The CentraSite Community:
Fast-tracking SOA Governance using best-of-breed solutions
VP Ecosystem Development, Software AG
Director CentraSite Community, Software AG
A modular and integrated
approach delivering real-world
answers to SOA complexities.
this white paper is part of a collection of documents about SOA Governance
provided by Software AG. it highlights the complexity in creating an SOA,
the reasons for this and some of the best practices to help you begin
governing your SOA. the major focus of this particular white paper is on the
technology tools that can help support your SOA Governance initiative. in
keeping with many analyst perspectives, it recognizes that no one single
vendor can provide leading-class solutions in every SOA Governance-related
area, such as Enterprise Architecture, SOA testing and SOA management.
What should be at the heart of your governance tools is a central registry/
repository that can store details of all services, their lifecycle stage and all
interdependencies to assess the full impact of this upon other related
services can be known.
the registry/repository needs to be open, open in the sense that it can
integrate with complementary areas of SOA to provide end-to-end lifecycle
governance, from initial modeling of business processes, to building in
quality at every stage of a service through to understanding how a service
is performing once deployed.
this white paper illustrates how real-world answers to SOA complexities
can be achieved with integrated best-of-breed solutions using CentraSite,
the market leading registry/repository. Details of real-world integrations
are provided, this includes the numerous benefits achievable when using
an open standards-based approach.
unlike most white papers, this will be updated periodically with additional
integration examples as well as introductions and discussions of other areas
related to SOA Governance.
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 2
SOA AnD SOA GOVErnAnCE
Going beyond the hype 4
Open, flexible and scalable 7
intrODuCinG thE CEntrASitE COmmunity 9
EntErPriSE ArChitECturE 10
SOA tEStinG 14
SOA mAnAGEmEnt 17
Progress Actional 19
FurthEr rEADinG 21
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 3
SOA AnD SOA GOVErnAnCE:
GOinG BEyOnD thE hyPE Service-oriented architecture (SOA)
aims to deliver business agility by
using services (small ad-hoc modules)
that can be quickly built, assembled
Despite millions of web references for Service-oriented Architecture (SOA), over a and employed to meet dynamic business
decade in existence and the fact that more than two-thirds of enterprises today needs. An SOA is supported by an IT
are “using or planning to use it,” there isn’t one commonly accepted definition for infrastructure, development methods,
SOA. SOA Governance is a related term that shares a similar lack of a singular organizational processes and integra-
definition. in spite of the confusion one thing is clear: SOA and SOA Governance tion capabilities all geared towards
are rather complex topics. loosely coupled services. An SOA is
kind of a giant LEGO set; the blocks are
Our purpose here centers on bringing clarity to SOA, SOA Governance and some different sizes, shapes and colors; they
related subjects, as well as to show how a modular and integrated approach can are combined in a predictable and
help manage SOA complexities and fast-track business agility. uniform way; yet they are completely
flexible, so you can quickly create
To cut through some of the technical now we want to promote not just reuse, many different things again and again.
jargon surrounding SOA and SOA Gover- but reuse enterprise-wide; yet obtaining Just as LEGO can create buildings, cars,
nance, we begin our discussion using a enterprise-wide agreement can be a people and even art, an SOA can
business-level abstraction of both: in the challenge. reuse and adapt existing technologies
larger sense an SOA is about realizing to meet organizational demands.
business agility and SOA Governance facili- New expectations of visibility and inter-
SOA Governance is the art of ensuring
tates this by enabling the acceleration of operability are running up against familiar that the enterprise is creating the right
business change in a controlled manner. territory: complex infrastructures, a business LEGO blocks, combining them in the
playing field that is under constant change right ways and doing it consistently
Interestingly enough SOA, in contrast to and enterprise divisions that may not across the enterprise to effectively
previous IT technology paradigms, has the want to collaborate. Plus the challenges of realize the business objectives. Early
attention of both “ends” of the enterprise delivering information are still far different application of SOA Governance lays
– business and IT. However despite this than the challenges of using it to drive the foundation for success of the SOA
interest and time in existence, only about business competitiveness. initiative.
one-third of the SOA adopters to-date
have actually realized ROI from their SOA
Figure 1: interdependence Creates Complexity
efforts, according to a recent survey¹.
Customers hr Finance logistics Partners
So if the promise of SOA is business agility,
but the present reality (for many) is a
small pilot project, just a handful of
services in production or a mythical ROI –
one wonders – what makes this paradigm Manual
shift any different than the ones that Redundant
came before it?
