Wiley Service-Oriented Architecture (SOA) Governance for the Services Driven Enterprise
Contents
1. This SOA right is essential to the realization of your SOA strategy yet our field experience shows that many organizations implement their SOA technology platforms before they understand their services requirements When we say get your SOA platform right we mean making sure your SOA run time technical platform supports your planned and current services and your target state architecture Ensure that your SOA platform does not place dependencies or limitations on your services Understand the trade offs of investing in various SOA platform elements such as service registries enterprise service buses ESBs Web services management tools and SOA security solutions Many organizations invested prematurely in UDDI service registries be fore they had any services available or even an SOA strategy and roadmap to guide their investment decisions Similarly before buying an enterprise service bus make sure you really need one Perhaps your organization s messaging and integration requirements can be addressed by Web services management WSM solutions or other alternatives Most likely you will end up with both solutions anyway but if you are budget challenged and can only implement one or the other understand what you are buying with your SOA platform investments Below are a few guidelines to consider as you try to get your SOA platform right Services Driven Platform Selection Select your SOA platform based on the requirements2. SOA GOVERNANCE IMPLICATIONS SOA governance provides the overall decision making framework and processes for determining how best to allocate and focus resources on SOA initiatives SOA governance should define the SOA principles that align with strategic goals and imperatives and that will ensure effective application of SOA to appropriate problems or opportuni ties The SOA Opportunity Roadmap is one device to help identify evaluate prioritize and execute SOA centric projects to support the SOA strategy under the guidance of SOA governance IDENTIFY AND BUILD THE RIGHT SERVICES Without services you cannot have an SOA Furthermore an SOA com prised of services with no business or organizational value is well nigh worthless Therefore getting your services right is essential What are the right services The right services support business and mission objectives c01_1 07 08 2008 26 26 THE SOA GOVERNANCE IMPERATIVE The right services are derived from your SOA strategy and align with your future direction The right services support your SOA goals The right ser vices offer a balance between immediate value and long term investment The right services should be reusable and shared to ensure rapid return on investment short payback periods and cost avoidances The right services can be quickly identified by examining the SOA op portunities that are documented in your SOA strategy By performing a pro cess decomposit
3. Service Oriented Architecture A Planning and Implementation Guide for Business and Technology John Wiley amp Sons 2006 p 248 Peter Weill and Jeanne Ross IT Governance How Top Performers Manage IT Decisions for Superior Results Harvard Business School Press 2004 pp 6 7 See Eric Marks Business Darwinism Evolve or Dissolve Adaptive Strategies for the Information Age John Wiley amp Sons 2002 Charles T Betz Architecture and Patterns for IT Services Management Resource Planning and Governance Making Shoes for the Cobbler s Children Morgan Kaufmann 2007 p xxii Peter Weill and Jeanne Ross IT Governance How Top Performers Manage IT Decisions for Superior Results Harvard Business School Press 2004 Ibid p 8 Ibid p 59 Eric A Marks AgilePath s SOA Bill of Rights Aspects of SOA You Must Get Right AgilePath Corporation 2006
4. and then translate that into the SOA specific instantiations of governance INTRODUCTION TO GOVERNANCE SOA governance information technology IT governance and corporate governance are currently hot industry buzzwords But what is SOA gover nance really What is governance in the general sense Governance is a sim ple concept to understand yet it is made complex by vendors management consultants and opportunists who see the increasing emphasis on gover nance as a chance to augment or enhance their power base in an organiza tion However governance be it IT SOA or corporate does not have to be that complicated Governance is the process of making correct and appropriate decisions on behalf of the stakeholders of those decisions or choices In its corporate application governance is the process of ensuring the best interests of a company s or organization s stakeholders are met through all corporate de cisions from strategy through execution In its IT application governance focuses on appropriate oversight and stakeholder representation for IT spending and overall IT management Corporate governance has become critically important as a result of corporate accounting scandals stock option backdating and related cor porate mismanagement episodes Corporate governance is essential to apply oversight and balanced stakeholder representation for all corporate decisions relating to hiring and retaining key executives executive
5. SOA business and process policies most directly affect the value of SOA and an organization s ability to capitalize on their SOA investments Substitute Governance Processes and Policies with Faith Based Gover nance The last SOA governance mistake we will discuss here is substi tuting a formally defined SOA governance model processes and policies with kumbaya governance or what I call faith based gover nance Kumbaya governance is where an organization entrusts its SOA governance to informal processes and personal empowerment rather than an explicit policy driven formally defined governance model and clear unambiguous processes Under kumbaya SOA gover nance we hold hands believe in each other and trust that something good will happen Voila SOA governance happens But optimally ef fective SOA governance does not and cannot happen this way SOA governance requires an explicit governance model with clear policies well defined processes clearly defined roles and responsibilities and c01_1 07 08 2008 37 Summary 37 alignment to the organization s SOA strategy and goals Only under these conditions can SOA be governed and the value proposition of SOA achieved Kumbaya governance does not work period RIGHT SIZED SOA GOVERNANCE HOW MUCH GOVERNANCE DO WE NEED Many organizations are anxious about governance especially when it is construed as adding layers of overhead and interfering in decision making process
6. aging service providers as necessary to achieve the overall optimal structure of internally and externally provided transactions in support of the busi ness model This is SOA as a business model SOA as an IT strategy is an extension of the SOA business model An SOA enabled IT strategy explicitly embraces concepts of service providers and service consumers and seeks to optimize IT services provided to the busi ness by leveraging SOA concepts Thus the combination of IT services will be optimized through a combination of internally and externally provided services which helps realize the profitability goals of the enterprise The SOA IT strategy perspective also means that there is an SOA strategy that the SOA strategy enables the SOA business model and that it is expressed technically through a clearly defined and articulated enterprise architecture and the resulting portfolio of services that when exposed and implemented enable the optimal end to end execution of business transactions for max imizing profit Again this is from the perspective of a for profit enterprise SOA is also an architecture approach or paradigm along with a sup porting implementation pattern that realizes that architectural approach in support of the IT strategy and the SOA business model SOA extends an organization s enterprise architecture to include concepts of services both logical and physical descriptions of services as well as the required SOA infras
7. alignment identified up front and you must have business support for SOA to maximize SOA value c01_1 07 08 2008 25 Identify and Build the Right Services 25 APPLY SOA TO THE RIGHT CHALLENGES SOA is not a solution for every challenge in your organization SOA offers tremendous business value when applied to the right areas However if you apply SOA to the wrong challenges you may end up creating more prob lems Where are services Web services and non WSDL described services beneficial to your organization and what s the difference between them When can an organization benefit from sharing an enterprise assets as op posed to building and maintaining their own silos of assets How can your enterprise benefit from sharing consistent information across business proc esses How can real time event services eliminate inaccurate data and data latencies which can result in bad decisions and dissatisfied customers The point is to seek SOA opportunities where the fit of reusable interoperable services returns the most value to the business as dictated by the SOA strat egy being pursued We recommend creating an SOA Opportunity Road map or a short list of the high value areas of your enterprise where SOA and services solve immediate problems and offer great potential value This will become an ongoing aspect of your SOA maturation process continu ally identifying and applying SOA concepts to new opportunities over time
8. and interoperability standards specifying and acquiring the SOA development testing and run time platforms defining the SOA development lifecycle implementing SOA governance processes and organizations and artifacts The ramp activities will prepare the organ ization for SOA execution according to the defined SOA strategy and under the oversight of the SOA governance model SOA Reference Implementation The SOA reference implementation phase is a milestone phase Once the organization has done its prepara tion and ramp activities it can begin to implement its first true SOA project This project should be carefully selected planned and executed such that it represents on a small controlled scale your SOA end state This is what we mean by a SOA reference implementation It represents your end state SOA implementation from a business process gover nance and technology perspective and includes or implements most or all of the many facets of SOA that you will require to realize the benefits of SOA according to your SOA strategy and SOA governance model The SOA reference implementation phase represents a major milestone and a major organizational win if it is performed well and will serve as the nucleus around which your team will iterate and expand its SOA capabilities processes governance and implementations SOA Program The SOA program phase is where your organization is beginning the formal execution of SOA projects in accordance
