View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Service-oriented architecture (SOA) has been, and continues to be, a much talked about
topic in IT. Most early SOA conversations centered on implementation technologies but
with some of that work completed, the talk has turned to management and governance of
components that are built and delivered with an SOA approach. The delivery of services
across a heterogeneous, distributed computing landscape is at the core of SOA. If these
services are not delivered in alignment with business and IT priorities and processes, then
SOA is just adding to a management burden that is already difficult to contain. Where and
how are the software components deployed across the network? Where is the definition of
this deployment? How is it maintained? What about the components themselves? What
process is in place to avoid creation of redundant components, discovery, versioning and
change management? Are they secure? How does an IT administrator know? These
questions just scratch the surface. Management and governance developed and applied
over the years to traditional business applications must be adapted to integrate with this
new class of application assemblies.
What is at the core of both Information Technology Service Management (ITSM) and
SOA? The answer is The delivery of services. While one focuses on the delivery of service
oriented processes, enabled with the best practices prescribed in the Information Technology
Infrastructure Library (ITIL), the other focuses on delivery of application logic as a service.
And both were born out of the need to better align IT with the business — a topic that has
been very much in the minds of CIOs and IT executives for many years. It would seem
natural that an ITSM-oriented organization, following the best practices of ITIL, would be in
a more advanced position by applying that orientation to their SOA management and
governance. The opportunity at hand is to enable full realization of SOA benefits by strengthen-
ing its implementation with ITIL best practices led governance. This strengthening of an
SOA implementation will help ensure alignment with IT priorities, objectives and standards.
For many years, the “Holy Grail” of application development methodologies has been one
of component based development. This means that applications are developed from pre-
built components that are available and discoverable from a component repository. An
extension of this methodology is to provide these components as services, thus creating an
SOA environment. The benefits that an SOA environment can provide are: simplification,
flexibility, consistency, productivity, and ease-of-use brought about through service reuse.
These benefits will help IT organizations implement process improvements that lead to
better alignment of IT and business.
WHITE PAPER: ITIL GOVERNANCE FOR SOA 1
SECTION 1: CHALLENGE
Technology Is Only the Top Layer of SOA Challenges
A great deal of valuable work has been applied in pursuit of the service-based component
application development paradigm, the most prevalent of which has led to the emergence of
Web Services. This work has been laced with terms and technologies such as XML, WSDL,
SOAP, ESB’s, etc., leading one to believe that SOA is all about technology. We all know that
SOA is not technology, nor product, but rather an architecture; an architecture for design and
delivery of reusable, encapsulated business logic into an environment ready for discovery and
consumption by a composite application.
Though top of mind, the rate at which SOA components have been making their way into
production status has been rather slow. This leads one to believe that perhaps the technology
enabling SOA is not enough. In fact, without proper governance of the software component’s
design and development, and without management of the resulting component parts, the
resulting situation can actually be harmful. Without attention applied to management and
governance, is SOA really creating a more agile and responsive IT or just adding to a
management burden that is already very difficult to contain?
Management and governance methodologies, and operational processes and tools applied
to the traditional IT environment have become very robust and mature. Standards and
frameworks have emerged from organizations such as the Information Systems Audit and
Control Association (ISACA) in the form of COBIT. The Control Objectives for Information
and Related Technologies (COBIT) are specifically designed to provide best practices for IT
governance. Additionally the United Kingdom’s Office of Government Commerce (OGC)
published what has become known as the Information Technology Infrastructure Library (ITIL)
set of best practices and processes for management.
Mappings have recently been developed that relate these two frameworks together. Delving
into the exact specifics of COBIT and the specifics of ITIL V2/V3, however, while valuable, is
not the essence this paper. The basic message has nothing to do with the specifics of the
COBIT standard, nor its mapping to ITIL. Rather, the message is that SOA is rich with
technology and thus represents a dramatic shift in application design, development and
deployment. As such, without an eye toward control, SOA can actually make matters more
difficult. There is nothing specifically in COBIT or ITSM/ITIL that addresses SOA directly, or
any other application development methodology for that matter. What is addressed, however,
are processes vital to service delivery such as change management and configuration
management. These processes address the core of what can break down with SOA-deployed
component services if not attended to. If an organization has executed an ITSM/ITIL
implementation, the disciplines gained through that exercise can be valuably applied to SOA
deployment. For example, there is nothing within ITIL Change Management processes that
specifically addresses the needs within an SOA deployment relating to change management.