The reality is that there is no “one-size-
fits-all” Enterprise SOA solution; imple- mainframe Crm third-party ErP manual
menting SOA is not so easy. While SOA
raises expectations and possibilities, it also
increases interdependencies and organiza-
tional complexities (Figure 1). For example,
¹ “Best Practices for SOA Governance” User Survey, Software AG, May 2008
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 4
Figure 2: Governance reference Framework Beyond getting an SOA initiative off to a
good start though, SOA Governance is
essential to achieving SOA’s potential for
long-term success. This is because SOA
Governance encompasses all SOA activities
OrGAnizAtiOnAl nOrmS throughout the lifecycle, from the initial
ElEmEntS ¬ policies definition through creation and execution.
¬ procedures Using a structured approach helps implement
SOA ¬ processes SOA Governance effectively across the
ASSEtS enterprise. The Governance Reference
Framework² (Figure 2) classifies the
recommended elements for effective
implementation of SOA Governance and
management of SOA Assets into three groups:
¬ Organizational elements relate to
people; what roles and structures are
needed to define, enforce and monitor
SOA governance policies.
¬ norms relate to policies, procedures and
Yet despite the complexities and constant provides measurements for compliance
processes; what standards are needed to
change, some organizations have been and success. SOA Governance helps
govern the activities surrounding SOA.
able to transform their information silos ensure that SOA meets the organizational
¬ technology relates to the tools; techno-
into the holy grail of “alignment of business drivers, such as measurable ROI,
logies that support SOA Governance to
business and IT.” While no two SOA greater IT and business alignment,
define, enforce and monitor the norms.
implementations or strategies are exactly real-time business visibility, reduced risks,
alike, companies successful with SOA do improved quality and business & regula-
seem to share some key commonalities; a tory compliance.
foundation for SOA success, if you will.
These range from using an SOA road map
10 Dangers of an ungoverned SOA
and starting with SOA Governance early
1. modeling process has no visibility of existing services and the processes
on, to ensuring that the SOA initiative
actively involves the business side and fol-
lows an approach that suits an add-as- 2 Services may be accessed by those not entitled to do so
you-go mentality. 3. no awareness of the impact of changes made to service upon another
Of these, SOA Governance is emerging as 4. Absence of quality assurance processes before a service is deployed
one of the most important to get an SOA
5. lack of holistic view of how it and business are interlinked
initiative off to the right start, deliver
6. Poor understanding of service deployment, consumption or downtime
business value quicker and improve agility.
7. Policy enforcement is manual, unstructured, and sporadic
Implementing SOA without governance
can quickly lead to issues, and ultimately 8. no overall view of existing services means they are recreated again, not
project failure (See 10 Dangers of an reused
Ungoverned SOA). SOA Governance helps 9. Absence of lifecycle management creates version control issues
navigate the complexities introduced with 10. lack of responsibility and ownership regarding service creation and
an “SOA jungle,” provides a holistic enterprise consumption
view, manages business changes and
² Approach to Service-Oriented Architecture (SOA), Deployment Accelerator”, Software AG, October 2007
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 5
The methods that the Governance Refer- customer (to update their information), SLA or enforce a policy if the information
ence Framework provides to measure and finance (to validate and track the customer’s is trapped in a spreadsheet?
guide the SOA Governance plan can be bill) and logistics (to ship the customer’s
Using Excel or other unintegrated technologies
adapted to suit the organization’s needs. order.) In each case there may be different
limits the enterprise’s ability to grow and
In addition, it helps an enterprise transition policies surrounding the use of that service.
adapt their SOA, plus these fail to provide
and fine-tune its organizational structure Tools are an essential part of these processes,
a holistic enterprise SOA view. Rather it is
for more effective SOA Governance. This without them an organization cannot
better to start off with a small set of flexible
can be, for example, by establishing an SOA manage and govern their SOA.
tools specifically designed for the purpose
Competency Center (Figure 3) to gain the
Many companies start off their SOA initia- of SOA, and add on as the organization’s
needed skills for SOA within the organization.
tives with the “management by Excel” needs change. That way the organization
approach. They list their small but growing has tools that facilitate the natural evolution
leading analysts confirm that no catalog of services in an Excel spreadsheet, of SOA; a “think big, start small” approach.
single solution or technology will a virtual registry or “yellow pages”. However
be able to meet the diverse SOA this approach is quite inadequate for the lOnG-tErm SOA FlExiBility
Governance requirements. Flexible, modular SOA and SOA Governance
complex, dynamic nature of an SOA.