9. governance Mistaking Governance Boards for SOA Governance Another common mistake we see is mistaking the implementation of governance boards for the implementation of SOA governance Certainly governance boards will most likely be necessary to provide a means for stakeholder participation in SOA governance key decision making processes but do not assume that governance boards are effective in their governance SOA governance is more than an organizational model SOA gover nance requires policies processes alignment to strategy and goals and metrics to help monitor progress and performance Governance boards then are one of multiple governance mechanisms that will be used to implement SOA governance They are one of the tools in your SOA governance tool box but not the only one and perhaps in some ways not the most critical This mistake is also a common result of entrusting your SOA governance model to consulting firms that do not have the skills or experience to develop and implement SOA governance c01_1 07 08 2008 35 Common SOA Governance Mistakes 35 Overcomplicating the Model Too Many Boards In many cases we see organizations attempting to implement holistic enterprise gover nance processes when in fact they need focused SOA governance There are many ways in which one may overcomplicate SOA governance In one scenario the organization implements too much governance com plexity by implementing too many boards and co
10. governance by simplifying IT governance down to five key decisions and six IT governance constructs Weill and Ross define IT governance as follows IT governance Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT Weill and Ross essentially focus IT governance on five key decisions 1 IT Principles Codifying the role of IT in supporting the business through fundamental IT principles that help with alignment and deci sion making 2 IT Architecture Defining enterprise integration and technology stand ardization requirements We prefer to treat this category of governance as EA and expand the definition to include the business architecture application architecture technology infrastructure architecture and the information architecture 3 Infrastructure Requirements Determining shared and enabling tech nology services such as data centers networks telecommunications desktops and computing capacity that are required by the enterprise 4 Business Application Needs Specifying the business need for commer cial off the shelf or internally developed IT applications as well as the ownership support and maintenance for these business applications 5 IT Investment and Prioritization Determining what initiatives pro grams and projects to fund and how much to spend These decisions are made during the annual strategic planning processes as well as dur ing the ex
11. of your services This is what we mean by services driven If you pick your SOA platform before you understand what services you will be building you may end up with a mismatch of SOA enabling technology and services requirements SOA Strategy Enabling Be sure your SOA platform supports your SOA strategy and enables the right services that support your SOA strategy Your SOA platform should not limit the realization of your SOA goals and objectives Provides the SOA Platform Core Functions Be sure your SOA plat form will eventually include coverage for the four core SOA platform requirements Web Services Management WSM Reliable Messaging Transport ESB WSM or other messaging solutions Service Registry UDDI and SOA Security Start with these core functions before you get distracted by orchestration tools BPEL engines and other ancillary tooling Separate Your Services from Your Platform Make sure your platform supports your services but do not let your platform constrain your services Decouple your services from your SOA platform c01_1 07 08 2008 29 Create the Right Organizational Cultural and Behavioral Model 29 SOA GOVERNANCE IMPLICATIONS SOA governance provides the decision making framework for specify ing selecting and implementing your SOA platform tools and tech nologies However your SOA platform will also provide the means to automate certain design and run time aspects of services as wel
12. the enterprise requirements for SOA c01_1 07 08 2008 7 Introduction to Enterprise SOA Governance 7 governance SOA governance must also address the convergence of other forces such as organizational structure IT and governance processes organ izational culture behavior and political dynamics and metrics that help measure governance Thus to better address the holistic nature of SOA gov ernance I defined SOA governance as follows SOA governance refers to the organization processes policies and metrics required to manage an SOA successfully A successful SOA is one that meets defined business objectives over time In addition an SOA governance model establishes the behavioral rules and guidelines of the organization and participants in the SOA from architects and developers to service consumers service providers and even applications and the services themselves These behavioral rules and guidelines are established via a body of defined SOA poli cies SOA policies are specific and cover business organizational compliance security and technology facets of services operating within an SOA SOA governance consists of the organization and processes re quired to guide the business success of an SOA and Web services SOA governance defines and enforces the Web services policies that are needed to manage a SOA for business success While this definition is sound I realized that a simpler definition would help clarify g
13. with your SOA strategy and SOA governance model and leverages your SOA Reference Implementation as the platform for execution Pro grammatic execution of SOA in this phase will begin slowly with a few programs or projects and will accelerate as your maturity evolves In our experience many organizations attempt to transition directly from the SOA Inception phase to the SOA program phase by skipping SOA strategy and planning SOA governance model development and SOA ramp and governance ramp These organizations often will stall under c01_1 07 08 2008 22 22 THE SOA GOVERNANCE IMPERATIVE this scenario or will end up with a very limited bottom up SOA imple mentation with limited business value SOA Acceleration and Assimilation The acceleration and assimila tion phase of SOA adoption is where the organization leverages the reference implementation to add new SOA capabilities add new proc esses expand the consumption and development of new services and accelerate the adoption of SOA by its IT and business consumers The SOA acceleration and assimilation phase is where SOA becomes inter nalized by the organization as the primary means by which business capabilities will be enabled by the IT organization and the primary means by which the IT organization will operate This phase involves rapid iterations around the SOA reference implementation core ex pansion of SOA governance and achievement of a repeatable SOA realizat
14. LICATIONS Achievement of the right SOA results brings us back full circle to our SOA strategy goals and objectives SOA governance as we have maintained must be tightly aligned with the SOA strategy and explic itly linked to the SOA goals The right results will follow from SOA governance which again ensures we are doing the right SOA things the right SOA way for our SOA stakeholders ESTABLISH THE RIGHT SOA GOVERNANCE MODEL AND POLICIES SOA governance is essential for managing the decisions and policies of your SOA You must get your SOA governance model right to achieve your SOA goals period SOA governance establishes alignment of your SOA strategy to your business as well as defining the enterprise architecture policies and interoperability standards for the services in your SOA SOA governance is a must SOA governance is more than the technical policies and design standards for building reusable interoperable services SOA governance also establishes the decision framework for funding SOA efforts and initiatives for assigning ownership of various classes of services as well as ensuring appropriate development lifecycle processes support SOA Below are a few SOA governance considerations to get your governance model right SOA governance is more than technology and tools Many vendors are on the SOA governance bandwagon with service registries repositories distributed enforcement tools and more However before y
15. ance This is why governance is first and foremost about engagement of critical stakeholders in key decisions of an organization INTRODUCTION TO ENTERPRISE SOA GOVERNANCE What is enterprise SOA governance SOA governance is the process of en suring all business and IT stakeholders interests are served by the planning funding and execution of an enterprise SOA initiative One of the early pio neers of SOA governance is the company WebLayers located in Cambridge Massachusetts WebLayers defines SOA governance as follows SOA governance is the ability to ensure that all of the independent SOA efforts whether in the design development deployment or operations of a service come together to meet enterprise requirements WebLayers developed the concept of a policy driven SOA governance approach where in effect SOA governance is predicated on developing for malizing and enforcing a body of SOA policies that ensure conformance to enterprise SOA business and technology goals In my opinion this whitepa per paved the way for the industry to understand the scope breadth and criticality of policies ina SOA governance framework However SOA governance must be approached from an enterprise per spective and from a comprehensive and holistic viewpoint An enterprise approach to SOA governance offers a more robust model than focusing narrowly on SOA governance While explicitly defined SOA policies are essential to formalize and encode
16. at funding is a primary governance enforcement and incentive mechanism and judicious use of fund ing models can facilitate the realization of an effective and transparent gover nance model for your organization Governance ensures that organizational resources are allocated to important initiatives and that they are consumed and leveraged wisely Therefore governance must focus on critical aspects of the business where allocation of resources and oversight of the use of those resources is possible SOA governance should follow the same approach INFORMATION TECHNOLOGY GOVERNANCE But how did IT governance become so popular IT governance is not that different from corporate governance IT governance is the process of ensur ing all IT stakeholders best interests are being met in the planning funding c01_1 07 08 2008 12 12 THE SOA GOVERNANCE IMPERATIVE and execution of IT for a given organization IT governance became impor tant when IT spending ballooned out of control in the late 1990s with the combined hype of Year 2000 and the rise of the Internet As IT spending got more and more out of control with little return on the investment busi ness leaders realized little to no impact on their business operations In fact in many cases business leaders did not have much say on how IT spending was managed or how IT dollars were allocated to various initiatives This lack of input and transparency led to an IT backlash where
