SOA-Ch6.ppt

SOA Governance

Xiaoying Bai

Department of Computer Science and TechnologyTsinghua University

March 2007

23/4/10 2

Outline

• Governance and IT governance• SOA governance motivations• SOA governance challenges • SOA governance key elements

– SOA policies– Service lifecycle management

• IBM SOA governance model• Case study: Service Monitoring with IBM

Websphere

23/4/10 3

Governance in General

• The concept of “governance” is as old as human civilization. – Establishing chains of responsibility, authority and

communication to empower people (decision rights)

– Establishing measurement, policy and control mechanisms to enable people to carry out their roles and responsibilities.

– E.g. “European governance” refers to the rules, processes and behavior that affect the way in which powers are exercised at European level, particularly as regards openness, participation, accountability, effectiveness and coherence.

23/4/10 4

IT Governance

• Information Technology (IT) has been one of the foundational pillars of most business today– Enterprise’s IT investment is greater that 4.2% of annual revenue

in a average. • Business and IT can be viewed as two cogs of the same

wheel.– A change in motion of one mandates that the other respond in

kind. • IT needs to be flexible, extensible, responsive, resilient,

and dynamically reconfigurable. • Businesses measure the success of IT not only by how well

it is being leveraged for business-as-usual activities, but also by how it is utilized to facilitate the enterprise to be a key differentiator in the market.

23/4/10 5

IT Governance

“IT Governance is a collection of management, planning and performance reporting and review processes with associated decision rights, which establish controls and performance metrics over key investments, operational and delivery services and new or change authorizations and compliance with regulations, laws and organizational policies. It formalizes and clarifies oversight, accountability and decision rights.”

Gad J. Selig, “IT Governance – An integrated framework and roadmap:

how to plan, deploy and sustain for competitive advantage”, 2006.

• What decisions must be made to ensure effective management and use of IT?

• Who should make these decisions?

• How will these decisions be made and monitored?

23/4/10 6

IT Governance

“IT governance refers to the aspects of governance that pertain to an organization’s information technology processes and the way those processes support the goals of the business. ..

IT governance defines a structure of relationships and processes to direct and control the enterprise. ”

-- IBM white paper, August 2006

• IT governance is a subset of enterprise governance

• IT governance deals with the management and control of IT assets, people, processes and infrastructures, as well as the manner in which the assets are managed and procured.

• IT governance helps to define the roles and responsibilities and specify the decision rights and accountability framework.

23/4/10 7

SOA Governance

“SOA governance is an extension of IT governance specifically focused on the lifecycle of services, metadata and composite applications in an organization’s service-oriented architecture.

As a specialization of IT governance, SOA governance addresses how an organization’s IT governance decision rights, policies and measure need to be modified and augmented for a successful adoption of SOA, thus forming an effective SOA governance model. ”

-- IBM white paper, August 2006.

23/4/10 8

What’s wrong with SOA

“Service-oriented architecture built opportunistically with the purpose of ‘getting it over with’ as soon as possible, and at as low a cost as possible, will prove to be a disaster for enterprises’ software infrastructures.”

“In 2006, enterprises worldwide will have spent nearly $3 billion on failed and redesigned Web services projects because of poorly implemented service-oriented architectures.”

Gartner

“An enterprise chock-full of services is not an SOA. For that, you need the matrix of rules and policies that make up SOA governance.

InfoWorld

23/4/10 9

Why SOA Governance

• Large enterprises must achieve a true Service Oriented Architecture. Governance is a critical element in meeting this goal. – “Doing lots of little Web Services projects all over the place with

no governance isn’t SOA, it’s just playing.” (Thomas Manes, Burton Group)

• The impact of ungoverned integration projects can be significant to a company’s operation.– “The breakdown couldn’t have come at a worse time for AT&T

wireless. It deprived the Telco of thousands of potential new customers and cost the company an estimated $100 million in lost revenue.” (AT&T Wireless)

23/4/10 10

Why SOA Governance

“Without an effective governance approach, organizations could quickly face a rather messy and dysfunctional situation with uncontrolled, ad-hoc development of services, undermining the potential benefits of SOA.”

-- Marianne Hedin, “The impact of SOA on the consulting Services Market”, IDC, Dec. 2005.

