A Quick Peek at Cordys BPM

A month ago, I had a chance for a comprehensive demo of the Cordys BPMS via Webex, and I saw them briefly at the Gartner show last week. Their suite is of particular interest to me because the entire process life cycle of modelling, execution and monitoring is completely browser-based. I’ve been pushing browser-based process modelling/design for quite a while, since I think that this is the key to widespread collaboration in process modelling across all stakeholders of a process. I’ve reviewed a couple of browser-based process modellers — a full-featured version from Appian, and a front-end process mapping/sketch tool from Lombardi — and if it wasn’t already clear from what Appian has done, Cordys also proves that you can create a fully-functional process designer that runs in a browser and can have participants outside the corporate firewall. Like Appian, however, they currently only support Internet Explorer (and hence Windows), which will limit the collaboration capabilities at some point.

cordys-bpmn_402515333_o

Cordys’ claim is that their modeller is BPMN compliant and supports the entire set of BPMN elements including all of the complex constructs such as transactions and compensation rollback, although I saw a few non-standard visual notations. They also support both XPDL 2.0 and BPEL for import and export, but no word on BPDM. Given this dedication to standards, I find it surprising that they can integrate only with their own ESB and business rules engine, although you could call third-party products via web services. They also have their own content repository (although you can integrate with any repository that allows object access via URL) and their own BAM. In general, I find that when a smaller vendor tries to build everything in a BPM suite themselves, some of the components are going to be lacking; furthermore, many organizations already have corporate standards for some or all of these, and you’d better integrate with the major players or you won’t get in the door.

Like most BPMS’, much of the Cordys process design environment is too complex for the average business user/analyst, and probably would be used by someone on the IT side with input from the business people; a business analyst might draw some of the process models, but as soon as you start clicking on objects and pulling up SOAP syntax, they’re going to be out of there. Like most BPMS vendors, Cordys claims that the process design environment is “targetted towards business people”, but vendors have been doing this for years now, and the business people have yet to be convinced. To be fair, I was given the demo by the very enthusiastic product architect who knew that I’m technical, so he pulled out every bell and whistle for a ride; likely business users see a very different version of the demo.

There’s a lot of functionality here, although nothing that I haven’t seen in some form in other products. There’s support for human-facing tasks either via browser-based inbox and search functions, or by forwarding the tasks to any email system via SMTP (like Outlook). There also appear to be shared worklists, but I didn’t get a sense of how automated work allocation could be performed, something that’s required to support high-volume transaction processing environments. There’s also support for web services orchestration to handle the system integration side of the BPM equation.

One thing that I like is the visual process debugger: although you have to hack a bit of XML to kick things off, you can step through a process, calling web services and popping up user interfaces as you hit the corresponding steps, and stepping over or into subprocesses (very reminiscent of a code debugger, but in a visual form).

They do a good job of an object repository as well, which helps increase reusability of objects, and allows you to search for processes and artifacts (such as forms or web services) to see where they’re used. Any process that’s built can also be exposed as a web service: just add inputs and outputs at the start and end points and the WSDL is auto-generated, allowing the process to be called as a service from any other application or service.

Cordys mashup<geek>Another thing that I really liked is the AJAX-based framework and modelling layer for UI/forms design, which is an extension of Xforms. In addition to a nice graphical UI design environment, you can generate a working user interface directly from the WSDL of a web service — something that I’ve seen in other products such as webMethods, but I still think is cool — and run it immediately in the designer. In the demo that I saw, the architect found an external currency conversion web service, introspected it with the designer and generated a form representing the web service inputs and outputs that he popped directly onto the page, where he could then run it directly in debug mode, or rearrange and change the form objects. Any web service in the internal repository — including a process — can be dragged from the repository directly onto the page to auto-generate the UI. Linked data objects on a form communicate directly (when possible) without returning to the server in a true AJAX fashion, and you can easily create mashups such as the example that I saw with the external currency converter, a database table, and MSN Messenger. For the hardcore among us, you can also jump directly to the underlying scripting code.</geek>

Unfortunately, the AJAX framework is not available as a separate offering, only as part of the BPMS; I think that Cordys could easily spin this off as a pretty nice browser-based development environment, particularly for mashups.

Gartner Day 3: Microsoft session

I wanted to stop in on the Microsoft session, People-Ready Processes, in part because I’m a bit confused about what Microsoft is doing in this area, and in part because of the Business Process Alliance announcement from Monday. Microsoft sees themselves as a force for commoditizing (and in the subtext, dumbing down) technology so that it is accessible to a much wider audience, and this presentation was Burley Kawasaki’s take on how they’re doing that for BPM. He describes people-ready processes as a fusion of document-centric processes and system-centric processes, and I really with that he (and many other people in the industry) would stop equating human-centric with document-centric. Although human-facing BPM grew out of the workflow that started in document imaging systems, that was a long time ago, and there are many instances of human-facing BPM that don’t include documents — depending, of course, on how you define a document.

