SOA Best Practices - SOA Governance Summit

738 views
650 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
738
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
81
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Presentation Title Date Author
  • Presentation Title Date Author
  • Presentation Title Date Author Title of presentation But how has interested evolved in the 5+ years that we’ve talking about SOA? If you take a look at Gartner’s research in 2002 and compare it with the kinds of issues they’re addressing today, the earlier reports were strongly geared towards explaining the concept of SOA. Clearly, the big need at that time was basic education about SOA and about the theoretical applications and benefits of SOA. And to some, extent SOA was treated as a technical issue and software-engineering topic, rather than as a broader IT strategy. If you contrast that with the reports that Gartner is writing these days, we see that the interest in SOA has moved to an applied level. Now, it’s much more about the practical reality of implementing SOA and considerations that go beyond SOA as simply a concept – for example, methodology, best practices, management of an SOA environment, quality assurance, and making reuse happen.
  • Presentation Title Date Author Security = Single Sign-On session cookies, Kerberos tickets, Security Assertion Markup Language (SAML) assertions, and PKI.
  • Presentation Title Date Author
  • Presentation Title Date Author
  • Presentation Title Date Author Thought here is to underscore the problem – building the spaghetti
  • Presentation Title Date Author
  • Presentation Title Date Author
  • Presentation Title Date Author
  • Presentation Title Date Author As a second step we need to define what services need to be delivered from IT to enable this process. These services (we call them business services) should be reusabel. For example a service for customer information could be used by the call center as well as management or sales in different processes. Depending on the type of the request and the person and process it came from, the service might have to get the information from different systems or it might have to add, update or delete customer data. So we need intelligent services and this kind of intelligence that makes services reusable for different business tasks can be implemented with an Enterprise Service Bus. Finally we need to assure, that all the systems that can be accessed by the business services (ESB) so it might be necessary to open and enable existing legacy applications as they often deliver high value to the business processes. This is where we use standard technologies like web services to make these applications accessible for the SOA.
  • Presentation Title Date Author Presentation Title Date Author
  • Presentation Title Date Author Title of presentation
  • Presentation Title Date Author
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • The Service Lifecycle provides a full lifecycle view of the Service Oriented Process (SOP). Again it illustrates the need to communicate and share information in two dimensions: Across the lifecycle – between participants in provisioning or consumption. There is a need to ensure there is a consistent view of the Service between lifecycle stages. For example, is the deployed Service consistent with the analysis specification or will the Service design meet the SLA obligations? Between participants – The Service Provider and Service Requestor (and other participants such as intermediaries) need to share information at various points in the lifecycle. e.g. the Business Analysts of both Service Provider and Service Consumer exchanging information on a Service requirement. The Service Lifecycle here does not imply any particular workflow across the stages, or imply a top to bottom approach is required. Further Information CBDI Reports: Establishing a Service Lifecycle http://www.cbdiforum.com/secure/interact/2004-01/establishing_service_lifecycle.php Web Services Roadmap Planning - Process Stream http://roadmap.cbdiforum.com/reports/planning/process.php
  • Web Service (e.g. Order entry, get stock quote, update customer record,…) Terms of Delivery: Delivery preferences (Security model, transport, data transformation, messaging,…) Service Level Agreement (Expected peak load, response time, availability,…) Notification arrangements (who to notify in case of problems, notice period for planned outages,…) Consuming Application Consuming Application Class Profile (e.g. Plumtree portal, SAP client,…) Consuming Application (e.g. Employee portal, B2B partner ACME, Company Public Website,…)
