Professional Documents
Culture Documents
A Guide To SOA Governance - Torry Harris Whitepaper
A Guide To SOA Governance - Torry Harris Whitepaper
Executive Summary
SOA projects have to normally justify themselves through quantifiable results, one at a time, to get wider internal adoption. SOA Governance could help realize the ROI by defining reliable, quantifiable results for SOA implementations through a regular collection of metrics and mandating changes to improvise implementation. This document describes SOA Governance and the typical stages through which such Governance could be implemented. It briefly discusses the types of Governance and typical Governing bodies that could be formed to deliver a successful SOA project.
Company Confidential
-1-
Introduction
SOA or Service Oriented Architecture is:
An approach to implement business processes as a set of predefined services. In a serviceoriented approach, a service is the smallest building block, which encapsulates the implementation logic and can be executed repeatedly in a given process or across processes. Typically, a service repository contains the portfolio of services in an organization. The value of SOA is realized through its powerful framework of services built using open standards to promote reuse. The ROI realized through SOA is a much-debated topic today. Considering the effort it takes to build a SOA, in-terms of the people, training, tools, processes and internal discipline, benefits of reuse would need to be realized early on, to gain confidence. Carefully planned governance could be a critical catalyst in realizing ROI for a SOA project.
Governance is:
To define/implement/monitor policies, principles, standards, procedures & processes that enable organizations to direct & conduct business, and enable people in their roles. To establish a chain of responsibilities, decision-making rights & authority, communication & escalation channels that empower people (decision makers).
Governance is a tool that defines organizational roles and empowers individuals conducting these roles. Various technical tools available in the market today help automate a certain aspect of the governance process; however, as would be expected, Governance does involve considerable human intervention. IT Governance refers to a subset of the organizations governance that deals with the management and control of its IT systems, processes, people, IT assets, infrastructure and the way IT processes support a business goal. IT governance forms a significant part of the Enterprise governance considering the horizontal IT spread in any organization. SOA Governance is an extension of IT governance, which focuses primarily on the lifecycle of services, metadata and composite applications in a typical SOA initiative. As a specialization of IT governance, SOA governance suggests how an IT governances decision rights, policies, procedures and measures need to be modified and augmented for successful SOA adoption.
Company Confidential
-2-
Company Confidential
-3-
Company Confidential
-4-
Test phase addresses the conformance to requirements. Each developed process / service gets evaluated against pre-defined criteria for conformance. Integrate suggests creating a host environment for composite (service-oriented) applications and their testing. This includes evaluating capacity planning, operational efficiency & performance, integrity, security and other dependencies. Manage & Improve phase involves the actual deployment and maintenance of the operational system. This includes performance monitoring, service response time, problem log & fix, among others to get the service operational. This would also involve tuning the services to achieve an updated business design.
Company Confidential
-5-
SOA Governance
As SOA crosses lines of business and IT, there is a greater need for effective SOA governance to ensure success in-terms of ROI. In the initial SOA wave, governance was thought to be a niceto-have discipline but with growing maturity and complexity, SOA projects mandate a welldefined SOA governance body.
Quality of project execution & ROI is a mirror reflection of any governance and so it is for SOA
Symptoms of poor SOA governance: Less or no planning and coordination hurdles in project execution Redundant services No metrics to track success Poor non-functional capabilities (security, logging, reliability, transactions, auditing, filtering etc.) Runtime service management issues like performance, scalability, availability etc. Problem in isolating production issues. Change & release management issues. Increased complexity. Blame game among vendors. Poor quality end use experience.
Symptoms of good SOA governance: Well-defined project execution with quantifiable ROI. Sharing and reusable services Less point-to-point connections Secure, reliable and highly available systems Able to recognize potential problems and fix them before impacting business Swift transition & enhancements Growing ROI Accountable team Delighted end user A typical SOA governance team would need to: Understand the current IT governance, which includes all the business line procedures, policies, principles, measures, decision roles and cultures. Identify the processes/applications that can be reused and the overall impact of SOA adoption. Select the best practices for existing business models. Create a prioritized SOA adoption plan Involve all stakeholders for communication & suggestions. Review and control the transition plan during the course Implement the agreed plan Continuously measure the implemented model and log performance & issues Consider future regulatory needs
Company Confidential
-6-
Company Confidential
-7-
Evaluate your enterprise goal with SOA adoption to align it for current & future needs. Gather business strategy for SOA adoption i.e. participation plan, funding & compliance necessities.
2) Create
Formulate a SOA strategy i.e. document the critical roles, responsibilities & engagement model. Understand the current governance structure and document the proposed structure for SOA adoption. Review the proposed SOA governance plan. Layout the new policies & structures. Identify new/modify authority roles & responsibilities. Highlight success factors and metrics. Identify funding model & owners. Define a SOA centre of excellence. Identify & approve the required SOA infrastructure during course.
3) Test
Review the plan and start a vendor engagement. Implement the approved governance model & infrastructure. Educate and assign the identified roles and responsibilities. Deploy policies. Identify any additional process/training required. Align new roles with vendor and its engagement model.
4) Integrate
Kick-off the SOA planned initiative Monitor the project progress. Organize meetings and report metrics.
Company Confidential
-8-
SOA Governance
1) Design Time SOA Governance: Design time SOA governance addresses the concerns of policy management, information management, lifecycle management and quality management for services.
Company Confidential
-9-
2) Run Time SOA Governance: Run time SOA governance relates to contract management, service administration, service monitoring, and service mediation.
Company Confidential
- 10 -
Service publishing Service discovery Service development Service consumption Service provisioning Service access Service binding to form a composite application
Runtime SOA governance: 1. 2. 3. 4. Service maturity Capacity planning Performance & problem logs Education & training 5. Organizational changes. 6. Service policy enforcement.
Company Confidential
- 11 -
THBS recommendations
We recommend the following teams to form a governing body for a typical SOA initiative across design time and run time:
Company Confidential
- 12 -
SOA governance does not consist of a set of rigid bureaucratic policies and procedures. It involves regular collection of metrics and mandating changes to improvise the implementation. Policies would change as per business and enterprise needs. Consistent waivers are regularly identified and examined. An example RACI matrix is as below (which of course would differ from enterprise to enterprise):
Company Confidential
- 13 -
Company Confidential
- 14 -
Company Confidential
- 15 -