Dr Mohamad Afshar Sr. Director, Product Management Oracle Corporation SessionTitle: Keys to Successful Governance with SOA Welcome to Transformation and Innovation 2007 The Business Transformation Conference Ben Moreland Director, Foundation Services The Hartford

Dr Mohamad Afshar

Sr. Director, Product Management

Oracle Corporation

SessionTitle:

Keys to Successful Governance with SOA

<Insert Picture Here> “ Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT.” Peter Weill Professor, MIT

Establish chains of responsibility authority and communication to empower people (decision rights) And establish measurement and policy control mechanisms to enable people to carry out their roles and responsibilities Governance is about getting people to do the right thing at the right time in the right way leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives IT Governance Institute Delivery of value to the business and mitigation of risk: mitigation through accountability in the enterprise; driven by strategic alignment Organizational structures and processes that ensure organizations IT sustains and extends the organizations strategy and objectives Not about making specific IT decisions (management does that), but rather determines which individuals and roles with the company systematically make and contribute to those decisions.

Marks of Good IT Governance With SOA Differentiated Business Strategies Enabled by SOA Business Objectives for Evaluating SOA Investments Executives Engaged and Can Describe Arrangements Stable with Few Changes Year to Year Well-Defined Formal IT Exception Processes Multiple Formal Communications Methods to Engage Business Leaders

Differentiated Business Strategies Enabled by SOA

Business Objectives for Evaluating SOA Investments

Executives Engaged and Can Describe Arrangements

Stable with Few Changes Year to Year

Well-Defined Formal IT Exception Processes

Multiple Formal Communications Methods to Engage Business Leaders

Where Do You Stand? ? SOA by Accident IT Plan Non Existent or Not Aligned with Business Plan IT Reactive to Business Initiatives No SOA Strategy No SOA Roadmap Silos of SOA SOA By Design IT Plans Aligned with Business Plans and Initiatives SOA Strategy that is Communicated Widely Well-Defined Business Benefits Sought from SOA Strategy SOA Roadmap Aligned to Deliver on Business and SOA Strategy

Governance is Key to Delivering on SOA by Design Delivery With Control & Reduced Risk Governance with SOA Business Strategy SOA Strategy SOA Roadmap Business Plan EA Strategy

Constituents of a SOA Roadmap SOA Strategy SOA Roadmap Planning Helps Avoid Duplicated Effort, Realize SOA Benefits Earlier and Support Improved Ability to Deliver Projects to SOA Risk Identification and Mitigation Against them Capability Development to Improve Ability to Deliver on SOA Project Leverage Services Portfolio Maximize Reuse Align with Platform Availability SOA Requires Competence in a Range of Areas Source of Risk How to Lessen Impact Business Services Portfolio Plan Which Services, When Buy-in from Business Leverage Projects to Build Infrastructure SOA Benefits Expected Risk Profile For Projects SOA Requires Capability Planning Prioritized Projects In Project Portfolio

Essence of Governance with SOA Processes (How) Decisions (Who) Policies (What) GOVERNANCE with SOA ADDRESSES What decisions must be made for effective management Who should make those decisions and who has input rights? How will the decisions be formed and enacted

GOVERNANCE with SOA ADDRESSES

What decisions must be made for effective management

Who should make those decisions and who has input rights?

How will the decisions be formed and enacted

Key Leverage Points for SOA Governance | Prevalent View Financial Portfolio People Operations Projects / Service Lifecycle Technology Architecture Service Usage Fees Service Funding Model Projects Applications Platform Funding Business Services Roles & Responsibilities Service Ownership EA Group Service & Process Owners Service Lifecycle Gov Shared Artifacts Capacity Planning Enforce Service Levels Enforce Policies Strategic SOA Platform Shared Foundation Srvcs Enforce Platform Decisions Reference Architectures Architectural Standards Blueprints & Patterns DRIVEN BY EXECUTIVES Information Data Standards Data Quality Data Ownership