My previous view of Microsoft BizTalk was as a B2B message broker or an internal ESB. My view of SharePoint was as a collaboration and document management platform. I wanted to see how Microsoft was bringing together the technologies and concepts from both of these to create a seamless BPM solution.

Kawasaki showed a spectrum of BPM application types, from collaborative to transactional processes. Individual ad hoc processes (e.g., individual task lists), human semi-structured (e.g., vacation approval), system highly structured (e.g., expense reporting) and fixed process (e.g., supply chain). He then overlaid a split between a collaboration server and a process server, with some overlap in the middle of spectrum, and labelled these as SharePoint and BizTalk. My heart sank.

Okay, you can have a SharePoint collaboration or document kick off a BizTalk process, but that’s not the same as having a single end-to-end BPM solution. In the future, the Windows Workflow Foundation will be used as the underlying process infrastructure for both SharePoint and BizTalk, which might help to integrate them more closely.

He finished up with a light-speed overview of the Microsoft process platform roadmap, which includes Windows Workflow Foundation, the .Net framework, Office (including SharePoint) and BizTalk. He also made a big push for the benefits of a platform and partner ecosystem rather than a single vendor “close and proprietary” BPM stack. Not sure that I’m convinced.

Gartner Day 1: Lombardi customer session

Metastorm and Lombardi both did something that I really dislike: instead of running two 30-minute sessions after lunch, as the schedule would indicate, they ran a 1-hour session that spanned the two 30-minute spots. Since I had planned to see one session of each, I ended up feeling a bit unfulfilled by both.

Anyway, I attended the second half of the Lombardi session, Process-Driven: We’ve Only Just Begun, and heard Tim Barnes of Devon Canada (an oil & gas company) speak about how they were trying to improve communication between data, applications, processes, people and companies. For them, this is all about integration, and in fact started with an EAI team. They’ve brought in Lombardi TeamWorks, but are still figuring out how to tie that back to their ESB and their previous integration efforts. They’ve defined their best practices, but are still at the point of developing shared services.

They’ve done three smallish BPM projects so far, and he spoke about the HR onboarding process that they automated, with some degree of difficulty. One of the big problems was that the people on the project knew how to implement applications, but didn’t really get process, which required a complete team refresh — Janelle Hill spoke about exactly this issue this morning of having people on the team who are process-savvy.

Their next steps are to develop their BPM architecture and develop a formal life cycle around BPM initiatives, as well as enhance their existing BPM centre of excellence.

He was followed by Steve Schade of the Church of Jesus Christ of Latter-Day Saints (a.k.a. Mormons) discussing how they’ve applied BPM technology to their extensive geneaology project. They have a ton of family history records on microfiche, but if they were to image all of it (as they have done with some of it), there would be 19 PB (that’s 19,000 TB) of data, so they’re looking for alternatives in the process of putting this data online and searchable on their FamilySearch.org website. They had been doing some ad hoc scanning and indexing of records, but needed a scalable process where they could pinpoint inefficiences and get some control and visibility over the process.

In their first BPM implementation, they took a process that formerly took weeks to execute, and reduced the time to hours, while moving control of the project setup from IT to the business area. Through an obviously good selection of an initial project, plus good training and rollout plans, they had a big success on their hands. On their second project, they took on something that’s more complex, and which Schade thought might be a bit more than they could handle, but they’re still working away at it. They used Lombardi’s professional services and outside consultants on the first project to get them moving, and consider this essential to their success. They also see having business operations invovled in process modelling as key.

A Short History of BPM, Part 8

Continued from Part 7.

Part 8 (the last): The Current State of BPM. Every analyst, vendor and customer defines BPM differently, because the current definition of BPM is very broad, and there are many vendors jostling for position within it. EAI/ESB-type vendors call their products BPM, but the products may contain only rudimentary human-facing functionality. Workflow-type vendors, also labelling themselves as BPM, lack the necessary infrastructure for integration, and often handle automated steps poorly. Some pure integration products call themselves workflow, just to confuse things further. There’s a lot of complementary products, such as process analytics and simulation, and business rules engines: BPM vendors will either tell you that a particular capability must be part of the base BPM product (if their product has it), or should never be part of the base BPM product (if their product doesn’t have it). And now there’s the whole SOA wild card thrown into the mix.