But is a change management process vital to a successful SOA deployment? The answer is a
definite yes. If ITIL was used as a guide to implement a robust change management process,
then the experience of that implementation could be helpful in the adaptation of SOA
components to the process as well.
2 WHITE PAPER: ITIL GOVERNANCE FOR SOA
Since SOA emerged from a technology-oriented implementation, issues have resulted from the
diversity of the components and their platforms, the level of granularity and the resulting high
level of complexity — not to mention the diversity and complexity of the implementation
technology infrastructure itself. The specific tools used to manage and govern traditional
applications do not handle the issues surrounding equivalent management and governance
of SOA components. The concepts and disciplines underlying these tools and laid out under
ITSM processes and ITIL best practices, however, offer a hopeful solution. The consistency,
predictability and repeatability brought about by these disciplines can solidify and strengthen
the applicability and usage of SOA-designed and delivered application components.
IT governance policies have been put into place in many organizations to guide alignment to
standards across the many facets of operation. One of the domains of IT governance is service
management. ITSM and ITIL best practices best practices are both specifically oriented to put
into place an environment for delivery of managed, quality services.
The following are essential requirements from the perspective of SOA governance and
COMPLIANCE TO STANDARDS WITHIN ITS INTERFACE AND DISCOVERY requires that the service
component interfaces must be designed and implemented in a manner consistent and
standardized with the rest of the IT and SOA environment.
SECURITY AND EXPOSURE means that consideration must be given as to whether the service
is private or public, and that the service must properly ensure the authorization and
QUALITY OF CHANGE AND RELEASE MANAGEMENT is crucial because the dynamic business
environment forces a high degree of change. The components must be built in such a way as to
comply with processes in place to ensure quality, reliability and consistency within change and
REUSABILITY MANAGEMENT requires control of service definitions and governance applied to
the implementation of potentially redundant services with conflicting interfaces.
AUDITABILITY is required to prove compliance as IT systems today must comply with some
associated set of regulations.
AVAILABILITY AND PERFORMANCE is key, so processes and tools are needed to monitor the
status, availability and performance of the services and the rapid restoration of availability
SERVICE LEVEL AGREEMENTS must be established between service providers and consumers.
WHITE PAPER: ITIL GOVERNANCE FOR SOA 3
SECTION 2 OPPORTUNITY
More Complete Realization of SOA with ITSM and ITIL
Certainly the aspects of SOA governance and management mentioned above do not tell the
whole story. Suffice it to say that the topic of SOA governance and management is broad, deep
and multifaceted. There is the service design, where service components are developed in
terms of architecture, technology and within the context of business processes. Processes are
developed with regard to service catalog management, continuity, security, service levels and
more. Typically, there is also the service strategy that characterizes the business value of the
service. The service portfolio and ownership must be managed with a financial model that
justifies the delivery and maintenance of the service. Transitioning the service between design
and strategy includes processes like configuration management, change management, planning
and release control. Finally, service operation has to be governed with focus on service
availability, restoration of not only the service itself, but additionally, the discovery mechanism,
which is itself a service. This entails incident management, problem management and identity
and access control. Discovery is a key success factor for SOA. If a service cannot be found, or
if it is not know that it exists, then it is not consumable and the whole idea of composite
applications falls apart. The SOA Universal Description Discovery and Integration (UDDI)
merged with the ITIL concept of a configuration management database (CMDB) brings full
realization to the service discovery process. All of the above are aspects of SOA governance
and management, and this is exactly what ITSM and ITIL are all about.
With this in mind, a clear picture develops of how an organization that is already employing
an ITSM and ITIL implementation will have a much easier time defining and implementing
SOA governance and management. On the surface this appears obvious, but the details of the
correlations needed between SOA and ITSM and ITIL form a complex topic. There is nothing
inherently within ITSM or ITIL that specifically addresses SOA-designed and built components.
Both ITSM and ITIL address management and governance of delivered services, however, both
have been paired with ISO 20000 which is the first international standard for service manage-
ment that addresses many areas of needed IT component management and governance.
The best practices put forth by ITIL can be organized into two broad categories: service
management and service delivery.