Key Leverage Points for SOA Governance | Full Picture Financial Portfolio People Operations Projects Technology Architecture Service Usage Fees Service Funding Model Projects Applications Platform Funding Business Services Roles & Responsibilities Service Ownership EA Group Service & Process Owners Service Lifecycle Gov Shared Artifacts Capacity Planning Enforce Service Levels Enforce Policies Strategic SOA Platform Shared Foundation Srvcs Enforce Platform Decisions Reference Architectures Architectural Standards Blueprints & Patterns DRIVEN BY EXECUTIVES Information Data Standards Data Quality Data Ownership

Financial SOA may require governance of new policies and procedures around SOA Funding and Chargebacks Distribution of Budget Funding the SOA Journey and Programs Allocation and Funding of SOA Software License, Hardware Based on Priorities SOA Center of Excellence Funding Allocating cost of SMEs Covering costs of outside consulting Defining the Service Usage Fee Model Chargebacks for shared services usage Foundational, architectural services such as Error Handling, Notification, etc. Business Services built by projects such as Customer Lookup, Item Validation, etc. Allocating support costs (operations, enhancement, bug fix) of shared services

SOA may require governance of new policies and procedures around SOA Funding and Chargebacks

Distribution of Budget

Funding the SOA Journey and Programs

Allocation and Funding of SOA Software License, Hardware

Based on Priorities

SOA Center of Excellence Funding

Allocating cost of SMEs

Covering costs of outside consulting

Defining the Service Usage Fee Model

Chargebacks for shared services usage

Foundational, architectural services such as Error Handling, Notification, etc.

Business Services built by projects such as Customer Lookup, Item Validation, etc.

Allocating support costs (operations, enhancement, bug fix) of shared services

Portfolio Successful SOA Governance requires alignment of the IT Portfolio with the SOA Strategy and Roadmap Application Portfolio Planning Ensure application lifecycles (upgrades, enhancements, maintenance, sunset) are consistent with the SOA Strategy Infrastructure and Technology Portfolio Planning Ensure hardware and software agendas are consistent with the SOA Strategy Project Portfolio Management Create projects to align applications and infrastructure to the milestones and goals of the SOA Roadmap Services Portfolio Planning Business Services Portfolio Foundational/Technical Services Portfolio

Successful SOA Governance requires alignment of the IT Portfolio with the SOA Strategy and Roadmap

Application Portfolio Planning

Ensure application lifecycles (upgrades, enhancements, maintenance, sunset) are consistent with the SOA Strategy

Infrastructure and Technology Portfolio Planning

Ensure hardware and software agendas are consistent with the SOA Strategy

Project Portfolio Management

Create projects to align applications and infrastructure to the milestones and goals of the SOA Roadmap

Services Portfolio Planning

Business Services Portfolio

Foundational/Technical Services Portfolio

People SOA is not only a Technology Shift. Policies governing employees must be included in SOA Governance Clarity Around Roles and Responsibilities Process Ownership – NEW Service Ownership – NEW Architecture Development Approach - NEW Testing Approach Operations Training Enable and Support People Making the Change - Organize around the SOA Vision Knowledge Centers – SOA CoEs Enterprise Architecture Group Cross Project Governance Board Foster Innovation and Creativity Demonstrate Leadership Affirm Executive Buy in and Support Monitor progress Provide Rewards/Incentives

SOA is not only a Technology Shift. Policies governing employees must be included in SOA Governance

Clarity Around Roles and Responsibilities

Process Ownership – NEW

Service Ownership – NEW

Architecture

Development Approach - NEW

Testing Approach

Operations

Training

Enable and Support People Making the Change

- Organize around the SOA Vision

Knowledge Centers – SOA CoEs

Enterprise Architecture Group

Cross Project Governance Board

Foster Innovation and Creativity

Demonstrate Leadership

Affirm Executive Buy in and Support

Monitor progress

Provide Rewards/Incentives

Projects Project Prioritization Align with Strategy/Roadmap Ongoing Service Ownership and Management Consistency in Service Implementation Design, Code Reviews Create, Store, Find Shared Artifacts Utilization Shared Services Service Lifecycle Governance Business Process Lifecycle Governance Policies, processes and decisions must guide the projects designed to deliver on the SOA Vision

