Previous column

Next column

Don't Rip and Replace, Integrate!

Mahesh H. Dodani, IBM Software Group, U.S.A.

space COLUMN

PDF Icon
PDF Version


Since the inception of OO approaches to developing applications, the focus has been on applying these techniques to build applications that replace older and more inflexible applications – essentially, the rip and replace approach. However, over the same time period, technology has accelerated the pace of change and enabled new ways of doing business. Companies are being forced to understand and prepare for these changes to gain the advantage over competitors and lead their industries. IBM has defined the next wave of change as the e-business on demand era ( An on demand business is an enterprise whose business processes—integrated end-to-end across the company and with key partners, suppliers, and customers—can respond with flexibility and speed to any customer demand, market opportunity, or external threat.

n the e-business On Demand era, companies will move beyond simply integrating their processes to actually being able to sense and respond to fluctuating market conditions and provide products and services to customers on their terms . . . on demand. Companies will be able to acquire business functions or IT infrastructure over the Internet as they need them and only pay for what they need. Companies can quickly increase or decrease their requirements as their markets change. IBM has developed products and services that meet the business and infrastructure requirements for enabling business on demand and can help customers begin building their on demand capabilities today.

In on demand e-business requires end-to-end integration. Companies must have an integrated infrastructure to enable agile business processes that initiate new value chains so companies can excel in new arenas. Enterprises need to connect all their business processes and leverage them as a whole, not as silos of stand alone applications. To achieve maximum business advantage, e-business should transform an enterprise by reducing costs, increasing productivity, fueling growth, and improving services. Customers and Partners expect an integrated demand-to-delivery environment, which enables them to present a single and consistent view of their business to users—no matter what part of the business process the user happens to interact with.

Figure 1

Figure 1: The Stages of e-business Adoption

Getting to e-business on demand is a natural progression that typically goes through these stages shown in Figure 1:

  • Access: Enable transactions against core business systems using simple Web publishing and point solutions.
  • Enterprise integration: Use the Web to integrate business processes across enterprises. Link internal and external systems, both across enterprises and beyond enterprise boundaries.
  • e-business on demand: Use the Web to adapt dynamically to customer and market requirements. Change business models. Combine people, technologies, and processes in new ways.

An on-demand business has these characteristics:

  • Responsive: Able to sense changes in the environment and to respond dynamically to unpredictable fluctuations in supply or demand, emerging customer, partner, supplier and employee needs, or unexpected moves by the competition.
  • Variable: Able to adapt cost structures and business processes flexibly, to reduce risk, and to drive business performance at higher levels of productivity, cost control, capital efficiency, and financial predictability.
  • Focused: Committed to concentrating on core competencies and differentiating tasks and assets; able to use tightly integrated strategic partners to manage tasks ranging from manufacturing, logistics, and fulfillment to human resources and financial operations.
  • Resilient: Prepared for changes and threats like computer viruses, earthquakes, or sudden spikes in demand.

The road to becoming an on-demand e-business requires integration at all levels. The rest of this paper describes the overall e-business integration stack, and shows how to address the complexity of e-business integration through the best practices of IBM patterns for e-business.


As shown in Figure 2, businesses that are highly responsive to the dynamic, unpredictable demands of customers, partners, suppliers, and employees require a range of integration technologies to fully address each aspect of enterprise integration. Technology has become tightly woven into the fabric of business systems, and so each level of integration can have an impact on the flexibility of the system, the cost of integrating new processes or technologies, and the overall stability and manageability of business systems.
Each of these integration levels is being guided by two distinct forces: business drivers and technology drivers.

Business-driven integration capabilities help integrate business processes, applications, information, and user roles. These capabilities enable companies to deliver a holistic view of their value-chain and business relationships. This, in turn, can change occasional customers into repeat purchasers, reluctant business partners into strategic allies, and employees into efficient, informed team members.

Technology-driven integration capabilities help integrate the underlying IT infrastructure that supports business processes, such as directory services, security policies, storage, and operating environment. These capabilities enable companies to reduce their total cost of ownership by using all the computing resources in an IT environment more efficiently. Companies can do more with existing assets without compromising the availability and security of the infrastructure.

Together, the following end-to-end integration capabilities are required to give companies a competitive edge:

  • Business Process Integration: Companies need rapid access to new ways of achieving business objectives, such as running and building the business and finding new applications to help manage the business. Moving from an environment of disconnected business processes to optimized and integrated processes requires modeling, automating, and combining manual, automated, and new processes—throughout an organization and across their value-chain with partners, customers, suppliers, and distributors.
  • User Role Integration: While the Web potentially gives customers, suppliers, partners, and employees anytime/anywhere access to information, transactions, and know-how, companies still need to provide a personalized, integrated, interactive view of their business. Key integration requirements include role-based, preference-based, and device-based transformation of business transactions and information.

