Topic 4
SOA Governance
Assoc.Prof.Dr. Thanachart Numnondawww.imcinstitute.com
2
Agenda
SOA Challenge
What is SOA Governance?
SOA Governance : Technologies and Products
SOA Governance : Implementation
SOA Challenge
SOA Overarching Trends : IDC
• SOA adoption moving from project and application
level to system and enterprise scale
• Short and long term impact of SOA, along with expectations, need to be better understood
• While technologies are key enablers, most study
participants focus on organization and program dynamics
• Success can be defined by multiple dimensions,
Including• pervasiveness of SOA adoption in the enterprise and
• clear business results
5
SOA Challenges
SOA Success Factor : IDC Research
• Business Alignment
• Organizational Change
• Management
• Communication
• Trust
• Architecture
• Scale and Sustainability
• Governance
Why SOA Governance ?
• Enterprise Governance is business-oriented.
• In moving towards integrated business initiatives (outsourcing, strategic supplier collaboration, value and supply chain,…etc) and IT initiatives (XML, Web Services, EAI, SOA…etc), companies want to ensure continuity of • business operations
• manage security exposure
• align technology implementation with business requirements
• manage liabilities and dependencies,
• reduce the cost of operations.
SOA : Introduce a new layer
SOA Challenges
• It is so easy to create and utilize web services.
• Evolving Standards for Business Compliance, IT Standards and Web Service Technologies .
• Lack of one Standards enforcement .• A Variety of Vendors.• Inadequate Tooling .• New Layer - New Challenges
Developing SOA : New Paradigm
Ungoverned SOA: New Silo
Governance SOA
SOA in the Conventional Enterprise
Evaluation after One year without Governance
Evaluation after One year with Governance
What is SOA Governance?
SOA Governance : Definition
• The processes used to oversee and control the adoption and implementation of SOA in accordance with recognized practices, principles and government regulations.
• SOA governance provides optimum service quality, consistency, predictability and performance
SOA Governance : Components
• SOA registry : an evolving catalog of information about the available services in the SOA implementation.
• SOA policy : a set of behavioral restrictions intended to ensure that services remain consistent.
• SOA testing : a comprehensive schedule of audits and performance-monitoring procedures.
Key Components of Governance
Services in SOA
• Heart of SOA
• Life Cycle• Designed• Developed• QA passed
• In production
• Metadata• WSDL• Schema
• Policy
SOA Governance : Service Life Cycle
SOA Governance : Phases
• SOA governance is divided between design time governance and runtime governance.
• One way to make both design and runtime governance more effective is through centralized policy management.
• If the architecture is designed with all the policies in an easily accessible location, then making updates to an SOA after it has been implemented is much easier.
Design Time SOA Governance
24
Runtime SOA Governance
Enterprise SOA Policies
• Policies set the goals that you use to direct and measure success.
• Without policies, there is no Governance• Policies need to address the overall impact to the
business of the Services that are being created and deployed.
• Policies need to create a strong connection between the business and technology.
Enterprise SOA Policies (cont.)
• Policies might start at the business level:• Projects must comply with Internal Architecture
guidelines • Security and regulatory compliance policy reviews are
mandatory for all IT projects
• Policies could represent more specific regulatory compliance issues: (SOX, HIPPA)
SOA Governance : Benefits
• Greater alignment with business objectives
• Greater control over creation, deployment and consumption of services
• Centralized management of policies and regulation• Can embed compliance with government and indus
try regulations• Sarbanes‐Oxley, MiFID, HIPAA, GLBA
SOA Governance :Technologies and Products
Technologies behind SOA Governance
• Enterprise Service Bus (ESB)
• Repository• Registry
Role of ESB in Governance
• Security• Ensure Privacy, Authenticity, Authorization and
Auditing of all Message exchanged
• Mediation• Policy based mediation (protocol/invocation)
• Management• Holistic view of Transactions that passes through• Intercept Service call
Role of Service Registry/Repository
• Where all Services are published
• Implements process to publish service that matches Governance model
• Contains Policies applicable to each service
Service Registry
Service Repository
Benefit of Integrating Registry/Repository
• Consistent view of service definition
• No duplication of Data • No need for data synchronization• Discover both Service info and dependencies
Key Features of SOA Governance Product
• Versioning
• Publishing & Discovery• Associations & Dependencies
• Relationship between resources
• Federation• Control (Permission, Life Cycle, Validations)• Monitoring (Notifications, Dashboard)
• Auditing
SOA Governance Product (Cont.)
• Most important of all..
• Governance cannot be bought, you need to customize it..
• Extensibility Features• BAM (Business Activity Monitoring)• BI (Business Intelligence) gathering• CEP (Complex Event Processing)
Gartner Magic Quadrant for Integrated SOA Governance Technology Sets
SOA Governance Products : Example
• SOA Software• Portfolio Manager
• Policy Manager
• Repository Manager
• Service Manager
• Oracle SOA Governance• Oracle Enterprise Repository
• Oracle Web Services Manager
• Oracle Service Registry
SOA Governance Product : Example
• SOA Software• Portfolio Manager
• Policy Manager
• Repository Manager
• Service Manager
• Oracle SOA Governance• Oracle Enterprise Repository
• Oracle Web Services Manager
• Oracle Service Registry
• WSO2 (Open source)• Governance Registry
40
WSO2 Governance Registry
SOA Governance :Implementation
SOA Governance : Checklist -1
• Registry/Repository:• Service Meta‐Data setup and Validation• Service Relationship and Dependency Management
• Access to Service:• Workflow based Request Process • User Configurable Policies
SOA Governance : Checklist -2
• Publishing Service• Workflow based Notification• WSDL validation and Conformance Reporting• Wizards for Publication
• Delivery of Service• Provider/Consumer Binding• SLA enforcement, Versioning, Deployment • Centralized monitoring• Routing Management
• Failover /Load Balancing• Logging and Audit Trailing
SOA Governance : Checklist -3
• Service Change Management• Service subscription management• Service Metadata subscription
• Replication strategy• Selective synchronization / promo.
• Master/Slave based
SOA Governance : Checklist -4
• Enforcement of Security• Role based • ACL• Fixed and Configurable Roles
• Support for LDAP
• Interoperability • Handling any URI data • Java Rule Engine API
SOA Governance : Best Practices
• Establish early• Organizational acceptance for Governance• Communicate relentlessly
• Automate• Govern the entire service lifecycle• Anticipate mixed technologies• Monitory, access & report business value• Consider cross organizational boundaries
SOA Governance Success Factors
• Align with internal software development methodology.
• Minimize overhead.• Maximize synergy with existing IT governance
processes.• Gain visibility of project pipeline as early as
possible.• Prefer influence over enforcement.
Resources
SOA Governance, WSO2 SOA Workshop, 2009 Governance: Fundamental to SOA’s Success, Ari Roy,
DATA Inc. Policy Based Governance for the Enterprise, Web
Layers