© 2008 ibm corporation soa sales enablement johannesburg 21 august 2008 soa governance: an overview...

© 2008 IBM Corporation

SOA Sales Enablement

Johannesburg 21 August 2008

SOA Governance: An Overview

Joe Ruthven

Business Development Manager, SOA

[email protected]


2 Johannesburg – 21 August 2008

What is Governance?

GovernanceThe establishment of chains of responsibility to empower people, measurement to gauge effectiveness, policies to

guide the organization to meet their goals, control mechanisms to ensure compliance, and communication

to keep all required parties informed

IT Governance

The application of governance to an IT organization, its people, processes, and information to guide the way those

assets support the needs of the business.

SOA GovernanceA specialization of IT Governance that puts key IT

Governance decisions within the context of the lifecycle of service components, services, and business processes. It is

the effective management of this lifecycle that is the key goal of SOA Governance.



Why SOA Governance matters

The promise of SOAA pile of services

Without governance With governance

"Without solid architecture and

governance in place SOA is basically a waste of

time.”- Redmonk

"SOA Governance is most important. We need to

settle it before we go into the implementation

phase." - Mitsui-Soko Co

SOA will not deliver long-term benefits to

enterprises without effective Governance

- Sagatuck



When Do I Need SOA Governance?

When the organization reaches the stage where they would like to begin wide spread adoption of SOA, issues arise that demonstrate the need for a governance framework tuned and modified for SOA

Many customers start their SOA journey by building a Many customers start their SOA journey by building a proof of proof of conceptconcept or embark on a small or embark on a small pilot projectpilot project..

The objective is to demonstrate that the technology can be The objective is to demonstrate that the technology can be successfully used by the organization to build an SOA application.successfully used by the organization to build an SOA application.



Currency conversion service

Accounting department

App. 1 App. 2

1. Provide acurrency service that fills a specific line of business (LOB)

A scenario on the importance of SOA governance – step 1

* Scenario from Introduction to SOA Governance, Bobby Woolf.





App. 1 App. 2

Orderfulfillment

Sales

Purchasing

Legal

2. Other LOBs start using the service




Johannesburg – 21 August 2008

Reuse





App. 1 App. 2

3. LOBs increase use of services / quality suffers




Orderfulfillment

Sales

Purchasing

Legal



Overload ?





App. 1 App. 2

3. LOBs increase use of services /

quality suffers




Orderfulfillment

Sales

Purchasing

Legal

x

x

x

x

x x



QoS



4. Service is fixed at

provider’s expense



App. 1 App. 2


quality suffers




Orderfulfillment

Sales

Purchasing

Legal







App. 1 App. 2


quality suffers




Orderfulfillment

Sales

Purchasing

Legal

x

x

x

x

x x

5. Fix works temporarily but problem

reappears







App. 1 App. 2


quality suffers




Orderfulfillment

Sales

Purchasing

Legal

5. Fix works temporarily but problem

reappears

x

x

x

xx x

6. Maintenance costs soar / provider

ends service



SOA Governance Factors to Consider

1. Garner C-level backing across the board

2. Engage the business and drive business value

3. Establish an SOA funding model for the long term

4. An enterprise architecture facilitates initial establishment of SOA governance

5. Commit to roles, responsibilities and resources

6. Get the message out

7. Be ready for SOA



Defining SOA Governance Approach –What issues are we addressing?

Who decides what shared services are needed and in which areas of the business they should be deployed?How will SOA development, execution, and maintenance of shared services be funded?How do we ensure that SOA projects remain aligned with business goals and deliver the expected business results?How do we bridge the fact that various organizations have their own objectives and that there are not always common goals?



Define the Governance Approach Define/modify governance processes Design policies and enforcement mechanisms Identify success factors, metrics Identify owners and funding model Charter/refine SOA Center of Excellence Design governance IT infrastructure