“SOA is an inherently distributed approach to architecture, and therefore the requirements for governance are even more critical than in more centralized environment.”

-- David Sprott, “The SOA Governance Framework”, CDBI, Sep. 2004

“In 2006, lack of working governance machanisms in midsize-to-large (greater than 50 services) post-pilot SOA projects will be the most common reason for project failure.”

--Paolo Malinverno, “The strategic Impact of SOA Broadens”, Gartner, Nov. 2005

“Through 2008, 70 percent of IT organizations will fail to successfully select and implement an SOA strategy on the first try. There organizations must be prepared to use software services tactically while planning for strategic evolution of their architecture.”

--Daryl C. Plummer, “Six Missteps That Can Result in SOA Strategy Failure”, Gartner, June 2005

23/4/10 11

Why SOA Governance

• Service orientation alone cannot bring about the effect of improved productivity, faster time to market and reuse because there are other forces at play that operate as impediments and constraints.

• Effective governance of services through policies, principles, standards, procedures, processes, and cultural and organizational change will enable the full benefit of service orientation to be realized.

23/4/10 12

Why SOA Governance

• SOA requires Governance from day one– Business-oriented– Ensure continuity of business operations– Manage security exposure– Align technology implementation with business

requirements– Manage liabilities and dependencies– Reduce the cost of operations

23/4/10 13

SOA Governance Challenges

• Evolving standards for XML and Web Services– The effort involved in complying with industry standards conflicts

with short-term project.– Project teams do not have the time and manpower to understand

and adhere to the industry standards and corporate policies. • Lack of one “SOA standards”

– SOA it self is not an industry standards. Every company has its own unique considerations and requirements.

• A variety of vendors– XML and Web Services support has been on the product roadmap

for all major software vendors.• Inadequate tooling

– Commercially available tools are limited to application-level implementations.

23/4/10 14

SOA Governance Challenges

• New layer – new challenges– A new SOA layer in the enterprise IT architecture

poses new challenges for security, management, reliability, change management, and much more.

• Operational complexities– There are dependencies that are often outside the scope

of the deployment team.

• SOA is not one project– “How do you align disparate efforts into a solid,

reliable, agile and enterprise-quality architecture?”

23/4/10 15

SOA Governance Objectives

• To implement SOA in a well-planned, well coordinated, and effectively managed way– “Develop Now, Integrate Later” “Develop for

Integration”

• To govern the design, development, deployment, and operations of any new Services in their enterprise.

• To ensure that all of the independent efforts come together to meet the enterprise SOA requirements.

23/4/10 16

Key Elements of SOA Governance

• Policies– Policy management– Policy association– Policy enforcement– Policy reporting

• Service Contract– Provide a precise and unambiguous agreement for how

the provider and consumer interact.

23/4/10 17

Key Elements of SOA Governance

• Lifecycle management– Manage services across a complete lifecycle

• Metadata– Data about data, the set of policies and descriptions that

enable service discovery and appropriate usage

– Three types: business information, technical information, governance information

– Rather than hard-code, SOA requires metadata to be externalized

23/4/10 18

SOA Policy

• Objectives– Address the overall impact to the business of the

Services that are being created and deployed. – Create a strong connection between the business and

technology.– Associate business policies, technical policies and

actual implementation in a transparent fashion. – Create a common utilized language of information and

process.– SOA policies need to address the very distributed,

asynchronous, and heterogeneous nature of the SOA environment.

Palatable policy : easy to do the right thing and hard to do wrong thing.

23/4/10 19

SOA Policy

• Examples– Business policy

• “Patient name and contact information may not be transmitted as clear text.”

– Security policy• “Every operation message

must be uniquely identified and digitally signed.”

– Lower-level technical policy

• “Do not use XML ‘anyAttribute’ wildcards”

23/4/10 20

SOA Policy

• Wrangling governance assets– Governance artifacts need to be searchable,

versioned, and easily – and precisely –referenced; should be in a machine-usable format for dynamic discovery and binding.

• Registry

• Repository

• Run-time policies

• Policy reuse

23/4/10 21

SOA Policy

• Auditing & Conformance– Policy should not be left for documentation, but be an

active part of the operations of companies.– Automatic policy enforcement to detect, analyze, and

audit policy compliance. – Policy process should be integrated with the design,

development, deployment and operation of Services in an efficient and transparent manner.