17. business and IT strategies and will not necessarily be documented separately anymore At SOA steady state the next big IT trend will probably be well on the way and we ll be exploiting the opportunities that the SOA wave created for us As you might surmise the activities processes capabilities and SOA governance requirements are all different for the various SOA adoption c01_1 07 08 2008 23 SOA Bill of Rights 23 lifecycle phases We will detail some of these SOA governance differences in Chapter 8 In the meantime review the SOA Adoption Model and deter mine where your organization is in its SOA maturity After you have done this write down the SOA governance processes boards policies and en forcement mechanisms you have in place now Then examine the next two stages of SOA maturity and consider what additional SOA governance re quirements you may have to consider as you add more services and expand SOA to more projects or to an enterprise level What you will realize from this exercise is that SOA governance is an evolving changing and sustained activity and your organizational requirements for SOA governance will vary based on internal organizational factors as well as relative SOA maturity SOA BILL OF RIGHTS As our definition of SOA governance states enterprise SOA governance can be summarized as doing the right SOA things the right way for the SOA stakeholders The author 2006 captured many of these rig
18. c01_1 07 08 2008 1 1 The SOA Governance Imperative Si my last Service Oriented Architecture SOA book in which I dedi cated an entire chapter to the topic of SOA governance industry interest in governance has exploded The challenges of enterprise SOA governance have moved to the foreground across the IT industry as interest in SOA has increased and as the many SOA practitioners out there have reached the same conclusion SOA governance is mandatory for any measure of SOA success Understanding and implementing effective SOA governance has be come a corporate imperative and thus the topic requires the depth of cover age that this book provides Yet despite all the interest in the topic governance is one of the most misunderstood emotionally charged and enigmatic concepts in the industry We will attempt to address these chal lenges in the chapters of this book THE INEVITABLE SOA TREND SOA is one of the most important trends in Information Technology today SOA is now a top priority in most organizations SOA is receiving all this attention because of the great potential value it offers to those who pursue it If an organization achieves a mere fraction of the total potential value of SOA it will be significant to that organization s bottom line competitive posture and overall operational effectiveness That is why SOA is such an important strategic initiative to pursue SOA makes too much sense techni cally and financial
19. ception of an SOA initiative Depending on the c01_1 07 08 2008 19 SOA Governance Impacts IT Governance and Enterprise Architecture 19 IT Governance P o ad Business 3 ji p Busin Reqts Imperatives ie apes ee gt SOA Governance Initiative _ SOA Governance Model Technol Organization Processes Policies aint Technical Reqts Tl Imperatives Architecture Governance Exhibit 1 8 SOA Governance Impacts Existing Governance Organizations and Processes robustness of current enterprise architecture disciplines organizations will have a relatively easier time introducing SOA governance into their EA gov ernance model especially if they have already formalized architecture governance processes policies and oversight of projects as they are man aged through the project delivery process in that organization SOA governance will place greater demands on those IT organizations whose EA discipline is lacking or whose architecture governance is weak to nonexistent In these scenarios many times the EA organization process and capabilities must be upgraded in order to successfully accommodate a SOA approach If there is not an EA organization or discipline one must be established with executive sponsorship in order to support fundamental SOA Our experience from the field suggests that when an enterprise has im plemented a rock solid EA process as well as appropriate architecture gov ernance processes and mecha
20. com pensation strategic direction and execution Corporate governance in publicly traded companies is the process by which firms are managed to ensure stakeholder interests are met by corporate decisions Stakeholders include shareholders employees management and even customers The corporate governance process is normally achieved by a board of direc tors who are either appointed or elected to provide objective balanced c01_1 07 08 2008 6 6 THE SOA GOVERNANCE IMPERATIVE oversight on such key issues as executive compensation and performance and corporate strategy and decision making The board of directors nor mally is comprised of inside and outside directors to ensure all stakehold er interests are represented in a balanced fashion When corporate governance fails it is usually because of a lack of objectivity e g board members appointed by the Chief Executive Officer CEO of the organi zation or board membership weighted too heavily toward inside interests versus external shareholder interests Most recently corporate gover nance has been in the news due to the stock option backdating scandal Corporate governance failed in this case due to a lack of decision trans parency which enabled a few executives to unilaterally or multilaterally enrich themselves by backdating stock option agreements In the general sense any governance will fail if stakeholders of critical decisions are not engaged in the processes of govern
21. e portfolio management and many other dimensions into this list What should become clear is that governance means slightly different things for each of these areas While they all generi cally still mean doing the right things the right way for the stakeholders the right things right ways and stakeholders are all different for these gov ernance focal points However when does the transition from management to gover nance occur and for what kinds of assets or decisions Governance is not the same as management yet they are intrinsically related to one another as we will see below DO NOT CONFUSE GOVERNANCE WITH MANAGEMENT Our definition of governance is critical to bear in mind as you begin devel oping your SOA governance model Governance is often confused with management In one sense both are management activities Governance provides management and oversight for critical activities or decisions where stakeholder representation is an imperative Management is about execu tion of all business or organizational activities once the decision is made Management activities usually do not require external stakeholder involve ment or representation whereas governance activities nearly always have c01_1 07 08 2008 11 Information Technology Governance 11 stakeholder interests across multiple domains or constituencies involved Both are related and both are necessary in an SOA governance model How
22. e stakeholder requirements and perspectives to consider in an SOA initiative than the usual IT application delivery view The bottom line is that all of these interests are valid in an SOA initiative and all of these roles are stakeholders in an SOA The real challenge of SOA governance is defining the critical stakeholders and ensuring their interests are served by the SOA strategy planning and execution through effective SOA gover nance The following questions will help frame the high level requirements of enterprise SOA governance What are the goals of your SOA initiative What must be governed to help ensure these goals are realized m Who are the primary stakeholders of your SOA initiative Is your SOA business driven or IT driven What key decisions assets or resources must be governed today What are the key governance concerns and challenges you must overcome to realize the targeted benefits of SOA Who owns the processes assets and resources that must be governed c01_1 07 08 2008 17 Addressing SOA Stakeholder Biases 17 m What outcomes do we seek from SOA governance How will we meas ure performance of governance SOA governance is confusing to many organizations for a variety of reasons In many cases SOA governance is approached from too narrow of a perspective such as services governance technical design governance or SOA platform governance These SOA governance perspectives represent the technical s
23. ecution year This process also includes adding and cancelling c01_1 07 08 2008 14 14 THE SOA GOVERNANCE IMPERATIVE planned IT investments based on business performance as well as emer gent business needs In addition to focusing on key IT decisions they also described various archetypes for making these decisions which include business organiza tions IT only organizations cross functional organizations and more They list the archetypes as follows Business Monarchies A group of business executives or individual ex ecutives CxOs make key IT decisions This construct includes senior business executive committees that may or may not include the Chief Information Officer CIO This does not include individual IT execu tives making decisions independently IT Monarchies Individuals or groups of IT executives make key decisions Feudal Business unit executives key process owners or their delegates make key IT decisions at the business unit regional or process level There is no shared IT decision making with a corporate headquarters or centralized IT function m Federal A governance structure where decisions are coordinated be tween a centralized corporate IT organization and individual business units strategic business units SBUs or geographic or regional structures IT Duopoly A governance structure that involves two parties the IT leadership and one other organization for example busines
24. ed States lags in adoption of these frameworks which is a paradox because the Unites States leads in technology innovation and especially in the context of SOA and its related technologies and disciplines The adoption of ITIL best practices CMMI certification and other processes seem to be sub optimized lacking overarching governance models to manage these processes In fact our experience is that IT governance competencies are wide and varied with no single organization representing enterprise wide IT governance for all the necessary decisions required Most often high performing governance models at least demonstrate control c01_1 07 08 2008 13 IT Governance Approaches 13 over a few key governance dimensions such as enterprise architecture planning and budgeting oversight configuration management and IT oper ations readiness Organizations with baseline competencies in some form of governance will have a far easier time adopting or extending these to SOA governance while those without a basic governance foundation will suffer mightily to add SOA governance disciplines to their enterprise IT GOVERNANCE APPROACHES IT governance is still an immature discipline for the most part despite the IT management frameworks mentioned above One of the more insight ful IT governance approaches was developed by Peter Weill and Jeanne Ross in their book IT Governance Weill and Ross provide an excellent high level perspective of IT
