Little more than a year ago, service-oriented architecture was going to revolutionize federal information technology. It was going to lower costs, smash data stovepipes and make integration of new IT components breathtakingly easy. Vendors lined up to sell it.
Service-oriented architecture, which aims to create a plug and play software environment of loosely coupled IT functions -- as opposed to today's norm of tightly integrated, vertical stovepipes -- seemed perfect. And at the time, the FBI happened to be pondering the state of its technology as it prepared for Sentinel, its new digital information sharing modernization project.
"We were in a frenzy about it a year or so ago, when we were writing Sentinel requirements," recalls Jerome "Jack" Israel, the FBI's chief technology officer.
And service-oriented architecture remains promising. Sentinel should instigate an internal rollout of SOA within the FBI, bureau officials say.
But a SOA revolution has been postponed in favor of gradual change. "We've gone from maybe hyped-up about it to the cold realization that 'Hey, this SOA is a lot harder than industry is making it out to be,' " Israel says.
Standards aren't quite developed and vendors continue to incorporate proprietary elements into SOA products, he adds. So the bureau is taking a conservative, tiered approach. For now, the FBI will focus on reusing software while considering whether to buy an enterprise service bus, a way of implementing SOA through middleware.
Realizing SOA through middleware might be simpler, Israel says, than the alternative approach of breaking down interlocked processes into individual components, listing those components in a registry and having data hop from one component to the next.
But it's mostly in the enterprise service bus area where vendors have larded up their SOA products with proprietary standards, says Dennis Nadler, a former chief engineer at the Defense Information Systems Agency, which is at the forefront of SOA adoption. "On the edge, sure, it may look like an enterprise service bus . . . but behind the scenes, it's all proprietary," is too often the disappointing reality of vendors' products, he adds.
As for registry standards, Nadler argues the standard for listing SOA components (called UDDI, for universal description, discovery and integration) is stable, though he admits it lacks useful data such as metrics on component reliability. "SOA is not a silver bullet. It applies in certain types of situations, and sometimes it doesn't," he adds.
Ironically, the FBI happens to be on the cutting edge of SOA adoption -- not internally within the organization, but in a series of information sharing pilots with regional databases. Under its Regional Data Exchange (R-DEx) program, the FBI has created plug-ins to Justice Department databases for four regional law enforcement data sharing associations, with more to come. And they did it by building a SOA registry that incorporates off-the-shelf IT products.
To participate, the regional associations don't need to build their systems to a specific data standard; they just need a node capable of sending and receiving data in R-DEx format, called the Law Enforcement Exchange Specification.
And the bureau already has taken advantage of SOA's flexibility by pulling out and swapping around some of R-DEx's components, says project manager Margie Lonergan. "I won't kid you, it's not like you plug in a USB port and it recognizes it," she says. "There is some level of integration, but we've tried to minimize that."
For example, the FBI found that the rather expensive portal function wasn't being used, so they took it down. They've changed search function vendors, too. A SOA structure keeps vendors on their toes, Lonergan adds. The knowledge that they're easily replaced, "entices them to make sure they stay best of breed," she says.
And FBI officials certainly like to hold up R-DEx as an example of what the agency can do. Operational in areas around St. Louis, Seattle, San Diego, Jacksonville, Fla., and Atlanta, R-DEx could extend soon to Miami and Chicago. FBI officials also plan to add functions. But the lessons learned with R-DEx might not be completely applicable when it comes to implementing SOA within the bureau.
"R-DEx is not a huge, huge system," says Dean Hall, project management executive for the FBI's Office of IT Project Management. "Smaller systems are easier to do than large systems. . . . The larger you go, the more challenges you have."
Successful project management often requires hewing to the last generation of technology, rather than breaking new ground, Israel says. Currently, the FBI wants to go for basics such as component reuse based on enterprise application integration tools, he adds. The bureau has studied enterprise service buses and found they present problems for any agency working in a secure environment.
Those complications can be overcome, but that requires extra work that vendors tend to minimize, if they're aware about them at all. So rather than take a huge leap at once toward SOA, the bureau will incorporate a variety of approaches to see how they shake out, Israel says.
When SOA first caught on as a buzzword, it seemed like it would be easy, he adds. "But boy, it's not. There's a long way to go."