SOA Governance Engagement Overview Slideshare1. Independent Guidance for
Service Architecture and Engineering
SOA
Governance
Framework
Engagement Process Overview
www.everware-cbdi.com
www.cbdiforum.com 2. Agenda
Engagement summary This presentation outlines the
SOA Governance overview process of delivering a SOA
Engagement approach Governance Framework
Key tools and deliverable
examples If you would like to engage
Everware-CBDI or our partners
to help you with this activity,
Appendix please contact Everware-CBDI
Critical success factors
Customer resources required
http://www.cbdiforum.com/feed
Preparatory work required back.php3
Why Everware-CBDI
+353 (0)28 38073 (Ireland)
703-246-0000 or 888-383-7927
(USA)
© 2008 Everware-CBDI Inc 3. SOA Governance Framework
- Engagement Summary
Objectives • Establish the SOA Governance Framework and policy type hierarchy which is used by
other SOA activities to set policy instances
• The framework covers the SOA Governance
- Process
- Infrastructure
- Policy Types
- Organizational roles and responsibilities
• Each element of the framework is mapped to current and target levels of SOA Maturity
• And adapted to the organization’s existing business and IT governance frameworks *
Deliverables • SOA Governance Framework
• SOA Governance Maturity View
• SOA Policy Hierarchy
• SOA Governance Deliverable Templates (e.g. SOA Policy Type, and Policy Instance)
• Service Life Cycle
• SOA Governance Plan
• Organizational RAEW
Participants • SOA Program Manager
• SOA Governance Lead
• Existing business and IT Governance Leads
• Input from appropriate business analysts, program managers, architects
Engagement • Duration depends on scope of requirements, level of resourcing
Profile • Typically 4-5 weeks of effort (not elapsed) to produce complete set of deliverables
• Contains one or more facilitated workshops – These can be run stand alone
* Where they exist
© 2008 Everware-CBDI Inc 4. SOA Governance Requirements
Must address new process and organizational challenges
Multi-track Delivery
Separation of Service Provider and Consumer
Federated Participation
Greater need for operational, run-time governance; particularly SLA, Security
Black box functionality
Needs clear obligations on provider and consumer
Must address new opportunities
Architecture structural improvements provide flexibility and reuse
Portfolio rationalization
Use of single services to ensure consistent business rules, view of information
Standardized services for compliance, interoperability
Delivery of differentiated services (core business, competitive advantage)
Use of commodity service provisioning
Must ensure SOA principles are applied
To deliver the benefits promised by SOA
© 2008 Everware-CBDI Inc 5. Overview of CBDI-SAE SOA Governance Framework
Organizational View: The organizational
structures, roles and responsibilities
necessary for SOA Governance WHO
SOA Governance
Organization
SOA Policy Hierarchy
SOA Governance Process
SOA Governance Maturity
Process View: The
processes that need to Maturity View: The
Policy View: The
be followed to governance required at
Policy Types that
establish governance, each level of SOA
are required to
and set and monitor Maturity
ensure outcomes
policies are achieved WHEN
WHAT
SOA Governance Infrastructure
HOW
Infrastructure View: The technical
infrastructure available to support
SOA Governance
© 2008 Everware-CBDI Inc 6. SOA Governance in Context
SOA governance is a part of IT governance that refers to the organizational
structures, policies and processes that ensure that an organization’s SOA efforts
sustain and extend the organization’s business and IT strategies, and achieve the
desired outcomes
The SOA Governance Framework must work within the context of the Business and
IT strategy and Governance Frameworks
Business SOA Governance
Business
Business Outcomes Organization
Governance
SOA Governance Maturity
SOA Governance Process
Strategy
Framework
SOA Policy Hierarchy
IT
Outcomes
IT
IT
Governance
Strategy
Framework
SOA SOA Governance
SOA Outcomes Infrastructure
Strategy
© 2008 Everware-CBDI Inc 7. Engagement Approach
• Duration depends on scope of requirements, and
level of resourcing
Existing Governance Frameworks (IT, Business) • Typically 4-5 weeks of effort (not elapsed) to
SOA Adoption Roadmap Maturity Assessment produce complete set of deliverables
SOA Adoption Roadmap Plan • Contains one or more facilitated workshops –
These can be run stand alone
