Simply put, governance sets policies in place, and provides the mechanism to enforce them.
SOA governance life cycle
- Design-Time Governance (defining and controlling of enterprise services to be created in the enterprise, and the creation of policies used to direct and control the implementatin of the enterprise service life cycle)
- Deploy-Time Governance (process of testing and controlling compliance to enterprise policies in order for servics to be deployed in an SOA)
- Run-Time Governance (process of enforcing the adherence to run-time service policies at run time)
- Change-Time Governance (managing services through the cycle of change)
Types of policies used in SOA governance
- Messaging Security
- Access Control Policy
- Conformance to Enterprise Vocabulary and Schema
- Conformance to Technical Standards (WS-I, WSDL, WS-Security, WS-ReliableMessaging)
- Deployment Process
- Versioning Policies
- Discovery Policy
- Privacy Regulations
- Quality of Service (QoS)
- Reliability
- Auditing and Reporting Requirements
- Service Level Agreements (SLAs)
Separate Policy Logic from Business Logic
SOA Governance and Service Life Cycle
Differentiating Service Policies and Business Processes
Most business processes are based on business rules and workflow, where most run-time governance policies for services are sets of constraints and capabilities that describe how a service and a client interact.
The Service Identifrication Process
Process
Stakeholders
Service Design and Specification Process
Process
Stakeholders
The Service Implementation Process
Process
Stakeholders
Deploy-Time Governance
Process
Stakeholders
Run-Time Governance
Process
Stakeholders
Developing Enterprise Policy
- Standards compliance
- Common vocabulary
- Naming conventions
- Error handling and suditing
- Run-time service policy authoring
- Genral best practices and blueprints
- Service versioning
SOA governance model (process)
- Requirement Management
(Who collects the requirements? Who tracks changes in requirements? how are new requirements incorporated into the architecture strategy?)
Key procedures
* Requirements definition
* Requirements modification
* Requirements implementation
Mitigating the risks
* Identify valid sources
* Given the reuse levels and complexity within an sOA environment, SOA requirements must be managed on a life-cycle basis
* Requirements tracability
- Architecture Planning
(Who defines SOA architecture? who enforces the use of the sOa architecture? what are the criteria for reusability? who determines the business impact of projects and what metrics do they use? Can you demonstrate the causality between the SOA efforts and business improvements? who pays for a service and support? How much? How do they pay? Per service call, as a percentage of development cost or total cost recovery?)
Key procedures
* SOA architecture design
* SOA service planning
* SOA financial planning
Mitigations
* Increase potential risk areas(highlight closed-loop interactions)
* Interactions are not addressed in terms of timing, who performs them, and how they are performed
* Service performance metrics
- Competency Center Management
(Who owns support? The developers who built the services? A dedicated support team? Should you create an sOa competency center? What resource skills are required? How should it be staffed? How do center personnel work with application teams?)
Key procedures
* Define SOA development support services
* SOA project consulting
Mitigations
* provide necessary people skills
- Business Process Management
(who defines the scope of a business process? How should business process tasks be associated to a web service? who collects business process activity metrics?)
Key procedures
* Business Process Design
* Business Process Development
* Business Process Monitoring
Mitigations
*must be driven by business processes
*leverages client's enterprise business architecture
* Work with enterprise governance
- Service Life Cycle (Who defines naming standards? Who writes services? who tracks the metrics? who publishes the services? who is responsible for assigning service policies?)
Key procedures
* Service Identification and Design
* Service Development, Testing, and Deployment
Mitigations
* Identify proper stakeholders
* HP SOA Governance Tools
- Security Management
(Who builds the security framework for your integration implementation? Who integrates web service security with the rest of the organization's security infrastructure?)
Key procedures
* Security design
* Security implementation
Mitigations
* Align security policies with security design reviews
- Registry / Repository Management
(Which tools are used to build the repository? What will be stored in it and who controls access? How do you enforce maintenance of repository content?)
Key procedures
* Evaluate and select the SOA registry and repository
* Develop SOA registory and repository usage guidelines
Mitigations
* follow usage guidelines
*Review HP SOA Center governance software platform
- Configuration Management
(Who manages the dependencies between services and applications? what are the criteria for creating releases? who builds, manages, and runs the test environment? who determines the timing and cordination of release promotion?)
Key procedures
* SOA environment configuration
* Release management
* Change control
Mitigations
* Identify stakeholdes and coordination methods early
* clear communication plans for configuration management
* Establish standards, methods, and automated tools
- Operations Management
(Who monitors the services? who monitors performance? How should error notification be addressed? who manages issues raised by the use of services across multiple environments?)
Key procedures
* Service monitoring
* Performance management
* Problem management
Mitigations
* leverage coordinator roles
* Identify stakeholders early
Metrics
Closed-loop SOA governance model
- Planning
- Design
- Development
- Testing
- Deployment
- Management
SOA governance model content (within model / process)
- SOA governannce procedures
- Oraanizational structures, roles, & responsibilities
- SOA Policy Compliance Tool
- Supporting Templates
HP SOA Governance Software Tools
Business Technology Optimization for SOA
SOA Governance (SOA Center, HP SOA Solution) (GIF - Governance Interoperability Framework)
- HP SOA Systinet
- HP SOA Policy Enforcer
- HP SOA Registry
SOA Quality (Applications)
- Quality Center with STM (Service Test Management, 70% market share)
- HP Unified Functional Test and Service Test (func testing)
SOA Management (IT operations)
- HP Business Availability Center (BAC) (Enterprise management)
- HP Diagnostics for SOA (Project focus)
Posts
No comments:
Post a Comment