SOA governance: Difference between revisions
Content deleted Content added
Removing link(s) to "Governance Interoperability Framework": Removing links to deleted page Governance Interoperability Framework. |
|||
| (109 intermediate revisions by 64 users not shown) | |||
| Line 1: | Line 1: | ||
{{Refimprove|date=January 2008}} |
|||
[[Service-Oriented Architecture]] (SOA) [[governance]] is a concept used for activities related to exercising control over services in a SOA. It is an emerging concept used to address management issues that are caused by the [[loose coupling]] of services in a SOA. SOA governance can be seen as an overlay on [[IT governance]], but often has a more organizational focus than IT governance when services represent business activities. |
|||
{{Governance}} |
|||
'''SOA Governance''' is a set of processes used for activities related to exercising control over services in a [[service-oriented architecture]] (SOA). One viewpoint, from IBM <ref>IBM SOA pages, [http://www-01.ibm.com/software/solutions/soa/gov/ Definition of SOA Governance]</ref> and others, is that SOA governance is an extension (subset) of [[IT governance]] which itself is an extension of [[corporate governance]]. The implicit assumption in this view is that services created using SOA are just one more type of IT asset in need of governance, with the corollary that SOA governance does not apply to IT assets that are "not SOA". A contrasting viewpoint, expressed by blogger Dave Oliver <ref>Dave Oliver's Blog, [http://geekswithblogs.net/SabotsShell/archive/2007/02/04/105428.aspx What is SOA Governance?]</ref> and others, is that service orientation provides a broad organising principle for all aspects of IT in an organisation — including IT governance. Hence SOA governance is nothing but IT governance informed by SOA principles. |
|||
The focus of SOA governance is on those resources to deliver value to the business.<!-- what other ones are there? --> SOA systems require IT support processes as well as organizational processes that will also involve the business leaders. SOA needs a solid foundation that is based on standards and includes policies, contracts, and service level agreements. The IT community is expected to use services to quickly automate new and changing business processes. To do so, services should be produced with several design qualities, such as composability, loose-coupling, autonomy, data representation standardization. In addition, a SOA governance infrastructure should be in place to support the service delivery life-cycle, which includes a registry of services to enable service discovery. Consequently, SOA increases the need for [[good governance]] as it will help assign decision-making authorities, roles, and responsibilities and bring focus to the organizational capabilities needed to be successful. |
|||
== Definition == |
== Definition == |
||
The definitions of SOA governance agree in its purpose of exercising control, but differ in the |
The definitions of SOA governance agree in its purpose of exercising control, but differ in the responsibilities it should have. Some narrow definitions focus on imposing policies and monitoring services, while other definitions use a broader business-oriented perspective. |
||
[Webmethods] defines SOA governance as “the art and discipline of managing outcomes consistent with measurable preconditions and expectations through structured relationships, procedures and policies applied to the organization and utilization of distributed capabilities that may be under the control of different ownership domains.” |
|||
<ref>Rich Seeley [http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci1222922,00.html SOA governance defined], 11 October 2007</ref> |
|||
Some of the most noticeable topics for SOA governance are: |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
== Portfolio management of services == |
|||
Portfolio management is about identifying candidate services and selecting the optimal set of services to be developed. Just like in [[investment management]] it pursues a balanced set of services that vary in their characteristics. It involves the selection procedure for investments in service development and specifies how to prioritize the selected services. By planning services efficiently, the maximum benefit can be achieved for the investment made. |
|||
Anne Thomas Manes defines governance as: “The processes that an enterprise puts in place to ensure that things are done [...] in accordance with best practices, architectural principles, government regulations, laws, and other determining factors. SOA governance refers to the processes used to govern adoption and implementation of SOA.” |
|||
== Service lifecycle == |
|||
<ref>Anne Thomas Manes, [http://www.intelligententerprise.com/showArticle.jhtml?articleID=164301126&pgno=3 The Elephant Has Left The Building], 1 July 2005</ref> |
|||
Lifecycle management for services supports the development of the service from its design to its deployment. The development of services can be governed through design policies – requirements one the standards and conventions used to develop the service. |
|||
Registry and repository tools offer support for service lifecycle management. A ‘’registry’’ is an environment in which references to services are stored. It allows potential consumers to discover services and retrieve a metadata to find out their characteristics. Registries support SOA governance because they can impose criteria before services are published in it. The ‘’repository’’ is a storage tool for information related to a SOA. Repositories can record different versions of a service, service metadata, contracts and policies. Some repositories also offer the possibility to perform impact analysis for service changes. However, the distinction between these two tools is fading. Most vendors offer combined registry/repository products, although some vendors remain focused on either one of the products. |
|||
The specific focus of SOA governance is on the development of services that add value to the business, effective SOA governance must cover the people, processes, and technologies involved in the entire SOA life cycle from business point of view and connectivity and reuse from IT point of view, thus aligning business with IT. |
|||
| ⚫ | |||
Policies are rules that are used to express expectations of a service. The purpose of policies is to make the services in a SOA consistent so that consumers know what to expect. |
|||
