Subscribe: Arvind Jain's SOA BAM BI blog
Added By: Feedage Forager Feedage Grade A rated
Language: English
bpel  bpm  business  data  gross margin  oracle bpm  oracle  people  process  product  property  security  services  soa  time 
Rate this Feed
Rating: 3 starRating: 3 starRating: 3 starRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Arvind Jain's SOA BAM BI blog

All about leveraging Cloud, SaaS and Enterprise IT for business agility and productivity

My observations in IT, Business Services, Cloud, SaaS, Security, Product Management, Compliance and SOA.

Updated: 2017-11-17T04:29:43.385-08:00


Marketing Operations Team – Mantra


Marketing Operations Team Mantra , in one slide

I was recently invited to present on my best practices for running a Marketing Ops team.

During the conversations and presentation I realized that sooner or later everyone needs efficient operations to be viable.  Big or small, Pre IPO or a public company, you need to be able to measure how you are doing and then only you can improve upon it.

With all the modern tools available, there is a lot of confusion out there. So it was a long conversation but here is a quick take away summary of my presentation in one slide below.


What else would you look at ? Please comment.

Image credits:  Anthony Powell's article "Efficient Marketing Operations with Data Management"

US Bank executive team awards Cognizant Team on successful NBA Project Implementation.


I am glad to share some pictures from a recent San Francisco event where US Bank top executives recognized and awarded Cognizant NBA team for successful Production delivery of NBA on Adobe Marketing Cloud.

All those nights and weekend of labor is gone now but it also signals that new challenges and opportunities await for me and my team as it is mainly production and operations support from now on .....

Reality hits me hard, with aging parents and uncertainties of life. I learn about OPLL the hard way.


Rarely did I think that a time will come when I will be doing deep research into medical sciences and neurosurgery field. Let alone sharing my parent's medical issues.  But what i have learnt, I must share as this is a rare fourth degree medical condition that others can benefit from knowing , it god forbid, they ever face such a situation.This is something way outside my comfort zone of IT and Marketing technologies, but a recent mishap accident with my father has made me realize that there are far more difficult and significant things in life that I had yet to confront and I was not prepared to handle it alone. Medical science is truly the next frontier.Diwali the festival of lights had just gone by and we were all in a cheerful mood. My brother and his family were back home in India and the grand parents were having a good time with grand kids. My dad has just returned back to India after a pleasant three month stay with me here in USA.   Then came the scary Halloween trick for me. On a fateful day of Oct 30th 2016, just after Diwali in Bhilai, India my dad slipped and fell and the back of his neck hit the swing base. It was not a major accident by external measures, no external bleeding or wound, but it was severe enough to compress the nerves to a point were he could not move or stand up. He was lying on the floor, lifeless and could not move his both legs and one hand.He was fortunately able to make an audible alarm and was picked up , lifted and transported to hospital.  He was immediately admitted to Bhilai Sec-9 hospital in Chhattisgarh, India. There it was diagnosed that he already had a case of OPLL () and this fall and immobility are symptoms of  a final breakdown.OPLL is a calcification of the soft tissues that connect the spinal bones which results in a narrowing of the spinal canal and compression of the cervical spinal cord. See below pics. Left pic is BEFORE and right pic is AFTER Neurosurgery. You can clearly see the clear cervical canal in after surgery picture.                                       BEFORE                                                    AFTER           The cause of OPLL is unclear and I could not get a certain answer from anyone, but was told that people of Asian heritage especially Japanese have a higher likelihood of developing OPLL. Also more men seem to be affected than women.OPLL SymptomsMost patients with OPLL are asymptomatic with no symptoms at all, but others may experience mild pain and numbness in the arms and/or legs to complete numbness in the extremities. The symptoms are similar to those of cervical cord compression.Treatment of OPLLThis depends on the stage of OPLL and in my case , my dad is at stage 4 and that is the severest stage. Conservative treatment like activity modification and exercises may help relieve the pain caused by OPLL but I was told that open spine surgery is required. This is what we had to go through at a very short notice and with a high risk that comes with open spine surgeries. Little mistake / mishap and you can have your other nerves not working and you may have more problems than just hands and leg not moving.If pressure is not relieved on the spinal cord then future damage and loss of neurological function is very much possible. At Sector 1 Bhilai hospital, my brother was told that this may affect respiratory functions as well. So they advised immediate surgery and there is a major risk when you open up the spine.Since then in last 2 months we have gone through many things and are working on getting this thing taken care of. It is a big help that my brother is back home in India and can execute on many of the on site things.  Simple things like opening zipper or buttons that we take granted for in life sta[...]