Project Prioritization

Align with Strategy/Roadmap

Ongoing Service Ownership and Management

Consistency in Service Implementation

Design, Code Reviews

Create, Store, Find Shared Artifacts

Utilization Shared Services

Service Lifecycle Governance

Business Process Lifecycle Governance

Service Lifecycle Service Identification and Design Services Identification Framework Service Interface Design Approving a Service Service Development Consistency in Service Implementation Building for Reuse Service Deployment Publishing a Service Service Operations Policies Relating to Services - Security Service Change Requests Service Versioning Service Retirement/Sunset Proper Service Lifecycle Governance is a critical component of SOA success. Without this, you may have services and SOA technology, but you will not realize benefits of an enterprise Service Oriented Architecture

Service Identification and Design

Services Identification Framework

Service Interface Design

Approving a Service

Service Development

Consistency in Service Implementation

Building for Reuse

Service Deployment

Publishing a Service

Service Operations

Policies Relating to Services - Security

Service Change Requests

Service Versioning

Service Retirement/Sunset

Architecture Standards Compliance WSDLs WS-I Compliance Architecture Assessments Review & Change Processes Reference Architecture(s) Guidelines Service Interface Design What to Repeat (patterns) What to Share (reuse) Blueprints Multi-Channel Patterns Data Integration Architecture Documents Goals, Use Cases, Views, Standards SOA Architecture provides the foundation to ensure consistent, shareable services

Standards Compliance

WSDLs WS-I Compliance

Architecture Assessments

Review & Change Processes

Reference Architecture(s)

Guidelines

Service Interface Design

What to Repeat (patterns)

What to Share (reuse)

Blueprints

Multi-Channel

Patterns

Data Integration

Architecture Documents

Goals, Use Cases, Views, Standards

Technology Select technical technical solutions that adhere to industry standards Platforms and Infrastructures should Evolve Aligned with Service Portfolio Plan and SOA Roadmap Build Consensus to Migrate to an SOA Platform Enforce Platform Decision Across IT Teams Manage Timing and Implementation of SOA Platform Enhancements Design and Build Shared Foundation Services as Part of SOA Infrastructure Technology must be identified, sourced and managed like any other component of SOA - It is not a one-time “fire-and-forget” decision

Select technical technical solutions that adhere to industry standards

Platforms and Infrastructures should Evolve

Aligned with Service Portfolio Plan and SOA Roadmap

Build Consensus to Migrate to an SOA Platform

Enforce Platform Decision Across IT Teams

Manage Timing and Implementation of SOA Platform Enhancements

Design and Build Shared Foundation Services as Part of SOA Infrastructure

Operations Develop an Operational Model for Services Formalize Capacity Monitoring and Planning Control Service Execution Define/Enforce Service Levels Define/Enforce Runtime Policies (Security, Access, Logging, Billing) SOA Infrastructure Monitoring and Management Polices for Review and Handling of Exceptions and Violations Operations of an SOA could be different than standard IT operations. Changes to existing, or even new policies may be needed to govern Operations for a SOA

Develop an Operational Model for Services

Formalize Capacity Monitoring and Planning

Control Service Execution

Define/Enforce Service Levels

Define/Enforce Runtime Policies (Security, Access, Logging, Billing)

SOA Infrastructure Monitoring and Management

Polices for Review and Handling of Exceptions and Violations

Information Establish Data Ownership and Stewardship Model: Define Roles & Responsibilities for Data Consumers and Produces Set Data Standards Build a Data Services Architecture Mandate Data Access: Schemas for Exchanging Core Enterprise Data Services as Single Sources of Truth Key Enterprise Entities Policies for Access Control Policies for Resolving Data Conflicts to Improve Data Quality Policies for Ensuring Quality of Service Performance Tuning of Data Services for Multiple Application Scenarios Unless data quality and interoperability issues are addressed, SOA apps will rest on top of a very weak foundation.