25. er operating costs and total cost of ownership SOA as a business or IT initiative presents several challenges with which organizations must contend before they can begin to realize the bene fits of SOA An SOA strategy is a critical requirement An SOA business case should be established An SOA reference model and SOA enterprise architecture should be created First and foremost of these is an actionable SOA strategy An SOA strategy is essential to help focus and galvanize organizational efforts iden tify the appropriate uses of SOA for business benefits and to explicitly identify the business or mission outcomes desired from investing in an SOA c01_1 07 08 2008 5 Introduction to Governance 5 initiative SOA governance is mission critical to guide and manage all the moving parts of an SOA strategy An enterprise SOA governance model must be informed by an actionable SOA strategy since SOA governance helps enable the realization of your SOA strategy In our experience most organizations have skipped the definition of a reasonable SOA strategy and until recently the same organizations have by passed developing an enterprise approach to SOA governance However as interest in governance intensifies this should spur a concomitant interest in SOA strategy development as well To set the stage for the remainder of the book let s explore the rise of governance as a discipline the industry and business drivers for governance
26. es that are not broken Weill and Ross observe that all organizations have some form of governance or IT governance Whether the current gov ernance is explicit or effective is a completely separate inquiry While SOA governance does have many moving parts and requires integrating many perspectives and stakeholders in SOA decisions SOA governance does not have to add tremendous complexity Yet SOA governance will add new processes extend current IT governance processes and require more atten tion be paid to SOA centric activities In order to keep things in perspective we break out Henry David Thoreau s famous quote That government is best which governs least SOA governance is best implemented a little at a time as much as is needed to control key processes and decisions and by implementing as much as nec essary to ensure SOA success Any amount of SOA governance is more than most organizations want regardless of the nature of it That said SOA gov ernance is essential and therefore you must get it right Enough to govern critical SOA governance requirements and yet not so much that innovation and progress is stifled A better SOA governance quote might be as follows That governance is best that governs best with the least You must always ask yourself if your SOA governance model is right sized for your organization culture and current SOA objectives SUMMARY SOA governance does not have to be complicated but it of
27. es versus RESTful services in the industry today which in our opinion is the wrong debate The debate should not be about which technical services paradigm is better than the other but about when and how to match the appropriate c01_1 07 08 2008 27 Build Your Services the Right Way Design Time Governance 27 technical implementations of services to the needs and demands of your en terprise This is why an SOA strategy is so important Any services that do not support the SOA strategy must be postponed Any technical service im plementation approaches that do not support your SOA strategy or enable services interoperability and reuse must be avoided There may well be a use for both SOAP WSDL and RESTful services in your SOA but you must understand the business and technology issues that support this decision and plan accordingly This must be an explicit choice rather than one you discover after the fact We suggest mapping your SOA services taxonomy to the various service technologies and implementation models available and then making the right choices based on your SOA strategy and Opportunity Roadmaps If your SOA strategy calls for orchestration of processes using BPEL then you should invest in a portfolio of SOAP WSDL Web services that lend themselves to composition If your SOA strategy is based on leveraging in frastructure and technical services be sure you invest in robust SOA ena bling technology that exposes securit
28. ets intellectual property IT assets and others The irony is that IT governance became important after the Internet hu bris of the mid to late 1990s and the Y2K hype when IT spending seemed to spin out of control without clear accountability to the business and with out a direct connection to business performance In other words the rise of IT governance is a backlash against the unchecked and seemingly reckless IT spending of the go go 1990s IT governance was necessary to get control of those IT guys and ensure they would not be able so spend corporate funds on IT toys without appropriate checks and balances Governance was about proper oversight transparency and stakeholder involvement in crit ical decisions ultimately the appropriate use of IT funds on behalf of the business stakeholders Now with the rise of SOA and enterprise SOA governance the mean ing and emphasis of governance varies dramatically depending on what your interests are SOA in and of itself can mean the strategic aspects of SOA such as strategy development program and initiative selection and funding and budgeting Of course SOA governance also entails the archi tectural dimensions of SOA the services aspects of SOA the software deliv ery and service development dimensions of SOA and the operational management dimensions of services in the SOA The following are major forms of enterprise governance that are common across industry Corporate G
29. ever governance is essential where critical decisions require stake holder involvement and where those decisions have strategic or serious impact on business IT or process performance Do not confuse manage ment processes with governance processes Governance is also focused on more critical aspects of the business where management is focused on all aspects of the business some of which may be the focus of governance oversight One of the real challenges in SOA governance is determining what must be governed and how versus what must be managed as parts of normal IT or business management In this book we will separate out the domain of management from the domain of governance When in doubt ask if something is being governed versus man aged Good management processes can reduce the need for governance but good governance requires good management GOVERNANCE IS ABOUT RESULTS AND APPROPRIATE USE OF RESOURCES Without governance there will be no results Governance is focused on en suring appropriate use of resources in an organization to drive the organiza tional actions that will bring about the desired results Resources in a for profit organization include funding personnel organizations capital assets and even intellectual property Often a discussion of governance finishes with a statement roughly equivalent to the following Funding is the ultimate governance mecha nism What most practitioners would agree with is th
30. gress of SOA adoption You must evolve and manage your SOA governance model processes principles and policies all as you maintain alignment to the business and IT strat egies as well as business and IT goals SOA governance is a process to be sustained and managed over time Your initial SOA governance model will not be your end state SOA governance model Overly Technical Governance Focus too Narrowly on Technical Policies One of the most common mistakes we see is focusing too nar rowly on technical service policies and run time governance This is a mistake only if the other aspects of SOA governance are ignored The technical governance issues must be addressed however they must be addressed from an overall SOA governance perspective working top down from the SOA strategy and goals and then determining what SOA governance will help ensure realization of the SOA strategy and goals using metrics to track progress The most interesting aspect of the technical governance focus is that most of these SOA policies can be en forced using automation and software tools However the most chal lenging SOA policies to define and enforce are business and processes policies which are difficult to automate and normally require manual enforcement via governance boards reviews and manual process check points These are the policies that drive behavioral and cultural changes and thus demand the most attention and offer the most value The body of
31. hts in a whitepaper entitled AgilePath s SOA Bill of Rights which is excerpted below Service Oriented Architecture SOA is being vigorously pursued by most organizations today That said SOA is still a very new dis cipline There are many aspects of SOA that must be carefully planned and executed to avoid common pitfalls such as wasted effort misspent funding and inappropriate application of SOA concepts So while we applaud these early SOA adoption efforts we are compelled to offer our SOA Bill of Rights These are the essential SOA elements and capabilities that you must get right in order to ensure your SOA success AgilePath s SOA Bill of Rights are listed below and explained in detail Pursue the Right SOA Strategy Apply SOA to the Right Challenges Identify and Build the Right Services Build Your Services the Right Way Get your SOA platform Right Establish the Right SOA Governance Model and Policies Encourage the Right Organizational and Cultural Behavior Achieve the Right SOA Results c01_1 07 08 2008 24 24 THE SOA GOVERNANCE IMPERATIVE PURSUE THE RIGHT SOA STRATEGY A SOA strategy is critical to establishing the appropriate business and mis sion context for your SOA initiative But what constitutes the right SOA strategy While there are recurring themes in our clients SOA goals and objectives the exact SOA strategies pursued are very much customized to
32. iases toward reuse and technical or architecture compliance In my opinion there is not enough focus on the business stakeholders yet as organizations are still very immature with their SOA initiatives and the supporting SOA governance that sup ports those SOA strategies You must understand the natural biases and tendencies that accompany these various stakeholder perspectives and incorporate them into your governance model These will become more apparent as we decompose the requirements of enterprise governance in subsequent chapters SOA GOVERNANCE IMPACTS IT GOVERNANCE AND ENTERPRISE ARCHITECTURE A key consideration when planning SOA governance is that it will have a rather profound impact on your current IT governance processes as well as your current enterprise architecture process Oftentimes SOA governance efforts will expose weaknesses in both governance processes Exhibit 1 3 depicts how an SOA initiative will impact IT and enterprise architecture governance For example SOA initiatives will always stress IT strategic planning processes project submission and approval project management processes funding and budgeting decisions asset ownership issues and portfolio man agement processes if they exist Many of these IT governance processes are not very robust and thus SOA exposes the absence or fragility of these processes very quickly Enterprise architecture EA governance processes will similarly be challenged by the in
