robert schneider 10 strategies

1

Founding Sponsors

This Presentation Courtesy of the

International SOA Symposium

October 7-8, 2008 Amsterdam Arena

www.soasymposium.com

[email protected]

Gold Sponsors

Platinum Sponsors

Silver Sponsors

Copyright © SOA Systems Inc. (www.soasystems.com)

10 Strategies for Overcoming the Technological Impact of SOA Governance

SOA Systems Inc.

2


About the Book Series

www.soabooks.com

Five titles currently in

development for

release in 2009.

The Prentice Hall Service-Oriented Computing Series

is the top-selling SOA book series in the world.


About the SOA Certified

Professional Program

Industry-recognized certification

program for the following

designations:

• Certified SOA Architect

• Certified SOA Analyst

• Certified SOA Consultant

For more information:

• www.soacp.com

• www.soaschool.com

3


What are the Most Common

Governance Tools Today?

Most organizations use a hodgepodge of semi-

automated and manual techniques:

• Wikis

• Spreadsheets

• Emails

• Word-of-mouth

• None of the above


Why Have these Governance

Tools Been Successful?

Despite these primitive (or non-existent) tools, many organizations would describe them as successful.

Why?

• Small number of deployed Web services

• No overarching SOA vision

• Close-knit teams; limited federation needs

• Re-use and composition aren't a priority (yet)

• A governance-related crisis hasn’t arrived (yet)

4


What Happens Without Governance Technology?

Many organizations that fail to employ governancetechnology experience:

• Diminished service reuse

• Service proliferation and de-normalized inventories

• Run-time fire drills

• A perception that the SOA investment wasn’t worth the effort

Avoiding governance automation isn’t an option fororganizations truly implementing SOA.


3 Major Governance Lifecycle Phases

From a governance perspective, the service lifecyclecan be divided into three major phases:

• Design-time

• Testing and Quality Assurance

• Run-time

Each phase introduces unique governance processand technology requirements. The chosen governance solution needs to add value in everyphase.

5


Design-Time and Governance

During this phase, solid governance technology canhelp with:

• Metadata management

• Service discovery

• Service composition and modeling

• Disseminating organizational policies

Testing & Q/ADesign-time Run-time


Testing/QA and Governance


• Service unit validation & composition interaction

• Policy adoption

• Security compliance

• Service performance prediction


6


Run-time and Governance


• Service level agreements

• Version control

• Error reporting and management

• Performance monitoring



Strategy 1:

“Include governance

technology as part of your

overall SOA roadmap.”


7


“Include governance technology as part of your overall SOA roadmap.”

• Avoid the temptation to wait until you have “enough” services before thinking about governance.

• Delaying often means that you’ll need to incur additional effort, cost, and overhead.

• Retrofitting always takes longer than expected, and siphons off valuable resources.

• These added burdens can jeopardize the entire SOA initiative.


Strategy 2:

“Make sure your

governance platform is

agnostic with regard to

service development

technologies.”


8


“Make sure your governance platform is agnostic with regard to service development technologies.”

• At a minimum, services developed in Java and .NET should be supported.

• Avoid the religious wars; avoid painting yourself into a corner.

• If your governance platform only supports one style of development technologies, you’ll end up living with multiple governance software installations.

• When selecting a governance platform, many organizations struggle between selecting an open source solution vs. a proprietary product.


“Make sure your governance platform is agnostic with regard to service development technologies.”

Open source benefits:

• Less likely to experience vendor “lock-in”.

• Many enterprises have an “open source only” policy for infrastructure

software.

• Reduced financial outlay means IT organizations are more likely to

implement this kind of governance software.

Proprietary solutions benefits:

• Well-integrated with design, development, and management tools.

• One-stop shopping simplifies things, and yields a better “out of the

box” experience.

• To make things even better, some software vendors have delivered

their solutions as open source.

9


Strategy 3:

“Make sure your

governance platform is able

to support the full range of

service deployment

technologies.”



“Make sure your governance platform is able to support the full range of service deployment technologies.”

• Web services are not the only game in town.

• Your platform should be able to recognize and work with a broad range of services, including Web services, Java objects, CORBA, and other service implementations.

• Otherwise, you’ll only be governing a portion of your SOA implementation.

• Partial governance is not much better than no governance at all.

1

0


Strategy 4:

“Recognize the importance

of testing as part of your

overall SOA governance

responsibility.”