BPM is definitely a case where the whole is greater than the sum of the parts. It’s not just workflow plus EAI plus B2Bi plus business rules, plus plus plus: it’s the near-seamless integration of all of these tools into a single suite that provides an organization with the ability to do things that they could never do before. That doesn’t mean that all the tools have to be from the same vendor, but it’s essential to deliver all of the BPM functionality in a single environment of closed-loop process improvement.

Smith and Fingar’s book Business Process Management, The Third Wave describes this “third wave” as providing the ability to create a single definition of a business process from which different views of that process can be rendered and new information systems can be built. This allows different people with different skills — business manager, business analyst, regular old user, programmer — to view and manipulate the same process in a representation suitable for them and derived from the same source. They make a great analogy with HTML, where a business user may use a high-level tool like FrontPage to view and edit HTML, whereas a developer may edit the HTML code directly, but they’re still working from the same source. Round-tripping between a business analyst’s modelling tool and a developer runtime environment is one way to do this, although it violates the “same source” in the purest sense, but we definitely have to get rid of the strictly one-way paths from business analysis to implementation that exist now in many organizations.

Furthermore, Smith and Fingar point out that in the world of BPM, the ability to change is far more prized than the ability to create in the first place, and that BPM has the potential to actually remove application development from the cycle — the “zero code” Holy Grail that gets a lot of press these days. They make an analogy with VisiCalc, which took customized data analysis out of the hands of the IT department and put it in the hands of the business users, thereby taking software development off the critical path for achieving results.

Getting back to the point of this post, what is the current state of BPM?

First of all, we have several companies from the pure-play BPM/BPM suites market: they provide excellent human-facing BPM and at least adequate integration capabilities, with some providing outstanding integration. At the Gartner BPM summit earlier this year, they listed three “major players” in this category who had revenues upwards of $100M — FileNet, Pegasystems and Global 360 — and five “up and comers” with revenues above $30M — Appian, Lombardi, Savvion, Metastorm and Ultimus — while ignoring anything smaller than that. All eight of these vendors hit into the right zones in the Gartner and Forrester charts, which means that they either have the necessary functionality or are partnered with someone to provide it.

Second, we have a couple of integration-focussed BPM vendors who have purchased pure-play BPM vendors to create the complete range of functionality. The two highest-profile examples are the TIBCO acquisition of Staffware in 2004, and the BEA acquisition of Fuego earlier this year. In both cases, there seems to be a reasonable fit, but my concern is that the human-facing BPM side is going to become weaker since the main focus of these companies is on integration.

Third, we have the large software companies that have developed (or acquired) a BPM product: IBM, Microsoft and Fujitsu all spring to mind. In many cases, such as IBM and Microsoft, their BPM products are primiarly integration-focussed without a lot of human-facing support, and likely started as a “would you like fries with that” sort of offering for customers who were already committed to their architecture. IBM’s MQ Series messaging is probably still the most commonly used piece of integration middleware in financial services, although I think that they call it (and everything else) “WebSphere” these days, and IBM rightly has it as a cornerstone of their BPM strategy. Fujitsu is the odd one out here, with what appears to be a fully-functional BPMS; unfortunately, they’ve been marketing it in stealth mode and most people are completely unaware of it: as I said in one of my posts about the Gartner BPM summit, “who knew that Fujitsu did BPM?”

We’ll continue to see most of the business functionality envelope being pushed by the vendors in the first category as they seek better ways to integrate business rules, analytics, performance management and other capabilities into BPM; in fact, the most innovation seems to be coming from the smaller vendors in this category because of the lack of baggage that I discussed in part 7.

Because of the current focus on process improvement in all organizations, I don’t think that there’s any great risk of any of the vendors that I’ve listed here going out of the BPM business any time soon. However, the integration vendors will acquire some of the smaller BPM suite vendors to round out their portfolios, and the large software companies will acquire some of everything, in a continuing Darwinian cycle.

Before you vendors start adding self-promoting comments to this post, keep in mind that this is not intended to be a comprehensive list or review of BPMS vendors, and I know that you’re all very special in your own way. 🙂

BPM Think Tank Day 2: Greg Meyer keynote

Greg Meyer from iJET gave a “practioner keynote” about process and risk management, and came out with the best quote of the conference so far: “I’d rather have someone tell me how to do something right, than something cool”. Having been at a lot of events recently where people were showing me cool things, but at a lot of customers who want to do things right (and equate “right” with “old and proven”), I find that the real challenge is keeping on the “right” path but remembering that “right” and “cool” are not mutually exclusive: how else do we bring innovation into the mainstream?