33. iding what to do how to do it and who has a vote Relating our definition to theirs SOA governance is focused on setting priorities and applying SOA to the appropriate uni verse of business challenges SOA governance involves implementing SOA according to company processes architecture and technology standards and in alignment with business priorities and finally SOA governance ex plicitly involves the business and IT stakeholders in the decision making process for input review and approval and enforcement of key decisions relating to SOA The challenge is with SOA there are many more right things to per form the right way SOA governance adds many more architectural and technology dimensions to the governance equation as well as the horizontal processes of a services software development lifecycle SDLC that span de sign time activities quality assurance and testing and runtime governance and operations Thus SOA governance includes fundamental elements of IT governance while adding many technical issues that require integration into the governance calculus as well As for the stakeholders they are the same by and large as the IT stakeholders except for two fundamental differences First SOA done right offers a more direct business engagement model via process modeling and analysis than previous IT architecture and development para digms offered second SOA requires more internal coordination across more moving par
34. ing a Tool versus Implementing Robust Processes As described above this SOA governance mistake is very common Many organiza tions believe that they address SOA governance by implementing soft ware tools before defining processes policies and organizational models to support their SOA governance requirements Many organiza tions for example have acquired service registries metadata reposito ries and other related software tools in anticipation of meeting all of their SOA governance challenges However very quickly these organi zations realize that they are only able to govern a small segment of their SOA policies the technical policies for services design and run time governance for security for example The point is that many of these policies can be automated using tools and technologies However the large preponderance of SOA policies are business and process policies for conformance to architecture reuse and other decision making processes In other words many business process and conformance policies cannot be automated very easily and these are the critical as pects of SOA governance that must be managed for success Tooling can of course facilitate these SOA governance processes but tooling cannot replace them This SOA governance mistake results from en trusting software vendors too much or from engaging opportunistic consulting firms for SOA governance when they do not have the in sights or credentials to implement SOA
35. ing your SOA governance model E Services Governance Focus is too narrow in scope Many SOA gover nance enthusiasts mistakenly restrict SOA governance focus to govern ing services from a technical design or runtime perspective In this mode the focus tends to be technical service design service interface design and service implementation SOA Security Emphasis While critical security often focuses only on technology issues and not business or process issues and does not en compass organizational requirements or business decisions c01_1 07 08 2008 18 18 THE SOA GOVERNANCE IMPERATIVE Partial SDLC Governance Design time bias or run time operations bias Another common stakeholder bias derives from focusing on either design time governance of services which emphasizes compliance to architecture and technical design standards or on run time governance which emphasizes operational requirements for performance quality of service QoS service level agreements SLA and security IT Bias SOA governance focused on optimizing IT goals which often are con centrated on service reuse design time governance and architecture and technical compliance These biases tend to emphasize provider side goals of SOA which center on reuse and provider side optimization Business Bias SOA governance focused on how SOA and services drive business goals for speed to market business value and process optimization as opposed to IT b
36. ion model SOA Programmatic Execution In the SOA programmatic execution phase SOA has become a standardized and repeatable model for the delivery of business capabilities and solutions via services This phase represents the point at which the SOA strategy is being executed crisply and steadily as a formalized program SOA governance is robust and guides all SOA activities from strategic planning through sunsetting and retirement of services This phase represents when an organization should be delivering SOA value through rapid delivery of service enabled capabilities where reuse of services is accelerating and where desired organizational benefits can be measured and demonstrated SOA Steady State By the time an organization reaches the SOA steady state adoption phase the phrase Service Oriented Architecture and the SOA acronym will probably not be in use anymore SOA will have become the fundamental model by which IT services are delivered These will be no other model except for services This phase of SOA adoption is a long way off but it represents some point at which SOA is the clear and assumed model for business and IT It will have become so ingrained in the organizational culture that services are just a natural way of architecting and delivering business solutions At SOA steady state SOA governance will be natural and infused throughout the or ganization The SOA strategy will become just another aspect of both the
37. ion operation on each of the opportunities in your SOA Opportunity Roadmap you can quickly identify processes applications and candidate services that meet the criteria for being the right services Of course to really ensure these are the right services you must perform ser vice modeling and design activities on the candidate services to achieve ap propriate functional scope encapsulated functionality granularity and reusability as well as assessing risk and business fit Getting the right serv ices is a function of focusing on the right SOA opportunities using an SOA Opportunity Roadmap that supports your SOA strategy SOA GOVERNANCE IMPLICATIONS Building the right services is an extension of doing the right SOA things Identifying and building the right services is based on target ing the right SOA opportunities and processes for SOA enablement These naturally are selected based on the SOA strategy and SOA governance framework BUILD YOUR SERVICES THE RIGHT WAY DESIGN TIME GOVERNANCE Once you have identified the right services whether they are existing ser vices or candidate services mapped to your SOA strategy you must still build them such that they enable the business value you desire That means building your services right so they are reusable composable atomic state less extensible and agile In other words build them the right way For example there is a lot of debate about SOAP WSDL Web servic
38. iscus sion of Ronald Coase and transaction theory applied to SOA and services Exhibit 1 1 illustrates the concepts of core and context and as an extension the combination of internal and external services to optimize the overall transactional cost and efficiency of an organization Per our set up discussion above a corporation continually evaluates the relative cost of performing business transactions internally versus externally to best optimize its overall profitability In fact Ronald Coase would argue that the relative size of a company and its interactions with the market place are ultimately based on relative costs of business transactions Com bining the transaction theory of Ronald Coase with the core and context concepts of Geoffrey Moore give us a tremendous foundation to apply SOA concepts to Many small businesses outsource human resources payroll processing and even their Information Technology IT in their early startup days in stead focusing on the innovations that will help the company grow c01_1 07 08 2008 3 The Inevitable SOA Trend 3 However as those functions become more critical to the enterprise and as the cost of performing them is lower than in an internally provided service the organization may eventually insource those functions In this manner the service oriented business model is one of optimizing core and context processes per Geoffrey Moore s book Living on the Fault Line and lever
39. ket responsiveness and cus tomer service while driving IT costs out of their business IT stakeholders include IT executives enterprise architects project managers business analysts developers and outsourcing partners These stakeholders represent the service provider roles in an SOA initiative Their interests include supporting business goals increasing effectiveness of infor mation exploitation increasing IT efficiency and reusing of architecture and services and speeding delivery of products and services to customers Service consumers are also stakeholders in an SOA initiative as are ser vice providers These two groups of stakeholders are joined by the SOA services development lifecycle process which receives services requirements and demand from consumers and then produces services that can be con sumed and composed into business processes and applications for end users and customers In fact these stakeholders are best joined by re engineering the systems development lifecycle to accommodate SOA and services In our c01_1 07 08 2008 16 16 THE SOA GOVERNANCE IMPERATIVE SOA Governance View SOA Strategy View Mission Business and IT View Governance Org Processes Process Domain and POR i DoD SOA Strategy ID SOA 7 Policy Leif STB EAand E E E and eens Expettise i KnowingiW nat MustBa Lifecycle Runtime governance Done Process Transformation SOA Finding View Acquisition View Security View SOA Fundi
40. l such as service registries and metadata repositories Web services manage ment tools and messaging infrastructure among others Thus care must be taken to govern the selection of SOA platforms and tools since these will support your technical SOA governance processes for design and run time policy enforcement CREATE THE RIGHT ORGANIZATIONAL CULTURAL AND BEHAVIORAL MODEL Along with SOA governance comes the essential yet softer side of SOA or ganizational challenges cultural issues and the behavioral reinforcement of governance and policies These are aspects of SOA that are underempha sized because they are difficult to manage and because it is much easier to buy a vendor software solution than focus on the processes culture and behavior that actually make SOA take hold We will discuss Conway s Law and the implications of organizational structure on enterprise governance and IT SOA governance Consider the following suggestions to help you get your organization and culture right for SOA Understand how your corporate structure inhibits or supports your SOA governance model and enforcement of policies Determine how your corporate culture can assist the migration toward SOA or conversely how it may not support it Latch onto corporate mantras where possible with your SOA initiative Determine how to weave SOA goals into organizational and personal incentives Use reviews incentives rewards and penaltie