Monitor and Manage the Governance Processes Monitor compliance with policies Monitor compliance with governance

arrangements Monitor IT effectiveness metrics

Enable the Governance Model Incrementally Deploy governance mechanisms Deploy governance IT infrastructure Educate and deploy on expected behaviors

and practices Deploy policies

Plan the Governance Need Document and validate business strategy

for SOA Assess current IT and SOA capabilities Define/Refine SOA vision and strategy Review current Governance

capabilities and arrangements Layout governance plan

SOA Governance Lifecycle



SOA Governance encompasses 14 critical processes across the service lifecycle

Service PlanningService

PlanningService

ModelingService

ModelingService

ImplementationService

ImplementationService

ManagementService

Management

Assemble Services

Deploy Services

Test Services

Design Services

Manage Service Levels

Manage Service Security

Manage Service Change

Manage Quality of Service

Specify Services

Realize Services

Identify Services

Identify Service Owners

Define Service Focus

Feedback Loop

Define Service Funding

SOA Governance Board (C)

Executive Steering Committee (A)

SOA Governance Board Director (C)

LOB (Business & IT Steering Committees)

Stakeholders (B)

Business Service Analyst (C)

Project Managers (D)

Information Data Modelers (D)

Service Testers (D)

Service Assemblers (D)

Service Registrar (D)

SOA Governance Executive Sponsor (C)

SOA Governance Core

Business Service Champion(Member of SOA Governance Advisory Group) (C)

PMC (C)

Service Architects(Chief will be member of

SOA Governance Advisory Group) (D)

Service Designer/ Developer (D)

Business Liaison Director (BLD)

A Business/IT Executive Level Management – Direct Reports to CEO

B Predominately Business Exec/Sr Level Management

C Predominately Business composition, IT participant with superior LOB process/business knowledge, recognized by the business

D Predominately IT composition, Business participation with superi or IT conceptual/operational propensity

…performed by Boards and Roles

…guided by Policies, Procedures, Standards

…monitored by Metrics

…supported by Tools



Services must be compliant with the existing reference architecture

Services must be compliant with the existing reference architecture

Services should have a different response time based on the access method

Services should have a different response time based on the access method

Policies and Metrics

Services should be reused instead of created whenever possible

Services should be reused instead of created whenever possible11

22

33

Policy

% reused services

response time

Other Examples of Metrics:– # of services identified by Domain Decomposition (top-down)

– # of services identified by Goal-Service Modeling

– # of candidate services

– Time to complete design (high-level and low-level design)

Metric

# changes

And trace them to Business Goals

SGMM Process

Service Design

Service Deployment

Service Architecture



Center of Excellence (CoE) Role and Mission Makes SOA success Someone's Responsibility

Socialize Architecture

Communicate framework, best practices, assets, patterns,

templates, recipes, methods and other blueprints

Provide Project Support

Provide direct project assistance to drive architecture and gain

feedback on vitality & viability and harvest assets

Provides Skills Transfer & Early Proof of

ConceptsIdentify skills gaps and create

development roadmaps Drive use of new technologies

Provide Architecture Vitality & Thought

LeadershipContinuously assess, refine and

architecture framework and supporting assets based on

internal & external influences

Promotes Asset Adoption

Manage service, service component, pattern, data re-

use processes to reduce project risk and accelerate

delivery

Conduct Architecture Reviews

Perform independent design and architecture reviews for key

applications

Provides Best Practice Policy & Procedures

Provide expert resources to accelerate delivery of critical

architecture practices

Production Support

Enable infrastructure teams toexecute on build/deploy,

tuning, and metrics reporting

Center of Excellence



Governance at Design time - What issues are we addressing?How do I enforce established SOA governance policies and procedures throughout the service delivery lifecycle?How do I maintain and secure services assets while encouraging reuse?How can I improve my ability to deliver high-quality services and composite applications quickly and efficiently?How do I make sure that the applications I create and assemble do what the business wants them to do?How do I support a geographically disbursed team and maintain control? How do I know how my software assets are being used? What cost savings are there?How can I make sure that my developers have the right, high quality asset easily available?How do I prescribe and enforce the use of certain architectural standards?How do I link my project portfolio to my software assets and architecture?How do I control what projects can create new or access existing service assets? How do I know what assets in my environment use which services?How do I ensure alignment with architecture, standards and business goals?



Governance at Run time - What are the issues are?

