SOA Governance Best Practices Management of Enterprise

SOA Governance Best Practices

Management of Enterprise Architectures

April, 2007

Scott MurrayBridle Park Consulting

46 Bridle Park DriveKanata, ON, K2M 2E2

(613) [email protected]

Bridle Park Consulting SOA Governance Best Practices – April 2007

ObjectiveObjective

1. Provide informational briefing on Governance Best Practices for Service Oriented Architecture (SOA) solutions.

Primarily based upon: • Research into public information from

Gartner, IBM, WebLayers, TIBCO, ZapThink and other organizations; and

• Experience with & input from TBS-CIOB.


AgendaAgenda

1. Why should I care about SOA Governance?

2. The Government of Canada Service Oriented Architecture (GC SOA).

3. Why is SOA Governance different?

4. What do we mean by Governance?

5. Alternative Governance Styles.

6. SOA Governance Best Practices.


Why should I care about SOA?Why should I care about SOA?Because SOA is coming from so many places, SOA is happening to everyone!Business Application Developers.

SAP, Oracle, Microsoft are all developing business applications as services & SOA.

Integration Middleware Developers. All major infrastructure vendors deliver their products as SOA.

Application Developers. Developing services, components & composite applications.

G2G & G2C interactions. Increasing value (and demand!) for delivering services.

Everybody Else. Consumer centric applications enable anyone to create/deliver services.


Why use SOA?Why use SOA?

Source: GCR – 2006 study of over 150 large organizations with, at least,a SOA pilot underway

The Primary Business Drivers for SOA

IT Cost Savings

Customer ServiceImprovements

Faster time to Market

Information Visibility

New Products / Services

Regulatory Compliance

New Channels

Mergers & Acquisitions

Major CompetitorHas SOA Initiative

30%

23%

21%

6%

6%

5%

5%

4%

1%

The Expected Business Impact

65%

56%

53%

48%

36%

32%

25%

16%

75%

Business Agility


The Government of Canada SOAThe Government of Canada SOA

TBS – CIOB has developed the GC SOA. This provides an architectural framework to address business,

information and technology design. It includes specific guidance and flavouring as appropriate to

the Canadian federal government.

The GC SOA is an enabler to creating integrated business processes that utilize both ERP and non-ERP solutions / services.

The key to the GC SOA is establishing discrete, re-usable services that can be quickly and effectively packaged to deliver new government business capabilities.


GC Service Oriented ArchitectureGC Service Oriented Architecture

Context – Business Program Design

RecruitmentApplication

Personnel MgmtApplication

Application MgmtApplication

BusinessSolution(Application)Architecture

ArchitectedSolutions(Applications)

Hardware / Software Environment

LegacyApplication

Product

LegacyApplication

Product

LegacyApplication

Product

Technology ComponentArchitecture

GeneralizedComponents

InfrastructureServices

ServiceExchangeArchitecture

AutomatedBusinessServices

B C D EA F


On-boarding a new GC employeeOn-boarding a new GC employee

GC On-boarding Program



Applicant MgmtApplication

GC Hardware / Software Environment

OtherApplication(s)

Product

SAP FinanceApplication

Product

PSFT HRMSApplication

Product

B C D EA F

Scenario: Collect and enter employee data, set up employee in systems, establish employee access and assets, hold employee start date / orientation.




PayrollApplication

FinancialApplication

AdministrationApplications


OtherApplication(s)

Product


Product


Product

B C D EA F





Security MgmtApplication

FinancialApplication

Facility MgmtApplication


OtherApplication(s)

Product


Product


Product

B C D EA F






Pension AdminApplication

TrainingApplication


OtherApplication(s)

Product


Product


Product

B C D EA F

Other Env.

OtherApplication(s)

Product

GC Business Program B

OutsourcedApplication

2 3 4 51 6



The Key to Delivering SOA: GovernanceThe Key to Delivering SOA: Governance

Gartner Group: A well thought out SOA framework will increase the chance of successful SOA implementation. Key ingredients are the service registry and the concept of policy enforcement. SOA Registries, Policy enforcement bolster SOA Governance and Consumption

Computer Weekly: “The main reason that SOA projects fail is because there is a lack of governance. (It) isn’t an option, it’s an imperative” said Paola Malinverno, VP research Gartner

SOA will fail without governance warns Gartner

ZapThink: Governance is no longer an option for those seriously pursuing SOA.

