Title: SOA Governance
1SOA Governance
- Xiaoying Bai
- Department of Computer Science and Technology
- Tsinghua University
- March 2007
2Outline
- Governance and IT governance
- SOA governance motivations
- SOA governance challenges
- SOA governance key elements
- SOA policies
- Service lifecycle management
- IBM SOA governance model
- Case study Service Monitoring with IBM Websphere
3Governance in General
- The concept of governance is as old as human
civilization. - Establishing chains of responsibility, authority
and communication to empower people (decision
rights) - Establishing measurement, policy and control
mechanisms to enable people to carry out their
roles and responsibilities. - E.g. European governance refers to the rules,
processes and behavior that affect the way in
which powers are exercised at European level,
particularly as regards openness, participation,
accountability, effectiveness and coherence.
4IT Governance
- Information Technology (IT) has been one of the
foundational pillars of most business today - Enterprises IT investment is greater that 4.2
of annual revenue in a average. - Business and IT can be viewed as two cogs of the
same wheel. - A change in motion of one mandates that the other
respond in kind. - IT needs to be flexible, extensible, responsive,
resilient, and dynamically reconfigurable. - Businesses measure the success of IT not only by
how well it is being leveraged for
business-as-usual activities, but also by how it
is utilized to facilitate the enterprise to be a
key differentiator in the market.
5IT Governance
- IT Governance is a collection of management,
planning and performance reporting and review
processes with associated decision rights, which
establish controls and performance metrics over
key investments, operational and delivery
services and new or change authorizations and
compliance with regulations, laws and
organizational policies. It formalizes and
clarifies oversight, accountability and decision
rights. - Gad J. Selig, IT Governance An integrated
framework and roadmap - how to plan, deploy and sustain for competitive
advantage, 2006. - What decisions must be made to ensure effective
management and use of IT? - Who should make these decisions?
- How will these decisions be made and monitored?
6IT Governance
- IT governance refers to the aspects of
governance that pertain to an organizations
information technology processes and the way
those processes support the goals of the
business. .. - IT governance defines a structure of
relationships and processes to direct and control
the enterprise. - -- IBM white paper, August 2006
- IT governance is a subset of enterprise
governance - IT governance deals with the management and
control of IT assets, people, processes and
infrastructures, as well as the manner in which
the assets are managed and procured. - IT governance helps to define the roles and
responsibilities and specify the decision rights
and accountability framework.
7SOA Governance
- SOA governance is an extension of IT governance
specifically focused on the lifecycle of
services, metadata and composite applications in
an organizations service-oriented architecture. - As a specialization of IT governance, SOA
governance addresses how an organizations IT
governance decision rights, policies and measure
need to be modified and augmented for a
successful adoption of SOA, thus forming an
effective SOA governance model. - -- IBM white paper, August 2006.
8Whats wrong with SOA
- Service-oriented architecture built
opportunistically with the purpose of getting it
over with as soon as possible, and at as low a
cost as possible, will prove to be a disaster for
enterprises software infrastructures. - In 2006, enterprises worldwide will have spent
nearly 3 billion on failed and redesigned Web
services projects because of poorly implemented
service-oriented architectures. - Gartner
An enterprise chock-full of services is not an
SOA. For that, you need the matrix of rules and
policies that make up SOA governance. InfoWorld
9Why SOA Governance
- Large enterprises must achieve a true Service
Oriented Architecture. Governance is a critical
element in meeting this goal. - Doing lots of little Web Services projects all
over the place with no governance isnt SOA, its
just playing. (Thomas Manes, Burton Group) - The impact of ungoverned integration projects can
be significant to a companys operation. - The breakdown couldnt have come at a worse time
for ATT wireless. It deprived the Telco of
thousands of potential new customers and cost the
company an estimated 100 million in lost
revenue. (ATT Wireless)
10Why SOA Governance
- Without an effective governance approach,
organizations could quickly face a rather messy
and dysfunctional situation with uncontrolled,
ad-hoc development of services, undermining the
potential benefits of SOA. - -- Marianne Hedin, The impact of SOA on the
consulting Services Market, IDC, Dec. 2005. - SOA is an inherently distributed approach to
architecture, and therefore the requirements for
governance are even more critical than in more
centralized environment. - -- David Sprott, The SOA Governance Framework,
CDBI, Sep. 2004 - In 2006, lack of working governance machanisms
in midsize-to-large (greater than 50 services)
post-pilot SOA projects will be the most common
reason for project failure. - --Paolo Malinverno, The strategic Impact of SOA
Broadens, Gartner, Nov. 2005 - Through 2008, 70 percent of IT organizations
will fail to successfully select and implement an
SOA strategy on the first try. There
organizations must be prepared to use software
services tactically while planning for strategic
evolution of their architecture. - --Daryl C. Plummer, Six Missteps That Can
Result in SOA Strategy Failure, Gartner, June
2005
11Why SOA Governance
- Service orientation alone cannot bring about the
effect of improved productivity, faster time to
market and reuse because there are other forces
at play that operate as impediments and
constraints. - Effective governance of services through
policies, principles, standards, procedures,
processes, and cultural and organizational change
will enable the full benefit of service
orientation to be realized.