  • Designed for Multiple Stakeholders and covers the entire end-to-end lifecycle
  • Presentation Title Date Author
  • SOA Best Practices - SOA Governance Summit

    1. 1. Welcome! Jim Bole Vice President, SOA Solutions Software AG
    2. 2. Agenda Topics Page 9:00 – 10:15 SOA Best Practices Jim Bole - Is SOA Dead? - Target State – The Agile Enterprise - Agility & Business/IT Alignment – Service Domains - Architectural Implications - Infrastructure Requirements - Usage Patterns - Federation Models - Best Practice Take-aways 10:15 – 10:30 Break 10:30 – 12:00 The End Game – PA JNET Frank Caloiaro - Justice-based standards for information exchange - NIEM/JXDM - Security for Justice Networks - Policy-based governance – designtime/runtime/changetime
    3. 3. SOA Has Crossed the Chasm Page 2009 “ SOA War Stories Highlight Need for Disciplined Approach” “ When SOA Breaks, What Then?” “ Quality Assurance Practices Will Drive the Reuse of SOA Services” “ Applied SOA: Transforming Fundamental Principles into Best Practices” “ Key Issues for SOA Governance” “ Agile Processes Enable SOA Success” 2002 “ SOA: A ‘Must Have’” “ SOA is Changing Software” “ Simply Your Business Processes with an SOA Approach” “ SOA Comes of Age via Web Services”
    4. 4. SOA has Crossed the Chasm <ul><li>Which statement best describes the state of your SOA implementation? </li></ul><ul><ul><li>We have no plans to adopt SOA at this time </li></ul></ul><ul><ul><li>We have begun planning for our deployment </li></ul></ul><ul><ul><li>We have successfully implemented SOA-based projects or use SOA principles in our work </li></ul></ul><ul><ul><li>We have implemented an enterprise SOA </li></ul></ul>Page
    5. 5. Why Now: SOA Infrastructure is “Ready for Prime Time” <ul><li>Service enablement is mature and prolific </li></ul><ul><ul><li>Sources include SAAS, pre-packaged software, enablement tools </li></ul></ul><ul><ul><li>You are “service-enabled”, you just may not know it….. </li></ul></ul><ul><li>Security has been vetted and leverages existing models </li></ul><ul><li>Intermediary patterns well-supported by a variety of solutions </li></ul><ul><ul><li>Enterprise Service Bus offerings </li></ul></ul><ul><ul><li>Service Management products </li></ul></ul><ul><ul><li>XML Appliances </li></ul></ul><ul><li>Registry/Repository offerings are enterprise-class </li></ul><ul><li>Governance comes to the forefront…. </li></ul>Page
    6. 6. Top Drivers for SOA Page Support BPM Initiatives Simplify Integration Improve Business Agility And Adaptability
    7. 7. Governance is Recognized as a Key Enabler <ul><li>How important is governance to SOA strategy? </li></ul><ul><ul><li>Critical </li></ul></ul><ul><ul><li>Moderate </li></ul></ul><ul><ul><li>Minimal </li></ul></ul>SOA Governance Summit | Page
    8. 8. Software AG’s SOA Vision: Enabling the 21 st Century Agile Enterprise
    9. 9. 21 st Century Composition-Driven IT Lifecycle BPM + SOA Basics Seminar | Page Business Requirements Requirement 2 Process Requirements Library of re-usable services, data, processes, rules, docs,… Business Assets Metadata Requirement 1 Business Vision Requirement 3 Order Business Rules Order New Services Development Factory
    10. 10. Your Organization Probably Looks a Little Like This… BPM + SOA Basics Seminar | Page External Users Internal Applications Partners & Suppliers SMTP EDI RPC SOCKETS XXX YYY Flat Files Message Queue SOAP XML FTP POX Packaged Applications Custom Applications Legacy Applications
    11. 11. SOA Governance Summit | Page Why is Enterprise IT such a mess?
    12. 12. Enterprise IT is an Evolved System… <ul><li>Evolution: </li></ul><ul><li>Variation </li></ul><ul><ul><ul><li>Try Things at Random… </li></ul></ul></ul><ul><li>Fitness </li></ul><ul><ul><ul><li>Compete for Selection… </li></ul></ul></ul><ul><li>Conservation </li></ul><ul><ul><ul><li>Throw Nothing Away… </li></ul></ul></ul>SOA Governance Summit | Page
    13. 13. How did we get here? <ul><li>Project Based Funding </li></ul><ul><li>ROI Measured Per-Project </li></ul><ul><li>No incentive to Share </li></ul><ul><li>Silos: Good for me bad for you thinking… </li></ul>SOA Governance Summit | Page
    14. 14. SOA Governance Summit | Page The cure?
    15. 15. The Cure… SOA Governance Summit | Page From this… … to this JBOWS Composition Is SOA just LEGOland for IT people?
