InfoQ

News

Business Processes for SOA Governance

Posted by Jean-Jacques Dubray on Oct 16, 2008 10:00 PM

Community
SOA
Topics
Governance ,
Enterprise Architecture ,
Business Process Modeling
Tags
Best Practices

Prabhakar Mynampati, an Advisory Architect at IBM, published last week an article detailing 6 SOA Governance business processes.  The article includes a BPMN-like process definitions for:

  • Service identification
  • Service creation
  • Service testing
  • Service versioning and change management
  • Service management
  • Service security

These scenarios were defined in response to potential challenges likely to be encountered in a SOA Development Lifecycle without SOA Governance:

  • Struggling to identify new services and prioritize them.
  • Significant issues with service creation and reuse, such as creation of redundant and inefficient services.
  • Adoption test strategies and standards are haphazard.
  • Governance of changes and versions for services are crude and unrefined
  • No systematic way to enforce governance policies for service management, quality of service (QoS), and services security.

Prabhakar argues that a Service Identification process is required because:

There are a variety of project risks due to inconsistent approaches adopted in the identification of business and IT services. Services might be noninteroperable, and after the identification of services many of them might be redundant. There might also be a situation where there's no responsible owner of the identification and delivery of services. Ultimately, all these risks can result in increased project costs and the inability to meet delivery time.

He suggests using a Service Identification Process such as this one:

Similarly, a Service Creation process is required because:

Currently, an organization is suffering from the development and deployment of redundant and inefficient services built across different lines of horizontal and vertical domains without regard for other repositories. Some of the services are getting realized in an inconsistent way of recognizing system functions. The maintenance costs are increasing because multiple copies of similar or the same services are being maintained, and there's no control over such services, which halts further development.

In the case of Service Testing, Prabhakar sees:

situations where a variety of groups are using different tools and test strategies for testing their services. There's no uniform approach for using tools, plug-ins, and test strategies for realization of services in the organization. This is attributable to the fact that compliance tests among some of the services were developed in vertical units, and some issues were raised that business requirements aren't correctly met with realized IT services. Some units aren't able to meet integration and system-testing deadlines in the stringent project schedule. And few project teams have trouble handling change in business requirements to systematic realization of IT services. All these issues have brought challenges to governance in a testing scenario.

He argues the necessity of a Service Versioning and Change Management process when:

there's no authority in the organization to decide whether required changes in the business processes needed to be implemented in IT and whether that change should be implemented in an existing service or as a next-version release. There's no common body in the enterprise to study and know the impact of these changes with respect to other service consumers. And there's no authority to decide runtime policy for versioning of services. System nonavailability complaints from the customers are arising due to production disruption when changing service versions.

He also sees some critical SOA Governance activities in the Service Management process area:

In this service management scenario, you look at an organization that's facing difficulties in monitoring and managing the services that are exposed to different service consumers. ... The architecture and development team is not aware of the services and resources that need to be monitored based on service level agreements (SLAs). There's no uniform approach for adoption of management tooling that covers the end-to-end view of business application, and there's no uniform approach for providing detailed information about performance and availability metrics for individual resources.

Finally, he also sees problems when

an organization has no common strategy for attacking security threats and protecting services from external access. Multiple authentication and authorization of services are frustrating operators. There's no security policy management framework in place for adopting policies and tracking these policies from inception to implementation, and there's no responsible body for interacting and communicating with enterprise boundary organizations to maintain a common set of security standards. There are no agreed-upon security standards for interacting with other services and data, and no defined roles and responsibilities for policy administration.

SOA Governance requires to be very methodical when identifying, implementing, securing or managing services. Are you using similar processes in your organization? if not, have you experienced some of the issues that the author presented here? would you consider implementing some of these processes?