"Wild West" or “Rogue” Services: EXTREMELY DIFFICULT TO GAIN CONTROL OVER Services proliferate wildly because no formal service-definition process is in place Nobody knows how many services are in place, where they are or what they do Need to reconcile registered vs. deployed services (e.g. “rogue” services) No leverage and no reuse – defeats a major benefit of SOA

"Duplicated” Services: SUPERFICIALLY EFFECTIVE BUT LIMITED REAL SAVINGS Too large and contain services often duplicated twice or more Duplicated Web Services must be identified Rewarding mechanisms for reusing and creating reusable services is vague Little reuse while maintenance costs multiply, much higher than needed

"Shelfware” Services: A WASTE OF RESOURCE, WON’T DELIVER BENEFITS Few applications actually use the Public services. Most applications remain as they are Approved and deployed services have not been used. Need to report on unused Web services to limit shelf-ware. IT organization does not have information on usage of deployed services. No way to visualize what services are running. Reuse is a promise that's never kept

Unsecure Services: LIMITS SERVICE USE AND BUSINESS OPPORTUNITIES Services are not used internally because they cannot be trusted Security threats from external access. Cannot open up services to customers, partners, and suppliers due to lack of security. Service usage is cumbersome due to multiple Authentication and Authorization systems needed to give partners access Risk of security breaches, No leverage and no reuse of services

Rigid Services: ROADBLOCK TO AGILE, FLEXIBLE BUSINESS PROCESSES No automatic selection of service providers based on rules. Business rules are hard-coded in applications and services—difficult and expensive to change SOA cannot respond in real time to service problems—services are not reliable Need to be able to dynamically determine service to use based on observed qualities of service (QoS) Need to be able to dynamically determine service to use based on message content or version Promise of reduced maintenance costs with SOA is not realized, No leverage and no reuse of services

Ineffective Service Management: SERVICES MUST BE MANAGED AS RESOURCES Poor performance of service endpoints; SLAs not respected Production disruption when changing service versions or adding / removing service endpoints Services must be managed as any other resource. Web services must be monitored and issues mediated. Web service failures can affect many business applications and processes



IBM tool support for SOA Governance

Define the GovernanceApproach

Rational Method ComposerRational RequisiteProRational Portfolio ManagerWebSphere Business Modeler

Establish theGovernance Need

Rational Method ComposerRational Portfolio Manager

Deploy the GovernanceModel Incrementally

Rational Software Delivery PlatformRational Change ManagementRational Asset ManagerWebSphere Service Registry and Repository

Monitor and Manage the Governance Processes

Rational Portfolio ManagerTivoli Composite Application Manager for SOAWebSphere Business Monitor



Development-time Deployed / Run-time

Federated Search & Publish

ClearQuestClearQuest

ClearCaseClearCase Software

Architect

SoftwareArchitect Generic Client

(.Net or other)

Generic Client(.Net or other)

Bridge Development and Runtime Services with RAM and WSRR

Service traceability to versioned assets and referenced artifacts

Asset based development change, notification and review process

Ensures services are developed consistently & in compliance with architecture

CICSCICS Datapower

Business Services Fabric,

ITCAM for SOA

DatapowerBusiness Services

Fabric,ITCAM for SOA

WebSphere ESB,

Message Broker,

Process Server

WebSphere ESB,

Message Broker,

Process Server

Mediations based on WSRR Lookup for dynamic endpoint selection and binding

Any CICS Web services provider program publish & read capability

Web services client can publish and search

Not every deployed service is a reusable asset and not every reusable asset is a deployed service

Publish Find Enrich GovernManage

WebSphere Service Registry and Repository

Optimized service metadata access on WSRR Lookup for dynamic endpoint selection and binding

Define Search/Retrieve

Create/Modify

GovernMeasure

Rational Asset Manager



Summary•Governance is a critical success factor for your customer’s journey to SOA. You need to focus on this to ensure success for your customer and for you.

•Lack of working governance mechanisms in midsize-to-large (greater than 50 services) post-pilot projects will be the most common reason for project failure (0.8 probability). (Gartner)

•Governance isn't optional- it's imperative. Without it, ROI will be low and every project out of pilot phase will be at risk. (Gartner)

•Professional investors are willing to pay premiums of 18-26% for stock in firms with high governance. (McKinsey Quarterly)

•Winning Governance puts you in trusted advisor status. This is one of the critical sales to win to ensure follow on sales.

•Governance solutions include a combination of Service engagements and software tools. This is a combination that works to IBM’s advantage. Position IBM as the complete solution provider and our competitors as providing only a partial solution.

•We suggest including aspects of Governance in every SOA deal.

© 2008 ibm corporation soa sales enablement johannesburg 21 august 2008 soa governance: an overview...

Documents