“Recognize the importance of testing as part of your overall SOA governance responsibility.”

• Integrate your chosen testing software into your overall governance environment.

• Your testing must go beyond individual services to include complex compositions of multiple services.

• Composition testing often requires significant performance-driven regression testing.

• It may be necessary to employ scoping or other monitoring technologies to determine true service interaction.

1

1


“Recognize the importance of testing as part of your overall SOA governance responsibility.”

For example, modern SOA testing software can

highlight the impact of contract changes:


Strategy 5:

“Collect important

governance-related metrics

and review them regularly.”


1

2


“Collect important governance-related metrics and review them regularly.”

• Modern governance platforms can capture

enormous amounts of statistical data.

• Gathering metrics isn't enough – you need to

take action on them.

• Strive for predictive, pro-active problem solving.

• Try to prevent issues before they occur.


Strategy 6:

“Track activity through

multiple IT resource layers.”


1

3


“Track activity through multiple IT resource layers.”

• SOA introduces additional moving parts into the mix.

• With all these potential points-of-failure, it’s natural that issues become more difficult to resolve.

• Users don't care where the problems initiate; they only want them solved (or prevented!)

• In many cases, the problem isn’t with the service but an underlying resource:

– Database

– Application server

– Object


“Track activity through multiple IT resource layers.”

For example, governance software can monitor SLA compliance regardless of where the core resources reside:

1

4


Strategy 7:

“Break down the barriers

between repositories and

registries.”



“Break down the barriers between repositories and registries.”

There's a great deal of confusion between these twotypes of product.

However:

• Both have a role to play in an effective SOA implementation.

• Both are active in design and run-time processes.

The next slides describe the typical usage patterns foreach product, followed by some convergence predictions.

1

5



Service registries answer these design-time questions:

• Where is the service?

• What is its purpose? (generally in brief)

Service registries answer these run-time questions:

• What is the service’s version?

• Where is the service’s contract?

• What policies are in effect for the service?



Service repositories answer these design-timequestions:

• What is its purpose? (generally in more detail)• What are the versions (including code) of the service?

Service repositories answer these run-time questions:

• Who’s been using the service?• What kind of responsiveness is the service providing?• What’s gone wrong with the service?

Vendors are actively combining registries and repositories.

1

6


Strategy 8:

“When selecting a

governance technology

product, write a formal

Request For Proposal (RFP).”



“When selecting a governance technology product, write a formal Request For Proposal (RFP).”

While potentially daunting, there are proven patterns

that you can leverage when making this important

decision:

• Know what you need; there is no substitute for homework and preparation.

• Try before you buy; pilot projects and proofs-of-concept are great for this.

• Follow the same discipline and processes that you did when selecting a database, application server, or other key infrastructure technology.

1

7


“When selecting a governance technology product, write a formal Request For Proposal (RFP).”

• Resist the temptation to employ a boilerplate RFP;

make sure it reflects your organization's needs.

• Alternately, have one written for you.

• If using a consultancy to help design and/or

implement your SOA, try to keep this separate from

the technology vendor.

• To get vendors to take your RFP seriously (and

respond accordingly), focus on quality, not quantity.


Strategy 9:

“Avoid tools that require

code modifications.”


1

8


“Avoid tools that require code modifications.”

• Certain products necessitate special headers,

configuration files, or other libraries to make

governance possible.

• This requires complete developer compliance in

order to work.

• These kinds of proprietary extensions can also

seriously damage your chances of being

vendor-agnostic.


Strategy 10:

“Make sure that the

governance tool fits into

your existing IT governance

landscape.”


1

9


“Make sure that the governance tool fits into your existing IT governance landscape.”

• Popular IT governance tools include Tivoli,

OpenView, Unicenter, and so on.

• Don’t force your IT organization to learn and

maintain completely different toolsets.

• Ideally, your governance tools should cleanly

integrate with other IT management platforms.

• Excessive complexity and training requirements

lessen the chance that governance software will be

used.


Q&A

SOA Systems Inc. www.soasystems.com

SOA Training www.soaschool.com

SOA Certification www.soacp.com

SOA Books www.soabooks.com

SOA Magazine www.soamag.com

SOA Patterns www.soapatterns.org

Updates [email protected]

Contact [email protected]

robert schneider 10 strategies

Technology

yetcopyright soa systems

governance platform

soa book series

youroverall soa roadmap

governance perspective

soa investment wasnt

entire soa initiative

solid governance technology