  • This article is part of a featured topic series on Governance

Related Sponsor

Visit SOA Appliance Comparison Site
*Video Usage Model Tutorials
*Comparison to IBM DataPower X150
*Performance Benchmarks
*On-demand webinars

5 comments

Watch Thread Reply

Resource not available by Jeff Goers Posted Oct 17, 2008 7:24 PM
the article link is broken on developerWorks by Jean-Jacques Dubray Posted Oct 18, 2008 8:35 AM
How to access.... by Ritin M S Posted Nov 4, 2008 11:57 PM
Re: How to access.... by Ritin M S Posted Nov 4, 2008 11:58 PM
The article is back on developerWorks. by Ritin M S Posted Nov 10, 2008 3:46 AM
Sort by date descending

  1. Back to top

    Resource not available

    Oct 17, 2008 7:24 PM by Jeff Goers

    The resource provided for services identification is not available...

    Reply

  2. Back to top

    the article link is broken on developerWorks

    Oct 18, 2008 8:35 AM by Jean-Jacques Dubray

    I apologize, it looks like the article is not available at the moment: http://www.ibm.com/developerworks/webservices/library/ws-soa-governance/index.html I am not sure why. I will check again Monday.

    Reply

  3. Back to top

    How to access....

    Nov 4, 2008 11:57 PM by Ritin M S

    Folks, The article has been temporarily pulled down from the developerWorks website. But there is an alternate way to access it:- 1) Go to google. 2) Look for "SOA governance Scenarios". 3) The article link would be returned as the 1st result. 4) Click on "Cached" link underneath the result to access the cached page. Hope this helps!!

    Reply

  4. Back to top

    Re: How to access....

    Nov 4, 2008 11:58 PM by Ritin M S

    Folks, The article has been temporarily pulled down from the developerWorks website. But there is an alternate way to access it:- 1) Go to google. 2) Look for "SOA governance Scenarios". 3) The article link would be returned as the 1st result. 4) Click on "Cached" link underneath the result to access the cached page. Hope this helps!!
    Alternatively, download as pdf.. http://download.boulder.ibm.com/ibmdl/pub/software/dw/webservices/ws-soa-governance/ws-soa-governance-pdf.pdf

    Reply

  5. Back to top

    The article is back on developerWorks.

    Nov 10, 2008 3:46 AM by Ritin M S

    http://www.ibm.com/developerworks/webservices/library/ws-soa-governance/index.html

    Reply

Educational Content

Bindings, Platforms, and Innovation

This presentation focuses on the Internet and separating myth from fact, history from the future, and the mundane from the imaginative. Bob Frankston presents a vision of what could and should be.

  •  Jul 02, 2009,
  •  

Orchestrating Long Running Activities with JBoss / JBPM

This article explores the use of JBoss and jBPM to implement design solutions that effectively address the issue of orchestrating long running activities.

  •  Jul 01, 2009,
  •  

Neo4j - The Benefits of Graph Databases

This presentation covers the use of graph databases as an optimal solution for data that is difficult to fit in static tables, rapidly evolving data or data that has a lot of optional attributes.

Realistic about Risk: Software development with Real Options

This session introduces Real Options and shows how it can help in running your project. Real Options is a decision-making process that can be used to manage risk.

  •  Jun 30, 2009,
  •  

Communication Flexibility Using Bindings

This article discusses the use of bindings on services and references (including the instance of non-configured bindings) as the means to implement SCA communications in a Web and SOA environment.

  •  Jun 30, 2009,
  •  

Writing DSLs in Groovy

After a short introduction to DSLs, Scott Davis plays with the keyboard showing how to approach the creation of a DSL by typing working snippets of Groovy code that get executed.

Scaling Agile with C/ALM (Collaborative Application Lifecycle Management)

IBM Rational and InfoQ present, Scaling Agile with C/ALM, an eBook showing organizations how to become “finely tuned software delivery machines” by enabling team integration and scaling.

Concurrent Programming with Microsoft F#

Amanda Laucher presents a real life enterprise application written in F#. She shows actual code snippets, explaining design decisions and suggesting how to use some of the F# constructs.