Micro segmenting using Adobe Target leading to personalization


Using DMP and DSP tools like Adobe Target, Adobe Audience Manager, LiveRamp.. you can practically (not legally) deliver real-time personalization. What they really do is micro targeting / micro segmentation. But today it has reached that fine level of granularity where ads / messaging shown to end users have started looking creepy. We are being watched all the time.

Realtime micro targeting is possible, in the same way as it is with any other type of CRM data - data is pre-loaded into Adobe Audience manager (AAM) and as soon as AAM sees that particular user in realtime, it can show specific segment messaging based on their segment qualification. They key here is how finely you define your segments. The more micro targeting you do, the more personal the message will appear.

The thing that is not realtime is sending CRM data to AAM, but once the data is dropped to AAM it is available later for real-time use after some sync duration.

Thanks for reading


How can companies prevent cyber attacks like that of Dec 2013 Target credit card data theft ?


1//24/2014 By: Arvind JainBy now we all know that passionate hackers are very smart and they will always have a edge over whatever known systems we can create (Firewall, IPS etc). Even the best SIO (Security Intelligence Operations) team cannot possibly know of each and every malware in advance so a traditional approach of IPS or Malware detection based on signature is so stone age thing now.So what could have been done at Target? I am sure many experts are pondering over it but here is my simple thinking. A combination of proactive people, process and tools would have prevented it. We need people for behavior analysis or analytics.  BlackPOS creators and Hackers in general know what a Firewall can do. So they timed data transfer to normal business hours, merged it with FTP traffic and used internal dump servers in Targets own network. This is what I gathered from iSight comment in the WSJ article today."ISight, hired by the Secret Service and Department of Homeland Security to help with the investigation, said the bug had a "zero percent antivirus detection rate," meaning even updated security software couldn't tell it was harmful.  So a endpoint security system or antivirus software would also have been ineffective to detect the malware.This is where you need a joint effort on part of system, people, and process to detect anomalies.  Something like a Cyber Threat Defense solution (like the one offered by Cisco) is a good way to detect patterns and flag them.The hack involved several tools, a Trojan horse scanned the point-of-sale system's memory for card data which was stored unencrypted in memmory. Another logged when the stolen data was stashed inside Target's network. Yet another sent the stolen data to a computer outside the company. The coordination of those functions was complex and sophisticated, but could have been easily seen as an anomalous pattern.Like if there is traffic jammed up in freeway you know something is wrong ahead. For that matter if all traffic goes to a different side than normal for that route then also you know something is not right. To detect anomalous activity, you have to look at traffic timing, volume, direction etc. to detect activity. These are good indicator that something has happened and potentially it requires immediate attention from people and processes. You could then take the traffic flow (using a tool like NetFlow) and look for anomalous traffic patterns.  You would have encountered something that is never before seen and that would have triggered deep packet inspection of dump files.Typically Malwares siphoned data and stored it in local Intranet (to disguise it as internal traffic over a temporary NetBIOS share to an internal host inside the compromised network) and then attempt to send the data to the attacker over a legitimate call like via FTP or HTTP.  Compromised data was collected in .DLL files (in this case, track data, which includes all of the information within the magnetic strip) and is periodically relayed to an affected “dump” server over a temporary NetBIOS share drive.  In this particular case the DLLs weren't malicious (they just contained normal data so no system could have tracked it without insight from people or Target IT staff). Tools like Lancope StealthWatch help you detect such anomaly. The dump server was not a host that the POS systems were required to communicate with. So when POS systems attempt to communicate to one another or to a unidentified server a Host Lock Violation alarm is generated. Similarly once the data started to be sent to the dump server, it could have triggered a Relationship High Traffic or potentially a Relationship New Flows alarm.Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router coul[...]