Enforcement of policies in a SOA can be done through message brokers or [[B2B_Gateway|B2B gateways]]. Some middleware products such as [[Enterprise_service_bus|enterprise service busses]] have evolved to support web services and pass XML messages between services. These tools can be used to enforce policies by validating all message traffic between services. |
|||
To quote Anne Thomas Manes again: “SOA is about behavior, not something you build or buy. You have to change behavior to make it effective.” |
|||
== Monitoring == |
|||
<ref>Philip J. Windley, [http://akamai.infoworld.com/pdf/special_report/2006/04SRsoagov.pdf SOA Governance: Rules of the Game] {{webarchive|url=https://web.archive.org/web/20080724200254/http://akamai.infoworld.com/pdf/special_report/2006/04SRsoagov.pdf |date=2008-07-24 }}, InfoWorld.com, 23 January 2006</ref> |
|||
SOA governance requires monitoring to find operational issues in a SOA. Based on [[Service_Level_Agreement|service-level agreements]], the performance of a service in a SOA can be evaluated. Monitoring SOA performance is important because of the [[Composite_application|composition]] of services – one service may forward tasks to several other services. When one service fails or responds slowly, it drags down the performance of the entire business service. |
|||
Reports on the quality of service should be kept to get an overview of overall performance in the SOA. For vital services warnings can be added that inform stakeholders immediately of malfunctioning services. |
|||
[[Gartner]] defines SOA Governance as “Ensuring and validating that assets and artifacts within the architecture are acting as expected and maintaining a certain level of quality.” <ref>Gartner, Magic Quadrant for SOA Governance, 2007</ref> |
|||
== Tools == |
|||
The following tools support SOA governance activities: |
|||
* Tools with registry functions: |
|||
** Aqualogic Service Registry (from [[BEA_Systems|BEA systems]]) |
|||
** SOAStore(from [[SOAMatrix Software]]) |
|||
** Systinet (from [[Mercury_Interactive|Mercury]]/[[HP]]) |
|||
** Websphere from [[IBM]]. |
|||
** X-Registry (from [[WebMethods]]/[[Software AG]]) |
|||
** Workbench ([[SOA Software]]) |
|||
* Tools with repository functions |
|||
** SOAStore (from [[SOAMatrix Software]]) |
|||
** Aqualogic Enterprise Repository (from [[BEA_Systems|BEA systems]]) |
|||
** WebSphere ([[IBM]]) |
|||
** Centrasite (from [[Software AG]]/[[WebMethods]]) |
|||
** Logidex (LogicLibrary) |
|||
** Workbench ([[SOA Software]]) |
|||
* SOA message brokers / policy enforcement |
|||
** Aqualogic (from [[BEA_Systems|BEA systems]]) |
|||
** Fusion ([[Oracle]]) |
|||
** Websphere ([[IBM]]) |
|||
** [[TIBCO]] |
|||
** Center ([[WebLayers]]) |
|||
* Monitoring tools |
|||
** [[SOAMatrix Software]] |
|||
** [[AmberPoint]] |
|||
** Aqualogic ([[BEA_Systems|BEA systems]]) |
|||
** Actional ([[Progress_Software|Progess Software]]) |
|||
Also check the [[List of SOA related products]] |
|||
[[ISO 38500]] describes a framework with six guiding principles for corporate governance of information technology and a model for directors to govern IT with three main tasks: evaluate, direct and control. ISO 38500 differentiates between "Governance", "Management" and "Control". |
|||
== External links == |
|||
{{cite paper |
|||
| author = Webmethods |
|||
| title = SOA Governance: enabling sustainable success with SOA:… |
|||
| date = 2006 |
|||
| url = http://www1.webmethods.com/PDF/whitepapers/SOA_Governance.pdf |
|||
| format = [[PDF]] |
|||
| accessdate = 2007-06-14 }} |
|||
| ⚫ | |||
{{cite web |
|||
Some typical governance issues that are likely to emerge in a SOA are: |
|||
| last = Afshar |
|||
* ''Delivering value to the stakeholders'': investments are expected to return a benefit to the stakeholders - this is equally true for SOA. |
|||
| first = Mohamad |
|||
* ''Compliance to standards or laws'': IT systems require auditing to prove their compliance to regulations like the [[Sarbanes–Oxley Act]]. In a SOA, service behavior is often unknown. |
|||
| title = Keys to successful governance with SOA |
|||
* ''Change management'': changing a service often has [[unforeseen consequence]]s as the service consumers are unknown to the service providers. This makes an impact analysis for changing a service more difficult than usual. |
|||
| url= http://www.ebizq.net/topics/soa/features/7680.html |
|||
* ''Ensuring quality of services'': The flexibility of SOA to add new services requires extra attention for the quality of these services. This concerns both the quality of design and the quality of service. As services often call upon other services, one malfunctioning service can cause damage in many applications. |
|||
| accessdate = 2007-06-14 }} |
|||
Some key activities that are often mentioned as being part of SOA governance are: |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
* Managing how and by whom services are used<ref>Wohl Associates, SOA Governance An IBM White Paper, October 2006 (http://www-01.ibm.com/software/solutions/soa/Amy_Wohl_SOA_Governance_Analyst_White_Paper.pdf)</ref> |
|||
==See also== |
|||
{{cite web |
|||
*Governance Interoperability Framework |
|||
| last = IBM |
|||
| title = SOA governance lifecycle |
|||
| url= http://www-306.ibm.com/software/solutions/soa/gov/lifecycle/ |
|||
| accessdate = 2007-06-15 }} |
|||
== References == |
== References == |
||
{{Reflist}} |
|||
<references /> |
|||
[[Category:Service-oriented (business computing)]] |
[[Category:Service-oriented (business computing)]] |
||
[[Category:Information technology governance]] |
|||
Latest revision as of 06:22, 10 October 2024
 | This article needs additional citations for verification. (January 2008) |
| Part of a series on |
| Governance |
|---|
SOA Governance is a set of processes used for activities related to exercising control over services in a service-oriented architecture (SOA). One viewpoint, from IBM [1] and others, is that SOA governance is an extension (subset) of IT governance which itself is an extension of corporate governance. The implicit assumption in this view is that services created using SOA are just one more type of IT asset in need of governance, with the corollary that SOA governance does not apply to IT assets that are "not SOA". A contrasting viewpoint, expressed by blogger Dave Oliver [2] and others, is that service orientation provides a broad organising principle for all aspects of IT in an organisation — including IT governance. Hence SOA governance is nothing but IT governance informed by SOA principles.
