Topic 4

SOA Governance

Assoc.Prof.Dr. Thanachart Numnondawww.imcinstitute.com

2

Agenda

SOA Challenge

What is SOA Governance?

SOA Governance : Technologies and Products

SOA Governance : Implementation

SOA Challenge

SOA Overarching Trends : IDC

• SOA adoption moving from project and application

level to system and enterprise scale

• Short and long term impact of SOA, along with expectations, need to be better understood

• While technologies are key enablers, most study

participants focus on organization and program dynamics

• Success can be defined by multiple dimensions,

Including• pervasiveness of SOA adoption in the enterprise and

• clear business results

5

SOA Challenges

SOA Success Factor : IDC Research

• Business Alignment

• Organizational Change

• Management

• Communication

• Trust

• Architecture

• Scale and Sustainability

• Governance

Why SOA Governance ?

• Enterprise Governance is business-oriented.

• In moving towards integrated business initiatives (outsourcing, strategic supplier collaboration, value and supply chain,…etc) and IT initiatives (XML, Web Services, EAI, SOA…etc), companies want to ensure continuity of • business operations

• manage security exposure

• align technology implementation with business requirements

• manage liabilities and dependencies,

• reduce the cost of operations.

SOA : Introduce a new layer

SOA Challenges

• It is so easy to create and utilize web services.

• Evolving Standards for Business Compliance, IT Standards and Web Service Technologies .

• Lack of one Standards enforcement .• A Variety of Vendors.• Inadequate Tooling .• New Layer - New Challenges

Developing SOA : New Paradigm

Ungoverned SOA: New Silo

Governance SOA

SOA in the Conventional Enterprise

Evaluation after One year without Governance

Evaluation after One year with Governance

What is SOA Governance?

SOA Governance : Definition

• The processes used to oversee and control the adoption and implementation of SOA in accordance with recognized practices, principles and government regulations.

• SOA governance provides optimum service quality, consistency, predictability and performance

SOA Governance : Components

• SOA registry : an evolving catalog of information about the available services in the SOA implementation.

• SOA policy : a set of behavioral restrictions intended to ensure that services remain consistent.

• SOA testing : a comprehensive schedule of audits and performance-monitoring procedures.

Key Components of Governance

Services in SOA

• Heart of SOA

• Life Cycle• Designed• Developed• QA passed

• In production

• Metadata• WSDL• Schema

• Policy

SOA Governance : Service Life Cycle

SOA Governance : Phases

• SOA governance is divided between design time governance and runtime governance.

• One way to make both design and runtime governance more effective is through centralized policy management.

• If the architecture is designed with all the policies in an easily accessible location, then making updates to an SOA after it has been implemented is much easier.

Design Time SOA Governance

24

Runtime SOA Governance

Enterprise SOA Policies

• Policies set the goals that you use to direct and measure success.

• Without policies, there is no Governance• Policies need to address the overall impact to the

business of the Services that are being created and deployed.

• Policies need to create a strong connection between the business and technology.

Enterprise SOA Policies (cont.)

• Policies might start at the business level:• Projects must comply with Internal Architecture

guidelines • Security and regulatory compliance policy reviews are

mandatory for all IT projects

• Policies could represent more specific regulatory compliance issues: (SOX, HIPPA)

SOA Governance : Benefits

• Greater alignment with business objectives

• Greater control over creation, deployment and consumption of services

• Centralized management of policies and regulation• Can embed compliance with government and indus

try regulations• Sarbanes‐Oxley, MiFID, HIPAA, GLBA

SOA Governance :Technologies and Products

Technologies behind SOA Governance

• Enterprise Service Bus (ESB)

• Repository• Registry

Role of ESB in Governance

• Security• Ensure Privacy, Authenticity, Authorization and

Auditing of all Message exchanged

• Mediation• Policy based mediation (protocol/invocation)

• Management• Holistic view of Transactions that passes through• Intercept Service call

Role of Service Registry/Repository

• Where all Services are published

• Implements process to publish service that matches Governance model

• Contains Policies applicable to each service

Service Registry

Service Repository

Benefit of Integrating Registry/Repository

• Consistent view of service definition

• No duplication of Data • No need for data synchronization• Discover both Service info and dependencies

Key Features of SOA Governance Product

• Versioning

• Publishing & Discovery• Associations & Dependencies

• Relationship between resources

• Federation• Control (Permission, Life Cycle, Validations)• Monitoring (Notifications, Dashboard)

• Auditing

SOA Governance Product (Cont.)

• Most important of all..

• Governance cannot be bought, you need to customize it..

• Extensibility Features• BAM (Business Activity Monitoring)• BI (Business Intelligence) gathering• CEP (Complex Event Processing)

Gartner Magic Quadrant for Integrated SOA Governance Technology Sets

SOA Governance Products : Example

• SOA Software• Portfolio Manager

• Policy Manager

• Repository Manager

• Service Manager

• Oracle SOA Governance• Oracle Enterprise Repository

• Oracle Web Services Manager

• Oracle Service Registry

SOA Governance Product : Example

• SOA Software• Portfolio Manager

• Policy Manager

• Repository Manager

• Service Manager

• Oracle SOA Governance• Oracle Enterprise Repository

• Oracle Web Services Manager

• Oracle Service Registry

• WSO2 (Open source)• Governance Registry

40

WSO2 Governance Registry

SOA Governance :Implementation

SOA Governance : Checklist -1

• Registry/Repository:• Service Meta‐Data setup and Validation• Service Relationship and Dependency Management

• Access to Service:• Workflow based Request Process • User Configurable Policies

SOA Governance : Checklist -2

• Publishing Service• Workflow based Notification• WSDL validation and Conformance Reporting• Wizards for Publication

• Delivery of Service• Provider/Consumer Binding• SLA enforcement, Versioning, Deployment • Centralized monitoring• Routing Management

• Failover /Load Balancing• Logging and Audit Trailing

SOA Governance : Checklist -3

• Service Change Management• Service subscription management• Service Metadata subscription

• Replication strategy• Selective synchronization / promo.

• Master/Slave based

SOA Governance : Checklist -4

• Enforcement of Security• Role based • ACL• Fixed and Configurable Roles

• Support for LDAP

• Interoperability • Handling any URI data • Java Rule Engine API

SOA Governance : Best Practices

• Establish early• Organizational acceptance for Governance• Communicate relentlessly

• Automate• Govern the entire service lifecycle• Anticipate mixed technologies• Monitory, access & report business value• Consider cross organizational boundaries

SOA Governance Success Factors

• Align with internal software development methodology.

• Minimize overhead.• Maximize synergy with existing IT governance

processes.• Gain visibility of project pipeline as early as

possible.• Prefer influence over enforcement.

Resources

SOA Governance, WSO2 SOA Workshop, 2009 Governance: Fundamental to SOA’s Success, Ari Roy,

DATA Inc. Policy Based Governance for the Enterprise, Web

Layers

Thank you

thananum@gmail.com

www.facebook.com/imcinstitute

www.imcinstitute.com