What is behind these recent acquisitions by Palo Alto Networks and FireEye ? Domain Talent and Virtualization


Security is a red hot fascinating sector right now, acquisitions are happening left and right and I have stopped trying to do a financial valuation, there is something else happening. When money is cheap, I see these acquisitions happening as a race to get ahead with talent and new technology. But payoff will come for those who are first with economies of scale.The two outstanding reasons for these acquisitions in my opinion are Virtualization in Security and Talent with domain expertise. Many security startup are focusing on use of in-situ virtual sandboxes to investigate suspicious files to detect malware before letting them loose in the main network.Blue Coat Systems acquired Norman Shark, which had developed a sandboxing technology platform for malware analysis.  Palo Alto network acquired Morta Security  (CEO Raj Shah) a Silicon Valley-based security startup to bolster its cloud-based WildFire malware inspection technology. Aim was to get NSA talent as well as the virtualization technology. A week earlier FireEye acquired Mandiant which provides endpoint security software and is well known for its threat intelligence research and incident response services.So what next ….. I am waiting to see some big - Bigdata plus Security related acquisitions and they are coming sooner than you will expect …. Safe Surfing …[...]

A day in Kunming China


Kunming is a important location for transit passengers traveling via China Eastern.

I had a unplanned 24 hour stay and I am glad that I found a reasonable accommodation. 

So for those that are looking for simple, straightforward transit stay in Kunming,  Dhaka Hotel Ph# 135 2933 2392 is a good option if you are within a budget. They have WiFi, Airport Transfer and South Asian food options.

Complete Gross Margin improvement framework


Posted above is a time tested framework for significant gross margin improvement to your business unit's overall gross margin.

Simple but very powerful. If you can deploy these buckets wisely then GM savings can be anywhere in thousands or millions .. depending on your operations scale.


Pricing strategies for services


How can a services provider (Advanced Services, Technical Services or Professional Services) make sure it has priced its services just right?There are three ways to do pricing1)      Cost Plus2)      EVC (Economic Value to Customer) 3)      Competitive Marketplace Just going by Cost Plus, you leave money on table. EVC is theoretically best pricing but you cannot price case by case (so you set list price and give discounts to adjust for case by case basis). Competitive Marketplace is what most people do but then you are treating your services as commodity.I suggest that you follow a more methodical approach about pricing strategies for services.1)      Creating a pricing model, which takes into account your fixed costs and business strategy.  A baseline formula would let you know what price range is NOT feasible.  Say your prices will not be less than this amount so that you maintain your Gross Margin and survive in the industry. 2)      Break down your costs into buckets (Server, support, manpower, gas, commute, task time, delivery model and expertise) and then have a variable formulae based on weightage to what you have in plenty and what is scarce for you. 3)      Research your industry (business cycle, technology trend) 4)      Research your customers (segment the market, are you their strategic partner, long term potential). There is a constant pressure on services to invest in new practice areas, either because these investments would help meet business unit sales quotas or because the business units need more people/partners out there, evangelizing new sort of technologies. Evaluate those opportunities so as to keep your costs low.  [...]

Five pillars of Gross Margin Improvement


When growth comes to standstill or products start to become commodity …nothing else matters as much as maintaining your Gross Margin.

A company can have stagnant revenue but Wall Street will still reward it's shares if it show profitability growth and how do you do it? Look no further than Gross Margin.

