SOA Governance

1
SOA Governance

• Xiaoying Bai
• Department of Computer Science and Technology
• Tsinghua University
• March 2007

2
Outline

• Governance and IT governance
• SOA governance motivations
• SOA governance challenges
• SOA governance key elements
• SOA policies
• Service lifecycle management
• IBM SOA governance model
• Case study Service Monitoring with IBM Websphere

3
Governance in General

• The concept of governance is as old as human
  civilization.
• Establishing chains of responsibility, authority
  and communication to empower people (decision
  rights)
• Establishing measurement, policy and control
  mechanisms to enable people to carry out their
  roles and responsibilities.
• E.g. European governance refers to the rules,
  processes and behavior that affect the way in
  which powers are exercised at European level,
  particularly as regards openness, participation,
  accountability, effectiveness and coherence.

4
IT Governance

• Information Technology (IT) has been one of the
  foundational pillars of most business today
• Enterprises IT investment is greater that 4.2
  of annual revenue in a average.
• Business and IT can be viewed as two cogs of the
  same wheel.
• A change in motion of one mandates that the other
  respond in kind.
• IT needs to be flexible, extensible, responsive,
  resilient, and dynamically reconfigurable.
• Businesses measure the success of IT not only by
  how well it is being leveraged for
  business-as-usual activities, but also by how it
  is utilized to facilitate the enterprise to be a
  key differentiator in the market.

5
IT Governance

• IT Governance is a collection of management,
  planning and performance reporting and review
  processes with associated decision rights, which
  establish controls and performance metrics over
  key investments, operational and delivery
  services and new or change authorizations and
  compliance with regulations, laws and
  organizational policies. It formalizes and
  clarifies oversight, accountability and decision
  rights.
• Gad J. Selig, IT Governance An integrated
  framework and roadmap
• how to plan, deploy and sustain for competitive
  advantage, 2006.
• What decisions must be made to ensure effective
  management and use of IT?
• Who should make these decisions?
• How will these decisions be made and monitored?

6
IT Governance

• IT governance refers to the aspects of
  governance that pertain to an organizations
  information technology processes and the way
  those processes support the goals of the
  business. ..
• IT governance defines a structure of
  relationships and processes to direct and control
  the enterprise.
• -- IBM white paper, August 2006
• IT governance is a subset of enterprise
  governance
• IT governance deals with the management and
  control of IT assets, people, processes and
  infrastructures, as well as the manner in which
  the assets are managed and procured.
• IT governance helps to define the roles and
  responsibilities and specify the decision rights
  and accountability framework.

7
SOA Governance

• SOA governance is an extension of IT governance
  specifically focused on the lifecycle of
  services, metadata and composite applications in
  an organizations service-oriented architecture.
• As a specialization of IT governance, SOA
  governance addresses how an organizations IT
  governance decision rights, policies and measure
  need to be modified and augmented for a
  successful adoption of SOA, thus forming an
  effective SOA governance model.
• -- IBM white paper, August 2006.

8
Whats wrong with SOA

• Service-oriented architecture built
  opportunistically with the purpose of getting it
  over with as soon as possible, and at as low a
  cost as possible, will prove to be a disaster for
  enterprises software infrastructures.
• In 2006, enterprises worldwide will have spent
  nearly 3 billion on failed and redesigned Web
  services projects because of poorly implemented
  service-oriented architectures.
• Gartner

An enterprise chock-full of services is not an
SOA. For that, you need the matrix of rules and
policies that make up SOA governance. InfoWorld
9
Why SOA Governance

• Large enterprises must achieve a true Service
  Oriented Architecture. Governance is a critical
  element in meeting this goal.
• Doing lots of little Web Services projects all
  over the place with no governance isnt SOA, its
  just playing. (Thomas Manes, Burton Group)
• The impact of ungoverned integration projects can
  be significant to a companys operation.
• The breakdown couldnt have come at a worse time
  for ATT wireless. It deprived the Telco of
  thousands of potential new customers and cost the
  company an estimated 100 million in lost
  revenue. (ATT Wireless)

10
Why SOA Governance

• Without an effective governance approach,
  organizations could quickly face a rather messy
  and dysfunctional situation with uncontrolled,
  ad-hoc development of services, undermining the
  potential benefits of SOA.
• -- Marianne Hedin, The impact of SOA on the
  consulting Services Market, IDC, Dec. 2005.
• SOA is an inherently distributed approach to
  architecture, and therefore the requirements for
  governance are even more critical than in more
  centralized environment.
• -- David Sprott, The SOA Governance Framework,
  CDBI, Sep. 2004
• In 2006, lack of working governance machanisms
  in midsize-to-large (greater than 50 services)
  post-pilot SOA projects will be the most common
  reason for project failure.
• --Paolo Malinverno, The strategic Impact of SOA
  Broadens, Gartner, Nov. 2005
• Through 2008, 70 percent of IT organizations
  will fail to successfully select and implement an
  SOA strategy on the first try. There
  organizations must be prepared to use software
  services tactically while planning for strategic
  evolution of their architecture.
• --Daryl C. Plummer, Six Missteps That Can
  Result in SOA Strategy Failure, Gartner, June
  2005

11
Why SOA Governance

• Service orientation alone cannot bring about the
  effect of improved productivity, faster time to
  market and reuse because there are other forces
  at play that operate as impediments and
  constraints.
• Effective governance of services through
  policies, principles, standards, procedures,
  processes, and cultural and organizational change
  will enable the full benefit of service
  orientation to be realized.