Figure 2: The e-business Integration “Stack”

  • Application Integration: Most businesses have islands of applications—some homegrown, some legacy, and some packaged. They are isolated by incompatible data formats and communication protocols and do not speak a common language. To connect these islands and make their output available where and when it is needed requires information connectivity. In addition, businesses need build to integrate capabilities that enable them to rapidly create and deploy new applications for integration with existing applications inside and outside the enterprise.
  • Information Integration: Many organizations today have islands of information that limit their ability to view current, comprehensive data; share information across the value chain; and gain insight to drive strategic initiatives. Information comes in many forms, such as structured, unstructured, relational, and file. By integrating these islands through federated data access and content management, an organization can provide a holistic view of a business to customers, employees, and partners that can be efficiently searched or mined for trends.
  • Directory/Security Integration: Providing access to a heterogeneous, e-business infrastructure for customers, employees, partners, and suppliers introduces a number of security-related challenges related to the use of multiple security mechanisms, such as authentication and authorization. For example, it is common for a single person to be represented by multiple user identities in multiple registries or directories. These multiple security registries, such as SAP, Lotus® Notes®, AS/400, Kerberos, and Public Key Infrastructure, each have a unique method of User Identification, for example, JohnD, JDoe, or JD. Software vendors continually define new security registries, yet existing ones do not disappear. As organizations attempt to enable new customers or business partners to access existing systems, integration capabilities are needed to provide single sign-on, consistent security; minimal duplication of directory information; and common policy-driven administration across the heterogeneous hardware, middleware, and applications chosen for all of the diverse solutions in an IT environment.
  • Storage Integration: Just as most IT infrastructures have a diversity of applications, information, and operating environments, most use numerous and varied storage types. Ultimately, IT organizations want to lower total cost of ownership in these mixed environments through integrated monitoring and management of storage. Efficiency in managing storage and leveraging all storage capacity is a key requirement of enterprises today.
  • Operating Environment Integration: Today's e-business applications, which usually span multiple operating platforms and several network hops, require new end-to-end integration capabilities. For example, Service Level Agreements (SLAs) cannot be monitored or enforced without end-to-end workload management. Providing policy-driven management of a heterogeneous distributed server infrastructure and self-management of individual servers are key integration requirements., and these can further be customized to meet the unique requirements of the enterprise.


So let us do a quick dive into the user role integration. To support our discovery of the details, we will use the patterns for e-business that I introduced in my last paper ( In particular, the access integration patterns describe the best practices to support user role integration.
Access Integration patterns describe the services and components commonly required to provide users with consistent, seamless, secure, device-independent access to relevant applications and information. Access Integration patterns are useful when:

  • Users need access to multiple applications and information sources via a single sign-on and application-independent security context.
  • Applications need to be accessible via multiple device types, including fat clients, browsers, voice response units, mobile devices, and PDAs.
  • There is a requirement to provide a common look and feel to a collection of applications or to aggregate result sets from discrete applications in a business process.
  • The user wishes to customize the choice of applications and how they are presented.
  • The business wishes to target information and applications to a specific user or group.building, deploying and managing the solution.

Access Integration patterns observed in practice are composed of the following services:

  • Presentation: Presentation services are the foundation of a universal desktop for all the Web-based applications of an enterprise. These services provide a common look and feel and language transparency across multiple applications. Portals are rapidly emerging as a strategic Internet and intranet tool to provide users with a personalized, single point of access to Web applications and resources. A portal allows the company to control access to and presentation of applications while empowering users to choose presentation options that best fit their individual preferences. Another best practice for achieving a unified, manageable interface is to clearly separate the content from the presentation style at the content creation stage using technologies such as XML and XSL. Separation of presentation from a standard data set also helps to enable support for mobile devices, by allowing the data to be formatted according to the user's access device on the fly.
  • Personalization: The Personalization service enables users and the enterprise to shape the choice, style and format of applications. Personalization may be done at many levels (individual, group, role), and it relies heavily on other services, such as Presentation and Security. The key functions of the Personalization services include user identification, user profile retrieval and update, content selection that matches the user's preferences, and content assembly and delivery. In order to achieve these goals across multiple applications, the high-level personalization logic must be implemented separately from the applications it supports. Such externalization provides a common level of personalization support and enables easier integration with other applications in the future.
  • Security and Administration: The Security and Administration service enables users to access multiple applications and information sources via an integrated security model and a single set of security credentials. a key requirement is a single sign-on, so that a user logs on once to gain access to all the appropriate applications and data sources. Another key requirement is access management, which limits access based on a user profile and the content access policies of the enterprise. Because applications are made accessible to many different users or user groups, access management is typically role-based and hierarchical. For example, a person who assumes a new managerial role may need their access to a set of applications revised automatically according to the update in their profile. A best practice for achieving these requirements is to externalize authentication services from individual applications into a single common Security and Administration service node. This can be achieved by developing an enterprise-wide directory of users and their access permissions using technologies such as LDAP directories.
  • Pervasive Device Support: The Pervasive Device Support service enables users of a wide range of devices to access the same set of applications. Pervasive Device Support encompasses both the access device (browser, phone, PDA, GUI client) and the transport medium employed (HTTP, voice, WML, IM). From experience, a best practice for implementing Pervasive Device Support isto externalize the services from the applications. We externalize these services by instituting a device support node that accepts data from existing applications in some common format, such as XML, and transforms it into a format that is compatible with the user's device type through a process called transcoding . The transcoding server then sends the data to the user device using a device- and/or network-specific protocol. For example, when the client is a WAP-enabled phone, the program that accesses the back-end system typically assembles the data as an XML document. The transcoding server then transforms this document into a Wireless Markup Language (WML) document and sends it to the cell phone using the Wireless Application Protocol (WAP) for transmission across a GSM network.