Meyer’s talk about risk assessment and human intelligence is fascinating, and anyone who uses the term “combinatorics” casually in his presentation has a place in my engineering heart. 🙂 As a non-American, however, I’m uncomfortably reminded that this is all about making US government intelligence better: iJET started out providing travel information/advisories to travel agencies, then 9/11 happened, the hits on their website increased by 60,000x since they could provide in-depth analysis of the impact of events, and they started providing information to multinational organizations and government agencies.

Putting my uneasiness about their customer base aside, they were dealing with the problem of being a small company that acquired a lot of large customers over a short period of time and had to grow quickly. They implemented an SOA, using an ESB to integrate data and services from many partners and implemented web services to allow partners and customers to access their services quickly and easily. They added a portal architecture to let them create new products and services in weeks or even days, rather than the months that it used to take. However, it didn’t help their bottom line because they had no better insight into how customers were using their products. Basically, they had their head stuck deep in the technology and weren’t considering it from the standpoint of how to improve the real business issues.

Meyer talked about then doing an implementation in the context of the enterprise that actually achieved the success that they were seeking, which appeared to be mostly adding BI (or more accurately, corporate performance management) to feed back metrics to the appropriate parts of the organization, and some better integration with other enterprise applications such as billing systems. The bottom line, not surprisingly, is that you have to consider the entire enterprise for a successful BPM/SOA/ESB implementation.

Gartner BPM summit day 1: Dale Vecchio

I attended Dale Vecchio’s session on “Using SOA from Legacy in BPMS”, which promised “ways to create web services out of existing systems and use them in BPM solutions”. An interesting tidbit: he claimed that the most common surprise during the application archaeology required for Y2K rework projects was that IT departments didn’t know what was connected to what, and that the requirement to understand legacy linguine still often leads to the decision to do nothing rather than have to understand and unravel the mess.

I also liked his definition of a business process:

A set of activities & tasks performed by resources (humans & machines)
Using a variety of information (structured & unstructured)
Interacting in various ways (predictable & unpredictable)
Guided by business policies and principles (business rules & decision criteria)

since it sums it up nicely for those who still think that an application is a business process. With that as a focus, he talked about the importance of multilevel modelling, where you model a business architectural view, a system architectural (by which I think that he meant application and data/information architectural) view and multiple technical views: not fundamentally different from what we do when using an enterprise architecture approach to BPM.

He went through a couple of different approaches for modernizing legacy systems in order to allow them to be consumed as services by BPM and other systems, lining up nicely with Janelle Hill’s earlier talk on leveraging existing IT assets in BPM. Nothing earth-shattering, but some good stuff on separating the presentation layer and replacing it with a services layer versus just wrapping the legacy app, and on different approaches to determining service granularity that still maintains the philosophy of a service as a business function.

SOA webinars this week

Two worthwhile SOA webinars from ebizQ in the past two days. Yesterday, it was Developing an SOA Ecosystem with Steve Craggs from the Integration Consortium. Craggs, who also runs a U.K.-based consulting company, Saint Consulting, spoke for a solid 40 minutes, starting with a quick but thorough definition of SOA, moving on to the concept and components of an SOA ecosystem as it should exist in your organization, and finishing up with some tips for success for building an ecosystem that can support 100’s of services. And, I loved two of his quotes near the end: “SOA is not just about technology — it’s a transformation of the business” and “SOA ecosystems ensure sustainable advantage”, very business-oriented views of SOA benefits that are often lost in the more-frequent technical discussions about SOA.

He talked about how SOA has changed from a focus purely on web services (the little blue bit in the diagram below) to a focus on all the other things that need to exist in order to make SOA successful:

My only argument with his taxonomy of the ecosystem is that he puts orchestration as part of the mediation services, and BPM floating somewhere out there as a consumer of the SOA ecosystem, almost as part of the application layer. However, I consider orchestration to be part of the larger definition of BPM, hence believe that BPM belongs as part of the SOA ecosystem itself and in fact includes most of the mediation services that he lists.

My favourite bit was where he referred to web services as “an answer looking for a problem”, and went on to list why just using web services over HTTP is problematic in building an SOA, and why it led to the development of the SOA ecosystem concept. He also gave some compelling reasons why the “best of breed” approach is still the best route in assembling your SOA ecosystem today, and the value of an enterprise service bus and the service registry. None of this is rocket science — in fact, his bit on the importance of correct granularity for services is really just an SOA twist on the age-old programmers’ dilemma of granularity — but it is a nicely packaged talk, delivered in a way that’s understandable to an SOA newbie. Definitely worth a listen.

