivedifferentiation.

Benefit Rating:High


Maturity:Adolescent

Sample Vendors:Actional; AmberPoint; BEA; HP-Mercury; iTKO; IBM; Layer 7 Technologies;LogicLibrary; Oracle; Reactivity; Software AG/webMethods; SOA Software; Tibco Software;Vordel; WebLayers


21/47



Recommended Reading:"Criteria for Evaluating a Vendor's SOA Governance Strategy"

"No 'Leader' Exists in SOA Governance At Least Not Yet"


Analysis By:Partha Iyengar; Thomas Murphy; Allie Young

Definition:Globally sourced (offshore) testing involves the delivery and support of applicationstesting services such as functional, stress, regression and usability testing using a globaldelivery model (GDM).

Position and Adoption Speed Justification:Service vendors, primarily from among the leadingbroad-based offshore providers, are increasingly focusing on application functional, stress,regression and usability testing services using the GDM. These organizations offer a wide varietyof services, with a high degree of competence, emanating from the historical focus on processand quality that they have made a differentiating factor of the offshore model. The added benefitof cost-arbitrage-driven lower pricing to clients is also a compelling factor that has made this oneof the fastest-growing service lines in global sourcing.

The strong growth of this class of offerings has driven many of the large traditional service

providers, as well as some pure-play testing service providers, to increasingly focus and expandon this service line. Some organizations are also building COE-style testing factories to movetoward increased levels of automation support for testing, as well as to help bring about theparadigm of "building quality into the software," as opposed to "testing quality into the software."

The ability to effectively outsource testing services using an offshore labor model is challenged bypoorly written or understood specifications, as well as the problems that result from inexperiencewith the GDM. Challenges in communicating effectively during the development process arecommon for first-time users; however, the allure of offshore labor cost savings is driving interestin these services, and offshore testing services engagements have been highly successful.

Many engagements will fail to meet expectations until collaborative environments improve andexpectations become realistic. A higher degree of focus and emphasis also needs to be on"equalizing" the widely differing process capabilities and levels of the typical client enterprise and

its service providers. However, the path is well-trod by ISVs that provide models for successfuluse.

Longtime users of offshore vendors for development have found their offshore testing efforts tobe extremely successful, because they've figured out the requirements forprocess/communication issues. First-time users should start small typically with a pilot - andthen work toward larger-scale efforts. A growing number of firms also offer mixed models with on-site, "nearshore" and offshore options to create more-effective communication paths.

User Advice:Explore outsourced testing for applications in maintenance and to assist withperformance-testing upgrades to software packages. However, organizations must first havemodels and/or documents that enable test planning, or use outside expertise to create them. Theobvious opportunity is to effectively set the stage to leverage the service providers testingofferings by using their expertise to improve basic process levels in the internal testing

environment, models and artifacts of the enterprise. These models should be kept up-to-dateduring the project, with an effective communication and versioning process. They will provide aricher collaboration and communication medium with the service provider.

Business Impact:Offshore testing may reduce expenditures for testing and provide more-thorough testing practices if the appropriate documentation and version management processesare used. However, the long-term goal should be to move to a paradigm of building quality into


22/47



the software, as opposed to testing quality in, as well as to move toward automated testingprocess and environments.

Benefit Rating:High


Maturity:AdolescentSample Vendors:AppLabs Technologies; Cognizant Technology Solutions; IBM GlobalTechnology Services; Infogain; ReadyTestGo; Tata Consultancy Services; Wipro Technologies


Analysis By:David Norton; David Cearley; David McCoy

Definition:The term "Model Driven Architecture" is a registered trademark of the ObjectManagement Group (OMG). It describes OMG's proposed approach to separating business-levelfunctionality from the technical nuances of its implementation (see www.omg.org/mda). Thepremise behind OMG's Model Driven Architecture and the broader family of model-drivenapproaches (MDAs) is to enable business-level functionality to be modeled by standards, such asUnified Modeling Language (UML) in OMG's case; allow the models to exist independently of

platform-induced constraints and requirements; and then instantiate those models into specificruntime implementations, based on the target platform of choice.

"Model-driven," as in "model-driven software engineering," is a commonly (if sometimesgenerically) used prefix that denotes concepts in which an initial model creation period precedesand guides subsequent efforts, including model-driven application development, such as SODA;model-driven engineering; and model-driven processes, such as BPM. "Model-driven" hasbecome a "catchall" phrase for an entire genre of approaches.

Position and Adoption Speed Justification:Core supporting standards, such as UML(referenced by OMG's Model Driven Architecture) are well-established; however, comprehensiveMDAs as a whole are less mature than their constituent supporting standards in terms of vendorsupport and actual deployment in the application architecture, construction and deployment cycle.