12
Why SOA Governance

• SOA requires Governance from day one
• Business-oriented
• Ensure continuity of business operations
• Manage security exposure
• Align technology implementation with business
  requirements
• Manage liabilities and dependencies
• Reduce the cost of operations

13
SOA Governance Challenges

• Evolving standards for XML and Web Services
• The effort involved in complying with industry
  standards conflicts with short-term project.
• Project teams do not have the time and manpower
  to understand and adhere to the industry
  standards and corporate policies.
• Lack of one SOA standards
• SOA it self is not an industry standards. Every
  company has its own unique considerations and
  requirements.
• A variety of vendors
• XML and Web Services support has been on the
  product roadmap for all major software vendors.
• Inadequate tooling
• Commercially available tools are limited to
  application-level implementations.

14
SOA Governance Challenges

• New layer new challenges
• A new SOA layer in the enterprise IT architecture
  poses new challenges for security, management,
  reliability, change management, and much more.
• Operational complexities
• There are dependencies that are often outside the
  scope of the deployment team.
• SOA is not one project
• How do you align disparate efforts into a solid,
  reliable, agile and enterprise-quality
  architecture?

15
SOA Governance Objectives

• To implement SOA in a well-planned, well
  coordinated, and effectively managed way
• Develop Now, Integrate Later ? Develop for
  Integration
• To govern the design, development, deployment,
  and operations of any new Services in their
  enterprise.
• To ensure that all of the independent efforts
  come together to meet the enterprise SOA
  requirements.

16
Key Elements of SOA Governance

• Policies
• Policy management
• Policy association
• Policy enforcement
• Policy reporting
• Service Contract
• Provide a precise and unambiguous agreement for
  how the provider and consumer interact.

17
Key Elements of SOA Governance

• Lifecycle management
• Manage services across a complete lifecycle
• Metadata
• Data about data, the set of policies and
  descriptions that enable service discovery and
  appropriate usage
• Three types business information, technical
  information, governance information
• Rather than hard-code, SOA requires metadata to
  be externalized

18
SOA Policy

• Objectives
• Address the overall impact to the business of the
  Services that are being created and deployed.
• Create a strong connection between the business
  and technology.
• Associate business policies, technical policies
  and actual implementation in a transparent
  fashion.
• Create a common utilized language of information
  and process.
• SOA policies need to address the very
  distributed, asynchronous, and heterogeneous
  nature of the SOA environment.

Palatable policy easy to do the right thing
and hard to do wrong thing.
19
SOA Policy

• Examples
• Business policy
• Patient name and contact information may not be
  transmitted as clear text.
• Security policy
• Every operation message must be uniquely
  identified and digitally signed.
• Lower-level technical policy
• Do not use XML anyAttribute wildcards

20
SOA Policy

• Wrangling governance assets
• Governance artifacts need to be searchable,
  versioned, and easily and precisely
  referenced should be in a machine-usable format
  for dynamic discovery and binding.
• Registry
• Repository
• Run-time policies
• Policy reuse

21
SOA Policy

• Auditing Conformance
• Policy should not be left for documentation, but
  be an active part of the operations of companies.
• Automatic policy enforcement to detect, analyze,
  and audit policy compliance.
• Policy process should be integrated with the
  design, development, deployment and operation of
  Services in an efficient and transparent manner.

Laying down the law SOA policies arent worth
anything unless theyre enforced
22
SOA Policy

• Policy management track, review improve
• Govern the implementation, encourage reusability,
  manage collaboration processes, and improve
  business metrics
• Policies What policies we have? Where are these
  policies implemented?
• Enterprise Interfaces What enterprise Services
  are being developed?
• Conformance Status How well do our services
  conform to our policies?
• Impact Analysis What happens to our SOA
  operations if we change our current SOA policies
  ?
• Interdependencies How will operations be
  impacted by changes made to Services?
• Exception Management What will be the impact of
  an exception?

23
SOA Policy

• Integration
• Process integration
• SOA Governance must integrate with the current
  flow of Service development and with the tools
  and systems available.
• Ensure that Service implementations are in
  conformance with enterprise policies throughout
  design, development, testing, implementation,
  deployment, and maintenance.
• System integration
• SOA Governance must transparently integrate with
  EAI, development tools, and other enterprise
  applications that are producing and consuming
  Services.

