SOA governance

Service-Oriented Architecture (SOA) governance is a concept used for activities related to exercising control over services in a SOA. It is an emerging concept used to address management issues that are caused by the loose coupling of services in a SOA. SOA governance can be seen as an overlay on IT governance, but often has a more organizational focus than IT governance when services represent business activities.

The definitions of SOA governance agree in its purpose of exercising control, but differ in the focus they assign to it. Some narrow definitions focus on imposing policies and monitoring services, while other definitions use a broader business-oriented perspective. [Webmethods] defines SOA governance as “the art and discipline of managing outcomes consistent with measurable preconditions and expectations through structured relationships, procedures and policies applied to the organization and utilization of distributed capabilities that may be under the control of different ownership domains.” ^[1]

Some of the most noticeable topics for SOA governance are:

• Managing the portfolio of services: planning development of new services and updating current services
• Managing the service lifecycle: meant to ensure that updates of services do not disturb current service consumers
• Using policies to restrict behavior: rules can be created that all services need to apply to, to ensure consistency of services
• Establish performance monitoring of services: because of service composition, the consequences of service downtime or underperformance can be severe. By monitoring service performance and availability, action can be taken instantly when a problem occurs.

Portfolio management is about identifying candidate services and selecting the optimal set of services to be developed. Just like in investment management it pursues a balanced set of services that vary in their characteristics. It involves the selection procedure for investments in service development and specifies how to prioritize the selected services. By planning services efficiently, the maximum benefit can be achieved for the investment made.

Lifecycle management for services supports the development of the service from its design to its deployment. The development of services can be governed through design policies – requirements one the standards and conventions used to develop the service. Registry and repository tools offer support for service lifecycle management. A ‘’registry’’ is an environment in which references to services are stored. It allows potential consumers to discover services and retrieve a metadata to find out their characteristics. Registries support SOA governance because they can impose criteria before services are published in it. The ‘’repository’’ is a storage tool for information related to a SOA. Repositories can record different versions of a service, service metadata, contracts and policies. Some repositories also offer the possibility to perform impact analysis for service changes. However, the distinction between these two tools is fading. Most vendors offer combined registry/repository products, although some vendors remain focused on either one of the products.

Policies are rules that are used to express expectations of a service. The purpose of policies is to make the services in a SOA consistent so that consumers know what to expect. Enforcement of policies in a SOA can be done through message brokers or B2B gateways. Some middleware products such as enterprise service busses have evolved to support web services and pass XML messages between services. These tools can be used to enforce policies by validating all message traffic between services.

SOA governance requires monitoring to find operational issues in a SOA. Based on service-level agreements, the performance of a service in a SOA can be evaluated. Monitoring SOA performance is important because of the composition of services – one service may forward tasks to several other services. When one service fails or responds slowly, it drags down the performance of the entire business service. Reports on the quality of service should be kept to get an overview of overall performance in the SOA. For vital services warnings can be added that inform stakeholders immediately of malfunctioning services.

The following tools support SOA governance activities:

• Tools with registry functions:
  • SOAStore(from SOAMatrix Software)
  • Systinet (from Mercury/HP)
  • Websphere from IBM.
  • X-Registry (from WebMethods/Software AG)
  • Workbench (SOA Software)
• Tools with repository functions
  • SOAStore (from SOAMatrix Software)
  • Aqualogic (from BEA systems)
  • WebSphere (IBM)
  • Centrasite (from Software AG/WebMethods)
  • Logidex (LogicLibrary)
  • Workbench (SOA Software)
• SOA message brokers / policy enforcement
  • Fusion (Oracle)
  • Websphere (IBM)
  • TIBCO
  • Center (WebLayers)
• Monitoring tools
  • SOAMatrix Software
  • AmberPoint
  • Aqualogic (BEA systems)
  • Actional (Progess Software)

Also check the List of SOA related products

Webmethods (2006). "SOA Governance: enabling sustainable success with SOA:…" (PDF). Retrieved 2007-06-14. {{cite journal}}: Cite journal requires |journal= (help)

Afshar, Mohamad. "Keys to successful governance with SOA". Retrieved 2007-06-14.

IBM. "SOA governance lifecycle". Retrieved 2007-06-15.