Independent Guidance for
Service Architecture and Engineering
SOA
Governance
Framework
Engagement Process Overview
www.everware-cbdi.com
www.cbdiforum.com

Agenda
 Engagement summary  This presentation outlines the
 SOA Governance overview process of delivering a SOA
 Engagement approach Governance Framework
 Key tools and deliverable
examples  If you would like to engage
Everware-CBDI or our partners
to help you with this activity,
 Appendix please contact Everware-CBDI
 Critical success factors
 Customer resources required
 http://www.cbdiforum.com/feed
 Preparatory work required back.php3
 Why Everware-CBDI
 +353 (0)28 38073 (Ireland)
 703-246-0000 or 888-383-7927
(USA)
© 2008 Everware-CBDI Inc

SOA Governance Framework
- Engagement Summary
Objectives • Establish the SOA Governance Framework and policy type hierarchy which is used by
other SOA activities to set policy instances
• The framework covers the SOA Governance
- Process
- Infrastructure
- Policy Types
- Organizational roles and responsibilities
• Each element of the framework is mapped to current and target levels of SOA Maturity
• And adapted to the organization’s existing business and IT governance frameworks *
Deliverables • SOA Governance Framework
• SOA Governance Maturity View
• SOA Policy Hierarchy
• SOA Governance Deliverable Templates (e.g. SOA Policy Type, and Policy Instance)
• Service Life Cycle
• SOA Governance Plan
• Organizational RAEW
Participants • SOA Program Manager
• SOA Governance Lead
• Existing business and IT Governance Leads
• Input from appropriate business analysts, program managers, architects
Engagement • Duration depends on scope of requirements, level of resourcing
Profile • Typically 4-5 weeks of effort (not elapsed) to produce complete set of deliverables
• Contains one or more facilitated workshops – These can be run stand alone
* Where they exist
© 2008 Everware-CBDI Inc

SOA Governance Requirements
 Must address new process and organizational challenges
 Multi-track Delivery
 Separation of Service Provider and Consumer
 Federated Participation
 Greater need for operational, run-time governance; particularly SLA, Security
 Black box functionality
 Needs clear obligations on provider and consumer
 Must address new opportunities
 Architecture structural improvements provide flexibility and reuse
 Portfolio rationalization
 Use of single services to ensure consistent business rules, view of information
 Standardized services for compliance, interoperability
 Delivery of differentiated services (core business, competitive advantage)
 Use of commodity service provisioning
 Must ensure SOA principles are applied
 To deliver the benefits promised by SOA
© 2008 Everware-CBDI Inc

Overview of CBDI-SAE SOA Governance Framework
Organizational View: The organizational
structures, roles and responsibilities
necessary for SOA Governance WHO
SOA Governance
Organization
SOA Policy Hierarchy
SOA Governance Process
SOA Governance Maturity
Process View: The
processes that need to Maturity View: The
Policy View: The
be followed to governance required at
Policy Types that
establish governance, each level of SOA
are required to
and set and monitor Maturity
ensure outcomes
policies are achieved WHEN
WHAT
SOA Governance Infrastructure
HOW
Infrastructure View: The technical
infrastructure available to support
SOA Governance
© 2008 Everware-CBDI Inc

SOA Governance in Context
 SOA governance is a part of IT governance that refers to the organizational
structures, policies and processes that ensure that an organization’s SOA efforts
sustain and extend the organization’s business and IT strategies, and achieve the
desired outcomes
 The SOA Governance Framework must work within the context of the Business and
IT strategy and Governance Frameworks
Business SOA Governance
Business
Business Outcomes Organization
Governance
SOA Governance Maturity
SOA Governance Process
Strategy
Framework
SOA Policy Hierarchy
IT
Outcomes
IT
IT
Governance
Strategy
Framework
SOA SOA Governance
SOA Outcomes Infrastructure
Strategy
© 2008 Everware-CBDI Inc

Engagement Approach
• Duration depends on scope of requirements, and
level of resourcing
 Existing Governance Frameworks (IT, Business) • Typically 4-5 weeks of effort (not elapsed) to
 SOA Adoption Roadmap Maturity Assessment produce complete set of deliverables
 SOA Adoption Roadmap Plan • Contains one or more facilitated workshops –
These can be run stand alone
Align SOA
Governance Develop SOA
Framework Governance
Template Process
Identify SOA
Governance
Outcomes and
Risks Develop Develop SOA Finalize SOA
SOA Governance Governance
Governance Infrastructure Framework
Identify SOA
Policy
Governance
Capabilities
Produce SOA
Develop SOA Governance
Assess SOA Governance Plan
Governance Organization
Maturity
 SOA Governance Framework  SOA Policy Type Hierarchy  SOA Governance  SOA Governance
Template  SOA Policy Type Template Framework (process, Framework (complete)
 SOA Governance Maturity  SOA Policy Instance Template infrastructure,  Compliance Templates
Assessment organizational views)  SOA Governance Plan
 Other templates, as needed
 SOA Governance Framework
(maturity view)  SOA Governance Framework
(policy view)
© 2008 Everware-CBDI Inc