Essentially the five pillars of Gross Margin improvement are:

  1. Financial Planning
  2. Operational Effectiveness
  3. Pricing Optimization
  4. Product Management
  5. Sales Effectiveness
Want to know more? I am working on a Gross Margin play book. Drop me a note and will be glad to share.

Operational effectiveness as a Gross Margin tool


Effective Operations can help your company move in the right direction w.r.t. Gross Margin.

The 8 top most things that come to my mind when we look at GM in high-tech industry from an operations perspective are (in no order of importance).

Operational Effectiveness
NMS - (Fixed + variable) Others
Portfolio Alignment
NMS - Freight Savings
Over Head
Transformation Savings
Supplier Savings
Product and Theater Mix
Royalty Management

We will drill down into each some other day in a white paper.

How is SaaS Product Management different from traditional Product Management?


As Enterprise Architects we are inclined to always question that how a particular technical architecture is going to benefit business strategy of my company. In the same thoughts I had a debate with my colleague that Product Management for a SaaS or Cloud based product is very different than a traditional approach to product management.

As SOA Architect I can see some of the challenges with reuse or creating global services. So here are some of the key differences between traditional product management vs SaaS product management, that I can think of. Please comment your thoughts or elaborate more.

In Saas product management you have to worry about all these additional things,

1) Data Management of customer data (Backup, recovery, export, migration)
2) Additional security around Access & Authorization
3) You earn your money every day and every moment, so it is not a traditional sell once and forget till the next new producty is available. If you fail customers may not and will not renew the subscription. So you have to develop SaaS with some stickiness feature like creating a website with lowest bounce rate and higher CTR (click through rate). so that there is highest probability of customers renewing.
4) Special considerations for On Demand / Multi Tenacy of the product / solution.
5) Much higer emphasis on Disaster Recovery, Peak Load and High Availablity.
6) One size does not fit all, so how would you provide innovation in cloud? How to empower customers in cloud so that they can maintain their cuttting edge by intelligent customizations.

I am thinking there will be additional issues like Multi Tenant Pricing that will be of concern (based on usage pattern, product differentiation etc.) so please comment your thoughts or elaborate more if you can.

MIT South Asian Alumni Association - MBA Panel Discussion


MIT South Asian Alumni Association had invited me to a panel discussion at the Stanford University campus to share my MBA experience and guide future business school applicants. It was a good debate and most importantly I belive the assosciation is doing a great service to public. More details can be found here

Some very interesting Web 2.0 Links that can help in Smart Marketing & positioning


This page contains links to some very interesting websites that I use as part of my Product Marketing SEO tasks, they help you gain strategic edge using IT (information technology). Anyone interested in Search Engine Marketing (SEM) must pay attention to these tools:LINKSGoogle Trends - find temporal trends in search word usage on the internet Google Insights for Search - estimate relative importance of search terms with trends by geographical regions Google Analytics - web analytics solution that gives insight into your website traffic and marketing effectiveness Quantcast - monitor website traffic and effectiveness of marketing communications to customers. This give Demographics info of Visitors. You can also use Microsoft AdCenterLabs to analyze demographics. Hitwise - ISP data, can be used to analyze how people get to, spend time in and depart from websites, large sample size Alexa - web traffic metrics based on voluntary anonymous tracking of people who have signed up for free, large sample size  Comscore - web traffic metrics based on voluntary tracking of people who have signed up for a fee, gives much more detailed information but sample size is small CrazyEgg - Click density analysis, find out where people are clicking on your webpage (is your design driving people to the right place?)  When you use Google AdWords be sure to use Ad Preview Tool at[...]

Landmark achievement for my team - Cisco announced as overall winner for SOA implementation award by CIO magazine and SOA Consortium.


Landmark achievement for my team - Cisco announced as overall winner for SOA implementation award by CIO magazine and SOA Consortium.