Align SOA
Governance Develop SOA
Framework Governance
Template Process
Identify SOA
Governance
Outcomes and
Risks Develop Develop SOA Finalize SOA
SOA Governance Governance
Governance Infrastructure Framework
Identify SOA
Policy
Governance
Capabilities
Produce SOA
Develop SOA Governance
Assess SOA Governance Plan
Governance Organization
Maturity
SOA Governance Framework SOA Policy Type Hierarchy SOA Governance SOA Governance
Template SOA Policy Type Template Framework (process, Framework (complete)
SOA Governance Maturity SOA Policy Instance Template infrastructure, Compliance Templates
Assessment organizational views) SOA Governance Plan
Other templates, as needed
SOA Governance Framework
(maturity view) SOA Governance Framework
(policy view)
© 2008 Everware-CBDI Inc 8. Example Engagement Work Plan
0 5 10 15 20 25 30
Align SOA Governance Framework…
Identify SOA Governance Outcomes…
Identify SOA Governance Capabilities
Assess SOA Governance Maturity
Evolve SOA Governance Policy
Evolve SOA Governance Infrastructure
Evolve SOA Governance Organization
Evolve SOA Governance Process
Produce SOA Governance Plan
Review SOA Governance Compliance
Specific tasks and timeframes may vary for each customer
© 2008 Everware-CBDI Inc 9. Process View: SOA Governance Activities are
Defined
IT Governance Framework
IT Outcome Plan
Business
Consume Governance
SO Business Framework
Requirements Other Disciplines
Planning Business
Outcome Compliance Feedback
Plan
Set and
Provide Maintain Monitor SOA
SOA SOA Compliance
Business Policies
Governance Policies
Framework, (deployed)
Business Outcome
Plan
Enable
Manage SOA
Establish and Maintain
Governance
SOA Governance Framework SOA Governance
Set SOA Maturity Framework
Evolve SOA
SOA Adoption Governance Assessment
Governance
& Excellence SOA Outcome Plan Framework
Framework Compliance
SOA Assessment Strategy SOA Governance
Report Adjustment Requirements Feedback
Establish &
Maintain IT IT Governance Framework, IT Policy Types
Governance IT Outcomes (approved)
Framework
© 2008 Everware-CBDI Inc 10. Policy View: Governance is Ensured Through
Identification and Setting Appropriate Policies
For each SOA Policy Category: Policy Hierarchy
1. Business/IT goals are defined
Service Asset Management
Why is this policy important to the business? Planning
2. How business/IT goals translate into SOA goals are
defined Architectural
Best Practice
Organization
What needs to be accomplished with SOA to
achieve business/IT goals? Sourcing
3. Potential risks are identified
What are the consequences if goals are not Usage
achieved?
4. The Policy Hierarchy required to ensure expected Operational
outcomes are achieved in each governance
category is developed
Policy Category Service
Usage
Policy Areas Usage Usage Commercial
Permissions Basis
Policy Types Usage Usage Unit of SLA for
Constituency Pricing
Security Alignment Usage Usage
Example Policy Hierarchy for the Service Usage Policy category
© 2008 Everware-CBDI Inc 11. Organizational View: SOA Roles and
Responsibilities are Identified and Defined
Organizational Structures (examples)
Centres of
Review Boards Steering Committees Roles
Excellence
SOA Enterprise
Service SOA SOA
Funding SOA Governance Service
Architecture Adoption Governance
Lead Architect
Assigning Roles & Responsibilities - RAEW
R A E W
Governance Framework SOA Governance Lead ? ? ? ?
Setting Policy Within each appropriate discipline/domain ? ? ? ?
Complying with Policy Within each appropriate discipline/domain ? ? ? ?
Monitoring Compliance e.g. Review boards ? ? ? ?
Assign responsibilities for Governance to individuals or teams who:
Has (R)esponsibility for decisions/actions and ensuring tasks are performed
Has the (A)uthority to control or assess the actions of others
Has the (E)xpertise to contribute and lead – specialist skills
Does the (W)ork
© 2008 Everware-CBDI Inc 12. Infrastructure View: Technology Required to Support
SOA Governance is Considered and Identified
Tools used Modeling & Policy Configuration
in specification Requirements IDE Tools Management Management
and delivery. e.g. Tools Tools Tools
Data Stores. e.g. Asset Service
Policy Store CMDB
Repository Registry
Tools used Policy Service/
Rules Enterprise
for operation Engine System
Engine Service Bus
and run-time. e.g. Management
© 2008 Everware-CBDI Inc 13. Service Life Cycle Based Governance
Assets Policies
Planned Service Plan Architecture Tools designed to
Service Description perform activity. E.g.