An MDA represents a long-standing goal of software construction that has seen prior incarnationsand waves of Hype Cycle positioning (for example, computer-aided software engineeringtechnology). The goal remains the same: Create a model of the new system, and then enable themodel to become transformed into the final system as a separate and significantly simplified step.

As always, such grand visions take time to catch on, and they face significant hurdles along theway. A new wave of model-driven hype is emerging.

User Advice:Technical and enterprise architects should strongly consider the implications ofimplementing architectural solutions that are not MDA-compliant. However, all major vendors willprovide adherence, to at least some degree, in their tools, coupled with best-practice extensionsbeyond MDA standards. Organizations implementing SOAs should pay close attention to theMDA standards and consider acquiring tools that automate models and rules. These includearchitected rapid application development (ARAD) and architected model-driven (AMD)technologies and rule engines supporting code-generating and non-code-generating (late

binding) implementations.

AMD is primarily suited to complex projects that require a high degree of reuse of businessservices, where you can put significant time into business process analysis (BPA) and design. Atthe same time, no competent organization would want to do AMD-only development, because theadditional time and cost of the analysis and design steps would not bring adequate return on
http://www.omg.org/mdahttp://www.omg.org/mda


23/47



investment or agility for time- and/or budget-constrained application development projects. Theideal solution is to mix AMD, ARAD and rapid application development (RAD) methods and tools.

Business Impact:MDAs reinforce the focus on business first and technology second. Theconcepts focus attention on modeling the business: business rules, business roles, businessinteractions and so on. The instantiation of these business models in specific softwareapplications or components flows from the business model. By reinforcing the business-level

focus and coupling MDAs with SOA concepts, you end up with a system that is inherently moreflexible and adaptable. If OMG's Model Driven Architecture or the myriad related MDAs gainwidespread acceptance, then the impact on software architecture will be substantial. All verticaldomains would benefit from the paradigm.

Benefit Rating:High


Maturity:Emerging

Sample Vendors:BEA Systems; Borland; Compuware; IBM; Kabira; OMG; Pegasystems;Telelogic; Unisys

Scriptless TestingAnalysis By:Thomas Murphy

Definition:Scriptless-testing tools are second-generation testing tools that reduce the amount ofmanual scripting needed to create tests using data-driven approaches. The goal is to keep thetest project from becoming another development project, and to enable business user testing.These tools have a broad set of pre-defined objects that can interact with the application beingtested, including error handling and data management. As the tools mature, they'll continue toshift toward a more MDA.

Position and Adoption Speed Justification:Although these tools reduce the amount of code tobe written, they don't remove the need for skilled testers. Scriptless testing makes it easier forbusiness analysts to be involved in testing efforts, but the analysts must still be paired with qualityengineers to drive testing effectiveness. This is especially important with packaged applications.

The emergence and changing nature of SOA and the tools supporting it will extend the timeneeded for this market to mature, and additional areas (such as data management) will suppressthe expected results. Tools and users will reach the Slope of Enlightenment during the next twoyears and take another three to five years to reach the Plateau of Productivity.

The promise of being "script-free" has existed for several years; however, although improvementshave been made, it's unlikely that all scripts can be removed for all applications. Expect thegreatest benefits to come from domain-limited tools. Tools will also gain capabilities as model-oriented approaches appear, but these will require skills and model management to be effective.

User Advice:Evaluate tools that reduce the cost of testing. In addition, recognize that these toolsaren't meaningfully well-integrated with leading application life cycle management suites, whichreduces a team's ability to coordinate effectively. Although these tools will reduce the need for

scripting, well-designed tests still require skill and business users typically don't have the rightskills and mind-set for this.

Business Impact:Scripting-centric tools are labor-intensive not only for the initial creation, butalso for maintenance. Scriptless testing will reduce overall testing costs and enable bettercoverage, which should lead to improved defect detection earlier in the development cycle (thus


24/47



further reducing overall application costs). However, expectations should be managed.Organizations still need qualified testers, and tools continue to have limitations.

Benefit Rating:High


Maturity:Early mainstreamSample Vendors:Agitar Software; HP; Original Software; Worksoft

Architected, Model-Driven SODA

Analysis By:David Norton

Definition:AMD project approaches to SODA are appropriate for applications, services andcomponents that require robust analysis to understand business rules and requirements, and toautomate their design and delivery for maximum reuse and performance.

Model-driven can also be subdivided into a transformation approach where 100% codegeneration is the norm or the models are executable. The second approach is elaboration, withpattern and frameworks being used to partially generate implementation.