Establish Data Ownership and Stewardship Model:

Define Roles & Responsibilities for Data Consumers and Produces

Set Data Standards

Build a Data Services Architecture

Mandate Data Access:

Schemas for Exchanging Core Enterprise Data

Services as Single Sources of Truth Key Enterprise Entities

Policies for Access Control

Policies for Resolving Data Conflicts to Improve Data Quality

Policies for Ensuring Quality of Service

Performance Tuning of Data Services for Multiple Application Scenarios

6 Steps to Successful SOA Governance 6 1. Define Goals and Strategies 3. Define Metrics 5. Analyze and Improve Existing Processes 4. Put Governance Mechanisms in Place 2. Define Standards, Policies, Procedures Around Financial, Portfolio, Project, Service, etc These 6 steps allow a company to incrementally develop and mature their overall SOA and thus business goals 6. Refine and Go to the Next Level of SOA Maturity

Goals & Strategies Business and IT Goals SOA Strategy Existing Capabilities SOA Roadmap Journey Management 1

Business and IT Goals

SOA Strategy

Existing Capabilities

SOA Roadmap

Journey Management

Create Standards, Policies & Processes Communicate 2 Policies Create Manage Issues: Decision Rights Input Rights Exception Management Executives Developers Architects Administrators IT Managers Business Analysts Feedback & Monitor Enterprise Architects Governance Board

Communicate

Issues:

Decision Rights

Input Rights

Exception Management

Define Metrics for Success Why Measure ? Ensure Business Goals Deliver SOA Strategy What to Measure ? standards, compliance, # of projects adhering to processes, # of reference architectures, usability of reference architectures, # of exceptions, # of services created, # of reusable services, service reuse metrics, etc How to Measure ? What can be automated? What can be easily captured? 3

Why Measure ?

Ensure Business Goals

Deliver SOA Strategy

What to Measure ?

standards, compliance, # of projects adhering to processes, # of reference architectures, usability of reference architectures, # of exceptions, # of services created, # of reusable services, service reuse metrics, etc

How to Measure ?

What can be automated?

What can be easily captured?

Put Governance Mechanisms in Place 1. Decision, Policies, Processes 4 Blueprints & Patterns Financial Portfolio People Operations Projects Technology Architecture Service Usage Fees Service Funding Model Projects Applications Platform Funding Business Services Roles & Responsibilities Service Ownership EA Group Service & Process Owners Service Lifecycle Gov Shared Artifacts Capacity Planning Enforce Service Levels Enforce Policies Strategic SOA Platform Shared Foundation Srvcs Enforce Platform Decisions Reference Architectures Architectural Standards DRIVEN BY EXECUTIVES Information Data Standards Data Quality Data Ownership

Put Governance Mechanisms in Place 2. Mechanisms Vision for Governance Endorsed by Executives Force Behavioral Change Ensure Participation of Appropriate People Awareness Communication & Collaboration Center of Excellence Roles and Responsibilities Financial, Portfolio, People, Architecture, Projects, Technology, etc Education Strategies Processes (Automated) Capture and Report on Metrics Administration, Monitoring and Enforcement Exceptions Handling Mechanisms Upward Communication when Policies are not followed 4

Vision for Governance Endorsed by Executives

Force Behavioral Change

Ensure Participation of Appropriate People

Awareness

Communication & Collaboration

Center of Excellence

Roles and Responsibilities

Financial, Portfolio, People, Architecture, Projects, Technology, etc

Education Strategies

Processes (Automated)

Capture and Report on Metrics

Administration, Monitoring and Enforcement

Exceptions Handling Mechanisms

Upward Communication when Policies are not followed

<Insert Picture Here> “ It is an overkill to apply formal discipline and governance to small SOAs (consisting of 50 or fewer services).” Paolo Malinvero VP, Gartner

Analyze and Improve Metrics on Governance Process Itself Metrics on Progress of Goals and Roadmap How Often are People Going off the Path? Do they Tell us When they do? Do we need to change restrictive policies? Do we need to have stricter enforcement? What do you do with the Information? Make Decisions Create Feedback Loop 5

Metrics on Governance Process Itself

Metrics on Progress of Goals and Roadmap

How Often are People Going off the Path?

Do they Tell us When they do?

Do we need to change restrictive policies?

Do we need to have stricter enforcement?

What do you do with the Information?