The focus of SOA governance is on those resources to deliver value to the business. SOA systems require IT support processes as well as organizational processes that will also involve the business leaders. SOA needs a solid foundation that is based on standards and includes policies, contracts, and service level agreements. The IT community is expected to use services to quickly automate new and changing business processes. To do so, services should be produced with several design qualities, such as composability, loose-coupling, autonomy, data representation standardization. In addition, a SOA governance infrastructure should be in place to support the service delivery life-cycle, which includes a registry of services to enable service discovery. Consequently, SOA increases the need for good governance as it will help assign decision-making authorities, roles, and responsibilities and bring focus to the organizational capabilities needed to be successful.
Definition
[edit]The definitions of SOA governance agree in its purpose of exercising control, but differ in the responsibilities it should have. Some narrow definitions focus on imposing policies and monitoring services, while other definitions use a broader business-oriented perspective.
Anne Thomas Manes defines governance as: “The processes that an enterprise puts in place to ensure that things are done [...] in accordance with best practices, architectural principles, government regulations, laws, and other determining factors. SOA governance refers to the processes used to govern adoption and implementation of SOA.” [3]
The specific focus of SOA governance is on the development of services that add value to the business, effective SOA governance must cover the people, processes, and technologies involved in the entire SOA life cycle from business point of view and connectivity and reuse from IT point of view, thus aligning business with IT.
To quote Anne Thomas Manes again: “SOA is about behavior, not something you build or buy. You have to change behavior to make it effective.” [4]
Gartner defines SOA Governance as “Ensuring and validating that assets and artifacts within the architecture are acting as expected and maintaining a certain level of quality.” [5]
ISO 38500 describes a framework with six guiding principles for corporate governance of information technology and a model for directors to govern IT with three main tasks: evaluate, direct and control. ISO 38500 differentiates between "Governance", "Management" and "Control".
Scope
[edit]Some typical governance issues that are likely to emerge in a SOA are:
- Delivering value to the stakeholders: investments are expected to return a benefit to the stakeholders - this is equally true for SOA.
- Compliance to standards or laws: IT systems require auditing to prove their compliance to regulations like the Sarbanes–Oxley Act. In a SOA, service behavior is often unknown.
- Change management: changing a service often has unforeseen consequences as the service consumers are unknown to the service providers. This makes an impact analysis for changing a service more difficult than usual.
- Ensuring quality of services: The flexibility of SOA to add new services requires extra attention for the quality of these services. This concerns both the quality of design and the quality of service. As services often call upon other services, one malfunctioning service can cause damage in many applications.
Some key activities that are often mentioned as being part of SOA governance are:
- Managing the portfolio of services: planning development of new services and updating current services
- Managing the service lifecycle: meant to ensure that updates of services do not disturb current service consumers
- Using policies to restrict behavior: rules can be created to which all services must conform, ensuring consistency of services
- Monitoring performance of services: because of service composition, the consequences of service downtime or underperformance can be severe. By monitoring service performance and availability, action can be taken instantly when a problem occurs.
- Managing how and by whom services are used[6]
See also
[edit]- Governance Interoperability Framework
References
[edit]- ^ IBM SOA pages, Definition of SOA Governance
- ^ Dave Oliver's Blog, What is SOA Governance?
- ^ Anne Thomas Manes, The Elephant Has Left The Building, 1 July 2005
- ^ Philip J. Windley, SOA Governance: Rules of the Game Archived 2008-07-24 at the Wayback Machine, InfoWorld.com, 23 January 2006
- ^ Gartner, Magic Quadrant for SOA Governance, 2007
- ^ Wohl Associates, SOA Governance An IBM White Paper, October 2006 (http://www-01.ibm.com/software/solutions/soa/Amy_Wohl_SOA_Governance_Analyst_White_Paper.pdf)