Today, Frank Kenney from Gartner gave a short but impassioned talk on Policy-Driven SOA, followed by a fairly informative session from Sean Fitts, chief architect at Amberpoint, the webinar sponsor.

Under the heading “SOA does not come for free”, Kenney talked about everything that’s required to get SOA in place: infrastructure, methodology, services creation, testing, etc., but states that it’s worth the price — an argument that I seem to be making to customers over and over again.

He feels that you need to have a certain type of infrastructure that allows you to govern what’s going on in SOA. It’s a different view than Cragg’s SOA ecosystem shown above — kind of a slice across the lower half of Cragg’s diagram, or maybe a third dimension.

Kenney talks about services, processes and policies as assets that can be used for competitive differentiation, which really lines up with Cragg’s statement about ensuring sustainable advantage. What they’re both saying is that the old cowboy web services methods aren’t enough any more: if you really expect to reap the potential benefits of SOA, you need to start putting some discipline in place.

He finished up by stating that governance is a business issue, and that no one vendor can sell governance, but they can help you to achieve governance.

Replays are available at the links. I’d love to see these available as downloadable video for my iPod, by the way.

BEA snaps up Fuego

BEA bought Fuego today, which starts to bring home the predictions about consolidation in the BPM marketplace. Press release here on ebizQ or here on the BEA site, which includes the usual hyperbole from the CEO:

We are now the only company to offer a unified SOA-based platform to integrate business processes, applications, and legacy environments.

There might be a few of BEA and Fuego’s competitors that disagree with the “only” qualifier, although this marriage of ESB, BPM and other integration technologies does provide good coverage of the space, reminiscent of the Staffware acquisition by TIBCO a few years back. Fuego will form the foundation of BEA’s new AquaLogic Business Service Integration product line, and give BEA a much better story for talking to business executives, instead of just chatting with the IT guys like they’ve been doing in the past.

This is the second key acquisition for BEA in the past year, following their acquistion of Plumtree last summer. They’re definitely building out their integration capabilities, and doing so by including products that are fairly platform-agnostic for the widest appeal. The real test will be to see how tightly this stuff is integrated a year from now: it’s not enough to just slap a BEA label on Fuego software, there needs to be technical infrastructure reasons and goals for making an acquisition like this.

One interesting thing that I noticed from the press release and the conference call is the strong link made between BPM and SOA (something that I’ve been writing about for some time). On the conference call, Mark Carges from BEA refers to BPM as “the fastest growing segment of SOA”.

You can hear a replay of the 20-minute announcement conference call at mshow using the show number 292109.

Integration Trends 2006 webinar

Catching up on a few webinars that I missed live, I just reviewed the replay of ebizQ’s Integration Trends 2006. There’s a nice summary slide up front by David Kelly, an ebizQ analyst, where he talks about the current focus of most businesses (reducing costs, increasing flexibilty, becoming process-driven) and most IT departments (composite applications, modernizing legacy systems, moving to SOA and event-driven architecture). Certainly true for all of my customers.

The webinar was sponsored by PolarLake, makers of an ESB product, and it turns out that the CEO, Ronan Bradley, has a blog that includes some interesting stuff, such as his recent post that “exposes the myth” of run-time discovery of web services (he quotes and comments on a post on the same subject by Brenda Michelson). Alas, I’m unlikely to read his blog much since he chooses not to publish full feeds, and I find it too much of a hassle to click through to every blog on my list of daily reads.

Anyway, back in the webinar, Ronan Bradley made a huge point about how ESB is not EAI, but I’m not sure that the lines are that clearly drawn. David Kelly later asked how he made that distinction, and it seems to be based on attributes such as “distributed, standards-based, extensible” and providing “productivity and agility”, but I don’t think that the lines are that clearly drawn between ESB and EAI: it’s more of a spectrum of capabilities than the black-and-white picture that Ronan puts forward. He depicts EAI as having functionality without these attributes, “lightweight ESB” as having the attributes but little functionality, and (of course) PolarLake as having both the functionality and the attributes.

Of course, what vendor doesn’t find a graph to publish where they’re in the upper-right quadrant? Gartner probably just calls it all integration-focused BPM anyway.

Regardless of any distinction between EAI and ESB, he does make an interesting point about how orchestration isn’t so simple as it is often portrayed, but requires “mediation” around the orchestration that may be many times larger and more complex than the orchestration itself: things such as complex data manipulation and translation beyond simple XSLT transformation, interaction with existing infrastructure and applications, and complex and recursive data transformation, enrichment and management.