Make Decisions

Create Feedback Loop

Refine and Go to the Next Maturity Level SOA Strategies, Goals, Objectives Met for this SOA Maturity Level level Refine SOA Strategies, Goals, Objectives for Current Maturity Level Create New SOA Strategies, Goals, Objectives for next SOA Maturity Level 6

SOA Strategies, Goals, Objectives Met for this SOA Maturity Level level

Refine SOA Strategies, Goals, Objectives for Current Maturity Level

Create New SOA Strategies, Goals, Objectives for next SOA Maturity Level

The Hartford Financial Services Group, Inc. Founded in 1810 One of the largest investment and insurance companies in the United States. Fortune 100 company 30,000 employees Two Companies: Hartford P&C – Auto, Home, Business insurance Hartford Life – investment plans, Life insurance, Group benefits

Founded in 1810

One of the largest investment and insurance companies in the United States.

Fortune 100 company

30,000 employees

Two Companies:

Hartford P&C – Auto, Home, Business insurance

Hartford Life – investment plans, Life insurance, Group benefits

Step 1: Goals & Strategies – Level 1 Business Goals Reduce TCO Speed To Market Ease of Doing Business SOA Roadmap Project-based (WSM & UDDI Registry selected) Governance “Do No Harm”

Business Goals

Reduce TCO

Speed To Market

Ease of Doing Business

SOA Roadmap

Project-based (WSM & UDDI Registry selected)

Governance

“Do No Harm”

Step 2: Create Standards, Policies & Processes – Level 1 Standards - SOAP 1.1, XML 1.0, UDDI 2.0, WSDL 1.1 First SOA initiatives were project-based  SOA governance was at the project (LOB) level Governance processes created to assess projects against Reference Architecture (Application) Aligned LOB architects and project scoring Created IT Roadmaps and Blueprints PCAC formed

Standards

- SOAP 1.1, XML 1.0, UDDI 2.0, WSDL 1.1

First SOA initiatives were project-based  SOA governance was at the project (LOB) level

Governance processes created to assess projects against Reference Architecture (Application)

Aligned LOB architects and project scoring

Created IT Roadmaps and Blueprints

PCAC formed

Step 3: Define Metrics – Level 1 At SOA MM level 1, The Hartford didn’t have any explicit metrics other than project-based metrics Discussions around SOA metrics began No reusability at this point

At SOA MM level 1, The Hartford didn’t have any explicit metrics other than project-based metrics

Discussions around SOA metrics began

No reusability at this point

Step 4: Put Governance Mechanisms in Place – Level 1 PCAC put in place to score all projects against Reference Architecture primarily and LOB Roadmap and Blueprint if they existed Scoring was a learning exercise at level 1 Assessment process being defined

PCAC put in place to score all projects against Reference Architecture primarily and LOB Roadmap and Blueprint if they existed

Scoring was a learning exercise at level 1

Assessment process being defined

Step 5: Analyze and Improve – Level 1 Analyzed where we were against business goals Findings: Architecture standards applied inconsistently across LOBs Projects going forward that were not moving the overall architecture in the right direction. Initial services deployed showed promise of re-usability with the one LOB Are you moving forward or closer to your goals? The eB&T organization decided: Centralize the enterprise architects and SOA practice (Foundation Services group) Begin to push back on negatively scored projects Continue with the SOA initiatives (still project based) due to early success (primarily insight into SEMCI application)

Analyzed where we were against business goals

Findings:

Architecture standards applied inconsistently across LOBs

Projects going forward that were not moving the overall architecture in the right direction.

Initial services deployed showed promise of re-usability with the one LOB

Are you moving forward or closer to your goals?

The eB&T organization decided:

Centralize the enterprise architects and SOA practice (Foundation Services group)

Begin to push back on negatively scored projects

Continue with the SOA initiatives (still project based) due to early success (primarily insight into SEMCI application)

Step 1: Goals & Strategies – Level 2 Business Goals (same): Reduce TCO Speed To Market Ease of Doing Business SOA Roadmap Project-based (WS-addressing, WS-Security, Central EA organization) Align LOB project decisions with architecture recommendations Governance Score projects to influence business decisions Track all projects assessed and not assessed Track all projects with and without “architects”

Business Goals (same):

Reduce TCO

Speed To Market

Ease of Doing Business

SOA Roadmap

Project-based (WS-addressing, WS-Security, Central EA organization)

Align LOB project decisions with architecture recommendations

Governance

Score projects to influence business decisions

Track all projects assessed and not assessed

Track all projects with and without “architects”