Position and Adoption Speed Justification:Business process automation, UMLmethodologies and best practices are still evolving. They must capture service-oriented businessmodels and rules at a sufficient level of detail for integrated tools to automate or facilitate theEnterprise JavaBeans (EJB) and C# components based on them. The more-widely used ARADtools are increasingly adding integrated UML and business process modeling capabilities, andbidirectional bridges to leading modeling tools evolving their technologies beyond ARAD into

AMD. Moreover, as users of traditional client/server integrated model-driven development toolsmigrate their application portfolios to new SOAs, they are expected to replace them with the next-generation of SODA AMD tools.

User Advice:Organizations that use traditional client/server integrated model-drivendevelopment tools should consider using a next-generation AMD tool in conjunction withdeveloping new or replacement SOA applications. Organizations that have no experience with

integrated model-driven technologies are advised to evolve to AMD approaches as they extendthe use of their ARAD tools into more model-driven SODA projects. Other organizations that havecommitted to top-down enterprise or business architecture modeling efforts should stronglyconsider adding an AMD tool to leverage their models through code or rule automation to improveproductivity, quality and compliance. Mature AMD organizations developing applications forlegacy third-generation language and fourth-generation language (4GL) need to assess migrationto new AMD tools carefully. The newer tools support a more-bidirectional model-code, elaborationapproach compared with the old 100% transformation method that some older tools use.

Warning: Model-driven development requires a level of sophistication beyond the capability ofmost developers. Therefore, be selective in the applications you choose to implement and withwhom you staff the effort. The time to improve AMD is more than two years. Consider this forlong-term but major improvement.

Business Impact:Design tools, coupled with code-rule generators, are used to ensurecompliance with business and technical models and architectures, while providing productivityand quality improvements. Coupled with service-oriented and component-based methodologyfocused on reuse, and an established base of reusable business and technical artifacts, factorproductivity gains of 10 times or more across the development life cycle are common but thisgenerally takes three or more years to achieve. Moreover, AMD approaches are appropriate only


25/47



for a subsection of the application portfolio, so they should be coupled with ARAD and other rapiddevelopment tools as part of an application development tool suite.

Benefit Rating:High


Maturity:EmergingSample Vendors:CA; Compuware; IBM; Mia-Software; Oracle; Telelogic; Wyde


Analysis By:Greta James

Definition:Enterprise architects need to bring together information on a variety of subjects,including business processes, organization structures, applications, data (structured andunstructured), technology of various kinds and interfaces. Architects need to understand andrepresent the relationships between this information and communicate it to their stakeholders. EAtools address this need by storing information in a repository and providing capabilities tostructure, analyze and present the information in a variety of ways.

An EA tool should also have a metamodel that supports the business, information and technologyviewpoints, as well as the solution architecture. The repository should support relationshipintegrity among and between objects in these viewpoints/architectures. It should also have theability to create or import models and artifacts and to extract repository information to supportstakeholder needs, including extracts in graphical, text and executable forms.

Position and Adoption Speed Justification:Most tools have come from a modeling or ametadata repository origin, with the modeling-heritage tools having better visualizationcapabilities, and the repository-heritage tools generally having better import/export andmanagement capabilities. As the market has matured, vendors have rounded out theircapabilities. Small, private companies, several of which are European, predominate in thismarket. While there were two mergers/acquisitions in 2005, more activity of this kind isanticipated. We expect large technology vendors such as IBM, Microsoft and Oracle to enter thismarket, most likely through acquisition. Although all vendors have sales offices in North Americaand Europe, only four companies ASG, IDS Scheer, Sybase and Telelogic have anextensive direct presence elsewhere. This is unlikely to change in the short term withoutadditional acquisition activity.

This market has gradually matured over the past year, with vendors continuing, by and large, toenjoy healthy license revenue growth. Vendors have also continued to add features to theirproducts, such as improving their ability to import information about packaged applications and toanalyze information in or derived from their repositories. Vendor support for developing Web sitesthat make their repository information available and understandable to a range of stakeholdershas increased in power and become more widespread.

User Advice:When choosing an EA tool, consider five broad functional capabilities: the ability toflexibly structure information in a repository in meaningful ways; the ability of the tool to exchangeinformation with other related tools, possibly supplemented by the ability to generate models andother artifacts within the tool; the ability to analyze the information in the repository; the ability tocommunicate information to address the needs of EA stakeholders; and the ability to administerand manage information in the repository.

As well as the tool functions, consider other factors such as the viability of the vendor; theavailability and capability of the vendor's sales and support organization; the vendor's experience


26/47



in your industry and any related tool capabilities, such as support for an industry-specificarchitecture framework; and the vendor's understanding of EA.

