a governance reference model for service-oriented architecture ...
10 Steps to Simplify and Improve Service-Oriented Architecture Governance
-
Upload
perficient-inc -
Category
Technology
-
view
3.776 -
download
1
Transcript of 10 Steps to Simplify and Improve Service-Oriented Architecture Governance
1
10 Steps to Simplify SOA Governance
February 29, 2012
2
Agenda
Introduction SOA Governance Overview Ten Steps to Simplify SOA Governance
1. Align SOA projects with business goals2. Develop a collaborative organization for SOA
governance3. Define organizational roles and responsibilities4. Establish the SOA lifecycle process and policies5. Adjust your software development lifecycle for SOA6. Define SOA foundational standards7. Define run-time processes8. Determine the role of technology in your governance
processes9. Establish SOA measurements and monitoring
techniques10. Evolve and improve SOA governance over time
Steps are non-linear
Eric RochChief Technologist
3
About Perficient
Perficient is a leading information technology consulting firm serving clients
throughout North America.
We help clients implement business-driven technology solutions that integrate
business processes, improve worker productivity, increase customer loyalty and
create a more agile enterprise to better respond to new business opportunities.
4
Perficient Profile
Founded in 1997
Public, NASDAQ: PRFT
2010 Revenue of $215 million
Major market locations throughout North America— Atlanta, Austin, Charlotte, Chicago, Cincinnati, Cleveland,
Columbus, Dallas, Denver, Detroit, Fairfax, Houston, Indianapolis, Los Angeles, Minneapolis, New Orleans, Northern California, Philadelphia, San Francisco, San Jose, Southern California,St. Louis and Toronto
Global delivery centers in China, Europe and India
1,700+ colleagues
Dedicated solution practices
85% repeat business rate
Alliance partnerships with major technology vendors
Multiple vendor/industry technology and growth awards
5
Perficient brings deep solutions expertise and offers a complete set of flexible services to help clients implement business-driven IT solutions
Our Solutions Expertise & Services
Business-Driven SolutionsEnterprise PortalsSOA and Business Process MgmtBusiness IntelligenceUser-Centered Custom Applications Interactive DesignCRM SolutionsEnterprise Performance ManagementCustomer Self-ServiceeCommerce & Product Information
ManagementEnterprise Content ManagementManagement Consulting Industry-Specific SolutionsMobile TechnologySecurity Assessments
Perficient Services End-to-End Solution Delivery IT Strategic Consulting IT Architecture Planning Business Process & Workflow
Consulting Usability and UI Consulting Custom Application Development Offshore Development Package Selection, Implementation
and Integration Architecture & Application Migrations Education Interactive Design
6
IT Governance
Asset and Portfolio Management Business Technology Optimization Performance and Service Management Security and Access Control Enterprise Architecture Project lifecycle management
IT already practices governance such as quality control, change management and service level agreements.
7
IT Governance Frameworks
The IT Infrastructure Library (ITIL) is a detailed framework with hands-on information on how to achieve a successful governance of IT, developed and maintained by the United Kingdom's Office of Government Commerce, in partnership with the IT Service Management Forum.
Control Objectives for Information and related Technology (COBIT) is another approach to standardize good information technology security and control practices. This is done by providing tools to assess and measure the performance of 34 IT processes of an organization. The ITGI (IT Governance Institute) is responsible for COBIT
The ISO/IEC 27001 (ISO 27001) is a set of best practices for organizations to follow to implement and maintain a security program. It started out as British Standard 7799 ([BS7799]), which was published in the United Kingdom and became a well known standard in the industry that was used to provide guidance to organizations in the practice of information security.
The Information Security Management Maturity Model ISM3 is a process based ISM maturity model for security.
AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology
We have a wealth of knowledge and processes to leverage for SOA.
8
What is SOA governance?Because services are intrinsically distributed and reusable
they introduce new governance challenges
SOA governance is an extension of IT governance that focuses on:
– lifecycle of services and composite applications – the decision rights for the development, deployment
and management of new services– monitoring and reporting processes for capturing and
communicating SOA results and process improvement
SOA governance mission: To create policies, principles, standards, procedures and processes that will realize the full business benefit of service orientation
Perficient’s SOA governance design goals:– Keep the process and deliverables lightweight – To manage change, build consensus and roll out
governance processes iteratively shifting software-engineering culture over time
– Mature SOA governance over time through measurements and process improvement
Keep the process and deliverables lightweight, easy to follow and add value.
9
SOA Governance Framework
Managing the portfolio of services: planning development of new services and updating current services
Managing the service lifecycle: meant to ensure that updates of services do not disturb current service consumers
Using policies to restrict behavior: rules can be created that all services need to apply to, to ensure consistency of services
Establish performance monitoring of services: because of service composition, the consequences of service downtime or underperformance can be severe.