41. ll not only understand what must be governed in order to capitalize on a SOA initiative but how to begin designing and imple menting SOA governance to ensure you realize the value of SOA The rise of SOA can be considered to be an inevitable evolution of IT based on the industry adoption of key technology standards and the continued persis tence of IT integration and business agility challenges Below we discuss the SOA governance trend and how to enable SOA governance to be successful WHO ARE THE SOA STAKEHOLDERS One of the reasons SOA governance is more complex than IT governance is that SOA governance adds many more governance requirements and pro cesses and therefore more governance stakeholders into the equation In addition as we have emphasized the fundamental difference between man agement and governance is that governance requires stakeholder represen tation Governance is an oversight process that ensures appropriate stakeholder representation for key enterprise decisions Who are the stake holders in an SOA initiative There are a multitude of SOA stakeholders as Exhibit 1 2 illustrates There are business stakeholders which includes business unit execu tives who are concerned with driving revenue sales and profit by servicing customers with great products and services These stakeholders are consum ers of IT resources and thus will also be consumers of SOA and services Their interests include the desire to increase mar
42. ly not to implement I like to define SOA as a combination of a Business Model an IT strat egy an architectural approach and an implementation pattern all predi cated on the concept of Services In the SOA business model sense an organization is essentially an eco nomic engine assembled from a combination of internal and external proc esses and capabilities all of which in combination enable the end to end execution of business processes that achieve the organization s objectives A for profit corporation is created to make money for its shareholders Thus maximum profits are achieved by optimizing execution of business c01_1 07 08 2008 2 2 THE SOA GOVERNANCE IMPERATIVE Company XYZ e 77T O Client L Retention N Solution Innovation J Project Delivery 7 erty Gann Payroll Processing Context Generate Electricity Exhibit 1 1 Core vs Context Make vs Buy vs Rent transactions If an organization can accomplish business transactions more efficiently and at a lower cost by performing them internally it will do so If however overall efficiency and cost optimization is achieved by others outside of the organization performing those transactions the best model is outsourcing of those functions These ideas are derived from the work of Ronald Coase whose work on transaction theory provides a perfect foun dation for SOA as a business model See Marks and Bell 2006 for a d
43. many CIOs were reined in fired or placed under the oversight of the finance functions The major change resulting from all of this was the establishment of an IT governance process where the roles responsibilities and decision making processes of IT planning funding and execution were managed by joint business and IT leaders many times with business leaders having much more influence over IT decisions Much like the rise of corporate gover nance IT governance helped make IT spending and decision making proc esses more aligned with the business and corporate stakeholders of the organization IT PROCESS FRAMEWORKS ITIL COBIT CMMI AND OTHERS Several IT governance frameworks and models have blossomed over the years particularly to facilitate better governance process definition and controls for IT Major IT governance process and architecture frameworks are available for implementation such as Control Objectives for Informa tion and related Technology COBIT Information Technology Infrastruc ture Library ITIL Capability Maturity Model Integration CMMI and The Open Group Architecture Framework TOGAF These are all major process definition and standardization efforts for IT best practices gover nance and audit financial controls These frameworks all substantially over lap are inconsistent approach IT from differing perspectives and require substantial interpretation before implementation Furthermore the Unit
44. mmittees This heavy organizational footprint often fails because it requires too much organ izational overhead and friction too early in the SOA adoption process and normally before most firms have proven to themselves that SOA can deliver on its potential In another scenario there is a mismatch of SOA governance processes and policies to the current demands for SOA governance For instance many times we see inexperienced consulting firms pushing sophisticated portfolio management models of gover nance upon their clients when basic SOA governance gaps have not been closed yet Why would you need service portfolio managers for a complex collection of service portfolios when you have not even defined basic services design patterns and implementation standards and do not have an SOA run time platform specified and implemented yet You see the challenge Normally service portfolio management is a more mature SOA undertaking usually unnecessary until the organiza tion has enough services to merit a portfolio management approach Oversimplify the Governance Model Lack of Process Coverage An other common mistake is oversimplifying SOA governance by omitting key processes or by implementing software tools on the assumption that they provide that process for you We addressed the software tool issue above The lack of governance process coverage derives from the absence of an overarching perspective and reference model for SOA governance This over
45. ng and Budgeting Service Portfolio Ownership Incentives to Share Reuse Securing Data and Network Authentication Authorization Audit WS et al Agile acquisition Ensuring Program Reuse Incentives to Expose via SOA and Services Services View Process View Requirements View Services Portfolio Mgt Services Mission Threads Business Doctrine and Policy Warfighter Taxonomy Services Processes Orchestration BPM and Mission Requirements Process Re engineering Business Requirements Stewardship and Ownership Provider View Services Lifecycle SDLC View Consumer View acres eae and Agile Development and Services el a E ublishing of Services i 5 g Development Lifecycle Provisioning Legacy Systems View Tech and Architecture View Data View Wrapping Exposing Services from Legacy Systems Refactoring and SOA Ref Arch and Ref Imp SOA Data Services DoD Data Strategy Infrastructure and Enabling Canonical Form Enterprise Data Retiring Legacy Systems Technology Model Semantic Integration Exhibit 1 2 SOA Governance Stakeholder Landscape experience most SDLC processes are not well suited to SOA or services even in their most agile instances Agile development does not directly translate into an SOA Services SDLC although an SOA Services SDLC pro cess will be far more agile than its precursor It has to be Because the nuances of SOA demand a holistic approach to governance there are mor
46. nisms SOA governance is easier to implement Adding SOA governance to an existing and successful governance paradigm is easier than starting from scratch However transitioning from a poor governance paradigm to a more effective policy driven governance frame work can be equally challenging c01_1 07 08 2008 20 20 THE SOA GOVERNANCE IMPERATIVE SOA GOVERNANCE REQUIREMENTS VARY BY SOA MATURITY Another SOA governance misconception is that once you implement an SOA governance initiative you will not have to revisit it again This is patently false SOA governance is fluid evolving and dynamic SOA gover nance is a sustained and ongoing capability for your enterprise The require ments for ongoing SOA governance will vary based on the organization and the relative maturity of SOA in that organization Exhibit 1 4 depicts an SOA adoption lifecycle model that illustrates the fundamental phases of SOA that an organization will proceed through on its journey to some SOA steady state These SOA adoption phases in Exhibit 1 4 are described in detail below SOA Inception Initial SOA and Web services pilots and proof of con cepts POC occur here where early learning and gaining SOA experi ence for a core team of practitioners are the project goals SOA Strategy and Planning This phase often follows the SOA Incep tion phase and attempts to align all SOA activities under a coherent strategy and roadmap for execution under the sp
47. onsorship and leader ship of a corporate executive Our field experience shows that many organizations proceed directly to the next phase SOA Governance Model Development prior to developing an SOA strategy We advise doing them in parallel starting with the SOA strategy and beginning the SOA governance model development shortly thereafter SOA Strategy SOA Ramp SOA Reference and Planning Governance Ramp Implementation SOA Governance Model Development SOA Inception POCs Pilots and Ad Hoc Projects SOA Program SOA Acceleration SOA Steady Formal SOA and Assimilation State Projects Exhibit 1 4 SOA Adoption Phases Preferred c01_1 07 08 2008 21 SOA Governance Requirements Vary by SOA Maturity 21 SOA Governance Model Development This phase involves develop ment and implementation of an SOA governance model that aligns to and supports the realization of an organization s SOA goals and objec tives As mentioned above often the SOA governance phase is started before an organization has defined its SOA strategy Thus the first gap to close in order to implement effective SOA governance is the develop ment of an SOA strategy SOA Ramp and Governance Ramp This SOA adoption phase is focused on preparing for the formal programmatic execution of an SOA initiative in an organization SOA ramp activities include training for the core team developing reference architecture artifacts service design
48. ou can suc cessfully implement the tools you must establish the SOA processes policies and enforcement mechanisms that support and enable SOA c01_1 07 08 2008 32 32 THE SOA GOVERNANCE IMPERATIVE success Separate the process of governing SOA from the supporting technology and tools Do not buy any SOA technology or tools and ex pect to solve your SOA governance needs This simply is not possible Govern the right things SOA governance means establishing roles and responsibilities for many things such as funding and budgeting services ownership and portfolio management and software develop ment lifecycle governance However as you begin to establish SOA governance focus on two or three critical areas that you must get control of first Some areas to consider first include EA processes service design standards service interoperability standards and establishing clear ac countability for various types of services Focus on areas where you are weak and need to assert SOA governance and policy enforcement Expect changes to your current governance processes SOA governance impacts your current business and IT governance processes as well as your current enterprise architecture processes In our experience imple menting SOA governance properly almost always involves slight to major organizational changes You can implement SOA governance in phases to more gradually adjust to the governance demands of SOA However ge