Example Engagement Work Plan
0 5 10 15 20 25 30
Align SOA Governance Framework…
Identify SOA Governance Outcomes…
Identify SOA Governance Capabilities
Assess SOA Governance Maturity
Evolve SOA Governance Policy
Evolve SOA Governance Infrastructure
Evolve SOA Governance Organization
Evolve SOA Governance Process
Produce SOA Governance Plan
Review SOA Governance Compliance
Specific tasks and timeframes may vary for each customer
© 2008 Everware-CBDI Inc

Process View: SOA Governance Activities are
Defined
IT Governance Framework
IT Outcome Plan
Business
Consume Governance
SO Business Framework
Requirements Other Disciplines
Planning Business
Outcome Compliance Feedback
Plan
Set and
Provide Maintain Monitor SOA
SOA SOA Compliance
Business Policies
Governance Policies
Framework, (deployed)
Business Outcome
Plan
Enable
Manage SOA
Establish and Maintain
Governance
SOA Governance Framework SOA Governance
Set SOA Maturity Framework
Evolve SOA
SOA Adoption Governance Assessment
Governance
& Excellence SOA Outcome Plan Framework
Framework Compliance
SOA Assessment Strategy SOA Governance
Report Adjustment Requirements Feedback
Establish &
Maintain IT IT Governance Framework, IT Policy Types
Governance IT Outcomes (approved)
Framework
© 2008 Everware-CBDI Inc

Policy View: Governance is Ensured Through
Identification and Setting Appropriate Policies
 For each SOA Policy Category: Policy Hierarchy
1. Business/IT goals are defined
Service Asset Management
 Why is this policy important to the business? Planning
2. How business/IT goals translate into SOA goals are
defined Architectural
Best Practice
Organization
 What needs to be accomplished with SOA to
achieve business/IT goals? Sourcing
3. Potential risks are identified
 What are the consequences if goals are not Usage
achieved?
4. The Policy Hierarchy required to ensure expected Operational
outcomes are achieved in each governance
category is developed
Policy Category Service
Usage
Policy Areas Usage Usage Commercial
Permissions Basis
Policy Types Usage Usage Unit of SLA for
Constituency Pricing
Security Alignment Usage Usage
Example Policy Hierarchy for the Service Usage Policy category
© 2008 Everware-CBDI Inc

Organizational View: SOA Roles and
Responsibilities are Identified and Defined
Organizational Structures (examples)
Centres of
Review Boards Steering Committees Roles
Excellence
SOA Enterprise
Service SOA SOA
Funding SOA Governance Service
Architecture Adoption Governance
Lead Architect
Assigning Roles & Responsibilities - RAEW
R A E W
Governance Framework SOA Governance Lead ? ? ? ?
Setting Policy Within each appropriate discipline/domain ? ? ? ?
Complying with Policy Within each appropriate discipline/domain ? ? ? ?
Monitoring Compliance e.g. Review boards ? ? ? ?
Assign responsibilities for Governance to individuals or teams who:
 Has (R)esponsibility for decisions/actions and ensuring tasks are performed
 Has the (A)uthority to control or assess the actions of others
 Has the (E)xpertise to contribute and lead – specialist skills
 Does the (W)ork
© 2008 Everware-CBDI Inc

Infrastructure View: Technology Required to Support
SOA Governance is Considered and Identified
Tools used Modeling & Policy Configuration
in specification Requirements IDE Tools Management Management
and delivery. e.g. Tools Tools Tools
Data Stores. e.g. Asset Service
Policy Store CMDB
Repository Registry
Tools used Policy Service/
Rules Enterprise
for operation Engine System
Engine Service Bus
and run-time. e.g. Management
© 2008 Everware-CBDI Inc

