Monday, July 20, 2009

SOA Governance

The main objective of Service governance is to achieve the benefits of a Service Oriented Architecture by fostering the creation of reusable, enterprise class services. As a cross functional organization, service governamce ensures the timely resolution of issues and conflicts due to the necessary tradeoffs that are made when shared requirements are defined.

Simply put, governance sets policies in place, and provides the mechanism to enforce them.

SOA governance life cycle
- Design-Time Governance (defining and controlling of enterprise services to be created in the enterprise, and the creation of policies used to direct and control the implementatin of the enterprise service life cycle)
- Deploy-Time Governance (process of testing and controlling compliance to enterprise policies in order for servics to be deployed in an SOA)
- Run-Time Governance (process of enforcing the adherence to run-time service policies at run time)
- Change-Time Governance (managing services through the cycle of change)

Types of policies used in SOA governance
- Messaging Security
- Access Control Policy
- Conformance to Enterprise Vocabulary and Schema
- Conformance to Technical Standards (WS-I, WSDL, WS-Security, WS-ReliableMessaging)
- Deployment Process
- Versioning Policies
- Discovery Policy
- Privacy Regulations
- Quality of Service (QoS)
- Reliability
- Auditing and Reporting Requirements
- Service Level Agreements (SLAs)

Separate Policy Logic from Business Logic

SOA Governance and Service Life Cycle


Differentiating Service Policies and Business Processes
Most business processes are based on business rules and workflow, where most run-time governance policies for services are sets of constraints and capabilities that describe how a service and a client interact.

The Service Identifrication Process
Process



Stakeholders


Service Design and Specification Process
Process



Stakeholders


The Service Implementation Process
Process



Stakeholders



Deploy-Time Governance
Process



Stakeholders



Run-Time Governance
Process



Stakeholders



Developing Enterprise Policy
- Standards compliance
- Common vocabulary
- Naming conventions
- Error handling and suditing
- Run-time service policy authoring
- Genral best practices and blueprints
- Service versioning

SOA governance model (process)
- Requirement Management
(Who collects the requirements? Who tracks changes in requirements? how are new requirements incorporated into the architecture strategy?)

Key procedures
* Requirements definition
* Requirements modification
* Requirements implementation

Mitigating the risks
* Identify valid sources
* Given the reuse levels and complexity within an sOA environment, SOA requirements must be managed on a life-cycle basis
* Requirements tracability

- Architecture Planning
(Who defines SOA architecture? who enforces the use of the sOa architecture? what are the criteria for reusability? who determines the business impact of projects and what metrics do they use? Can you demonstrate the causality between the SOA efforts and business improvements? who pays for a service and support? How much? How do they pay? Per service call, as a percentage of development cost or total cost recovery?)
Key procedures
* SOA architecture design
* SOA service planning
* SOA financial planning

Mitigations
* Increase potential risk areas(highlight closed-loop interactions)
* Interactions are not addressed in terms of timing, who performs them, and how they are performed
* Service performance metrics

- Competency Center Management
(Who owns support? The developers who built the services? A dedicated support team? Should you create an sOa competency center? What resource skills are required? How should it be staffed? How do center personnel work with application teams?)

Key procedures
* Define SOA development support services
* SOA project consulting

Mitigations
* provide necessary people skills

- Business Process Management
(who defines the scope of a business process? How should business process tasks be associated to a web service? who collects business process activity metrics?)

Key procedures
* Business Process Design
* Business Process Development
* Business Process Monitoring

Mitigations
*must be driven by business processes
*leverages client's enterprise business architecture
* Work with enterprise governance

- Service Life Cycle (Who defines naming standards? Who writes services? who tracks the metrics? who publishes the services? who is responsible for assigning service policies?)

Key procedures
* Service Identification and Design
* Service Development, Testing, and Deployment

Mitigations
* Identify proper stakeholders
* HP SOA Governance Tools

- Security Management
(Who builds the security framework for your integration implementation? Who integrates web service security with the rest of the organization's security infrastructure?)

Key procedures
* Security design
* Security implementation

Mitigations
* Align security policies with security design reviews

- Registry / Repository Management
(Which tools are used to build the repository? What will be stored in it and who controls access? How do you enforce maintenance of repository content?)

Key procedures
* Evaluate and select the SOA registry and repository
* Develop SOA registory and repository usage guidelines

Mitigations
* follow usage guidelines
*Review HP SOA Center governance software platform

- Configuration Management
(Who manages the dependencies between services and applications? what are the criteria for creating releases? who builds, manages, and runs the test environment? who determines the timing and cordination of release promotion?)

Key procedures
* SOA environment configuration
* Release management
* Change control

Mitigations
* Identify stakeholdes and coordination methods early
* clear communication plans for configuration management
* Establish standards, methods, and automated tools

- Operations Management
(Who monitors the services? who monitors performance? How should error notification be addressed? who manages issues raised by the use of services across multiple environments?)

Key procedures
* Service monitoring
* Performance management
* Problem management

Mitigations
* leverage coordinator roles
* Identify stakeholders early
Metrics


Closed-loop SOA governance model
- Planning
- Design
- Development
- Testing
- Deployment
- Management

SOA governance model content (within model / process)
- SOA governannce procedures
- Oraanizational structures, roles, & responsibilities
- SOA Policy Compliance Tool
- Supporting Templates

HP SOA Governance Software Tools
Business Technology Optimization for SOA
SOA Governance (SOA Center, HP SOA Solution) (GIF - Governance Interoperability Framework)
- HP SOA Systinet
- HP SOA Policy Enforcer
- HP SOA Registry

SOA Quality (Applications)
- Quality Center with STM (Service Test Management, 70% market share)
- HP Unified Functional Test and Service Test (func testing)

SOA Management (IT operations)
- HP Business Availability Center (BAC) (Enterprise management)
- HP Diagnostics for SOA (Project focus)

No comments:

Post a Comment