The following are the commonly observed application patterns for Access Integration:

  • The Pervasive Device Access application pattern provides a structure for extending the reach of browser or fat client-based applications to pervasive devices such as PDAs and mobile phones. The application pattern leverages the Pervasive Device Support and Security and Administration services above. The Pervasive Device Access tier receives requests from pervasive devices and converts them into the appropriate requests that can be understood by existing applications and converts the response from these existing applications into formats that can be rendered by the pervasive device. The implementation of this Application pattern calls for a careful examination of the placement of the transcoding logic and its influence on the dialogue mapping. Transcoding logic placed within an enterprise's infrastructure (on its Web server) allows flexible or tight control over the mapping of a dialogue to the form and size of the access device, such as a mobile phone or a Palm Pilot. This placement assumes a tight linkage of the user community to the enterprise and some IT sophistication to run a wireless infrastructure.
  • The Single Sign-On application pattern provide a framework for seamless application access through unified authentication services. In this section, we will discuss two Application patterns for single sign-on, a basic pattern where the single-sign on functions are performed in the Web tier, and an extended pattern where the security context is extended to include the back-end systems. The application pattern leverages the Security and Administration service above. Having a single source for authentication services could create a single point of failure for dependent applications. Care must be taken to provide for high availability of this service. Typically, Single Sign-On works well to support authentication services only, leaving the supported applications to handle their own authorization as appropriate. Combination of these services is generally possible only with new applications that can make use of the common services from the start. Extending the security context to include the back-end systems enables non-repudiation of back-end system transactions. For solutions with strong privacy and/or audit requirements, this approach is needed. These solutions will almost always require a centralized user administration model. Examples include financial services transactions and access to health care clinical document systems.
  • The Personalized Delivery application pattern provides a framework for giving access to applications and information tailored to the interests and roles of a specific user or group. This pattern extends basic user management by collecting rich profile data that can be kept current up to the user’s current session. Data collected can be related to application, business, personal, interaction, or access device-specific preferences. The application pattern leverages the Personalization, Security and Administration services and Pervasive Device Support above. Successful implementation of the Personalized Delivery pattern requires a careful examination of business rules, business objectives, and applications’ ability to interact with the Personalization services. Without definition of clear, measurable success criteria for implementation and careful results tracking, costs can quickly spiral beyond the plan without recognizing tangible benefit.

For the Runtime patterns, we often realize the benefits of Access Integration patterns best when these services are combined. For example, the Personalization service and the Pervasive Device Support service require the use of the Presentation service to create the user interface. The Pervasive Device Support, Personalization, and Presentation services require the Security and Administration service to be effective. System designers can mix and match these services to facilitate consistent and seamless access to multiple applications. Figure 3 shows the combined runtime pattern for the Single Sign On and Personalized Delivery application patterns.

Figure 3: Applying the Access Integration Patterns

In summary, e-business integration is a very important phase in a companys’ evolution to become an on-demand e-business. The complexity of e-business integration can only be addressed by well defined architectures, patterns, technologies and products/tools.

About the author


space Mahesh Dodani is an e-business architect with IBM Software Group. His primary interests are in enabling individuals and organizations to tackle complex e-business industry solutions. He can be reached at

Cite this column as follows: Mahesh Dodani: "Don't Rip and Replace, Integrate!", in Journal of Object Technology, vol. 2, no. 3, May-June 2003, pp. 23-31.

Previous column

Next column