24
Service Lifecycle Management

• Service Lifecycle
• A model for describing the key activities and
  management tasks associated with the different
  phases of the life of a business service, from
  analysis and design to production support.
• Identification Definition
• Development Testing
• Publish Deploy
• Discover Manage
• Management Issues
• Service deployment
• Service versioning
• Service monitoring

25
Service Lifecycle Management

• Provider lifecycle
• Understanding and managing the requirements
• Managing the access and visibility
• Publishing information
• Managing delivery

• Consumer lifecycle
• Exploring service
• Validating the conformance
• Negotiating usage
• Validating quality
• Responding to changes

26
Service Lifecycle Management

• Management principles
• Traceability Services should be visible
  throughout life cycle, from business perspective
  to deployed software service
• Managed Services should be managed as an asset
  throughout the life cycle with established and
  consistently enforced policies
• Application-Neutral Concept of SOA is
  applicable to all classes of interoperability
• Agile Process The SOA is never finished or
  stable and should allow for the flexibility of
  dynamic process recomposition
• Federated Process The SOA is a collaboration of
  independent components that provide services
  according to contractual obligations.

27
IBM SOA Governance Model
SOA Lifecycle

• Plan the governance requirements
• Define the governance approach
• Enable the governance model incrementally
• Measure, monitor and manage the governance
  processes

SOA Governance Lifecycle
28
Case Study
29
WSRR SOA Governance Interactions
Life Cycle Management Processes
2
7
Test and classify
Change impact Analysis
Archive Registry Repository
Production Registry Repository
Development Registry Repository
1. Service metadata artifacts are created 2.
Tools, utilities and users publish
servicemetadata to the Service Registry
Repository 3. LCM processes enforce testing,
classifying and validation. 4. Service and
metadata is Published 5. Service is assigned a
state of AWAITING APPROVAL

• LCM processes drive impact analyses, compliance
  checks, change policy conformance and
  scheduling.
• Service is approved
• Service is assigned a state of APPROVED
• Notifications are Generated.

• 10. LCM processes driveDeploymentProduction
  configuration
• Service is promoted to production environment
• Service is assigned an OPERATIONAL state.
• Notifications Generated

• 13. LCM processes driveimpact of
  retiringretirement policy
• Service is retired
• Service is assigned a RETIRED state.
• Notifications Generated

30
IBM Websphere Business Monitor
Existing Components
Process Requirements
Services
Process Modeling
V
InteractionGlue
Participate
Process Execution/Choreography
Optimize
Manage Execution
Analysis
Monitor
Continuous Business Process optimization - Round
trip
31
Business Monitor Goals

• Report on business performance measured against
  targets (scorecard)
• Share growth and new product revenue
• Track business process flow
• Status of particular insurance claim
• Bottlenecks due to human tasks
• Monitor business process metrics
• Duration, cost, branch ratios
• Business Analysis through aggregation and
  multidimensional reporting
• Total monthly revenue by customer
• Detect and alert of anomalous situations
• Gold customer order with no inventory and
  supplier decommitted

32
Websphere Monitoring Components

• Monitor Server
• Is the core component of WebSphere Business
  Monitor.
• Dashboard Client
• Is another server component of the WebSphere
  Business Monitor and provides the runtime
  environment
• Databases
• Are the data storage component
• Monitor Administration
• Provides the administrative functions

33
Websphere Monitoring Components
Tooling (Business Measure Editor)
Define BMs
Business Measures Model
Monitor Dashboards
Monitor Server
Action Manager
CEI
CBE events
CBE Situation events
Dashboard access
Event Processing
Runtime
Performance Warehouse
State
Replication
DB2 Replicator
DB2 Replicator
34
Sample Usage Scenario
35
Business Performance Monitoring
36
Summary

• SOA requires a major shift in the way software in
  developed and deployed within enterprise.
• Develop now, Integrate later ? Develop for
  Integration
• The new paradigm, technologies and standards
  created to support this shift require companies
  to implement their SOA in a well planned, well
  coordinated, and effectively managed way.
• To ensure business continuity, reduce integration
  costs and complexities, it must govern the
  design, development, deployment, and operations
  of services in the enterprise.
• Policy and service lifecycle management are the
  important elements to achieve SOA Governance.
• Policies set the goals to direct and measure
  success

37
Reference

• Gad J. Selig, IT Governance An integrated
  framework and roadmap how to plan, deploy and
  sustain for competitive advantage, 2006.
• WebLayers, SOA Governance Introduction, 2005.
• Ben Brauer and Sean Kline, SOA governance a key
  integredient of the Adaptive Enterprise, Feb.
  2005.
• P. J. Windley, Governance, Rules of the Game,
  InfoWorld, Jan. 06.
• P. J. Windley, Governing SOA, InfoWorld, Jan.
  06.
• SOA Governance Balancing Flexibility and
  Control Within an SOA, Systinet, Mercury, Sep.
  2006.
• Andrew G. Weekes, Service Oriented Architecture
  Governance, Accenture, Nov. 2006.
• Tilak Mitra, A case for SOA governance, IBM
  developworks, Aug. 2005.
• William A. Brown and Murray Cantor, SOA
  governance how to oversee successful
  implementation through proven best practices and
  methods, IBM white paper, August 2006.