    16. 16. SOA Governance Summit | Page The Real Power of SOA
    17. 17. SOA Governance Summit | Page 0% 10% 20% 30% 40% 50% 60% 70% 80% More rapid and flexible IT response to changing business needs Enhanced ability for IT to drive and/or support business innovation Cost savings from more efficient delivery of IT Protection of past and future IT investments by delaying obsolescence Improved operational service levels to the business Experienced adopters All respondents Which of the following would you regard as significant business level drivers for investing in SOA? Source: Freeform Dynamics/MWD Survey, May/Jun 2006 (Sample 1332)
    18. 18. SOA Governance Summit | Page
    19. 19. Is this the complete story of SOA? SOA Governance Summit | Page From this… … to this JBOWS Composition This story only reduces the cost and complexity of IT
    20. 20. The SOA-Enabled Enterprise BPM + SOA Basics Seminar | Page Legacy Integration Customer Data Customer Interaction Order History Order Policy Shipment Business Services Customer Information Order Management Order Compensation CRM ERP Customer Data Orders Logistics Composite Apps Business Processes Retrieve Data Verify Details Order Entry Order Review Approve Order Initiate Shipment Order Management
    21. 21. ACH Deposits Checking Savings Money Mkt. CDs Account Mgmt Transactions ??? Branch Phone Internet ATM Rel’ship Mgrs Bank Brand 1 Bank Brand 2 Other Brands Customer View Transfer Fraud Risk CRM Channels Brands Cross- Product Services Product Domains Business Services Products EFT Consumer Lending Account Mgmt Origination Servicing Mortgage Personal Auto HELOC Credit Card Credit Line Commercial Lending Account Mgmt Origination Servicing Capital Lease Credit Line Credit Card ?? Wealth Management Account Mgmt Transactions Servicing Mortgage Insurance Estate Property Mgmt. Custody/ Escrow Trust Securities & Brokerage Account Mgmt Transactions Custody Brokerage Trusts Margin Mutual Funds IRAs 401-k Shared Shared Services Enterprise Platforms Technical Services IMPACS Finesse Branch Teller Weiland ACBS MPLS Transfund Trust Omni FRM Salesforce FED Imaging Content Mgmt Validation Credit Check GL HRIS Human Resources Finance Pricing
    22. 22. Business Infrastructure for SOA SOA Governance Summit | Page
    23. 23. The SOA Tipping Point: Key Success Indicators <ul><li>Target State Defined </li></ul><ul><li>Infrastructure Funding </li></ul><ul><li>ROA and TCO Measured Lifetime </li></ul><ul><li>Value Visibility </li></ul><ul><li>Continuous Process Improvement </li></ul><ul><li>Innovation without the hangover </li></ul>SOA Governance Summit | Page
    24. 24. SOA Adoption Challenges <ul><li>Heterogeneity </li></ul><ul><li>Security </li></ul><ul><li>Interoperability </li></ul><ul><li>Hoarding </li></ul><ul><li>Lack of Trust </li></ul><ul><li>Externally Imposed Rules </li></ul><ul><li>Loss of Control </li></ul><ul><li>Assigning Blame </li></ul><ul><li>“ Ownership” </li></ul><ul><li>Distribution of Burden </li></ul><ul><li>Distribution of Incentives </li></ul>Page
    25. 25. SOA Strategy Engagement Page <ul><li>Key Elements </li></ul><ul><ul><li>Maturity Assessment </li></ul></ul><ul><ul><li>SOA Success Factors – KPIs and Gates </li></ul></ul><ul><ul><li>Roadmapping and Adoption Planning </li></ul></ul><ul><ul><li>Governance Models </li></ul></ul><ul><ul><li>Organizational Impact and the SOA-CC </li></ul></ul><ul><ul><li>Best Practices and Recommendations </li></ul></ul><ul><ul><li>“ Pragmatic Next Steps with </li></ul></ul><ul><ul><li>measurable adoption milestones” </li></ul></ul>
    26. 26. Core SOA Patterns <ul><li>Consumer Patterns </li></ul><ul><ul><li>Service Discovery Pattern </li></ul></ul><ul><ul><li>The Service Consumption Pattern </li></ul></ul><ul><li>Provider Patterns </li></ul><ul><ul><li>Service Registration Pattern </li></ul></ul><ul><ul><li>The Service Provider Pattern </li></ul></ul><ul><li>Governance Patterns </li></ul><ul><ul><li>The Management (run time) Pattern </li></ul></ul><ul><ul><li>The Validation (design time) Pattern </li></ul></ul>
    27. 27. Consumer Pattern: Service Discovery Service Consumer
    28. 28. Consumer Pattern: Service Discovery Service Consumer Registry Lookup Request
    29. 29. Consumer Pattern: Service Discovery Service Provider Service Consumer Service Registry Discovery
    30. 30. Consumer Pattern: Consumption Service Provider Service Consuming Application Service Request
    31. 31. Consumer Pattern: Consumption Service Provider Service Consuming Application Service Request Service Response
    32. 32. Provider Pattern: Service Registration Service Provider Service Registry Registration Request