Cisco SOA Team Wins SOA Consortium / CIO Magazine Award

Cisco has been selected as the overall winner of the 2009 CIO Magazine “SOA Case Study Competition“ organized by the SOA Consortium. Please see detailed news article here.

Cisco was recognized by industry experts for its SOA initiatives, platform and implementation successes.
The SOA Case Study Competition highlights business success stories and lessons learned to provide proof points and insights for other organizations considering or pursuing SOA adoption. The contest was open to organizations of all sizes, including government agencies that have successfully delivered business or mission value using an SOA approach.
CIO Magazine, launched in 1987, produces award-winning content and community resources for information technology executives. The SOA Consortium is a group of renowned industry experts and practitioners, who through the years honor companies for outstanding achievement with this award.

If you are interested in the case study then please contact me offline at

How to configure Standalone Fuego BEA Aqualogic Oracle BPM Studio to work with Secure Web Services?


While evaluating BEA BPM Studio I had to struggle a bit with how to configure Standalone Fuego BEA Aqualogic Oracle BPM Studio .... I am trying to give credit to all companies here :) to work with Secure Web Services? Now I have secured web services orchestrated and also using encryption in my BPM Processes. Here is the meat of the matter ... In order to communicate with secured webservices using SSL encryption (those with WSDL end point starting as https:// ) you need to have certificates from those servers installed in your keystore. For BPM Standalone these are the steps. And before you begin set JAVA_HOME to C:\OraBPMStudioHome\eclipse\jre if you have not done so already. 1. Download the .cer file from server. (One way is you can use IE browser to get that file and export it from browser to a local directory) 2. Put this file in %JAVA_HOME%\jre\lib\security. You can put it anywhere you want.3. Run the following command at a command prompt:C:\Program Files\Java\jre1.6.0_02\bin>keytool -import -trustcacerts -alias -keystore ..\lib\security\cacerts -file ..\lib\security\gd_.cer4. You will be prompted for a password. If you have not changed the password, it will be "changeit".5. You will then get the following message if all is successful - "Certificate was added to keystore".6. Restart Tomcat (inbuilt server in BPM Studio). This should solve your problem. Pls note that if you have not configured your keyStore then first do so. you will find this document handy to do so. Quick tip: To see a list of keys in keystore%JAVA_HOME%\bin\keytool -list -keystore ..\lib\security\cacerts Arvind[...]

Switched from Oracle BEA BPM Enterprise Version (on Weblogic) to the Standalone Version for Evaluation Purposes.


Last week was a very short week during which I tried to install an Enterprise BEA BPM on Weblogic. There were a lot of configurations needed for Enterprise WebLogic Edition (Directory Server, Database, Deployment within the WebLogic JVM etc). I have listed the steps below. It was taking too much time and was not very straightforward. I had to ensure that I have installed and configured the BEA WebLogic application server properly even before I could debug & play with the BPM engine.At end of last Tuesday I made a call to switch to Enterprise Standalone but the efforts put in were good learning and useful for Standalone Installation as well. So for the purpose of proceeding with evaluation going forward I have shifted to Enterprise Standalone Version as my focus is BPM. Some learnings or observations .... On the Oracle website they refer to downloading Oracle BPM Enterprise Administration Guide.pdf but in real scenario there was no such file name. I realized that it was same as Oracle BPM Admin Guide.pdf and the same goes for configuration guide as well. So will not get confused in future :) Ok so with the ultimate aim being to Deploying and Publishing a New BPM Project I had to go through a series of steps. (For standalone I needed a much smaller set but the practice and drill was worthwhile learning in terms of infrastructure and operationalization of product.The whole list of steps: Creating Directory Service ( need to configure Directory Database Schema)Creating a Process Execution Engine ( need to configure a separate Execution Engine Database Schema)Configuring Weblogic ServerCreating Weblogic Server DomainCreate Oracle BPM Deploy UserInstalling Oracle BPM Deployer Creating JDBC Data Sources on BEA Weblogic ServerCreating JMS Server, Module & ResourcesConfiguring the Deployer and Deployment TargetsEnabling ClusteringBuilding and Deploying Application EAR FilesDeploying and Publishing a New BPM ProjectAs of now I have Standalone Enterprise BEA BPM configured with Directory (Oracle 10g DB). Engine DB configuration has some issues due to privileges. Make sure you have a friendly DBA to help out. I am trying to come up with a set of use cases to test out different features. More next week as I try to put together a list of features .. dully prioritized that I will like to test out. If you have a challenge for me ...Bring it ON :)[...]

