Independent Insight for Service Oriented Practice www.cbdiforum.com Policy Driven Practices for SOA Lawrence Wilkes CBDI Forum
Independent Insight for Service Oriented Practice
www.cbdiforum.com
Policy Driven Practices for SOALawrence WilkesCBDI Forum
© 2006 CBDI Forum Ltd2 V1.0 0206
Agenda
! Enterprise SOA Challenge! SOA Policy Areas! Layered Service Architecture as a basis for Policy! Service Lifecycle as a basis for Policy! Compliance Testing! Service Engineering
© 2006 CBDI Forum Ltd3 V1.0 0206
Core SOA Characteristics
4. Resource virtualization
Who, What and Where
Consuming Solutions
Functional Capabilities/Resources
2. Functional standardization
Reuse to reduce cost and deliver consistency across
different solutions
Y Z
B
ServiceA
X
A
1. Loose CouplingEnabling rapid
process integration & optimization
ServiceB
3. Consumer (solution) flexibility
Use alternative and or specialize services
3. Supplier flexibilityUse alternative and
consolidated resources
C
Usage decisions determined by Policy
© 2006 CBDI Forum Ltd4 V1.0 0206
Enterprise ChallengeLots of Disparate Consuming Solutions Driven by Pressing Needs Of Individual Business Sponsors
Lots of Duplicated, Silo’ed, Disparate, Distributed Capabilities/Resources
Lots of Services delivered with good intention, but failing to deliver the full benefits of SOA
Minimal Sharing, still silo’ed, disparate, and meeting only the requirement of individual business sponsors!
© 2006 CBDI Forum Ltd5 V1.0 0206
Enterprise Service Bus, Web Service Protocols, etc
Technology Isn’t the SolutionLots of Disparate Consuming Solutions Driven by Pressing Needs Of Individual Business Sponsors
Lots of Duplicated, Silo’ed, Disparate, Distributed Capabilities/Resources
Technology is an important enablerBut it isn’t just a wiring problem!
© 2006 CBDI Forum Ltd6 V1.0 0206
Managed Service Portfolio
A B C
Services Provided and Consumed
X Y Z
Consuming Solutions
Functional Capabilities/Resources
Services Grouped by Domain
Services Organized by Purpose and Type
Services Selected for Sharing, Aggregation or
Differentiation
Business Domain
© 2006 CBDI Forum Ltd7 V1.0 0206
SOA – Three Perspectives
InterestFocus
! Standards! Service Technology! Run-time Governance! Operational Policies
! Run-time deployment of Services and Resources
! Operational Infrastructure! Service Management
SOA is aDeployment Framework
! Enterprise Architecture Context! Architectural Constructs for SOA! Architectural Governance! Architectural and Design Policies
! Federated Service Architectures! Service Identification and
Specification! Service Lifecycle
SOA is anArchitectural Framework
! Strategy and Roadmap! Organization and culture! IT Process Governance! Provisioning and Sourcing Policies
! Business and IT Resource Optimization
! Business/IT Convergence! IT Process for SOA?! Provider/Consumer Supply Chain?