Business Impact:Business strategists, planners and analysts can derive considerable benefitfrom an EA tool, because it helps them to better understand the complex system of IT resourcesand its support of the business. Crucially, this visibility helps to better align IT with the businessstrategy, as well as providing other benefits, such as improved disaster recovery planning.

Benefit Rating:High


Maturity:Adolescent

Sample Vendors:ASG; Casewise; IDS Scheer; Mega International; Proforma; Sybase;Telelogic; Troux Technologies

Recommended Reading:"Telelogic's System Architect for Enterprise Architecture"

"Follow These Best Practices to Optimize Architecture Tool Benefits"

"Troux: Innovative Enterprise Architecture Tools"

"Cool Vendors in Enterprise Architecture, 2007"

Application Security Testing

Analysis By:Joseph Feiman; Neil MacDonald

Definition:Application security testing is the detection of applications' conditions that areindicative of exploitable vulnerabilities.

Position and Adoption Speed Justification:Two technology markets for application securitytesting have been evolving rapidly static application security testing (SAST) and dynamicapplication security testing (DAST). SAST is a source code and binary code testing technologymarket. Its technologies are applicable at the construction and testing phases of the applicationlife cycle. DAST is a dynamic, black-box application testing (the source code is unavailable to

DAST tools) technology market. DAST technologies are applicable at the testing and operationphases of the application life cycle.

The adoption of SAST and DAST application security testing is impeded, owing to a lack ofapplication security competence and resources in application development organizations. Thesolution to this problem is coming in the form of emerging security-as-a-service offerings fromtechnology and service providers, when providers test applications (often remotely) and provideapplication development organizations with vulnerability reports and security breach remedies.

The speed of adoption for application security testing is accelerating because of a pressing needto resolve the collision of two trends: the growing exposure of e-business applications on the Weband the relentless attacks on these applications. The plateau of technology productivity will bereached in two to five years.

User Advice:Enterprises must adopt application-testing technologies and processes, becausethe need is strategic. Yet, they should use a tactical approach to vendor selection, because of theimmaturity of this emerging market. Application development organizations should accept thatthey, not network security specialists, are responsible for the adoption of application securitydiscipline.


27/47



Business Impact:Enterprises adopting application security testing technologies and processeswill benefit from risk and cost reductions, because these technologies and processes provideearly detection and correction of vulnerabilities before applications move into production andbecome open to attack.

Benefit Rating:High


Maturity:Adolescent

Sample Vendors:Acunetix; Cenzic; Coverity; Fortify Software; Klocwork; Ounce Labs; SPIDynamics; Veracode; Watchfire

Recommended Reading:"MarketScope for Web Application Security Vulnerability Scanners,2006"

Market Definition and Vendor Selection Criteria for Source Code Security Testing Tools

Sliding Into the Trough

Project and Portfolio Management

Analysis By:Daniel Stang

Definition:Project and portfolio management (PPM) systems support the business process ofeffective allocation of capital to projects. They also track and monitor the use of time, people andmoney to deliver different types of "work." In IT organizations, work can include strategic andnonstrategic IT and non-IT projects, new and existing applications, and new and existing ITservices made up of software services and technology, application change or enhancementrequests, bug and error fixes, routine maintenance procedures, and help desk and trouble tickets.By tracking work demand and execution against the resources (time, people and money) used tocomplete the work, PPM systems provide visibility into work performance and allow for more-effective planning, decision making and management of strategic and operational work deliveredby IT departments.

Position and Adoption Speed Justification:PPM is first and foremost about changing workexecution behaviors. The most robust PPM systems are sophisticated enough to manage timereporting through top-down portfolio analysis, optimization and planning, and can manage varioustypes of work items from simple IT service requests to multiyear, formally defined projects andprograms. Organizations interested in these PPM systems, however, are not in a position tosupport all potential processes suggested by these systems, and, therefore, cannot realize all thebenefits without undergoing significant change management.

PPM systems have been available for years and have grown in maturity, but the intendedaudience is PPM process immature. The acquisition of PPM technology is steady, butimplementation times can be slowed considerably owing to PPM process immaturity and/or lackof management buy-in. Midmarket solutions are emerging in response to the resonance of thePPM value proposition with smaller IT organizations (fewer than 100 resources in the IT

organization), and alternative deployment models are appearing in the marketplace. In addition,PPM systems are tracking more than just projects, and we expect PPM systems to continueexpansion from the project portfolio level to support, track and monitor work from IT servicemanagement and application life cycle management portions of the IT function. It will be anothertwo or three years before end users and PPM systems reach the Slope of Enlightenment andanother two to three years before they reach the Plateau of Productivity.

8/10/2019 Hype CycHype Cycl

hype cychype cycle for application development 2007le for application development 2007

Documents