IDE
Service Design
Specified
Specification
State (pre)
Automation Units Sourcing Tool A
Being Provisioned
Architecture
Test Plans Testing
Provisioned Activity
Certificates Certification Policy
Certified Driven
Compliance
Registry Entry Usage
Check
Published Commercial
Service Endpoint Operational
Operational Deployment Unit Usage Tool B
Logs State (post)
Versioned Services Change Control
Retired Tools designed to
manage Governance
All related assets Deletion and e.g. Service Registry
Archived Retention
13 © 2008 Everware-CBDI Inc 14. Maturity View: Governance Capabilities are Matched
to the Maturity Level
SOA Governance is a broad and far reaching topic
Our approach is to introduce SOA Governance step-by-step, considering:
Current level of SOA Maturity
What SOA governance should be in place now?
Ecosystem
Common
Planned level of SOA Maturity
Enterprise ecosystem
What SOA governance is required services
Integrated Enterprise level eliminate
to enable target state? Shared
Applied shared services organizational
services create enterprise
Project boundaries and
Early integrate silos, adaptability and
based enable broader
Learning SOA rationalize EAI consistency
SAE SOA Capability contracts
economic
Maturity Model Initial SOA activity activity
activity
SOA Governance Organization:
Capabilities
SOA Policy Types:
SOA Governance Process:
SOA Governance Infrastructure:
Current initiatives
Gap
NOW 1 year Target
outlook state
© 2008 Everware-CBDI Inc 15. SOA Governance Considerations
Early Learning
Applied
Integrated
Enterprise
Ecosystem
A number of considerations are analyzed for
each relevant SOA Capability Maturity Level
Outcomes/Strategies What SOA outcomes are you trying to ensure?
Risks What are the risks you are trying to mitigate against?
Organization and Roles What organizational constructs, and Roles are required to
perform/support SOA Governance?
Policy Subjects What things do you need to govern to achieve these
outcomes?
Compliance How will governance be achieved? What mechanisms should
Mechanisms be used
Infrastructure What infrastructure is required to support SOA Governance?
Prioritization What is the prioritization of governance activities?
Service Life Cycle What governance is required at each state in the service life
cycle?
© 2008 Everware-CBDI Inc 16. The Result: An Example
The result is a definition of the Customer specific SOA Governance strategy and
capabilities for each relevant SOA Capability Maturity Level
Governance Essentials: Maturity Level = Applied
Project based SOA activity
Service architecture enables business adaptability for limited scope
Services are provided and consumed within the project, requiring minimal governance
Informal exchange between projects
Outcomes/Risks Organizational and Roles
Basic QoS is ensured Establish SOA Centre of Excellence
Basic sharing of services within scope EA perform SOA Governance Lead role
Flexibility within applied solutions
Risks – Solution meets immediate requirements,
but is no better able to respond to future changes.
Risk – SOA applied for wrong reasons
Key Policy Subjects Compliance Mechanisms
Service Architecture Agreed Service and Service Architecture
Operational Services Concepts
Service Monitoring
Infrastructure Policies
Simple Service Catalog Architecture (e.g. Layering)
Monitor/log service run-time, alert to problems Monitoring
Basic QoS policy
© 2008 Everware-CBDI Inc 17. Balancing Bureaucracy with Freedom
Not every Service Type
Strength of Governance
needs a full blown
16 specification, a business
14 case, or be subject to all
12 policies
10
8
6
High
4
Medium
2
Low
0
Technical Project LOB Enterprise External
Scope of Service Usage
Number of Services
Most important policy: 16
Where and when to apply 14
12
policies!
10
8
6
Change in scope or risk 4
High
requires re-evaluation of Medium
2
Low
policy 0
Technical Project LOB Enterprise External
Re-classify in portfolio
Scope of Service Usage
© 2008 Everware-CBDI Inc 18. Key Deliverables (1 of 3) – High Level
Examples
1.Policy Hierarchy
Policy Category Service
Usage
Policy Areas Usage Usage
Permissions Commercial Basis
Policy Types Usage Usage Unit of SLA for
Constituency Pricing
Security Alignment Usage Usage
2.Detailed meta-model for
documenting policies
© 2008 Everware-CBDI Inc 19. Key Deliverables (2 of 3) – High Level
Examples
Governance Essentials: Maturity Level = Applied 3.SOA Governance Essentials
Project based SOA activity for each relevant SOA
Service architecture enables business adaptability for limited scope Capability Maturity Level
Services are provided and consumed within the project, requiring minimal
governance
Informal exchange between projects
Outcomes/Risks Organizational and Roles
Basic QoS is ensured Establish SOA Centre of Excellence
Basic sharing of services within EA perform SOA Governance Lead
scope role
Flexibility within applied solutions
Risks – Solution meets immediate
requirements, but is no better able to 4.SOA Organization Roles &
respond to future changes. Responsibilities (RAEW)
Risk – SOA applied for wrong
reasons
R A E W
Key Policy Subjects Compliance Mechanisms
Governance SOA Governance ? ? ? ?