Service Life Cycle Based Governance
Assets Policies
Planned Service Plan Architecture Tools designed to
Service Description perform activity. E.g.
IDE
Service Design
Specified
Specification
State (pre)
Automation Units Sourcing Tool A
Being Provisioned
Architecture
Test Plans Testing
Provisioned Activity
Certificates Certification Policy
Certified Driven
Compliance
Registry Entry Usage
Check
Published Commercial
Service Endpoint Operational
Operational Deployment Unit Usage Tool B
Logs State (post)
Versioned Services Change Control
Retired Tools designed to
manage Governance
All related assets Deletion and e.g. Service Registry
Archived Retention
13 © 2008 Everware-CBDI Inc

Maturity View: Governance Capabilities are Matched
to the Maturity Level
 SOA Governance is a broad and far reaching topic
 Our approach is to introduce SOA Governance step-by-step, considering:
 Current level of SOA Maturity
 What SOA governance should be in place now?
Ecosystem
Common
 Planned level of SOA Maturity
Enterprise ecosystem
 What SOA governance is required services
Integrated Enterprise level eliminate
to enable target state? Shared
Applied shared services organizational
services create enterprise
Project boundaries and
Early integrate silos, adaptability and
based enable broader
Learning SOA rationalize EAI consistency
SAE SOA Capability contracts
economic
Maturity Model Initial SOA activity activity
activity
SOA Governance Organization:
Capabilities
SOA Policy Types:
SOA Governance Process:
SOA Governance Infrastructure:
Current initiatives
Gap
NOW 1 year Target
outlook state
© 2008 Everware-CBDI Inc

SOA Governance Considerations
Early Learning
Applied
Integrated
Enterprise
Ecosystem
A number of considerations are analyzed for
each relevant SOA Capability Maturity Level
Outcomes/Strategies What SOA outcomes are you trying to ensure?
Risks What are the risks you are trying to mitigate against?
Organization and Roles What organizational constructs, and Roles are required to
perform/support SOA Governance?
Policy Subjects What things do you need to govern to achieve these
outcomes?
Compliance How will governance be achieved? What mechanisms should
Mechanisms be used
Infrastructure What infrastructure is required to support SOA Governance?
Prioritization What is the prioritization of governance activities?
Service Life Cycle What governance is required at each state in the service life
cycle?
© 2008 Everware-CBDI Inc

The Result: An Example
 The result is a definition of the Customer specific SOA Governance strategy and
capabilities for each relevant SOA Capability Maturity Level
Governance Essentials: Maturity Level = Applied
Project based SOA activity
Service architecture enables business adaptability for limited scope
Services are provided and consumed within the project, requiring minimal governance
Informal exchange between projects
Outcomes/Risks Organizational and Roles
Basic QoS is ensured Establish SOA Centre of Excellence
Basic sharing of services within scope EA perform SOA Governance Lead role
Flexibility within applied solutions
Risks – Solution meets immediate requirements,
but is no better able to respond to future changes.
Risk – SOA applied for wrong reasons
Key Policy Subjects Compliance Mechanisms
Service Architecture Agreed Service and Service Architecture
Operational Services Concepts
Service Monitoring
Infrastructure Policies
Simple Service Catalog Architecture (e.g. Layering)
Monitor/log service run-time, alert to problems Monitoring
Basic QoS policy
© 2008 Everware-CBDI Inc

Balancing Bureaucracy with Freedom
Not every Service Type
Strength of Governance
needs a full blown
16 specification, a business
14 case, or be subject to all
12 policies
10
8
6
High
4
Medium
2
Low
0
Technical Project LOB Enterprise External
Scope of Service Usage
Number of Services
Most important policy: 16
Where and when to apply 14
12
policies!
10
8
6
Change in scope or risk 4
High
requires re-evaluation of Medium
2
Low
policy 0
Technical Project LOB Enterprise External
Re-classify in portfolio
Scope of Service Usage
© 2008 Everware-CBDI Inc

Key Deliverables (1 of 3) – High Level
Examples
1.Policy Hierarchy
Policy Category Service
Usage
Policy Areas Usage Usage
Permissions Commercial Basis
Policy Types Usage Usage Unit of SLA for
Constituency Pricing
Security Alignment Usage Usage
2.Detailed meta-model for
documenting policies
© 2008 Everware-CBDI Inc