Currently evaluating Oracle BPM 10gR3


For the next one month I want to be critically evaluating Oracle BPM 10gR3.    Yes this is the new face and name of  BEA Aqualogic BPM 6.5 , now with Oraclelization it is called as Oracle BPM 10gR3. Too early to make a comment.   My aim is to see how well Oracle has leveraged and integrated the BEA Aqua logic BPM products with its other products to offer a complete suite.   Getting started was easy .... Installed Oracle BPM Studio  from the link below. To get started Please visit: Here you will find download link – for initially getting your feet wet purposes, download of studio should suffice. Also, there is a tutorial and link to docs.   Installation was smooth, took around 60 Minutes. I referred to this site for the product documentation   One glitch .... It took me 20 minutes to figure out why the "Launch Workspace" icon was disabled. Figured out that after designing the process I had unfortunately clicked on either "outline" or the "Log Pane" that exist below and clicking on those panes dynamical change the Menu and disable certain icons.   More later   Arvind[...]

Finished Half Marathon of my pursuit of MBA



I have been quite busy last few months with double MBAs. One one side
was the collaboartion, group study, projects, assignments and homeworks
for CMU MBA. The other side was my younger one growing up. That was
another MBA (Managing Baby Administration)

Things are finally getting easier as I am approaching the final year of
my MBA. This was a perfect time for me to learn about "Marketing
Management", "Financial Accounting", "Production & Operations
Management" , "Macroeconomics", "Corporate Finance" & "Marketing
Research". With the current ecomonic situation I feel that every day I
use my Business & Financial learnings to analyze situations.

Here is a recent picture from one of the CMU social networking events.


Carnegie Mellon Tepper School of Business - Part Time MBA Program


Quite many people have contacted me about the Carnegie Mellon part time MBA Program since I started the same in 2007. After having been through the experience for a year now, I can see direct applications of many of the Business School teachings to SOA world.
After all ... SOA & BPM is mostly about Business & IT alignment within an organization and in its partner eco system. So I though that it will be a good idea to write a summary about the CMU MBA program here in this blog.

Program Overview: I have been fortunate that the CMU MBA program is offered at Cisco Campus apart from their West Coast campus ( CMU West - ) in the Moffet Field (you can see signs on 101 north near Moffet Field exit). This is very handy at times when I need to hop out of meetings and join the class within minutes of getting out of office. It is first time at Cisco but the program itself was started in 1996.
It is delivered to corporate campuses in real-time via video-conferencing technologies and CISCO is leading the way with its TelePresence technology which is as real life as it can get. Others in the MBA class are from companies like Lockheed Martin, Goldman Sachs, United Technologies, Oracle, Intel, Applied Materials, Pitney Browns etc.

Tepper MBA program is highly known in Financial & Operations Research area due to its stress on analytical approach to problem solving and decision making in complex and dynamic business environments. CMU Tepper is ranked 3rd in Wall Street Journal Rankings.

Part Time program has same admission/graduation criteria as it exists for Full/Part-time students in CMU Pittsburg Campus. More info at:

If you need more information please feel free to get in touch.


Disclaimer: Opinions expressed are my own and CISCO does not sponsor or endorse this program.

SOA on SOA !! - Bring the discipline of SOA to service development and creation in your organization.


SOA on SOA!!

It was difficult to put the most appropriate words to my thoughts but what I am trying to bring out is that SOA implementation should not burden the service providers and consumers to go through the burden of learning all the latest standards, tools & technologies.