SOA is aManagement Framework
© 2006 CBDI Forum Ltd8 V1.0 0206
SOA Policy Areas
CertificationChange in state - Service lifecycleAsset
Provider/ConsumerIT/Business
Obligations between different partiesRelationship
PricingHow a Service is paid forCommercial
AuthenticationPermissionsSecurity
Run-time policies
How Services and associated resources are sourced
Flexibility
Use of architectural constructs in the SOA
SOA Delivery process
Determines/Governs
MonitoringSLA
Operational
ExampleType
Standardization/CommoditizationSourcing
Mediation
LayeringArchitecture / Design
RAEWFunding
Program/ Process
© 2006 CBDI Forum Ltd9 V1.0 0206
Layered Service Architecture
! Reasons for Layering! Higher degrees of reuse/sharing! Flexibility in assembly of Services at different layers! Functional standardization and commoditization in lower levels! Customization in higher layers! Separation of concerns! Determine policies by layer
! Policies Vary by Layer. E.g.! Different Sourcing permitted! Degree of Standardization/ Differentiation allowed
© 2006 CBDI Forum Ltd10 V1.0 0206
Service Classification - Layers
Process Services(orchestration layer)
Order FulfillmentService
Core Business Services
(“backbone” layer)
Underlying Services(that need a facade)
Stock Movements ServiceProductsService
Orders Service
Stock Management Service
Purchasing(from highly generic component)
Order System
Stock ControlApplication
Product DevSystem
Solution Layer(presentation
and dialog)
Utility Services(high reuse layer)CurrencyConversionServiceAddressReformatter
AccountsReceivableAPI(from legacy Accounting
System)
Stock ReorderingCustomers
Service
© 2006 CBDI Forum Ltd11 V1.0 0206
Basis for Single and Shared Service Policy
Process Services(orchestration layer)
Core Business Services
(“backbone” layer)
Underlying Services(that need a facade)
Utility Services(high reuse layer)
Exploit pre-existing functionality for wider reuseAggregate functionality from pre-existing Services and systems
The most widely reused Shared ServicesServices that perform widely used sub-routines, operations
Single Service provides consistent view of corporate data and business rulesProvides a 360° view of the resourceStores a record of each instance of each business type Applies common validation and business rules
Orchestrate operations from many core business operationsSupport process unique processingStore process level information
Solution Layer(presentation
and dialog)
Business Domain
© 2006 CBDI Forum Ltd12 V1.0 0206
Basis for Standardization and Customization Policy
Differentiated Services
Differentiated Service
Behavior
Business Solutions &Business Processes
Standardized Usage
DifferentiatedUsage
Standard Services
Commodity Services
CustomServices
Increasing Commoditization
Increasing Customization
Critical policy areaDetermines economics, flexibility, competitive differentiation and standardizationDetermines sets of standard services based on economics and feasibilityManage solution usage on basis of competitive differentiation
!Core/Context!Core/Non Core
Manage sourcing on basis of economics
© 2006 CBDI Forum Ltd13 V1.0 0206
Basis for Architecture and Design Rules
Process Services(orchestration layer)
Core Business Services
(“backbone” layer)
Underlying Services(that need a facade)
Utility Services(high reuse layer)
May call other Utility Services directly
Cyclic dependencies not normally permitted
May call Utility Services, but normally would not
May not call Core Business or Process Services
May call other Core Business, Underlying and Utility Services directly
Cyclic dependencies not permitted, except for call-back. May not call Process Services
May call Core Business & Utility services directly
May be called by apps that support other business processes
Dependencies allowedExample rules
© 2006 CBDI Forum Ltd14 V1.0 0206
Driving Service Architecture
Existing systems and databases
Analysis of Business DomainClassification into Layers
Business ProcessValue Chains
Service Identification
Business Type ModelsData-centricReuse analysis
Resource OptimizationSharing and ConsistencyStandardization/CommoditizationService Flexibility - Provider Agility
EnterpriseDomain
Domain Driven
Current Systems Analysis
Existing APIsIntegration
Existing SystemsApplication
System Driven
Process ModellingUse Case
Business OptimizationResource IntegrationProcess Agility
ProjectBusiness Process
Solution Driven
TechniquesFocusScope
Solution Model
Domain Model
Current Systems Model
Process Driven
Data Centric
Bottom Up
Order FulfillmentService
ProductsService
Orders Service
Process Services
Core Business Services
Underlying Services
Utility Services Address Reformatting Service
AccountsReceivable API
© 2006 CBDI Forum Ltd15 V1.0 0206
Architecting for Agility
Pick Exterior Color
Standard GT Special
?Pick Interior Color
?
Pick Wheel Style
?
Base Product
Finished Product
Flexible Sourcing of Components
On Demand Assembly
Specialized Solutions
Commoditized Services
Planning and Design
Service Consumer
Service Provider
Service Provider
Applications
Business Services
Service Requestor
Applications
4
3
1
2
Management Service
Alternative Service or Provider
PolicyDriven
Process Service
Run-Time
PolicyDriven
© 2006 CBDI Forum Ltd16 V1.0 0206
The Service Life Cycle – Enabling Governance
Planned
Specified
Certified
Published
Operational
Retired
/prepare service specification and WSDLdemand for operations arises / …Being Provisioned
/handover tested service
/publicize service, catalog and subject to change control
Provisioned
/confirm service offers required quality
/deploy service
/withdraw obsolete service
/include proposed service in portfolio plan
Archived /archive service artifacts
Activity
State (post)
State (pre)
Policy Driven
Compliance Check
Lifecycle Governance over state change
© 2006 CBDI Forum Ltd17 V1.0 0206
Service Lifecycle Challenges
Planned
Specified
Certified
Published
Operational
Retired
BeingProvisioned
Provisioned
Archived
IDE, ESB
Service & Systems
Management
Registry
Requirements Management
Con
figur
atio
n &
Ass
et M
anag
emen
t
Pol
icy
Man
agem
ent
Service is defined in many different toolsHow is consistency maintained?How is the compliance with the specification checked?