Key Deliverables (2 of 3) – High Level
Examples
Governance Essentials: Maturity Level = Applied 3.SOA Governance Essentials
Project based SOA activity for each relevant SOA
Service architecture enables business adaptability for limited scope Capability Maturity Level
Services are provided and consumed within the project, requiring minimal
governance
Informal exchange between projects
Outcomes/Risks Organizational and Roles
Basic QoS is ensured Establish SOA Centre of Excellence
Basic sharing of services within EA perform SOA Governance Lead
scope role
Flexibility within applied solutions
Risks – Solution meets immediate
requirements, but is no better able to 4.SOA Organization Roles &
respond to future changes. Responsibilities (RAEW)
Risk – SOA applied for wrong
reasons
R A E W
Key Policy Subjects Compliance Mechanisms
Governance SOA Governance ? ? ? ?
Service Architecture Agreed Service and Service Framework Lead
Operational Services Architecture Concepts
Setting Within each ? ? ? ?
Service Monitoring
Policy appropriate
Infrastructure Policies discipline/domain
Simple Service Catalog Architecture (e.g. Layering) Complying Within each ? ? ? ?
Monitor/log service run-time, alert to Monitoring with Policy appropriate
problems Basic QoS policy discipline/domain
Monitoring e.g. Review ? ? ? ?
Compliance boards
© 2008 Everware-CBDI Inc

Key Deliverables (3 of 3)
6. SOA Governance Process Activity Diagrams for the SOA
Governance Discipline and each of its Process Units to include:
 Establish & Maintain the SOA Governance Framework
 Set & Maintain SOA Policies
 Monitor SOA Compliance
7. SOA Governance Plan to implement the Framework
 Tasks
 Timeline
 Dependencies
8. SOA Governance Templates, e.g.
 Business Case  Service Description
 Feasibility Study  Service Specification
 Service Plans  Service Level Agreement
 SOA Reference Architecture  Policy Type Template & Examples
 SOA Meta Model  Policy Instance Template & Examples
© 2008 Everware-CBDI Inc

Independent Guidance for
Service Architecture and Engineering
Next Steps
Additional Discussion/
Appendix Slides
www.everware-cbdi.com
www.cbdiforum.com

Critical Success Factors
 Evolve from IT Governance to SOA Governance
 Keep policies flexible
 Know when to enforce, and when to make optional
 Many policies must be checked by hand – don’t over burden the
organization with bureaucracy
 Policies must be compatible, enforceable, measureable<Add others
according to what we know about the customer>
© 2008 Everware-CBDI Inc

Customer Resources Required
 Participation of those responsible for the SOA Governance
Framework
 Participation of business experts and technical experts (enterprise
architects, application experts, business analysts, operations), who
will contribute their knowledge and insight to the identification of:
 Current Business and IT Governance Frameworks and Policies
 Current IT and SOA Outcome Plans and Objectives
 Current Governance enforcement capabilities
© 2008 Everware-CBDI Inc

Preparatory Work
 Customer
 Ensure availability of key resources for the duration of the
workshop(s)
 Ensure a suitable environment, facilities and working conditions for
the duration of the workshop(s)
 Provide background information for Everware-CBDI
 Everware-CBDI
 Review background documents as provided by the customer
 Provide a project overview, workshop outline(s) and draft agenda(s)
© 2008 Everware-CBDI Inc

Why Everware-CBDI ?
 Independent specialist SOA
methodology firm
 Merger of established
UK and US companies in 2006
 27,000+ subscribing architects
worldwide
 Enabling structured, enterprise level
SOA
 Facilitating SOA standards
 Defined, documented SOA methodology
 Widely used best practices, reference
architecture, repeatable processes
 SOA Solution Business including
Education, Consulting, Knowledge
products
 www.cbdiforum.com
 www.everware-cbdi.com
© 2008 Everware-CBDI Inc

Everware-CBDI - World Wide Reputation
 Over 12 years of experience in applying Service Oriented concepts, methodology, and best
practices have established the Everware-CBDI as a leader in SOA adoption.
 Partial list of credentials and achievements:
 CBDI Forum Portal - 27,000+ member architects worldwide
 Keynote Speakers on SOA on recent industry conferences including Microsoft Architect’s Councils
(US, Europe), IBM Architect’s Councils, SAP User Group, Open Group, IDG SOA Europe, and
many more
 SOA Metamodel Submission to OMG
 Active membership of the OMG UPMS Joint Submission team
 IAC EA-SIG/Services Committee Chair
 OMG GovDTF Co-Chair
 Publications:
 CBDI Journal - over 100 Editions published
 White Papers (e.g., CIO Council, IAC, Lead Role in Practical Federal Guide for SOA)
 Books (e.g., Service Orientation, Information Modeling)
 http://www.cbdiforum.com/feedback.php3
 +353 (0)28 38073 (Ireland)
 703-246-0000 or 888-383-7927 (USA)
© 2008 Everware-CBDI Inc