Create, communicate and enforce governance policies
10
SOA Governance Lifecycle
Governance is the combination of people, policies, and processes that an organization leverages to achieve desired behaviors
SOA governance is about achieving the desired behavior associated with SOA adoption
Project governance - the behaviors span the normal software development efforts
Run-time governance - the interaction between service consumers and service providers in production environments
Pre-project governance - processes associated with the proposal, approval, and funding of projects
During each of these efforts, people, policies, and processes must be established and leveraged to ensure that the changes to the culture are successful
Source: SOA Governance by Todd Biske (book)
11
Governance Process and Artifacts
Policies and Decision Rights – Set of guidebooks to address SOA Governance
Strategy and roadmap – Core Services – Roadmap: Projects and timeline – People and process impact – Technology enablement
Organization– SOA Steering Committee and Competency Center – Create, approve, communicate and enforce the governance
framework – Interrelationships and dependences – SOA measurement criteria and process
SOA Architecture – Documented standards – Design review process and checklists
SOA Lifecycle – Design to deploy methodology – Deliverable templates, checklists and samples – Release management
SOA Operations – Policy based monitoring and management– Security policies– Build and deploy standards and process– Administration documentation and processes
Governance should flow smoothly within a lifecycle with everyone working together.
12
Quick Start Rulebook™ Methodology
Develops SOA strategy and roadmapEstablishes the SOA competency
center organizational and maturity model
Define governance model for design, asset management and operations
Develops SOA reference architectureAddresses SOA project orientated
methodologyEstablishes the operations and quality
assurance strategy processes and procedures
Supported by design patterns and reusable components
Codify common design patterns – e.g. the Exception Handler
Optimize the operational environment
13
Step 1: Business Alignment
A top-down view of business services by domain identifies core services
Project alignment simplifies funding ensures ROI
Start a SOA program in the context of projects in the portfolio
Identify projects that will benefit from SOA: – Integration – Process automation and improvement – Information access – Multi-channel – APIs
14
Business Alignment Case Study
Six iterations delivered through the end of 2012
Automates sales role in the overall order process
Features: Visibility to product availability, automated cost estimates, collaborative (with customer) proposal process, capture of information to eliminate downstream duplicate data entry and facilitate process hand-offs
Key benefits: Process improvement and automation results in time savings for sales leads to increased sales
Cost estimate: $$$$
Portal
BPM
ESB
Data Services
Oracle
Data Services and Entities CRM
Adapter
OrderStaging
Legacy
Sales Order Initiation
Sa
les
Clie
nt
Se
rvic
esC
usto
mer
Category Availability
New Proposal
EPublish Category
Available Event
Transform XML
Table
Availablity
Table
Exceptions
Table
Costs
Availability Event & R/R
CostEstimate
Table
Contract
Sales: Availability QueryAvailability Notification
StartClient
Package
ReviewProposal
CreateOrder
Approved
Disapproved
Proposal
To Client Package Approval
JDBC
Order Topic
Sales: Proposal Entry and Status
Sales: Query Cost and View Reports
Publish Order
Events
Customers: Review, Mark-upApprove Proposals
Client Services: Notify and Start Client Package
AvailabilityTime Out
Map to Native Invoke Services
PackageCost
Reports
Format Cost Data
Mgt Dashboard KPI: Proposal Task Flow, Timing and Status, Deal Volume
and Forecast. Dollars Approved
Notifications
DW
15
Business Alignment Case Study
16
Step 2: Organizational Structure
Develop a formal organization for the SOA discipline
Build processes, best practices & internal competencies to best utilize resources
Architect and advise SOA project activities Standardization of architecture and product
roles Provide a governance role for reusable
services Coordinate with PMO to manage the SOA
project lifecycle (process and deliverables) Through process, standards and governance
create continuous and measurable improvements
Accomplish enterprise wide integration through iterations based on reusable artifacts
Evangelize SOA within the IT organization
17
CMDBCMDB
Governance People, Process, Technology
PlanPlanLifecy
cle R
ole
s Discip
lines T
ools
Lifecy
cle R
ole
s Discip
lines T
ools
PortfolioManagement
PortfolioManagement
Visual ModelingVisual
Modeling
RepositoryRepository RegistryRegistryProjects& AssetsProjects& Assets
VersionedSource
VersionedSource
BusinessProcesses& Rules
BusinessProcesses& Rules
BPMMetrics
& History
BPMMetrics
& History
ESBESB BPMBPM SourceControlSourceControl
SOA Management
SOA Management
PolicyAuditSLA
PolicyAuditSLA
XSDAuthoring
XSDAuthoring
App ServerApp Server
RegistryRegistry
Release ManagementRelease Management
Lifecycle ManagementLifecycle Management
Policy ManagementPolicy ManagementSOA Contract ManagementSOA Contract Management
Portfolio MgtPortfolio Mgt