12Why SOA Governance
- SOA requires Governance from day one
- Business-oriented
- Ensure continuity of business operations
- Manage security exposure
- Align technology implementation with business
requirements - Manage liabilities and dependencies
- Reduce the cost of operations
13SOA Governance Challenges
- Evolving standards for XML and Web Services
- The effort involved in complying with industry
standards conflicts with short-term project. - Project teams do not have the time and manpower
to understand and adhere to the industry
standards and corporate policies. - Lack of one SOA standards
- SOA it self is not an industry standards. Every
company has its own unique considerations and
requirements. - A variety of vendors
- XML and Web Services support has been on the
product roadmap for all major software vendors. - Inadequate tooling
- Commercially available tools are limited to
application-level implementations.
14SOA Governance Challenges
- New layer new challenges
- A new SOA layer in the enterprise IT architecture
poses new challenges for security, management,
reliability, change management, and much more. - Operational complexities
- There are dependencies that are often outside the
scope of the deployment team. - SOA is not one project
- How do you align disparate efforts into a solid,
reliable, agile and enterprise-quality
architecture?
15SOA Governance Objectives
- To implement SOA in a well-planned, well
coordinated, and effectively managed way - Develop Now, Integrate Later ? Develop for
Integration - To govern the design, development, deployment,
and operations of any new Services in their
enterprise. - To ensure that all of the independent efforts
come together to meet the enterprise SOA
requirements.
16Key Elements of SOA Governance
- Policies
- Policy management
- Policy association
- Policy enforcement
- Policy reporting
- Service Contract
- Provide a precise and unambiguous agreement for
how the provider and consumer interact.
17Key Elements of SOA Governance
- Lifecycle management
- Manage services across a complete lifecycle
- Metadata
- Data about data, the set of policies and
descriptions that enable service discovery and
appropriate usage - Three types business information, technical
information, governance information - Rather than hard-code, SOA requires metadata to
be externalized
18SOA Policy
- Objectives
- Address the overall impact to the business of the
Services that are being created and deployed. - Create a strong connection between the business
and technology. - Associate business policies, technical policies
and actual implementation in a transparent
fashion. - Create a common utilized language of information
and process. - SOA policies need to address the very
distributed, asynchronous, and heterogeneous
nature of the SOA environment.
Palatable policy easy to do the right thing
and hard to do wrong thing.
19SOA Policy
- Examples
- Business policy
- Patient name and contact information may not be
transmitted as clear text. - Security policy
- Every operation message must be uniquely
identified and digitally signed. - Lower-level technical policy
- Do not use XML anyAttribute wildcards
20SOA Policy
- Wrangling governance assets
- Governance artifacts need to be searchable,
versioned, and easily and precisely
referenced should be in a machine-usable format
for dynamic discovery and binding. - Registry
- Repository
- Run-time policies
- Policy reuse
21SOA Policy
- Auditing Conformance
- Policy should not be left for documentation, but
be an active part of the operations of companies. - Automatic policy enforcement to detect, analyze,
and audit policy compliance. - Policy process should be integrated with the
design, development, deployment and operation of
Services in an efficient and transparent manner.
Laying down the law SOA policies arent worth
anything unless theyre enforced
22SOA Policy
- Policy management track, review improve
- Govern the implementation, encourage reusability,
manage collaboration processes, and improve
business metrics - Policies What policies we have? Where are these
policies implemented? - Enterprise Interfaces What enterprise Services
are being developed? - Conformance Status How well do our services
conform to our policies? - Impact Analysis What happens to our SOA
operations if we change our current SOA policies
? - Interdependencies How will operations be
impacted by changes made to Services? - Exception Management What will be the impact of
an exception?
23SOA Policy
- Integration
- Process integration
- SOA Governance must integrate with the current
flow of Service development and with the tools
and systems available. - Ensure that Service implementations are in
conformance with enterprise policies throughout
design, development, testing, implementation,
deployment, and maintenance. - System integration
- SOA Governance must transparently integrate with
EAI, development tools, and other enterprise
applications that are producing and consuming
Services.