Enterprises will need the support tools have the biggest organizational impact.
of a good SOA ecosystem, built
ExCEl iS yEt AnOthEr SilO With them you can grow and adapt SOA as
from multiple vendors with a regis-
Besides the obvious downside of yet another the organizational needs change over time.
try that unifies them.
manually maintained spreadsheet, Excel is Modular and automated toolsets allow you
not interconnected with the systems that to rapidly implement a customized, best-of-
are used to develop, deploy and run elements breed SOA Governance solution; this in turn
The Governance Reference Framework
related to SOA. As services move through promotes business agility, collaboration
also provides a set or catalog of norms
the lifecycle, at each step of the process and reuse. Interoperability, best practices
that a company can use to jump-start its
the Excel sheet would need to be updated; and open standards-based plug-in architec-
SOA Governance initiative. These norms
and as services are being consumed, what tures combine for a long term approach
help guide how the SOA actors perform
then? How can an organization ever hope that helps maintain SOA flexibility.
their activities to best serve the needs of
to measure if a service met the defined
the company. Technology is the third
fundamental element; these are the tools
that facilitate effective SOA Governance. Figure 3:
The right tools allow you to plan, design, SOA Competency Center™ Discovery Phase
manage and govern SOA infrastructures
helping you design and
that support the enterprise’s objectives
implement your SOA
across all aspects of the SOA lifecycle. Optimization Assessment
tOOlS CAn hElP CrOSS
thE rOi linE Soa
In fact, the choice of SOA Governance tools MeThodology
and when an organization implements them measure-
can often mean the difference between ment
success and failure of the SOA initiative. Phase
An SOA is by nature complex, often crossing Execution
multiple departments, external groups,
customers and partners. Just one service
that delivers customer information, for
example, could be consumed by the
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 6
OPEn, FlExiBlE AnD SCAlABlE Validation, WS-I Compliance Check, WSDL
Validation, Asset Certification and Approval
Workflow; as well as Runtime Policies,
such as WS-Security, Monitoring & Alerts,
Effective SOA Governance starts with a central registry/repository to act as a Routing and SLAs.
“collaboration hub” for all SOA-related efforts – a view which has long been
The flexibility and openness of the CentraSite
supported by leading analysts. An SOA registry/repository facilitates coordination
design ensures that business and SOA
because it provides enterprise-wide visibility. For example, users can find all
objectives will continue to be met over
available services plus those under development or in planning phases.
the long-term. CentraSite employs an open
standards-based plug-in architecture
This visibility is not limited to services foundation for enterprise SOA Governance
(Figure 4, page 8) that enables a modular
either; all artifacts related to an SOA can initiatives because it:
and best-of-breed SOA Governance
be centrally stored and accessed, no matter ¬ Brings structure, scale and speed to SOA
approach. Enterprises seeking to improve
whether they are related to planning, initiatives
business agility using SOA Governance are
design, development or runtime. This ¬ Guides reuse, automates SOA processes
no longer required to:
promotes reliable communication and and simplifies complexities & interdepen-
¬ Replace proven tools
interoperability among diverse users and dencies
¬ Use a single vendor’s product stack
applications, especially enterprise-wide ¬ Enables enterprise SOA Governance with
and on a global-level. A central registry/ easy-to-use and automated end-to-end
¬ Have their governance processes
repository drives not only reuse but also lifecycle management
mandated by a certain vendor’s
provides the ability to efficiently govern
CentraSite is pre-loaded with best practice implementation of governance
across the entire lifecycle.
policies to accelerate SOA adoption and ¬ Struggle with manual synchronization
The CentraSite3 registry/ repository is lower project risks, and includes a structured or a lack of interconnection between
recognized by top analysts as the market’s approach and service automation delivered the SOA Governance domains
leading SOA Governance and Lifecycle out of the box. This includes Design &
While there continues to be a lot of
Management platform. CentraSite is the Change Time Policies, such as Metadata
discussion surrounding emerging SOA
standards, SOA standards are not fully
SOA Governance Standards mature yet. CentraSite architecture is based
CentraSite supports commonly-accepted SOA standards such as: on an open-standards approach and
¬ JAxr l0 and l1: Java APi for xml registries supports the commonly-accepted SOA
¬ uDDi v2 and v3: universal Description, Discovery and integration standards (See SOA Governance Standards).
¬ SOAP 1.1 and 1.2: Simple Object Access Protocol That means that as best practices, techno-
¬ ebxml: Electronic Business using extensible markup language logies and solutions for SOA Governance
¬ WebDAV: Web-based Distributed Authoring and Versioning evolve they can easily be interconnected
¬ WSDl: Web Services Description language and implemented with CentraSite as a
¬ WS-Basic Profile 1.0 and 1.1
flexible, powerful command center.