The State of Worldwide SOA Adoption

Redmonk: “Without solid architecture and governance in place, SOA is basically a waste of time” James Governor, Principal Analyst,


Operational program

B C D EA F

Human Capital Management program

2 3 4 51 6

SOA Governance Requirements are SOA Governance Requirements are DifferentDifferent

Personnel AdminApplication

Workforce MgmtApplication

TrainingApplication


ProcurementApplication

Product


Product


Product

Matrix, rather than monolithic, business solutions.


Operational program

B C D EA F


2 3 4 51 6




TrainingApplication



Product


Product


Product

Service-usage (and service design!) cross program / organizational boundaries.


Operational program

B C D EA F


2 3 4 51 6




TrainingApplication



Product


Product


Product

Other Env.

OtherApplication(s)

Product

New Program

NewApplication

2 3 4 51 6

Who pays to support & run newly reused services?.


What is Governance?What is Governance?

Wikipedia definition:

Corporate governance is the set of processes, customs, policies, laws and institutions affecting the way a corporation is directed, administered or controlled. Corporate governance also includes the relationships among the many players involved (the stakeholders) and the goals for which the corporation is governed.

Governance has a value focus:

Good corporate governance is the use and management of an organization’s resources, in order to promote and enforce their use for targeted benefit.


Where does SOA Governance Fit?Where does SOA Governance Fit?

Business strategies, goals, objectives & policies

Corporate

Governance

Information

Technology

Governance Procedures that enforce Corporate-level IT Policies.

Architectural principles and standards to enable business & IT goals.

SOA

Governance

Enforcement of SOA principles and standards throughout the lifecycle of a service.

Enterprise

Governance

Enterprise

Information

Technology

Governance

Enterprise

SOA

Governance


What Does SOA Governance Entail?What Does SOA Governance Entail?

The Mechanics SOA Governance organization. SOA Governance processes. SOA Communications & Tools.

The Foundation High level principles regarding how SOA is to be used in the

organization. SOA investment priorities. SOA reference architecture & roadmap. SOA service portfolio.


Note: Some governance styles inspired by Tom Davenport, Information Ecology. Oxford University Press, 1997.

BU Leaders or Key

Process Owners

Cen

tralize

dM

ore

Less

CxOLevel Execs

Corporate IT

and/orBU IT

A group of, or individual, business executives (i.e., CxOs). Includes committees comprised of senior business executives (may include CIO). Excludes IT executives acting independently.

Business Monarchy

Individuals or groups of IT executives

ITMonarchy

Business unit leaders, key process owners or their delegatesFeudal

Each individual userAnarchy

IT executives and one other group (e.g., CxOs or BU leaders)

IT / Bus. Duopoly

Shared by C level executives and the business groups (i.e., CxOs and BU leaders) — may also include IT executives. Equivalent of the centre and states working together.

Federal

Decision rights or inputs to decisions are held by:

Alternative Governance StylesAlternative Governance Styles


SOA Governance Best PracticesSOA Governance Best Practices


1. Have a Governor1. Have a Governor

It’s good to have a benevolent dictator! ….or at least a community-approved arbitrator.

Having a Senior Executive “Governor” provides: Legitimacy to the SOA initiative and it’s governance processes; and The ability to quickly address difficulties & decisions amongst teams.

Typical Governor tasks can include: Prioritizing targeted benefits; Establishing clear boundaries; Addressing core governance processes; Help with business buy-in and culture shock; and Establishing an operational / project oversight committee to ensure that things move

smoothly.


2. Establish Boundaries2. Establish Boundaries

Situation: A service is built by Group A and now five other Groups want to use it as well. Who is responsible for adding the new horsepower needed to support the users

outside of Group A?

There is a need to identify who is responsible for: Building, operating and maintaining services that are used on a cross-organizational

basis. Where the funding comes from. The architecture upon which it is based.

Part of the solution may be to establish a central common services group.

This needs to be decided upon early in the process.


3. Create an Oversight Committee3. Create an Oversight Committee

Another early requirement.

Oversight Committee members: Represent their own organizations; and Can take on an enterprise-wide view of the SOA initiative.

It can be useful to have members from groups whose responsibility spans multiple business / IT silos.

Typical Oversight Committee tasks can include: Ensure that the goals of the overall enterprise are targeted; and Ensure that the matrixed individual entities involved in the SOA solution are able to communicate

with each other. Assist in the establishment, publishing and tracking of metrics

Needs to have the “teeth” to stop projects that are not compliant.


