Strengthening SOA with ITSM

Uploaded on


  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. WHITE PAPER: ITIL GOVERNANCE FOR SOA Strengthening SOA with ® ITSM & ITIL Governance AUGUST 2008 Johnny Long S E N I O R A RC H I T ECT CA S E RV I C E S
  • 2. Table of Contents Executive Summary SECTION 1: CHALLENGE 2 Technology is Just the Top Layer of SOA Challenges SECTION 2: OPPORTUNITY 4 More Complete Realization of SOA with ITSM and ITIL SECTION 3: BENEFITS 5 Align Business and IT with ITI- Enabled SOA SECTION 4: CONCLUSIONS 7 SECTION 5: ABOUT THE AUTHOR 7 Copyright © 2008 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document “As Is” without warranty of any kind, including, without limitation, any implied warranties of merchantability or fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of such damages. ITIL® is a registered trademark and a registered community trademark of the UK Office of Government and Commerce (OGC) and is registered in the U.S. Patent and Trademark Office.
  • 3. Executive Summary Challenge Service-oriented architecture (SOA) has been, and continues to be, a much talked about topic in IT. Most early SOA conversations centered on implementation technologies but with some of that work completed, the talk has turned to management and governance of components that are built and delivered with an SOA approach. The delivery of services across a heterogeneous, distributed computing landscape is at the core of SOA. If these services are not delivered in alignment with business and IT priorities and processes, then SOA is just adding to a management burden that is already difficult to contain. Where and how are the software components deployed across the network? Where is the definition of this deployment? How is it maintained? What about the components themselves? What process is in place to avoid creation of redundant components, discovery, versioning and change management? Are they secure? How does an IT administrator know? These questions just scratch the surface. Management and governance developed and applied over the years to traditional business applications must be adapted to integrate with this new class of application assemblies. Opportunity What is at the core of both Information Technology Service Management (ITSM) and SOA? The answer is The delivery of services. While one focuses on the delivery of service oriented processes, enabled with the best practices prescribed in the Information Technology Infrastructure Library (ITIL), the other focuses on delivery of application logic as a service. And both were born out of the need to better align IT with the business — a topic that has been very much in the minds of CIOs and IT executives for many years. It would seem natural that an ITSM-oriented organization, following the best practices of ITIL, would be in a more advanced position by applying that orientation to their SOA management and governance. The opportunity at hand is to enable full realization of SOA benefits by strengthen- ing its implementation with ITIL best practices led governance. This strengthening of an SOA implementation will help ensure alignment with IT priorities, objectives and standards. Benefits For many years, the “Holy Grail” of application development methodologies has been one of component based development. This means that applications are developed from pre- built components that are available and discoverable from a component repository. An extension of this methodology is to provide these components as services, thus creating an SOA environment. The benefits that an SOA environment can provide are: simplification, flexibility, consistency, productivity, and ease-of-use brought about through service reuse. These benefits will help IT organizations implement process improvements that lead to better alignment of IT and business. WHITE PAPER: ITIL GOVERNANCE FOR SOA 1
  • 4. SECTION 1: CHALLENGE Technology Is Only the Top Layer of SOA Challenges A great deal of valuable work has been applied in pursuit of the service-based component application development paradigm, the most prevalent of which has led to the emergence of Web Services. This work has been laced with terms and technologies such as XML, WSDL, SOAP, ESB’s, etc., leading one to believe that SOA is all about technology. We all know that SOA is not technology, nor product, but rather an architecture; an architecture for design and delivery of reusable, encapsulated business logic into an environment ready for discovery and consumption by a composite application. Though top of mind, the rate at which SOA components have been making their way into production status has been rather slow. This leads one to believe that perhaps the technology enabling SOA is not enough. In fact, without proper governance of the software component’s design and development, and without management of the resulting component parts, the resulting situation can actually be harmful. Without attention applied to management and governance, is SOA really creating a more agile and responsive IT or just adding to a management burden that is already very difficult to contain? Management and governance methodologies, and operational processes and tools applied to the traditional IT environment have become very robust and mature. Standards and frameworks have emerged from organizations such as the Information Systems Audit and Control Association (ISACA) in the form of COBIT. The Control Objectives for Information and Related Technologies (COBIT) are specifically designed to provide best practices for IT governance. Additionally the United Kingdom’s Office of Government Commerce (OGC) published what has become known as the Information Technology Infrastructure Library (ITIL) set of best practices and processes for management. Mappings have recently been developed that relate these two frameworks together. Delving into the exact specifics of COBIT and the specifics of ITIL V2/V3, however, while valuable, is not the essence this paper. The basic message has nothing to do with the specifics of the COBIT standard, nor its mapping to ITIL. Rather, the message is that SOA is rich with technology and thus represents a dramatic shift in application