Laying down the law: SOA policies aren’t worth anything unless they’re enforced

23/4/10 22

SOA Policy

• Policy management: track, review & improve– Govern the implementation, encourage reusability, manage

collaboration processes, and improve business metrics• Policies – What policies we have? Where are these policies

implemented?• Enterprise Interfaces – What enterprise Services are being

developed?• Conformance Status – How well do our services conform to

our policies?• Impact Analysis – What happens to our SOA operations if we

change our current SOA policies ?• Interdependencies – How will operations be impacted by

changes made to Services?• Exception Management – What will be the impact of an

exception?

23/4/10 23

SOA Policy

• Integration– Process integration

• SOA Governance must integrate with the current flow of Service development and with the tools and systems available.

• Ensure that Service implementations are in conformance with enterprise policies throughout design, development, testing, implementation, deployment, and maintenance.

– System integration• SOA Governance must transparently integrate with EAI,

development tools, and other enterprise applications that are producing and consuming Services.

23/4/10 24

Service Lifecycle Management

• Service Lifecycle– A model for describing the key activities and management tasks

associated with the different phases of the life of a business service, from analysis and design to production support.

• Identification & Definition• Development & Testing• Publish & Deploy• Discover & Manage

• Management Issues– Service deployment– Service versioning– Service monitoring

Identification & Definition

Development &Testing

Publish & Deploy

Discover & Manage

23/4/10 25

Service Lifecycle Management

• Provider lifecycle– Understanding and managing

the requirements

– Managing the access and visibility

– Publishing information

– Managing delivery

• Consumer lifecycle– Exploring service

– Validating the conformance

– Negotiating usage

– Validating quality

– Responding to changes

23/4/10 26

Service Lifecycle Management

• Management principles– Traceability – Services should be visible throughout life cycle, fro

m business perspective to deployed software service– Managed – Services should be managed as an asset throughout the

life cycle with established and consistently enforced policies– Application-Neutral – Concept of SOA is applicable to all classes

of interoperability– Agile Process – The SOA is never finished or stable and should all

ow for the flexibility of dynamic process recomposition– Federated Process – The SOA is a collaboration of independent co

mponents that provide services according to contractual obligations.

23/4/10 27

IBM SOA Governance Model

• Plan the governance requirements

• Define the governance approach

• Enable the governance model incrementally

• Measure, monitor and manage the governance processes

SOA Lifecycle

SOA Governance LifecycleSOA Governance and management approach

Case Study

23/4/10 29

WSRR – SOA Governance Interactions

Test and classify2

Production Production Registry & Registry & RepositoryRepository

Production Production Registry & Registry & RepositoryRepository

7

Change impact Analysis

Life Cycle Management ProcessesLife Cycle Management ProcessesLife Cycle Management ProcessesLife Cycle Management Processes

Change impact AnalysisRetirement policy conformance

13

Publish from UI

Publish from deployment

tools

Publish from deployment

tools

Discover from deployments and

Publish

Discover from deployments and

Publish

Publish from Development

Tools

Publish from Development

Tools

2DevelopmentDevelopment

Registry &Registry &

RepositoryRepository

DevelopmentDevelopment

Registry &Registry &

RepositoryRepository

Archive Archive Registry & Registry & RepositoryRepository

Archive Archive Registry & Registry & RepositoryRepository

Create 1

WSDLXSDSCDL

BPELPolicyMXSD

1. Service metadata artifacts are created2. Tools, utilities and users publish servicemet

adata to the Service Registry & Repository

3. LCM processes enforce testing, classifying and validation.

4. Service and metadata is Published5. Service is assigned a state of AWAITING A

PPROVAL

1. Service metadata artifacts are created2. Tools, utilities and users publish servicemet

adata to the Service Registry & Repository

3. LCM processes enforce testing, classifying and validation.

4. Service and metadata is Published5. Service is assigned a state of AWAITING A

PPROVAL

6. LCM processes drive impact analyses, compliance checks, change policy conformance and scheduling.

7. Service is approved8. Service is assigned a state of

APPROVED 9. Notifications are Generated.

6. LCM processes drive impact analyses, compliance checks, change policy conformance and scheduling.

7. Service is approved8. Service is assigned a state of

APPROVED 9. Notifications are Generated.