Service Architecture Agreed Service and Service Framework Lead
Operational Services Architecture Concepts
Setting Within each ? ? ? ?
Service Monitoring
Policy appropriate
Infrastructure Policies discipline/domain
Simple Service Catalog Architecture (e.g. Layering) Complying Within each ? ? ? ?
Monitor/log service run-time, alert to Monitoring with Policy appropriate
problems Basic QoS policy discipline/domain
Monitoring e.g. Review ? ? ? ?
Compliance boards
© 2008 Everware-CBDI Inc 20. Key Deliverables (3 of 3)
6. SOA Governance Process Activity Diagrams for the SOA
Governance Discipline and each of its Process Units to include:
Establish & Maintain the SOA Governance Framework
Set & Maintain SOA Policies
Monitor SOA Compliance
7. SOA Governance Plan to implement the Framework
Tasks
Timeline
Dependencies
8. SOA Governance Templates, e.g.
Business Case Service Description
Feasibility Study Service Specification
Service Plans Service Level Agreement
SOA Reference Architecture Policy Type Template & Examples
SOA Meta Model Policy Instance Template & Examples
© 2008 Everware-CBDI Inc 21. Independent Guidance for
Service Architecture and Engineering
Next Steps
Additional Discussion/
Appendix Slides
www.everware-cbdi.com
www.cbdiforum.com 22. Critical Success Factors
Evolve from IT Governance to SOA Governance
Keep policies flexible
Know when to enforce, and when to make optional
Many policies must be checked by hand – don’t over burden the
organization with bureaucracy
Policies must be compatible, enforceable, measureable<Add others
according to what we know about the customer>
© 2008 Everware-CBDI Inc 23. Customer Resources Required
Participation of those responsible for the SOA Governance
Framework
Participation of business experts and technical experts (enterprise
architects, application experts, business analysts, operations), who
will contribute their knowledge and insight to the identification of:
Current Business and IT Governance Frameworks and Policies
Current IT and SOA Outcome Plans and Objectives
Current Governance enforcement capabilities
© 2008 Everware-CBDI Inc 24. Preparatory Work
Customer
Ensure availability of key resources for the duration of the
workshop(s)
Ensure a suitable environment, facilities and working conditions for
the duration of the workshop(s)
Provide background information for Everware-CBDI
Everware-CBDI
Review background documents as provided by the customer
Provide a project overview, workshop outline(s) and draft agenda(s)
© 2008 Everware-CBDI Inc 25. Why Everware-CBDI ?
Independent specialist SOA
methodology firm
Merger of established
UK and US companies in 2006
27,000+ subscribing architects
worldwide
Enabling structured, enterprise level
SOA
Facilitating SOA standards
Defined, documented SOA methodology
Widely used best practices, reference
architecture, repeatable processes
SOA Solution Business including
Education, Consulting, Knowledge
products
www.cbdiforum.com
www.everware-cbdi.com
© 2008 Everware-CBDI Inc 26. Everware-CBDI - World Wide Reputation
Over 12 years of experience in applying Service Oriented concepts, methodology, and best
practices have established the Everware-CBDI as a leader in SOA adoption.
Partial list of credentials and achievements:
CBDI Forum Portal - 27,000+ member architects worldwide
Keynote Speakers on SOA on recent industry conferences including Microsoft Architect’s Councils
(US, Europe), IBM Architect’s Councils, SAP User Group, Open Group, IDG SOA Europe, and
many more
SOA Metamodel Submission to OMG
Active membership of the OMG UPMS Joint Submission team
IAC EA-SIG/Services Committee Chair
OMG GovDTF Co-Chair
Publications:
CBDI Journal - over 100 Editions published
White Papers (e.g., CIO Council, IAC, Lead Role in Practical Federal Guide for SOA)
Books (e.g., Service Orientation, Information Modeling)
http://www.cbdiforum.com/feedback.php3
+353 (0)28 38073 (Ireland)
703-246-0000 or 888-383-7927 (USA)
© 2008 Everware-CBDI Inc