Changing State may mean" Moving from tool to tool" Changing Level of Abstraction
Policies
How can Policies be applied across different tools?Policies may be tool specific, with tool specific definitionsHow is compliance checked?
OMG UML 2 –Models used to document service and the SOA
OMG RAS –Reusable Asset Specification
Standards that may help share Service artefacts or information across the lifecycle
WS-protocols –even if the Service is not a WSUse of WS-Policy
© 2006 CBDI Forum Ltd18 V1.0 0206
Need for Richer Service Specifications
! Operation signatures do not explain enough! WSDL is not good at explaining service behavior
! CBDI Service Description (primarily used in Planning)! Lightweight – not a specification! Described in business, not technical terms
! CBDI Rich Service Specification1. Interface Definition (signatures of all the operations)2. Behaviour Definition (without pre-empting how
implemented) e.g. pre-post condition pairs3. Service Information model4. Mandatory Message Sequences5. Properties and Features6. Quality of Standards Compliance
Non-functionalSpecification
FunctionalSpecification
© 2006 CBDI Forum Ltd19 V1.0 0206
Role of Registry in the Service Lifecycle
Staging Registry
Service Provision
Publish
Discover Consume
Version
Service Consumption
OperateDeploy
Specify
Certify
Plan
Production Registry
Service Management
Publish planned Services
Certify in Approval Process
Register Versions and Redirect
Publish Via Staging Registry
Dynamic Run-time Discovery
Feedback QoS
Asset Management Tools
Developer Tools
Asset Management Tools
Developer Tools
Discover Services
Registry becomes “System of Record” for Service Lifecycle
© 2006 CBDI Forum Ltd20 V1.0 0206
Service Provision Asset Management Tools
Developer Tools
Service Consumption
Policy Compliance Points
SM/ESB
Publish
DiscoverConsume
Operate
Specify
Certify
RegistrySM/ESB
Validate Run-time ComplianceValidate SLA
Validate Service Design
Validate ServiceValidate Specification
Validate Consumer
Validate Provider
Validate Service
Validate Service Consumption
Validate Run-time ComplianceValidate SLA
Asset Management Tools
Developer Tools
© 2006 CBDI Forum Ltd21 V1.0 0206
Sample Governance Compliance Checks
Proper assignment to layer, compliance with dependency policiesArchitecture
Inspect endpoint references against known and approved providers. For exampleApproved Provider
Ensure that only Services published in catalog are consumed. For exampleService Consumption
Monitor compliance with SLA policiesSLA definitions and hence compliance checks are likely be proprietary to the WSM/SOAM/ESB product
SLA
Inspect Service Requests and Responses to ensure business rule compliance, and/or transform Service Requests and Responses based on business rulesBusiness Rules Engine defines compliance testsWSM/SOAM/ESB can enforce business-based mediation rules (routing, transformation, etc)
Business Policy Compliance
Inspect Service Requests and Responses to ensure regulatory compliance, and auditing requirements. Use WSM/SOAM/ESBTypically user defined. Some products may have pre-defined templates.
Regulatory or Auditing Compliance
Completeness of specification according to user defined methodologyService Specification
User defined methodology conformance to best practices. Design Policies
Validate classification of Services. Registries provide classification mechanismsClassification
Validate XML Schemas, validate that Services use the correct schemaSchema
Enforce and validate Security policiesWS-Security
Check compliance with WS-I profiles to ensure interoperabilityWS-I profile
Enforce and Validate usage of various WS protocols.Products may ship with ready made profiles for WS-I, WSDL, WS-SecurityEnsure that consumed Services comply with policies for usage of various WS protocols.