Change impact analysisCompliance checks

Change policy conformanceScheduling

6

Test and classifyValidate Artifacts

3

DeploymentProduction

configuration

10

10. LCM processes drive:DeploymentProduction configuration

• Service is promoted to production environment

• Service is assigned an OPERATIONAL state.

Notifications Generated

10. LCM processes drive:DeploymentProduction configuration

• Service is promoted to production environment

• Service is assigned an OPERATIONAL state.

Notifications Generated

13. LCM processes drive:impact of retiringretirement policy

• Service is retired• Service is assigned a

RETIRED state.

Notifications Generated

13. LCM processes drive:impact of retiringretirement policy

• Service is retired• Service is assigned a

RETIRED state.

Notifications Generated

PublishPublish

Awaiting Awaiting ApprovalApprovalAwaiting Awaiting ApprovalApproval5

4

ApprovedApprovedApprovedApproved8

9

ApproveApprove7

NotifyNotify

PromotePromote11

OperationalOperationalOperationalOperational12

NotifyNotify

RetireRetire

RetiredRetiredRetiredRetired

14

15

NotifyNotify

23/4/10 30

IBM Websphere Business Monitor

Continuous Business Process optimization - Round trip

Process Execution/Choreography

Services

InteractionGlue

Process Modeling

MonitorAnalysis

VOptimize

Existing Components

Process Requirements

Manage Execution

Participate

23/4/10 31

Business Monitor Goals

• Report on business performance measured against targets (scorecard)– Share growth and new product revenue

• Track business process flow– Status of particular insurance claim– Bottlenecks due to human tasks

• Monitor business process metrics– Duration, cost, branch ratios

• Business Analysis through aggregation and multidimensional reporting– Total monthly revenue by customer

• Detect and alert of anomalous situations– Gold customer order with no inventory and supplier decommitted

23/4/10 32

Websphere Monitoring Components

• Monitor Server– Is the core component of WebSphere Business Monitor.

• Dashboard Client– Is another server component of the WebSphere Busines

s Monitor and provides the runtime environment

• Databases– Are the data storage component

• Monitor Administration– Provides the administrative functions

23/4/10 33

DB2 ReplicatorDB2 Replicator

Monitor ServerMonitor Server Action ManagerAction

Manager

Tooling

(Business Measure Editor)

Tooling

(Business Measure Editor)

CEI

DB2 ReplicatorDB2 Replicator

RuntimeState

Monitor Dashboards

Monitor Dashboards

Business Measures

Model

CBE events

CBE Situation events

Event Processing

Replication

Dashboard access

Define BMs

PerformanceWarehouse

Websphere Monitoring Components

23/4/10 34

Sample Usage Scenario

23/4/10 35

Business Performance Monitoring

23/4/10 36

Summary

• SOA requires a major shift in the way software in developed and deployed within enterprise.– “Develop now, Integrate later” “Develop for Integration”

• The new paradigm, technologies and standards created to support this shift require companies to implement their SOA in a well planned, well coordinated, and effectively managed way.

• To ensure business continuity, reduce integration costs and complexities, it must govern the design, development, deployment, and operations of services in the enterprise.

• Policy and service lifecycle management are the important elements to achieve SOA Governance. – Policies set the goals to direct and measure success

23/4/10 37

Reference

• Gad J. Selig, “IT Governance – An integrated framework and roadmap: how to plan, deploy and sustain for competitive advantage”, 2006.

• WebLayers, “SOA Governance Introduction”, 2005.• Ben Brauer and Sean Kline, “SOA governance: a key integredient of t

he Adaptive Enterprise”, Feb. 2005. • P. J. Windley, “Governance, Rules of the Game”, InfoWorld, Jan. 06.• P. J. Windley, “Governing SOA”, InfoWorld, Jan. 06.• “SOA Governance: Balancing Flexibility and Control Within an SOA”,

Systinet, Mercury, Sep. 2006. • Andrew G. Weekes, “Service Oriented Architecture Governance”, Ac

centure, Nov. 2006.• Tilak Mitra, “A case for SOA governance”, IBM developworks, Aug.

2005.• William A. Brown and Murray Cantor, “SOA governance: how to ove

rsee successful implementation through proven best practices and methods”, IBM white paper, August 2006.