Support & InfrastructureSupport & Infrastructure
SOASteering
Committee
SOASteering
Committee
Competency Center
Competency Center
EnterpriseArchitectureEnterprise
Architecture
BusinessLeaders
BusinessLeaders Application
DevelopmentApplication
Development
QualityAssurance
QualityAssurance
Administration & Operations
Administration & Operations
SpecifySpecify ProvisionProvision OrchestrateOrchestrate TestTest DeployDeploy RunRun
ITSteering
Committee
ITSteering
Committee
TestToolsTestTools
18
Organization Case Study
Structure Standards Responsibilities EscalationsProcess Coordination Collaboration Change management Consensus
Long-term manage SOA infrastructure
Work with SOA CC for capacity planning and SLAs
Build business services with SOA CC
Domain/Data subject matters experts
Consult with development to build business services
Support – Monitor Business Services Infrastructure
Liaison business services and technical deployment
Manage infrastructure until formal turnover
19
Organization Case Study
Long-term manage SOA infrastructure
Work with ICC for capacity planning and SLAs
Systems Development
TeamsICC
Systems Administration
Applications R C
Subsystems R C
Business Services R C
Application Service & Adapters R A
Orchestration C R
Common Components I R
Metadata I R
Logical Bus I R
Broker A R
BPM Engine A R
Physical Bus A R
SOA Infrastructure A R
Capacity Planning A R
Service Level Agreements A R
Platforms C R
OS C R
RDBMS C R
Networks C R
Build business services with ICC
Domain/Data subject matters experts
Consult with development to build business services
Support – Monitor Business Services Infrastructure
Liaison business services and technical deployment
Manage infrastructure until formal turnover
Legend – R Responsible, A Approve, C Consulted, I Informed
20
Step 4: SOA Lifecycle Process and Policies
Reference: SOA for Profit
21
Lifecycle Case Study – Trouble Spots
22
What’s in the SDLC to build services?
Contracts are packages of structured and unstructured assets -interfaces, conditional elements, and documentation
Operations available, along with the associated abstract payload definition (both inbound and outbound)
List of potential exception conditions
Functional semantics such as pre- and post-conditions
Business semantics and invariants related to the service
Synchronous or asynchronous access, and other message exchange patterns
Security requirements, including supported credentials, encryption,and signatures
Other important contextual information such as Quality of Service (QoS) that describes performance and availability metrics
23
Step 5: SDLC Adjustments
Add a very simple SOA deliverable templates early and gates to trigger the SOA lifecycle* Note: The Feasibility Phase Project Architecture has a section for conceptual architecture
Service Requirements
Business ServicesIn Feasibility Architecture*
Service Certification
24
Step 5: SDLC Adjustments
Add a very simple SOA deliverables to the Agile approach
Business ServiceSolution ArchitectureService Design Test Cases
25
Step 6: SOA Standards
Architecture Guide – SOA product roles within the organization – Service Decomposition and Design – SOA Design Patterns – SOA Registry Repository – Utility services – e.g. auditing, error
handling, transaction monitoring – Non-functional requirements and strategy to
meet requirements – Security standards – WSDL, XML and REST standards
Developers Guide – Environment setup – Product usage guidelines – Guidelines for reuse – Common schema usage guidelines – Naming standards – Pattern implementation – QA strategy and tools – Version management strategy
Systems Administration Guide – Build documents – Monitoring and management – Environment management – change control
and migration – Directory structure and security
Services are certified to meet standards
26
Case Study: SOA Standards
JAD Sessions Customize Guidebook Content
Pilot Verifies Guidebooks
Pilot Introduces Methodology
27
Run-Time Management
The distributed, cross-boundary nature of services and access to them presents new performance, availability and security risks that need to be managed
The rapid deployment and loose coupling of services along with their virtualized application flows present new complexities in key processes
The need to effectively handle the performance and prioritization of virtualized services while efficiently utilizing available resources
28
SOA Infrastructure and Management
Network Components Configuration: Load balancing, Firewalls, Routers– Impact of messaging – Configurations for application servers, messaging, ESBs, BPM
Virtualization of SOA Components – Virtualized provisioning for fault-tolerance and capacity
Monitoring and Management – SOA management integrated with enterprise management – Exception management and auditing as a service – Scripted ping and alert, shut down and restart
Application servers setup, capacity planning and tuning – Platform for most Portals, ESBs, and BPM software suites – Configuration for load-balancing, fault tolerance, tuning and capacity
SOA Software Suites configuration and automation
– Standardized environments with scripted build and deploy – Scripted monitoring and management – Documented administration and operations guides
Everything has to work together!