4 WHITE PAPER: ITIL GOVERNANCE FOR SOA
It is possible that service management processes can be most easily applied to SOA
governance and management issues. It can be argued that the biggest challenge with SOA-
built components is the implementation of a consistent and effective change management and
change control procedure. While it is commonly known that change is a way of life in today’s
organizations, the key is to maximize and document the in-process change, document and
control the emergency change, and eliminate the improvised change. Many organizations are
beginning to find value in first implementing change control solutions to gain visibility into
change, then implementing the process and finally, using technology to enforce the change
management policy. ITIL addresses change control through service support beginning with
incident management and following through with problem management, change management,
configuration management and finally, release management.
While change control and its surrounding area of change management may well be the most
visible and most commonly known, many other areas existing within Service Delivery of ITIL
applied to SOA components come into play as well. As SOA components proliferate, the
source of these components will increasingly come from a variety of third-party providers,
intermingled with internally developed components. Many of the best practices found within
ITIL processes, such as Supplier Relationship Management and Financial Management, can be
applied to SOA components sourced from multiple vendors. These best practices will overlap
with service management processes such as Service Level Management, Availability Manage-
ment and Capacity Management. These processes will become even more vitally important as
the execution of the SOA service components spans organizational boundaries and ultimately
business boundaries. It is one thing to manage components within an organization’s four walls.
It is quite another to manage components in a business-to-business environment.
SECTION 3 BENEFITS
Align Business and IT with ITIL-enabled SOA
The vision behind SOA is extremely ambitious and promises very attractive benefits to any
organization interested in increasing the effectiveness of its IT enterprise and improving
alignment with business priorities. A set of common goals and benefits has emerged to form
this vision. These establish a target state for an organization that successfully adopts service
WHITE PAPER: ITIL GOVERNANCE FOR SOA 5
FIGURE A THE VISION OF SOA
Successful adoption of SOA requires
the adoption of common goals and GOALS BENEFITS
Reusable Easier sharing and reuse, reduced costs of reuse
Use of Service and management of reusable services
This facilitates greater standardization, reducing
costs, with no loss of flexibility.
Business Alignment Traceability of service throughout the lifecycle
Functionality presented as a business function facilitates a better alignment with business
recognized by the user as a meaningful service priorities
Published By increasing the clarity of the interface with
Precise, standard, consistent and published collaborating components, integration is simpler,
specification functionality of service and less error prone
Implementations can be changed and exchanged
with minimum impact on the consumer, providing
greater adaptability and flexibility
Formal Increased quality of interface and understanding
Formal contract between endpoints places between collaborating components
obligations on provider and consumer
Abstracted By eliminating dependence on the underlying
Service is extracted from the implementation implementation and technology, it is unnecessary
and the technology to understand the implementation model
This increased separation simplifies and reduces
costs of integration and assembly
6 WHITE PAPER: ITIL GOVERNANCE FOR SOA
SOA-designed and built components enabling service based, reusable applications provide
significant improvements that help businesses to become more productive, flexible and achieve
better alignment between IT and business directives and priorities. Techniques and concepts
behind SOA-delivered software components strengthened with ITSM processes and ITIL best
practices offer a more complete realization of these benefits.
ITSM and ITIL have rapidly become the best practice standards in service management and the
lens through which the value of services is viewed and measured. While adoption rates vary,
there is no doubt that many IT organizations are turning to ITIL in an attempt to improve the
quality and cost effectiveness of the services they provide to the business.
About the Author
Johnny Long is a Senior Architect with CA Services. Johnny has over 30 years experience in
IT and spent 25 years with Texas Instruments, joining TI as a scientific programmer in 1972.
He then moved into systems programming and finally participated as one of the original
system architects leading to the implementation of the CASE industry’s first and most robust
application development repository and code generator, IEF, which today has evolved into CA
Gen. Johnny was a senior member of the technical staff at TI and Chief Technologist for the
TI CASE software division. His tenure within the IT industry and varied experiences has given
Johnny a wide exposure and deep understanding of application system architectures and
technologies. Adding to his knowledge and experience, Johnny has served as industry analyst
liaison and participated in a number of standards bodies and has been a frequent speaker at
industry symposiums and conferences. Additionally, Johnny has had papers published in a
number of industry wide publications.
WHITE PAPER: ITIL GOVERNANCE FOR SOA 7
CA (NSD: CA), one of the world's leading independent,
enterprise management software companies, unifies and
simplifies complex information technology (IT) management
across the enterprise for greater business results. With our
Enterprise IT Management vision, solutions and expertise,
we help customers effectively govern, manage and secure IT.