design, development and deployment. As such, without an eye toward control, SOA can actually make matters more difficult. There is nothing specifically in COBIT or ITSM/ITIL that addresses SOA directly, or any other application development methodology for that matter. What is addressed, however, are processes vital to service delivery such as change management and configuration management. These processes address the core of what can break down with SOA-deployed component services if not attended to. If an organization has executed an ITSM/ITIL implementation, the disciplines gained through that exercise can be valuably applied to SOA deployment. For example, there is nothing within ITIL Change Management processes that specifically addresses the needs within an SOA deployment relating to change management. But is a change management process vital to a successful SOA deployment? The answer is a definite yes. If ITIL was used as a guide to implement a robust change management process, then the experience of that implementation could be helpful in the adaptation of SOA components to the process as well. 2 WHITE PAPER: ITIL GOVERNANCE FOR SOA
  • 5. Since SOA emerged from a technology-oriented implementation, issues have resulted from the diversity of the components and their platforms, the level of granularity and the resulting high level of complexity — not to mention the diversity and complexity of the implementation technology infrastructure itself. The specific tools used to manage and govern traditional applications do not handle the issues surrounding equivalent management and governance of SOA components. The concepts and disciplines underlying these tools and laid out under ITSM processes and ITIL best practices, however, offer a hopeful solution. The consistency, predictability and repeatability brought about by these disciplines can solidify and strengthen the applicability and usage of SOA-designed and delivered application components. IT governance policies have been put into place in many organizations to guide alignment to standards across the many facets of operation. One of the domains of IT governance is service management. ITSM and ITIL best practices best practices are both specifically oriented to put into place an environment for delivery of managed, quality services. The following are essential requirements from the perspective of SOA governance and management: COMPLIANCE TO STANDARDS WITHIN ITS INTERFACE AND DISCOVERY requires that the service component interfaces must be designed and implemented in a manner consistent and standardized with the rest of the IT and SOA environment. SECURITY AND EXPOSURE means that consideration must be given as to whether the service is private or public, and that the service must properly ensure the authorization and accessibility rules. QUALITY OF CHANGE AND RELEASE MANAGEMENT is crucial because the dynamic business environment forces a high degree of change. The components must be built in such a way as to comply with processes in place to ensure quality, reliability and consistency within change and release management. REUSABILITY MANAGEMENT requires control of service definitions and governance applied to the implementation of potentially redundant services with conflicting interfaces. AUDITABILITY is required to prove compliance as IT systems today must comply with some associated set of regulations. AVAILABILITY AND PERFORMANCE is key, so processes and tools are needed to monitor the status, availability and performance of the services and the rapid restoration of availability of services. SERVICE LEVEL AGREEMENTS must be established between service providers and consumers. WHITE PAPER: ITIL GOVERNANCE FOR SOA 3
  • 6. SECTION 2 OPPORTUNITY More Complete Realization of SOA with ITSM and ITIL Certainly the aspects of SOA governance and management mentioned above do not tell the whole story. Suffice it to say that the topic of SOA governance and management is broad, deep and multifaceted. There is the service design, where service components are developed in terms of architecture, technology and within the context of business processes. Processes are developed with regard to service catalog management, continuity, security, service levels and more. Typically, there is also the service strategy that characterizes the business value of the service. The service portfolio and ownership must be managed with a financial model that justifies the delivery and maintenance of the service. Transitioning the service between design and strategy includes processes like configuration management, change management, planning and release control. Finally, service operation has to be governed with focus on service availability, restoration of not only the service itself, but additionally, the discovery mechanism, which is itself a service. This entails incident management, problem management and identity and access control. Discovery is a key success factor for SOA. If a service cannot be found, or if it is not know that it exists, then it is not consumable and the whole idea of composite applications falls apart. The SOA Universal Description Discovery and Integration (UDDI) merged with the ITIL concept of a configuration management database (CMDB) brings full realization to the service discovery process. All of the above are aspects of SOA governance and management, and this is exactly what ITSM and ITIL are all about. With this in mind, a clear picture develops of how an organization that is already employing an ITSM and ITIL implementation will have a much easier time defining and implementing SOA governance and management. On the surface this appears obvious, but the details of the correlations needed between SOA and ITSM and ITIL form a complex topic. There is nothing inherently within ITSM or ITIL that specifically addresses SOA-designed and built components. Both ITSM and ITIL address management and governance of delivered services, however, both have been paired with ISO 20000 which is the first international standard for service manage- ment that addresses many areas of needed IT component management and governance. The best practices put forth by ITIL can be organized into two broad categories: service management and service delivery. 4 WHITE PAPER: ITIL GOVERNANCE FOR SOA