    33. 33. Provider Pattern: Composite Application “ Composite Service” Service Consuming Application Service Request Service Response Service A Service B Composition can be synchronous or asynchronous
    34. 34. Governance Pattern: Management (Run Time) Service Provider Service Consuming Application Service Request Service Response Broker XML Messages enable “in flight” machine processing
    35. 35. Governance Pattern: Validation (Design Time) Service Provider Registry Repository Registration Request XML Declarations enable “registration time” machine validation Validation
    36. 36. Process Implications – Service Lifecycle != SDLC Service Provisioning Publish Discover Request Version Service Implementation Service Consumption Execute Deploy Solution Implementation Design Certify Analysis
    37. 37. Lifecycle Governance Pattern “ Composite Service” Service Consuming Application Service Request Service Response Service A Service B Lifecycle Governance encompasses Design Time Validation, Run Time Management and Change Time Broker Governance Registry Console
    38. 38. CentraSite™ Covers End-to-End Lifecycle Governance Design Time Run Time Change Time Developer Business User Architect Service Consumer IT Operations Admin CentraSite™ enables Collaboration and Trust between Stakeholders SOA System of Record
    39. 39. SOA Federation Patterns – Sharing Scopes Policy Registry Promotion Development Testing Production Policy Registry Replication Policy Policy Policy Registry Aggregation Policy Policy Registry Syndication
    40. 40. Best Practice Recommendations – The Soft Issues <ul><li>Governance from Day 1. Align with existing processes and ensure quality of service content. </li></ul><ul><li>Establish service management roles beyond “author”. Formalize these new roles. Multiple roles per person is typical. </li></ul><ul><li>Services as “Products”. Instill a product management approach and culture. </li></ul><ul><li>Leverage existing processes to the hilt vs. creating new processes if possible. </li></ul><ul><li>Don’t over-govern. Start with advisory policies and tighten later. </li></ul><ul><li>Visible executive sponsorship is essential to the success of an SOA initiative. This is more than a technology project. </li></ul><ul><li>Solicit cross-functional participation when appropriate. </li></ul><ul><li>Revisit Funding and Incentive models. </li></ul>
    41. 41. Target State – Best Practice Recommendations - Design-time <ul><li>Use of canonicals is becoming a strong indicator of SOA success. Should be introduced incrementally, but business service contracts should ideally utilize them from the start. </li></ul><ul><li>Augment current EA review procedures with service aspects. </li></ul><ul><li>Design your governance model up-front, even before tooling exists. Ensure that service definitions are complete and high quality metadata exists. </li></ul><ul><li>Create templates for Service Design Specifications. These should focus on sound interface/contract design, not implementation. </li></ul><ul><li>Define standards for namespaces and service naming. Make sure to allow “room” in namespaces for hierarchical extensions. Don’t use organization names in names/namespaces – they will change at the worst time. </li></ul><ul><li>Start with approval-based governance initially – augmenting design reviews. Learn from this an automate later. </li></ul>
    42. 42. Target State – Best Practice Recommendations - Runtime <ul><li>Establish mediation as part of the architecture asap. Not doing so will require substantial headaches and rework later. </li></ul><ul><li>Design a security model that is policy-driven and enforced. Eliminate authentication in the provider service and migrate to mediator when available. </li></ul><ul><li>Establish SDM-wide SLAs, monitoring best practices. </li></ul><ul><li>Implement contracts to allow preferencing of consumer/provider relationships. </li></ul><ul><li>Consider use of XML appliances for later phases and Inter-department SOA. </li></ul>
    43. 43. Target State – Best Practice Recommendations - Changetime <ul><li>Tackle consumer onboarding process now, implement manually until registry/repository is available. This will ensure you know what apps are consuming what services. </li></ul><ul><li>Create templates for Service Requests and Service Access Requests. Maintain these artifacts along with the registry/repository. </li></ul><ul><li>Establish service provision process/policies in conjunction with CCB activities today. </li></ul><ul><li>Defer version management and offboarding processes to later phases. </li></ul>
    44. 44. The End Game Full Justice Integration – PA JNET Frank Caloiaro - DTC

    ×