Step 2: Create Standards, Policies & Processes – Level 2 Standards (added) - WS-Addressing, WS-Security, Reference Architecture 2.0 Governance processes improved to assess projects against the Reference Architecture (SOA based) based on CIOs feedback Project assessments more mature Enterprise Architecture group formed under CTO (also new) SOA governance through EA Foundation Services group, but still project-based

Standards (added)

- WS-Addressing, WS-Security, Reference Architecture 2.0

Governance processes improved to assess projects against the Reference Architecture (SOA based) based on CIOs feedback

Project assessments more mature

Enterprise Architecture group formed under CTO (also new)

SOA governance through EA Foundation Services group, but still project-based

Step 3: Define Metrics – Level 2 # of services (course-grained vs fine-grained) Service Sharability, Component Reusability # of projects assessed and not assessed # of projects with assigned “architects” and without architects Cost savings on projects based on architecture assessment and re-use

# of services (course-grained vs fine-grained)

Service Sharability, Component Reusability

# of projects assessed and not assessed

# of projects with assigned “architects” and without architects

Cost savings on projects based on architecture assessment and re-use

Step 4: Put Governance Mechanisms in Place – Level 2 Central EA organization (ASC) for IT Governance Projects scored and evaluated to “+”, “0”, “-” Projects assessed as short term adequate, near-long term adequate and long term adequate CIOs agree to “tax” if negatively scored project pushed through to delivery SAD course developed and delivered to all architects Service Policies - WS-Addressing and “contract ID” required for all services

Central EA organization (ASC) for IT Governance

Projects scored and evaluated to “+”, “0”, “-”

Projects assessed as short term adequate, near-long term adequate and long term adequate

CIOs agree to “tax” if negatively scored project pushed through to delivery

SAD course developed and delivered to all architects

Service Policies

- WS-Addressing and “contract ID” required for all services

Step 5: Analyze and Improve – Level 2 Analyzed where we were against business goals. Findings: Architecture standards applied consistently across LOBs Some projects still being pushed forward with negative scores, but now high level discussions and justification at executive level Reusability in certain LOBs very high, others low Still not addressing “Ease of doing business” TCO lowered through SOA efficiencies in maintenance Are you moving forward or closer to your goals? The eB&T organization decided: 5 year business & IT roadmap developed Foundational projects Need better metrics

Analyzed where we were against business goals.

Findings:

Architecture standards applied consistently across LOBs

Some projects still being pushed forward with negative scores, but now high level discussions and justification at executive level

Reusability in certain LOBs very high, others low

Still not addressing “Ease of doing business”

TCO lowered through SOA efficiencies in maintenance

Are you moving forward or closer to your goals?

The eB&T organization decided:

5 year business & IT roadmap developed

Foundational projects

Need better metrics

SOA Governance - Level 3 Portfolio transformation program identifying high value business services Standards committee and Services committee formed to formalize standards maturity and P&C SOA policies and procedures Service criteria and processes defined Large number of new metrics with constant feedback from CIOs No projects may be considered without EA involvement Need SOA Governance automation to scale

Portfolio transformation program identifying high value business services

Standards committee and Services committee formed to formalize standards maturity and P&C SOA policies and procedures

Service criteria and processes defined

Large number of new metrics with constant feedback from CIOs

No projects may be considered without EA involvement

Need SOA Governance automation to scale

Summary Increasing SOA Maturity Only Achievable through SOA Governance SOA Governance Requires More than Technology Build on Existing IT Governance Mechanisms Executive Buy-In Vital to Catalyze Change Required for SOA Complexity of SOA Governance Proportional to Company Size

Increasing SOA Maturity Only Achievable through SOA Governance

SOA Governance Requires More than Technology

Build on Existing IT Governance Mechanisms

Executive Buy-In Vital to Catalyze Change Required for SOA

Complexity of SOA Governance Proportional to Company Size

Thank You Dr Mohamad Afshar Sr. Director, Product Management Oracle Corporation Contact Information: Mohamad . afshar @oracle.com Benjamin.Moreland@ theHartford .com Ben Moreland Director, Foundation Services The Hartford