49. overnance Transparency oversight and conformance to corporate policies and support for key corporate decisions by the board of directors c01_1 07 08 2008 10 10 THE SOA GOVERNANCE IMPERATIVE IT Governance Transparency and oversight for IT funding actual IT spending and input into key IT decisions Architecture Governance Oversight and conformance to the enterprise architecture EA standards and policies of the organization as well as input into key enterprise architecture EA decisions SOA Governance Definition execution and oversight of an SOA busi ness and technology strategy along with ensuring technical oversight interoperability and enforcement of technical policies for the architec ture and services that comprise the SOA Services Software Development Lifecycle SDLC Governance Gover nance of services from concept to requirements design construction quality assurance and testing publishing registration consumption composition orchestration provisioning management maintenance deprecation and retirement Lifecycle governance often is broken into design time governance and runtime governance separated by quality assurance and testing service registration and publishing Program Governance Oversight of major programs projects and ini tiatives from a cost schedule and performance perspective often per formed by a program management office PMO process We could add data governanc
50. overnance and SOA governance in particular Therefore we will augment the complex and detailed SOA governance definition above with a more simple and elegant definition SOA governance is doing the right SOA things the right way for the SOA stakeholders Let us break this definition down a bit more There are three fundamen tal elements to this definition of SOA governance 1 Do the right SOA things 2 Do the right SOA things the right way and 3 Do the right SOA things the right way for the SOA stakeholders This definition can thus be expanded as follows SOA governance is the definition implementation and ongoing ex ecution of an SOA stakeholder decision model and accountability framework that ensures an organization is pursing an appropriate SOA strategy aligned with business goals and is executing that strategy in accordance with guidelines and constraints defined by a body of SOA principles and policies SOA policies are enforced via c01_1 07 08 2008 8 8 THE SOA GOVERNANCE IMPERATIVE a policy enforcement model which is realized in the form of vari ous policy enforcement mechanisms such as governance boards and committees governance processes checkpoints and reviews and governance enabling technology and tools This SOA governance definition will be used for the remainder of this book Weill and Ross emphasize the allocation of decision rights in their book on IT governance which is really the process of dec
51. r informal governance to explicit policy driven governance When you c01_1 07 08 2008 33 Common SOA Governance Mistakes 33 begin enforcing policies using clear transparent and enforceable poli cies it will seem like you are over governing You are and you must in order to assert control over key SOA activities You must remember to temper this by focusing on critical SOA governance concerns e g SOA Reference Architecture services design standards implementation pat terns Over time SOA governance policies and expectations will not be new and thus you will be able to remove some governance processes as SOA governance becomes part of the fabric and culture of your enter prise This will take a few years In the meantime be prepared to over govern Staff boards with rising stars One way to gain support for SOA gover nance is to send a clear message that it is crucial for the organization The importance of SOA governance can be demonstrated by appointing senior executives to the initial governance boards and by selecting cor porate rising stars to participate as well The worst thing your organiza tion can do is staff governance boards with marginal performers who do not have anything better to do SOA governance is an essential aspect of SOA to get right Do not cut corners on establishing clear policies that align with business and IT goals and your SOA strategy Think of this as your SOA operating system you m
52. s executives Weill and Ross provide a compelling and simplified overview of IT gov ernance and some of the fundamental decisions that must be made by whom in order to drive better IT and business performance However IT governance requires a deeper level of analysis than Weill and Ross provide and SOA governance goes far deeper as we will see Weill and Ross provide an excellent basis for the key IT decisions that must be made and describe various organizational models to help allocate IT decision rights to the enterprise stakeholders However they fall short in providing details of how IT policies and decisions are enforced across various processes e g software development lifecycles architecture gover nance processes strategic planning and execution processes etc Further more they do not develop the concept of policy or a corresponding policy enforcement model for complete IT governance coverage vertically and hor izontally in an enterprise that integrates enabling technology governance processes and organizational constructs as a comprehensive governance policy enforcement model Their emphasis is placed on the organizational c01_1 07 08 2008 15 Who Are the SOA Stakeholders 15 model dimension of governance not on the total policy enforcement con text for IT policies As such it is an incomplete governance framework We will explore the many facets of SOA governance in the chapters that follow so that you wi
53. s to achieve a culture of SOA Be sure your SOA metrics and scorecards include organizational and individual metrics for success c01_1 07 08 2008 30 30 THE SOA GOVERNANCE IMPERATIVE Many organizations ignore corporate culture and behavior SOA how ever demands attention be paid to incentives for appropriate behavior and conformance to the architecture Be creative and be bold Your current IT architecture is a behavioral artifact If you want to achieve SOA you must change behavior first and then architect forward SOA GOVERNANCE IMPLICATIONS SOA governance provides the key frameworks principles and poli cies for making appropriate decisions in an enterprise In order to achieve SOA success SOA governance must transition from a body of explicitly enforced policies to a fabric of culture norms and behav iors implicitly understood by the collective makeup of the organiza tion The outcome of good SOA governance is appropriate SOA behavior as defined by the SOA strategy and SOA governance model goals ACHIEVE THE RIGHT SOA RESULTS What are the right SOA results They are the goals and objectives you iden tified in your SOA strategy The right results are those that support your business and mission objectives Use metrics and SOA scorecards to track SOA value and results Demonstrate how SOA is helping your business con sumers achieve their goals and also ensure you are improving IT delivery as well Caution
54. sed interface that abstracts or hides its technical im plementation from the service consumers When consumers access the func tionality of a service they do so via its exposed interface using message based communications The service interface by virtue of its standards based construction offers a simple mechanism for service consumers to find or discover a service develop a client or access mechanism to the service and then begin consuming the service in support of a desired business out come The technical complexity of the implementation is hidden behind the service interface which enables a more simplified model for building ser vice based applications SOA offers many business and IT benefits to an organization From a business perspective the following SOA benefits are typically expected Business agility Reduced time to market Easier to do business with Reduced technology costs Right sized business model based on core and context can add or sub tract service providers easily From an IT perspective the following SOA benefits are often targeted Reduced software development costs Reduced software maintenance costs Reuse of services accelerates application delivery Reuse of services increases software quality Allows easier procurement of application software as services Allows faster IT response to business change Provides for graceful evolution of IT architecture which leads to low
55. simplification normally occurs when governance novices at tempt to derive an appropriate SOA governance model from the bottom up or from a partial or incomplete frame of reference For example if my experience is metadata repositories my governance process will cen ter on design time service governance If my experience and interest is EA my SOA governance processes will emphasize enterprise architec ture governance over other processes In most cases organizations have not devised a solid Services Development Lifecycle for the robust and re peatable development testing and implementation of services in the context of a SOA strategy The solution for this mistake is leveraging an SOA governance reference model to help identify and map key gover nance processes identify gaps and then implement robust governance processes supported by appropriate tools and technologies Reduce Governance to an Event or Milestone versus a Sustaining Process A very common almost universal SOA governance mistake is c01_1 07 08 2008 36 THE SOA GOVERNANCE IMPERATIVE the assumption that SOA governance is an event or a milestone Once we implement SOA governance we re all set SOA governance is not an event a one and done kind of activity Rather it is an ongoing sustained process of reviewing SOA and services on an ongoing basis SOA governance must be managed evolved measured and tuned based on the relative maturity and pro
56. t your processes organizational model and policy enforce ment model right first then consider implementing SOA governance tools Do not mistake governance with implementing governance boards This is the first and most common mistake we see in the field mistaking the implementation of governance boards for effective gover nance While some boards are going to be necessary to implement your SOA governance model the boards are just one of many governance mechanisms you have available in your SOA governance toolkit But if you begin with boards first before you know what you are trying to govern you will waste time and end up starting over Implement boards for the right reasons but only after you have a clear understanding of why you need them Boards do not equal governance Do not go overboard with boards Boards and committees are per fectly appropriate governance mechanisms but they are not the only ones Do not implement too many additional boards whether they are standing virtual or event triggered Attendance on boards requires a time commitment and too many boards virtual or otherwise will chew up a lot of preparation and participation time Any governance will feel like over governance initially When you first implement SOA governance it may feel like it is heavy handed to your organization It may feel as if the SOA police are here to stay This feeling is a natural result of transitioning from lack of governance o
