InfoQ

News

SOA Governance Revisited

Posted by Boris Lublinsky on Jun 01, 2008 08:47 PM

Community
Architecture,
SOA
Topics
Governance ,
Enterprise Architecture
Tags
IBM Rational ,
Service Design ,
IBM ,
SOA Adoption

Despite increased adoption, many of the SOA projects are still failing. Things are often getting so bad - there was a recent article with a catchy name SOA or DOA, where DOA stands for "Dead on Arrival". One of the ways to improve this situation is proper proper SOA governance

Rescent Muhammed Yaseen Muriankara’ article - SOA governance framework and solution architecture defines 3 basic level of governance. Enterprise governance is

establishing chains of responsibility, authority, and communication to empower people and establishing measurement, policy and control mechanisms to enable people to carry out their roles and responsibilities

The subset of the enterprise governance is IT governance

aspects of governance that pertain to an organization's information technology processes and the way those processes support the goals of the business

Finally SOA governance is defined as

a specialization of IT governance that puts key IT governance decisions within the context of the life cycle of service components, services, and business processes. It is the effective management of this life cycle that is the key goal to SOA governance

The article presents methodology and model for adopting SOA governance from IBM which is called the SOA Governance and Management Method (SGMM). The methodology documented using IBM Rational® Method Composer and is available for download.

. SGMM is build around service lifecycle and covers the following:

Service definition

The most fundamental aspect of SOA governance is overseeing the creation of services. Services must be identified, their functionality described, their behavior scoped, and their interfaces designed.

Service testing

SOA increases the opportunity to test functionality in isolation and increases the expectation that it works as intended. However, SOA also introduces the opportunity to retest the same functionality repeatedly by each new consumer who doesn't necessarily trust that the services it uses are consistently working properly. Meanwhile, because composite applications share services, a single buggy service can adversely affect a range of seemingly unrelated applications, magnifying the consequences of those programming mistakes.

Service deployment life cycle

Services don't come into being instantaneously and then exist forever. Like any software, they need to be planned, designed, implemented, deployed, maintained, and ultimately, decommissioned. The application life cycle can be public and affect many parts of an organization, but a service's life cycle can have even greater impact because multiple applications can depend on a single service.

Service versioning

Service versioning enables users satisfied with an existing service to continue using it unchanged yet allows the service to evolve to meet the needs of users with new requirements. The current service interface and behavior is preserved as one version, while the newer service is introduced as another version.

Service ownership

An SOA should reflect its business. Usually this means changing the SOA to fit the business, but in some cases, it may be necessary to change the business to match the SOA. When this is not possible, increased levels of cooperation are needed between multiple departments to share the burden of developing common services. This cooperation can be achieved by a cross-organizational standing committee that, in effect, owns the services and manages them.

Service security

SOA creates services that are easily reusable, even by consumers who ought not to reuse them. Even among authorized users, not all users should have access to all data the service has access to. Some consumers of a service have greater needs than other consumers of the same service for data confidentiality, integrity, and nonrepudiation.

Service monitoring

A composite application, one that combines multiple services, is only as reliable as the services it depends on. Since multiple composite applications can share a service, a single service failure can affect many applications. SLAs must be defined to describe the reliability and performance consumers can depend on. Service providers must be monitored to ensure that they're meeting their defined SLAs.

An article describes not only a methodology for SOA governance, but also a set of tools (Governance platform), allowing to support and automate, at least partially, many of the governance processes.

Some of the minimum required automation capabilities for a startup project include:
     
  • A centralized registry and repository to find and publish the service related artifacts and metadata. This is necessary to:
    • Find the right authorized service.
    • Avoid duplication of effort.
    • Encourage reuse.
    • Identify the current state of service in the SOA life cycle.
    • Provide visibility to subscribers of the services.
    • Find related services and the impact of changing a service.
    • Communicate changes done to the service.
  • A mechanism to relate and enforce policies applicable for a service. The policies are defined by using the governance framework.
  • A customizable life cycle-aware system that triggers validations on the change of phase within the life cycle so that phase-by-phase governance validations can be automated.
  • The registry should ideally be SOA run time optimized so that the metadata stored in the registry can be used to provide enrichment via dynamic routing during run time.
       

    • The article itself and a list of references are a good read for everyone involved in SOA implementation and more specifically in the SOA governance.

    • This article is part of a featured topic series on Governance

    2 comments

    Reply

    dynamic routing by Dan Diephouse Posted Jun 2, 2008 11:01 AM
    Muhammed does a nice job... by Andrew Dennis Posted Jun 4, 2008 2:17 PM
    Sort by date descending

    1. Back to top

      dynamic routing

      Jun 2, 2008 11:01 AM by Dan Diephouse

      The registry should ideally be SOA run time optimized so that the metadata stored in the registry can be used to provide enrichment via dynamic routing during run time.


      "SOA run time optimized" - what does that even mean?



      Also, how many people actually do dynamic routing during runtime? Load balancing is one thing, but picking a service out of the blue is another. In most production deployments it seems like you'd want to know *exactly* what service you're using. A random service could be extremely dangerous and break your application. Are people actually using this? And how?

      Reply

    2. Back to top

      Muhammed does a nice job...

      Jun 4, 2008 2:17 PM by Andrew Dennis

      of framing IBM's SOA Governance and Management Method. Boris, I like your "SOA or DOA" point and your highlighting the definition of SOA Governance. Should you have an interest in additional SOA Governance definitions and metaphors, take a look at this:


      SOA Governance Definitions:

      <p>soagovsource.com/cms/index.php?option=com_conte...</p>


      SOA Governance Metaphors:

      <p>soagovsource.com/cms/index.php?option=com_conte...</p>

      Thanks,

      Andrew

      Reply

    Exclusive Content

    Clojure

    Rich Hickey discusses Clojure features and syntax, example code, functional programming, concurrency semantics, transactions, software transactional memory, agents, implementation and pain points.

    Composite Oriented Programming with Qi4j

    We introduce the concept of Composite Oriented Programming, and show how it avoids the issues with OOP and reignites the hope of being able to compose domain models with reusable pieces.

    Dan Farino About MySpace’s Architecture

    Dan Farino talks about the system architecture and the challenges faced when building a very large online community. Dan explains how a .NET product scales on hundreds of servers.

    Principles and Practices of Lean-Agile Software Development

    Alan Shalloway, CEO and founder of Net Objectives, presents the Lean software development principles and practices and how they can benefit to Agile practitioners.

    The Maxine VM

    Bernd Mathiske discusses Maxine VM, Java compatibility, swapping major VM components, research areas, Object handling, code examples, optimizing compiler, snippets, bytecode generation, JNI and JIT.

    Joe Armstrong About Erlang

    Joe Armstrong speaks on various aspects of the Erlang language, presenting its roots, how it compares with other languages and why it has become popular these days.

    The Limits of Code Optimization: a new Singleton Pattern Implementation

    The java double-check singleton pattern is not thread safe and can’t be fixed. In this article, Dr. Alexey Yakubovich provides an implementation of the Singleton pattern that he claims is thread-safe.

    Pressure and Performance – The CTO's Dilemma

    Diana and Jim talk about patterns observed in CTOs' activity. CTOs emerge as real people caring for other people in their organization, and are put under a lot of pressure and constraints.