29
SOA Run-time Governance and ITIL
The Information Technology Infrastructure Library (ITIL) is a set of concepts and policies for managing information technology (IT) infrastructure, development and operations.. ITIL gives a detailed description of a number of important IT practices with comprehensive checklists, tasks and procedures that can be tailored to support SOA concepts and artifacts.
Service Support – Service Desk / Service Request Management– Incident Management– Software Asset Management– Problem Management– Configuration Management– Change and Release Management
Service Delivery – Service Level Management – Capacity Management – Availability Management– Financial Management for IT Services
Service Level Management– Capacity Management– IT Service Continuity Management– Availability Management– Financial Management for IT Services
ICT (Information and Communication Technology) Infrastructure Management – ICT Design and Planning– ICT Deployment Management – ICT Operations Management– ICT Technical Support
30
Step 6: Run Time
Involve operations early in a SOA program – organizational structure
Monitoring and Management are SOA standards
Properly plan for infrastructure cost, time, deliverables and dependences as part of the SOA roadmap and project plans
Put the vendor on the hook to support the sizing, architecture, configuration and performance of the infrastructure
Dedicate and train an administrator to the SOA infrastructure early in the project to work with the vendor though the installation, configuration and testing
Do a capacity test on the production environment before deployment and maintain a capacity baseline
Include deployment and the testing of deployments as part of the process and deliverables
Track your systems dependencies and include them in an operations guide as part of project transition
31
Step 8: Governance Technology
The registry repository supports SOA lifecycle development and run-time management
Evaluation of the registry repository should be on the SOA roadmap
The SOA lifecycle management should fit into your SDLC
The SOA run-time management should fit into your architecture standards
32
SOA Governance Case Study
Activities – Requirements for governance - steps, policies, metadata – Map metadata and SOA design deliverable templates
requirements to registry taxonomy– Customization of the SOA design templates – Definition of Policy Manager and Policy Agents – Configuration of the registry - set up of taxonomy and service
entries (for PoC) – To be tested with PoC project lifecycle
Deliverables – SOA design templates for Registry and Policy Manager– Defined and configured Registry and Policy Manager entries (Per
POC needs)
33
Step 9: Measurements and Monitoring
COE Services – Architecture effectiveness
• Time required for process change, service reuse, metadata (reuse, coverage, quality, depth)
– Service Reuse– Resource demand – Deprecated interfaces – Service Level Agreements (SLA) – Software quality
Finance – ROI for the SOA/integration
software – Project cost savings
Source: SOA Governance by Todd Biske (book)
34
Case Study – Measures / Maturity Models
35
Step 10: Evolve Over Time
Program ManagementTechnical ArchitectureBusiness ArchitectureImplementationQuality AssuranceOperationsSupport
Program ManagementTechnical ArchitectureBusiness ArchitectureImplementationQuality AssuranceOperationsSupport
A SOA Program Requires Activities and Deliverables in the following categories:
36
Case Study – SOA Program Iterations
1.1
Business Service
Specification
Analysis
Ready for Design
Activity Deliverable Milestone
Ready for Testing
Program Foundation
Pilot (GetProvider)Ready for
Deployment
Business Process Model
Non-Functional
Requirements
Design
Architecture Design
(Service)
DetailDesign
Construction Test Implementation
Technical Architecture
Program Management Operations
Future State Architecture
Standards Templates Support Process
Processes
Communications
Architecture
Audit, Logging, & Exception
Handling
Security Standards
Design Patterns
Design Operations
Repository
SLA
QA
Service Testing Strategy
Operations
SLA
Program Management
SLA
Prototype
1.2 1.3
DataVirtualization
37
SOA is an incremental journey
A Path to SOA Maturity
38
Perficient SOA Health Check
Engagement Structure– Get SOA projects on target with actionable and prioritized recommendations – 2 Perficient Consultants for 1 week– Fluid engagement pre-planned and coordinated with the client
Facilitated sessions– Document as-is architecture and make best practices recommendations– Review…
• IT strategy for SOA including completed projects to date• Organization and governance • Solution architecture and design• Enterprise and reference architecture • Service monitoring, auditing, and exception handling practices• Current staffing roles to support SOA • Existing service level agreements and escalation procedures• Testing and quality assurance • Current change control process
Key deliverables– Findings Presentation– Recommendations Document
• Findings, Best Practices, Recommendations, Priorities