24Service Lifecycle Management
- Service Lifecycle
- A model for describing the key activities and
management tasks associated with the different
phases of the life of a business service, from
analysis and design to production support. - Identification Definition
- Development Testing
- Publish Deploy
- Discover Manage
- Management Issues
- Service deployment
- Service versioning
- Service monitoring
25Service Lifecycle Management
- Provider lifecycle
- Understanding and managing the requirements
- Managing the access and visibility
- Publishing information
- Managing delivery
- Consumer lifecycle
- Exploring service
- Validating the conformance
- Negotiating usage
- Validating quality
- Responding to changes
26Service Lifecycle Management
- Management principles
- Traceability Services should be visible
throughout life cycle, from business perspective
to deployed software service - Managed Services should be managed as an asset
throughout the life cycle with established and
consistently enforced policies - Application-Neutral Concept of SOA is
applicable to all classes of interoperability - Agile Process The SOA is never finished or
stable and should allow for the flexibility of
dynamic process recomposition - Federated Process The SOA is a collaboration of
independent components that provide services
according to contractual obligations.
27IBM SOA Governance Model
SOA Lifecycle
- Plan the governance requirements
- Define the governance approach
- Enable the governance model incrementally
- Measure, monitor and manage the governance
processes
SOA Governance Lifecycle
28Case Study
29WSRR SOA Governance Interactions
Life Cycle Management Processes
2
7
Test and classify
Change impact Analysis
Archive Registry Repository
Production Registry Repository
Development Registry Repository
1. Service metadata artifacts are created 2.
Tools, utilities and users publish
servicemetadata to the Service Registry
Repository 3. LCM processes enforce testing,
classifying and validation. 4. Service and
metadata is Published 5. Service is assigned a
state of AWAITING APPROVAL
- LCM processes drive impact analyses, compliance
checks, change policy conformance and
scheduling. - Service is approved
- Service is assigned a state of APPROVED
- Notifications are Generated.
- 10. LCM processes driveDeploymentProduction
configuration - Service is promoted to production environment
- Service is assigned an OPERATIONAL state.
- Notifications Generated
- 13. LCM processes driveimpact of
retiringretirement policy - Service is retired
- Service is assigned a RETIRED state.
- Notifications Generated
30IBM Websphere Business Monitor
Existing Components
Process Requirements
Services
Process Modeling
V
InteractionGlue
Participate
Process Execution/Choreography
Optimize
Manage Execution
Analysis
Monitor
Continuous Business Process optimization - Round
trip
31Business Monitor Goals
- Report on business performance measured against
targets (scorecard) - Share growth and new product revenue
- Track business process flow
- Status of particular insurance claim
- Bottlenecks due to human tasks
- Monitor business process metrics
- Duration, cost, branch ratios
- Business Analysis through aggregation and
multidimensional reporting - Total monthly revenue by customer
- Detect and alert of anomalous situations
- Gold customer order with no inventory and
supplier decommitted
32Websphere Monitoring Components
- Monitor Server
- Is the core component of WebSphere Business
Monitor. - Dashboard Client
- Is another server component of the WebSphere
Business Monitor and provides the runtime
environment - Databases
- Are the data storage component
- Monitor Administration
- Provides the administrative functions
33Websphere Monitoring Components
Tooling (Business Measure Editor)
Define BMs
Business Measures Model
Monitor Dashboards
Monitor Server
Action Manager
CEI
CBE events
CBE Situation events
Dashboard access
Event Processing
Runtime
Performance Warehouse
State
Replication
DB2 Replicator
DB2 Replicator
34Sample Usage Scenario
35Business Performance Monitoring
36Summary
- SOA requires a major shift in the way software in
developed and deployed within enterprise. - Develop now, Integrate later ? Develop for
Integration - The new paradigm, technologies and standards
created to support this shift require companies
to implement their SOA in a well planned, well
coordinated, and effectively managed way. - To ensure business continuity, reduce integration
costs and complexities, it must govern the
design, development, deployment, and operations
of services in the enterprise. - Policy and service lifecycle management are the
important elements to achieve SOA Governance. - Policies set the goals to direct and measure
success
37Reference
- Gad J. Selig, IT Governance An integrated
framework and roadmap how to plan, deploy and
sustain for competitive advantage, 2006. - WebLayers, SOA Governance Introduction, 2005.
- Ben Brauer and Sean Kline, SOA governance a key
integredient of the Adaptive Enterprise, Feb.
2005. - P. J. Windley, Governance, Rules of the Game,
InfoWorld, Jan. 06. - P. J. Windley, Governing SOA, InfoWorld, Jan.
06. - SOA Governance Balancing Flexibility and
Control Within an SOA, Systinet, Mercury, Sep.
2006. - Andrew G. Weekes, Service Oriented Architecture
Governance, Accenture, Nov. 2006. - Tilak Mitra, A case for SOA governance, IBM
developworks, Aug. 2005. - William A. Brown and Murray Cantor, SOA
governance how to oversee successful
implementation through proven best practices and
methods, IBM white paper, August 2006.