They should just worry about their business logic and there should be a framework which transparently takes care of making that business logic a service as in SOA world while adhering to their company's enterprise policies, processes and standards.

How to enable this? Enterprise architects should closely watch two upcoming standards - SCA & JBI.

JBI is JSR 208 and called as Java Business Integration. SCA is Service component architecture.

JBI is used by system integrators during physical deployment (customers and end users do not see this). It helps in management & interoperability of your SOA infrastructure.

SCA has a design and composition perspective. It is used by developers to annotate or put notes in their code to describe service and their dependencies.

The aim is to create a virtual container for hosting services. This way services can be plugged into ESB or into an existing Policy Manager. It will be independent of language and will help as a framework for exposing business logic as service.

The other significant benefits I see are
- Consistent deployment & management
- Location Transperancy (Virtualization)
- Policy Enforcement
- Consistent Security Model
- SOA does not means every developer needs to know about WSDL or WS-* or other standards. They need to know the core business logic.
- It might possibly help in transaction coordination.

So let us try to use our own methodology SOA to help in implementation & adoption of SOA.


How to take Build vs Buy decision in case of Software Products?


In the world of software development once in a while everyone reaches that crossroad where he needs to decide - Should we build that software or buy it? Build vs Buy !! Deal or No Deal !!

Here are suggestions that will help you. When making a Buy vs Build decision do the following:
  • Consider only the costs that are affected by your decision (example you may or may not decide to buy additionaly 24X7 support)
  • Include all Opportunity Costs (are you going to miss on some other core oppurtunity / project in your own industry)
  • Ignore Sunk Costs, these are costs that have already been incurred (example can be hardware cost as either version of bought or in house build software will require similar hardware)Calculate total costs of each option. Total cost = fixed (avoidable) costs + variable (avoidable) costs
  • Considering "Soft" or "Intangible" cost/benefits, for example future use of product or learning, team reputation or burden (in terms or learning or development), derivative products.

Other Important Hints/Viewpoints
  • A very important consideration is to look at the Marginal cost i.e. the cost for deploying an additional host (cpu) with the same software.
  • For coming up with oppurtunity cost - look at the nature of technology/product and its maturity level - analysis in the Short Run and in the Long Run
  • Look at the service/product provider and its industry - will you be price taker or price chooser? How much can you negotiate? What are hidden benefits/costs of partnership?
  • Evaluate options using the net present value (NPV) & internal rate of return (IRR) approach
  • A little known fact is about the Basic Accounting ... Is it favourable for company's accounting? - This is very important as software bought is a depreciable asset for organization while software built will be treated as an ongoing expense without any balance sheet asset created out of it.
Hope you have some food for thought and solid points to make your case in your next board/council meeting.

Does the best technology & architecture guarantee a successful SOA or BPM?


Have you ever wondered that given best technology & architecture ...Are you guarantee a successful SOA or BPM project?

Answer is a simple and a big NO.
There is much more to a successful SOA or BPM implementation & adoption then just choosing the right tools and technology and architecting the finest blueprints. The best and brightest team of IT architects and engineers definitely help to do the toughest of design & implementation projects .... but that is just half the task.
Embracing SOA or BPM or for that matter any new initiative like WEB 2.0 and Collaboration is a major change for the organization. By nature changes are difficult as people see change with a grain of salt and skepticism.

Hence the Architecture Community has an additional and significant responsibility to be the "Change Agents" in the organization. They need to understand basic human nature & group behavior in order to be successful in their SOA or BPM initiative. They need to understand that shift in attitude seldom comes at once. The rate at which different groups, divisions or individuals will adopt these changes will vary by individual, or the type of change or the organizational context.