WS-Protocol
Type of Check and Standards RelevanceCompliance Check
© 2006 CBDI Forum Ltd22 V1.0 0206
Relationship Governance
Service Provider/ Supplier
Service Consumer
IT Business
Enterprise ProjectShared capability
ROI
QoS/SLACapability
Payment
Requirement
Usage
SOA Architect Developer
Frameworks“Style Guide”
Compliance
! Use policies as a way of managing relationships
! Compliance works both ways and places obligations on both parties
© 2006 CBDI Forum Ltd23 V1.0 0206
SERVICE PORTFOLIO PLANNING
SERVICE PROVISIONING
BUSINESS MODELING
SOLUTION DELIVERY
BUSINESS PROCESS DESIGN
Capabilities
Required Services
Operational Services
Business Process Model
Planned Service Descriptions Service policies
Business OntologyBusiness Type model
Business policies
Value Chains
Service Engineering Process Context
Define Policies
Identify Services
Describe Services
Publicize Portfolio Plan
Specify a Service
Acquire the Service
Certify, Deploy Service
Publish Service in Catalog
Model Business Process
Design Software Solution
Request Services and Operations
Construct Software Solution
Test Software Solution
Define business capabilities
Define business relationships
Define business policy
Model Business Semantics
Model Business Capability
Model Value Chains
© 2006 CBDI Forum Ltd24 V1.0 0206
SPP Policies
! Service View policies govern portfolio content Service identification and classification:! Service Layering rules ! Service Dependency Rules ! Standardization and customization! Sourcing! Target consumers, QoS! . . .
! Implementation View policies govern mapping to automation to automation units:! Sourcing! Component selection and or design criteria! Integration
! Deployment View policies govern allocation of automation units to technical infrastructure:! Performance, Security
© 2006 CBDI Forum Ltd25 V1.0 0206
Conclusions
! SOA Policies fall into many areas! Process! Architecture! Operational! Relationships
! Layered Service Architecture drives much policy thinking! Service lifecycle provides a framework for managing compliance
governance
! Policies must be flexible! Know when to enforce, and when to allow optionality! Many policies must be checked by hand – don’t over burden the
organization with bureaucracy
© 2006 CBDI Forum Ltd26 V1.0 0206
Relevant CBDI Reports
! Practical Service Specification and Design - a five part series commencing with:http://www.cbdiforum.com/secure/interact/2005-03/Practical_Service_Spec.php
! Service Portfolio Planning Revisitedhttp://www.cbdiforum.com/secure/interact/2005-09/Service_Portfolio_Planning_Revisited.php
! Improving SOA Governance with the Systinet Business Services Registryhttp://www.cbdiforum.com/secure/interact/2005-04/Improving_SOA_Gove_Systinet_Business_Registry.php
! Software Development Asset Management with LogicLibrary Logidexhttp://www.cbdiforum.com/secure/interact/2005-06/Software_Dev_Asset_Man_LogicLibrary_Logidex.php
! The Service Lifecycle! http://www.cbdiforum.com/secure/interact/2005-
11/the_service_lifecycle.php! SOA Governance in the Life Cycle
! http://www.cbdiforum.com/secure/interact/2005-11/SOA_Governance_in_life_cycle.php
© 2006 CBDI Forum Ltd27 V1.0 0206
Independent Insight for Service Oriented Practice
! Monthly CBDI Journal! Best Practice Series e.g.
! Practical Service Identification and Specification
! Enterprise SOA! Developing the Architectural
Framework for SOA! Service Oriented Business Series e.g.
! Telco! Insurance! Pharmaceutical! Automotive
! Market Trends e.g.! Service Management! ESB
! 15,000+ subscribers worldwide! Architects, Business Analysts, CIOs,
CTOs, Product Managers,
! Some Free Resources! SOA and Web Service Roadmap
! http://roadmap.cbdiforum.com/! SOA Fundamentals
! http://roadmap.cbdiforum.com/reports/fundamentals/
! Consulting and Education! SOA Roadmap Planning! Service Portfolio Planning! Business Requirements for SOA! Technology Infrastructure for SOA! http://www.cbdiforum.com/public/ente
rprise_services/educational_services.php
www.cbdiforum.com