Setting Up an Effective SOA Governance Model

SOA Governance Objectives
Organizations are SOA-enabling their applications using technologies like the orchestration engine (BPEL), Enterprise Service Bus, and Web Services. While these technologies and standards help realize the objectives, they don't guarantee SOA success. Success and ROI are not primarily dependant on enabling technology platforms or vendors. SOA success is challenged by an altogether different set of issues that are related to process discipline, collaboration, organization culture, and decision-making.

数据挖掘实验室

Some of the key challenges are:

数据挖掘论坛

• The correct identification of a business service with appropriate granularity and reuse potential
• Achieving the objective of semantic interoperability by standardizing on canonical data models for service interface
• Ensuring uniformity in SOA implementations across project groups by enforcing best practices, standards, and guidelines
• Overcoming the mistrust and hesitation of service providers and consumers
• Building a common vocabulary for sharing service information across different business units or departments
• Breaking the barriers of the traditional organizational culture and behavior to ensure ongoing participation by service providers and consumers
• Inducing discipline in decision making

The only way to adopt SOA successfully is to address these challenges first. These challenges impose the need for SOA governance. Some of the key objectives (see Figure 1) of SOA governance should be to:

• Introduce discipline while carrying out various processes related to the service lifecycle (Service identification-Service operation) by applying appropriate policies
• Create a culture of openness and cooperation by encouraging participants through rewards, incentives, and recognition programs
• Ensure effective collaboration by instilling trust and confidence
• Control decision-making by setting up organizational structures with appropriate responsibilities and accountability

SOA Governance
Until now, governance has been perceived as a luxury during the pilot phases. It is often underestimated as a mechanism to publish and discover business services by means of the registry tool. As SOA adoption moves from the pilot stage to the payoff mode, it's imperative to rethink SOA governance. Governance is required from day one, the cost of establishing governance late in SOA journey is much higher than if you adopt it early on.

The core of any governance is to ensure a desirable outcome in its discipline; the same applies to SOA as well. Business services are the primary artifacts in SOA and need governance to ensure high-quality enterprise-wide reusable/shared assets (business services) are being developed to meet the goal of business agility.

Effective SOA governance is what will separate leaders from dawdlers. Governance is a MUST in the overall SOA strategy and will form the base for adopting SOA in an organized manner. The very first step in establishing effective governance is to define a Governance Model. This process involves identifying and defining various artifacts related to goals, principles, policies, processes, models, metrics, and role responsibilities. Implementing a Governance Model by choosing the right technologies and tools would be the next step.

Governance Model Overview
The key areas of a Governance Model are depicted in Figure 2 数据挖掘论坛

Goals and Principles
Setting up the goals is the first step; shorter time-to-market, cost saving, and process flexibility are among the key objectives of a SOA. Aligning with business needs, goals need to be defined in concise, clear, and measurable terms. Then define a strategy such as focusing on specific domains or functional areas with high service reuse potential and ROI. For example, the customer service domain - targeting consolidation of customer-related business services spread across various LOBs. Well-defined goals and accompanying strategies will help to articulate a SOA vision clearly. 数据挖掘研究院

Defining the fundamental set of SOA principles is necessary to establish the common consensus as to how SOA should be used while developing enterprise SOA solutions. 数据挖掘研究院

Some of the basic SOA principles are: 数据挖掘研究院

• A business service should have a coarse-grained interface
• A business service should be exposed using a technology-agnostic interface and protocol
• A business service should adhere to enterprise-wide technology and semantic interoperability standards
• A business service should be autonomous. Any changes to its implementation technology, runtime environment, or location should not impact the service consumer
• The Interaction between a service consumer and a service provider must follow a document-oriented style of communication
• A business service must be discoverable by consumers belonging to other business units or LOBs
• A SOA infrastructure must provision for protection of the sensitive information exchanged between consumer and provider

Policies
Policies are central to governance. Start with identifying the core set of processes to be governed. Though the policies can be applied at various levels such as business, architecture, service, and technology, we will limit our discussion to business services 数据挖掘实验室

Some of the key challenges in the SOA space are: 数据挖掘论坛

• Reuse - How to ensure that business services are being developed for optimal reuse and interoperability?
• Adoption - How to ensure that business services have proper visibility, and there is a smooth and productive collaboration among LOBs
• Sustenance - How to ensure SOA sustains in the long run

In view of thes challenges, core processes have to be identified in the areas of service lifecycle, collaboration, and sustenance. Governing these processes would require identifying the control points within them and applying appropriate policies to control the outcome. The challenge here is to define policies prudently; they should not be too strict or too lenient. They should be reasonable enough to make their adoption smooth and acceptable. Figure 3 shows the sample abstract of processes and control points within processes to which policies can be applied.