4. Govern the Architecture4. Govern the Architecture

Another early requirement. Ensures that the SOA solution evolves by design and not by accident.

Utilize both a top down & bottom-up design approach.

Architecture tasks can include: Establishing technology standards. Defining the high-level SOA architecture and

topology. Determining the SOA platform strategy and making

decisions about particular vendor products and technologies.

Specifying the management, operations, and quality-of-service—security, reliability, and availability—characteristics of the SOA

Establishing criteria for SOA project design reviews.

Business Program



Application MgmtApplication

Hardware / Software Environment

LegacyApplication

Product

LegacyApplication

Product

LegacyApplication

Product

B C D EA F


5. Use Multiple Governance Patterns5. Use Multiple Governance Patterns

Publishing Pattern: Have established governance policies and standards They are of no value if no-one knows about them. Publish them and have then readily available.

Checkpoint Pattern: Establish checkpoints in key processes (e.g., funding a project, moving from design to

production, retiring a service, etc.). Establish them early and, initially, keep them simple; increase checkpoint

sophistication as needed.

Scoreboard Pattern: Most often missed governance pattern. Establish metrics, make them publicly available and update them on a regular basis. Sample metrics: what services exist, which are being used by whom, levels of reuse,

performance, policy conformance, etc.


Governor

Oversight Committee

SOA SteeringBoard

Infrastructure ServiceGroup

Business SharedServices Group

Project Team(s)

ArchitectureGroup

Ensures that services being built comply with established architectural standards.

Develops SOA architectural standards and policies.

Manages the reference architecture. Develops & delivers non-business

specific infrastructure services that can be shared.

Develops & delivers shared business services.

Assembles and delivers SOA based business solutions.

Includes project management & business transformation specialists

Technical service review to ensure / monitor compliance with established principles and policies.

6. Establish SOA Roles6. Establish SOA Roles


7. Govern the Complete SOA Lifecycle7. Govern the Complete SOA Lifecycle

SOA GovernanceLife-Cycle

ServiceUse

ServiceDeployment

ServiceOperation

ServiceCreation

ServiceManagement

ProcessModeling

RequirementsIdentification

ServiceModeling

Align efforts to address both Business & IT needs.

Administrator

Service Consumer

Administrator

Administrator Developer

All

Architect

Architect

Identify Owners, authority levels & responsibilities.

Establish Checkpoints between steps.


SOA Design Time ConsiderationsSOA Design Time Considerations


ServiceUse

ServiceDeployment

ServiceOperation

ServiceCreation

ServiceManagement

ProcessModeling


ServiceModeling

Identifying which services to build against the backlog of business requirements.

Determining the fitness of a service as an GC-class asset.

Ensuring the strategic design of business services.

Promoting (enforcing) re-use of existing services.

Validating conformance to established design patterns and other corporate standards and practices.

Establishing the governance standards to which different categories of services will be held.


SOA Run Time ConsiderationsSOA Run Time Considerations


ServiceUse

ServiceDeployment

ServiceOperation

ServiceCreation

ServiceManagement

ProcessModeling


ServiceModeling

Checking a service against a set of rules before it is deployed into production.

Securing services so that they are accessible only to authorized consumers.

Validating that services operate in compliance with prescribed corporate standards.

Service-level monitoring and reporting.

Ensuring that Corporate and IT policies are being enforced.


8. Govern Service Evolution8. Govern Service Evolution


ServiceUse

ServiceDeployment

ServiceOperation

ServiceCreation

ServiceManagement

ProcessModeling


ServiceModeling

The only constant is change!

Need to maintain close Business and IT relationship.

Understand inter-service relationships and dependencies

Perform impact analysis to determine the implications of changing a particular service within the run-time environment

Manage the rollout of services into the existing run-time environment

Manage service custody transfers through the design, creation, and deployment stages

Manage changes to existing policies and service level agreements.

NewRequirements


Governance Best PracticesGovernance Best Practices

1. Have a Governor.

2. Establish Boundaries.

3. Create an Oversight Committee.

4. Govern the Architecture.

5. Use Multiple Governance Patterns.

6. Establish SOA Roles.

7. Govern the Complete SOA Lifecycle.

8. Govern Service Evolution.


SOA Governance Best Practices

Thank You.

Scott MurrayBridle Park Consulting

46 Bridle Park DriveKanata, ON, K2M 2E2

(613) [email protected]

Documents

SOA Governance Best Practices Management of Enterprise