  • 7. It is possible that service management processes can be most easily applied to SOA governance and management issues. It can be argued that the biggest challenge with SOA- built components is the implementation of a consistent and effective change management and change control procedure. While it is commonly known that change is a way of life in today’s organizations, the key is to maximize and document the in-process change, document and control the emergency change, and eliminate the improvised change. Many organizations are beginning to find value in first implementing change control solutions to gain visibility into change, then implementing the process and finally, using technology to enforce the change management policy. ITIL addresses change control through service support beginning with incident management and following through with problem management, change management, configuration management and finally, release management. While change control and its surrounding area of change management may well be the most visible and most commonly known, many other areas existing within Service Delivery of ITIL applied to SOA components come into play as well. As SOA components proliferate, the source of these components will increasingly come from a variety of third-party providers, intermingled with internally developed components. Many of the best practices found within ITIL processes, such as Supplier Relationship Management and Financial Management, can be applied to SOA components sourced from multiple vendors. These best practices will overlap with service management processes such as Service Level Management, Availability Manage- ment and Capacity Management. These processes will become even more vitally important as the execution of the SOA service components spans organizational boundaries and ultimately business boundaries. It is one thing to manage components within an organization’s four walls. It is quite another to manage components in a business-to-business environment. SECTION 3 BENEFITS Align Business and IT with ITIL-enabled SOA The vision behind SOA is extremely ambitious and promises very attractive benefits to any organization interested in increasing the effectiveness of its IT enterprise and improving alignment with business priorities. A set of common goals and benefits has emerged to form this vision. These establish a target state for an organization that successfully adopts service orientation. WHITE PAPER: ITIL GOVERNANCE FOR SOA 5
  • 8. FIGURE A THE VISION OF SOA Successful adoption of SOA requires the adoption of common goals and GOALS BENEFITS benefits. Reusable Easier sharing and reuse, reduced costs of reuse Use of Service and management of reusable services This facilitates greater standardization, reducing costs, with no loss of flexibility. Business Alignment Traceability of service throughout the lifecycle Functionality presented as a business function facilitates a better alignment with business recognized by the user as a meaningful service priorities Published By increasing the clarity of the interface with Precise, standard, consistent and published collaborating components, integration is simpler, specification functionality of service and less error prone Implementations can be changed and exchanged with minimum impact on the consumer, providing greater adaptability and flexibility Formal Increased quality of interface and understanding Formal contract between endpoints places between collaborating components obligations on provider and consumer Abstracted By eliminating dependence on the underlying Service is extracted from the implementation implementation and technology, it is unnecessary and the technology to understand the implementation model This increased separation simplifies and reduces costs of integration and assembly 6 WHITE PAPER: ITIL GOVERNANCE FOR SOA
  • 9. SECTION 4 Conclusions SOA-designed and built components enabling service based, reusable applications provide significant improvements that help businesses to become more productive, flexible and achieve better alignment between IT and business directives and priorities. Techniques and concepts behind SOA-delivered software components strengthened with ITSM processes and ITIL best practices offer a more complete realization of these benefits. ITSM and ITIL have rapidly become the best practice standards in service management and the lens through which the value of services is viewed and measured. While adoption rates vary, there is no doubt that many IT organizations are turning to ITIL in an attempt to improve the quality and cost effectiveness of the services they provide to the business. SECTION 5 About the Author Johnny Long is a Senior Architect with CA Services. Johnny has over 30 years experience in IT and spent 25 years with Texas Instruments, joining TI as a scientific programmer in 1972. He then moved into systems programming and finally participated as one of the original system architects leading to the implementation of the CASE industry’s first and most robust application development repository and code generator, IEF, which today has evolved into CA Gen. Johnny was a senior member of the technical staff at TI and Chief Technologist for the TI CASE software division. His tenure within the IT industry and varied experiences has given Johnny a wide exposure and deep understanding of application system architectures and technologies. Adding to his knowledge and experience, Johnny has served as industry analyst liaison and participated in a number of standards bodies and has been a frequent speaker at industry symposiums and conferences. Additionally, Johnny has had papers published in a number of industry wide publications. WHITE PAPER: ITIL GOVERNANCE FOR SOA 7
  • 10. CA (NSD: CA), one of the world's leading independent, enterprise management software companies, unifies and simplifies complex information technology (IT) management across the enterprise for greater business results. With our Enterprise IT Management vision, solutions and expertise, we help customers effectively govern, manage and secure IT. MP331460908