Service Lifecycle
A service lifecycle comprises activities right from service identification through service operation. Various design-time and runtime policies need to be defined around these lifecycle processes.

数据挖掘实验室

The primary objective of design-time policies would be to ensure that truly reusable and interoperable business services are being developed.

数据挖掘论坛

Reusability - Identifying which business functionalities are the right candidates for service enablement is a difficult task. Without a proper approach to service identification, project groups will end up identifying services that don't have enough reuse potential. The policy related to the service identification process should enforce the use of a business process-centric, top-down/bottom-up analysis approach to identify genuine reusable functionalities. 数据挖掘工具

Interoperability - Interoperability policies should focus on building technically and semantically interoperable business services. For example, as a part of the Service Interface Spec/Design process, a high-level policy for semantic interoperability can be defined to enforce the adherence of the business service interface to the enterprise-wide canonical format. This can be followed by more specific policies aligned to domains or functional areas. Similarly on the technology interoperability front, policy can be defined to enforce compliance with the WS-I basic profile to achieve Web Service interoperability across platforms, operating systems, and programming languages. 数据挖掘实验室

Runtime policies should be defined and enforced to govern the behavior of a service once it's operational. For example, a runtime policy for SLA monitoring and non-compliance reporting should be defined and enforced with the intention of getting visibility into the compliance issues and subsequently taking remedial action either in an automated or manual way (automatically instantiating an additional instance of service in case of performance degradation is an example of automated remedial action). 数据挖掘论坛

Examples of runtime governance include:

数据挖掘研究院

• Managing security aspects such as access control and data-level security through encryption
• Managing service level agreements (response times, availability, etc.) through compliance monitoring and reporting
• Managing auditing, logging, and exceptions

It's important to govern the runtime concerns or issues related to service behavior as it will help preserve the trust between service providers and service consumers and create a sustainable SOA environment. 数据挖掘研究院

Collaboration
Policies around collaboration should be targeted at accelerating the adoption of business services. This would involve defining policies around key areas such as discovery, trust, contract, and so on. The policy around service metadata would enforce use of clear business-technology-operational taxonomies for describing the service. Use of proper metadata and taxonomies will enhance service visibility across consumers. Similarly, defining the strong policies around trust and contract will help overcome the barriers of mistrust and hesitation present among service consumers. Agreeing to service levels and the integrity of service through a formal contract is necessary to gain consumer confidence. Providing historical compliance data on aspects such as SLA, support will elevate the trust further. 数据挖掘交友

Sustenance
SOA is an ongoing phenomenon. Some of the key aspects around sustenance that need governance are:

数据挖掘研究院

• Consumer expansion needs-scalability - It's important that business services should scale to embrace new consumers on an ongoing basis and support the expansion needs of existing consumers in terms of increased volume

    数据挖掘工具

• Technology innovation - Migration of applications-business functionalities to a newer standards-based platform is inevitable for reasons such as reduced licensing and maintenance costs. While this is happening at the providers' end, existing consumers should be protected against the risk of changes in SLA in terms of performance, supported volumes and availability.

    数据挖掘论坛

• Funding - There should be continuous funding to support and maintain business services and SOA infrastructure

Unless these sustenance-related challenges are thought through upfront, confidence in SOA's ability to sustain will diminish. 数据挖掘研究院

Models and Metrics
It's necessary to define a robust enforcement and compliance model. Some of the key considerations are: 数据挖掘实验室

• Deciding how various policies should get enforced - as part of the process or using tools technologies. For example, most development policies will be candidates for automated enforcement through tools
• Defining validation and review processes to ensure compliance
• Certificate of compliance for business services through various stages in the lifecycle to make the process more robust
• Exception management and impact analysis

Behavioral and cultural changes are necessary to get SOA right. The conservative, inward nature of an organization can lead to SOA failure. People have to stay away from the traditional mindset of "develop it myself." Being an enterprise-wide strategy, SOA's success depends primarily on the productive and effective participation of service providers and consumers. In short, to succeed SOA needs a culture of openness and healthy relationships. Creating such a culture requires organizations to promote positive behavior by providing rewards, recognition, privileged funding, and such. At the same time the negative tendency of reinvention-duplication should be discouraged. 数据挖掘实验室

Metrics provide the basis for measuring SOA success. Plan to measure success through indicators such as time-to-market for new product-process, cost-savings, and number of processes streamlined. Metrics can also be used to determine the effectiveness of governance. Define metrics to collect statistics on factors such as successful negotiation, reusability, and the interoperability compliance rate. This will help in understanding the loopholes and rigidity in current governance processes-policies and improving it further.

数据挖掘交友