57. takeholders of the SOA initiative very well but do not articu late the requirements of other business and IT stakeholders Another common tendency is to focus on higher level governance activ ities such as the service portfolio management or funding and budgeting processes too early when most organizations do not even have a portfo lio of services available to manage nor enough governance maturity to suc cessfully address these challenges Oftentimes focusing on governance basics will go a long ways toward enabling success with more challenging dimensions of governance We address this later Of course accompanying these are two other very interesting forces Too many stakeholders may be vying for control of governance or there may be complete apathy toward governance of any kind This dichotomy is very real depending on the culture and relative governance maturity of the organization as well as the political dynamics that may surround and affect all other factors We have seen both and the governance model im plementation roadmap must be structured to take into consideration both perspectives ADDRESSING SOA STAKEHOLDER BIASES Governance is essential to represent the needs of your stakeholders How ever you must realize that while all stakeholder perspectives are valid they must be balanced with the needs and requirements of the enterprise There are some natural SOA stakeholder biases to watch for as you begin formu lat
58. ten can be owing to the many valid stakeholder viewpoints in a SOA initiative In order to make sense of SOA governance there are a few dynamics to keep in mind All the stakeholders views are valid yet all are not as critical early on as they will be later c01_1 07 08 2008 38 THE SOA GOVERNANCE IMPERATIVE Representing all SOA stakeholders is difficult Assuaging them with SOA governance is more challenging Governance will not be fun or easy You will have to over govern in the short term This will be uncomfortable You will inevitably take decision rights away from some individuals and organizations while assigning them to others This transfer of au thority and control will anger people Deal with it IT governance is also extremely important based on the structure of the IT function in an organization The structure and organization of IT simi larly has a dramatic and direct effect on how SOA governance must be structured Notes a A 10 11 12 Ronald H Coase The Nature of the Firm Economica 4 1937 pp 386 405 Eric Marks and Michael Bell Service Oriented Architecture A Planning and Implementation Guide for Business and Technology John Wiley amp Sons 2006 Geoffrey Moore Living on the Fault Line Revised Edition Managing for Shareholder Value in Any Economy HarperCollins 2002 WebLayers Whitepaper SOA Governance 2005 p 9 Eric Marks and Michael Bell
59. the specific requirements of a given organization Agility Faster time to market Reduced software maintenance costs Faster application develop ment Reduced application development costs Reduced integration costs Be easier to do business with Software reuse We believe the SOA strategy must be business aligned and mapped to urgent fix it or else imperatives in your organization The following statements summarize what makes an SOA strategy right for your organization Business aligned maps to business and IT imperatives supports busi ness or mission goals Focuses on clear business or mission needs addresses desired business outcomes and has business sponsorship Targets appropriate SOA opportunities within a realistic time horizon using a SOA Opportunity Roadmap Leverages SOA where services add value make sense solve business problems or create new opportunities SOA is not the solution for every challenge you face m Has a business case associated with it but more importantly achieves clear business value SOA GOVERNANCE IMPLICATIONS A well conceived SOA strategy is essential so that SOA governance is aligned with and leads to the successful execution of the SOA strat egy The SOA strategy defines the right SOA things to focus on tar geted at key enterprise imperatives and sponsored at the executive level An SOA strategy and roadmap is essential You must have clear business goals and
60. though Do not let your SOA be reduced to a reuse project or get hijacked as a technology initiative Explicitly align your SOA initiative to support your business and mission objectives Consider the following suggestions to help you achieve the right SOA results Consider establishing a SOA Value Hypothesis to test the value you can achieve via a SOA in a number of controlled experiments Do not bet on a big bang model Implement SOA incrementally based on your de sired end state Work backward from your desired business end state and set clear in termediate goals for your SOA projects and initiatives Use a hypothe sis based approach to test assumptions and expected SOA results Estimate expected value and benefits from controlled SOA implementa tions and then adjust strategies and initiatives according to the results c01_1 07 08 2008 31 Establish the Right SOA Governance Model and Policies 31 Assiduously track your progress through clear metrics that prove SOA value and business value Use Big Hairy Audacious Value BHAV as the gauge of SOA success Be bold yet realistic with your SOA goals Do not settle for reuse as the end state and ultimate objective of your initiative There is much more enterprise value to be realized You just have to plan for it E Stay the course and work through difficult challenges Anything worth while takes sustained effort SOA takes work and SOA is worthwhile SOA GOVERNANCE IMP
61. tructure and tools and the SOA platform for service design quality assurance and testing and service runtime operations The SOA implementation pattern includes the implementation of the SOA platform and enabling technology as well as the SOA enabled services software development lifecycle SDLC that accommodates both service pro vider processes and service consumer processes of the enterprise The SOA implementation pattern enables business applications or capabilities to be assembled through the consumption of services provided through the SOA architecture and SOA implementation patterns The assembly of business applications from reusable services is how an organization realizes SOA val ue through services reuse integration avoidance agility through application assembly and rapid time to market and the many other benefits of SOA Although the definition is technically accurate SOA is far more than an architecture comprised of services SOA is an architectural approach and operating model predicated on the concept of reusable services or chunks of business logic or business processes that are shared by enterprise consumers Services are message invoked modules of business logic process c01_1 07 08 2008 4 4 THE SOA GOVERNANCE IMPERATIVE activities chunks of data that offer value to the enterprise through the shar ing and reuse of these modular services In an SOA services are exposed using a standards ba
62. ts in order to for it to deliver on its business and IT promises GOVERNANCE AND RESOURCE MANAGEMENT AND ALLOCATION Many people equate governance with management and allocation of re sources and assets such as financial and budgeting decisions human resour ces and physical assets Weill and Ross discuss governance of key categories of assets such as Human resources and personnel Financial assets c01_1 07 08 2008 9 Governance and Resource Management and Allocation 9 m Physical assets such as buildings property equipment and similar fixed assets E Intellectual property such as patents trademarks copyrights trade marks brands Information data and IT assets Relationship assets such as customer supplier and regulatory relationships In this sense then governance is essential where the allocation and management of critical corporate resources impacts corporate performance Decisions relating to the management of human resources have a direct bearing on organizational performance as well as legal and financial impli cations and thus human resources can fall under a governance process Cer tainly key executive hiring and firing decisions are made by subcommittees comprised of members of the board of directors and those decisions often fall under the Securities and Exchange Commission SEC reporting require ments for public companies The same can be said for financial manage ment physical ass
63. ust get it right COMMON SOA GOVERNANCE MISTAKES SOA governance is immature This relative immaturity of SOA leads natu rally to many mistakes in how organizations implement SOA governance These mistakes come in a variety of shapes and sizes depending on the ap proach to SOA governance As with any new technology trend software vendors rush their new tools to market to solve the problem usually ahead of an organization s ability to take full advantage of the tool The normal progression then is that the tool replaces the more appropriate focus on processes and outcomes Another SOA governance trend is the opportunistic repositioning of software tools as SOA governance solutions Web services management WSM tools are now runtime governance tools Metadata repositories are now design time SOA governance platforms And network routers and security appliances are now runtime governance policy enforcement solutions Regardless the overarching message here is simple Do not re duce SOA governance to a software tool and do not confuse opportunistic product repositioning as a true SOA governance solution c01_1 07 08 2008 34 34 THE SOA GOVERNANCE IMPERATIVE The following is a partial yet representative overview of common SOA governance mistakes we have seen in the short time SOA governance has been top of mind for IT executives See if your organization is guilty of any of these approaches Buy
64. y and authentication services logging and audit services and related technical components across all application development activities If you need to expose legacy mainframe functional ity as XML Web services these may impose a different set of Web services design conventions on your organization Bottom line Building your services the right way is subjective to your organization s requirements its SOA strategy and goals and what services add value to its business and customers However in all cases we urge you to leverage industry standards to build your services the right way which will ultimately help you solve integration challenges increase agility im prove data accuracy increase customer service and more Building services the right way is essential once you ve identified the right services SOA GOVERNANCE IMPLICATIONS Building services the right way refers to the design time SOA gover nance processes for applying industry standards internal design prin ciples and patterns ensuring conformance to EA and SOA enterprise architecture extensions In addition building services the right way relates to ensuring appropriate governance oversight as SOA projects proceed through your project delivery process or SOA Services Soft ware Development Lifecycle SDLC with appropriate quality assur ance and testing processes c01_1 07 08 2008 28 28 THE SOA GOVERNANCE IMPERATIVE GET YOUR SOA TOOLS PLATFORM RIGHT
Download Pdf Manuals
Related Search