They need to identify these stages of change and simultaneously work on those while doing their core IT or Business job.
Understand that it is not sufficient for just you to have adopted this change. You have to guide and lead the larger community through the various stages of change, namely
1) Awareness
2) Interest (people develop curiosity)
3) Trail (skepticism is overcome)
4) Adoption
I will further share my experience about managing change during these various stages in some later blog or if there is an interest in the community.


Top 10 areas to address before taking Oracle BPEL Process Manager 10.1.3 to a Production Implementation


Here is a summary of the article I am writing on How to adopt BPEL PM in a Production Environment. This is based on 10.1.3 release of BPEL PM. If you need specific details then please drop me a line.Top 10 areas to address before taking Oracle BPEL Process Manager 10.1.3 to a Production Implementation Arvind Jain5th July 20071) Version Management (Design Time)When we are choosing a Source Safe System or Version Control system for Business Processes the consideration are quite different than choosing a Source Safe System or Version Control system for Java, C++ code components. The average user / designer of Business processes is not CODE savvy, they cannot be expected to manually merge code (*.bpel files or *.wsdl files for example). BPEL PM lacks in Design time version management of Business Processes using the jDeveloper IDE. What is needed is a Process Based Development and Merge environment. We need Visibility into Process Repository. So the requirements are different from that of a Component based repository. Consider using a good BPMN / BPA tool.2) Version Governance (Run Time)While BPEL PM can maintain version number for deployed BPEL processes, it is still left to an administrator or a Business Analyst to decide which process version will be active at a given point in time and what will be the naming, versioning standard. Since every deployed BPEL Process is a service, so it becomes critical to apply SOA governance methodology to control various deployed and running BPEL Processes.3) SOAP over JMS (over SSL)Most of the big corporation and multinationals have policies which restrict use of HTTP traffic from outside world to inside intranet. Moreover they have policies which require the use of a Messaging Layer or an ESB as a Service Intermediatory for persistence, logging, security and compliance reasons. BPEL PM support for bi directional SSL enabled JMS communication is not out of box. It needs to be tried and tested out within your organization and workarounds needs to be implemented.4) Authentication & Authorization - Integration with LDAP / Active DirectorySOA governance requires authentication and authorization for service access based on a corporate repository and roles defined within them. This is also critical for BPEL Human Workflow (HWF). Make sure to do a small Pilot / POC for integration with your corporate identity repository before taking BPEL PM to production. 5) Integration with Rules EngineBPEL should be used for Orchestration only and not for coding programming logic or hard coded rules. Hence it is important to have a separate Rules Engine. Many rules engine available in Market support Java facts and BPEL Engine Being a Java Engine should integrate out of the Box with these. But some rules engine have the limitation that they can take only XML facts, so it is an overhead to go from Java to XML so as to use XML facts and then marshal back to Java. So make sure that you have sorted out Integration with Rules Engine prior to BPEL production implementation.6) Implementation ArchitectureBPEL processes and projects can and will expand to occupy all available resources within your organization. These business processes are pretty visible processes within a company and have strict SLAs to meet. Make sure you have a proven and tested reference architecture for Clustering, High Availability and Disaster recovery. There has to be a provisioning process, deployment process and Process Life [...]

How to OBFUSCATE passwords and ENCRYPT sensitive fields in BPEL PM?


Here is a small tip on security while using Oracle BPEL Process Manager.

Many a times you have to supply password information and other sensitive information in your BPEL PM project files (*.bpel, *.xml, *.wsdl). How do you ensure that these are not visible as clear text to others who do not have access to source codes? Here is a quick tip on using the XML tag .

Where can this be used?

- to obfuscate password info while accessing a partnerlink that refers to a WebService secured by Basic Authentication ... login/password.


Suppose you have a partnerlink definition defined with LOGIN PASSWORD info as shown below. You want to obfuscate the password i.e. You do not want to see clear text "cco-pass"



Add the property encryption="encrypt" for sensitive fields, this will cause the value to be encrypted at deployment. So the new XML will look like



Then deploy your process and the password will be encrypted.
Have fun encrypting things !!