¬ WS-Policy 1.5 and WS-Policy 1.5 Attachment: Web Services Policy Framework
¬ SnmP v2 and v3: Simple network management Protocol CentraSite provides an easy way to begin
using an SOA registry/repository with the
free of charge CentraSite Community
¬ Data Store Access (xSlt , xPath, xQuery, xQJ, xPDl)
¬ OOtB Eclipse Edition4. Organizations with SOA initiatives,
¬ SOA management (Jmx, WS-Security) consultants, system integrators and software
¬ Federation (lDAP, uDDi, CmDB) companies can start their SOA Governance
¬ repository Artifacts (BPEl 1.1 & 2.0, WSDl, xml Schema, SCA) initiatives with a product that offers UDDI v3
search using predefined metadata models,
CentraSite is is a registered trade name of Software AG and Fujitsu. More about CentraSite on www.softwareag.com/centrasite
Download the Community Edition of CentraSite at www.centrasite.org
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 7
Figure 4: CentraSite Architecture Overview
Eclipse Plugins Web-based ui
Backup ... ...
high lifecycle WS interface Smart
Availability management for import Policies
JAxr uDDi xQuery WebDAV
CentraSite™ Data Store
a JAXR interface to stored instances of arti- Eclipse. The Eclipse Registry Browser the foundation for a wide-range of modu-
facts, WebDAV access to the SOA repository, leverages the basic and advanced search lar tools from a range of different vendors
predefined reporting modules and both a abilities, browses on stored SOA assets to that increase SOA Governance transparency
Web-based interface as well as an Eclipse provide data in the tree/folder view and and control. Since SOA is exceedingly
Registry Browser. provides an analysis on the lineage chain complex to manage and crosses the enter-
of object associations. prise, no one company or vendor can
CentraSite also manages metadata
claim to know it all, nor effectively span
generated from integration software, Web In addition besides the functionality
the SOA Governance space.
Service descriptions, application-specific CentraSite provides to an SOA, its extensi-
data (e.g., XSLT, forms, etc.) and in general bility and standard-based architecture sets
serves as a central store for documents in
native XML and non-XML formats.
CentraSite’s Open Design Facilitates:
WebDAV is used for storing and retrieving
development artifacts in the CentraSite
SOA Challenges & Objectives CentraSite
repository, such as process definitions in
XPDL, models, sequences and more. SOA Lifecycle Management Manages all aspects of the SOA lifecycle
Open standards-based Architecture is based on commonly adopted
An implementation of the Java API for
XML Registries (JAXR) is included, to inter-
act with the CentraSite registry. The CentraSite One source for all SOA data Stores any metadata or SOA artifact
registry / repository can be accessed using
Standard models Provides standard models that are easily
a browser-based interface (CentraSite
Control) or an Eclipse-based interface.
Services and Web Services definitions can Increase reuse & user adoption User-friendly UI shows objects and
be accessed via WebDAV, UDDI, JAXR and relationships allows for easy navigation
the XQuery API for Java (XQJ). and drill-down
Extensibility ¬ Models are easily extensible
The Eclipse Reporting UI allows you to
¬ Can integrate with related tools
define reports, based on predefined and
¬ UI can easily be extended
customized reports. You can visualize the
results with CentraSite Control or by using
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 8
CEntrASitE COmmunity tions with best-of-breed solutions that are
repeatable, transparent and robust. These
Community partnerships result in many
benefits to organizations, irrespective of
the CentraSite Community is an SOA ecosystem comprising software vendors and their stage of SOA adoption. These include:
consultancies whose technologies and methodologies complement and integrate
¬ Pre-packaged integrations that fast-track
with the CentraSite registry/repository to deliver a comprehensive end-to-end
SOA Governance solution, from conceptual modeling through to resulting service
¬ Diverse areas of SOA can be brought
deployment and monitoring.
¬ No rip and replace demands – CentraSite
Since its creation in June 2006 by such as Enterprise Architecture, Enterprise
will integrate with any vendor offering
Software AG and Fujitsu Software, the Governance, Business Rules, Business
(competitive or not) using commonly
CentraSite Community has won awards5 Intelligence, CMDB, SOA Testing and SOA
accepted industry standards
and grown into an ecosystem of over 50 Management.
¬ Broad range of expertise across the SOA
partners in 11+ countries that provide
In the past, many of the integrations landscape
real-world SOA Governance solutions to
bridge the many domains of SOA. between vendors featured a “black box” Vendors who are not yet part of the
approach – they were one-offs, designed Community can easily integrate with
CentraSite Community partners not only for a particular customer requirement with CentraSite, based on the proven standards-
recognize the diverse nature of IT environ- little documentation available. Equally, based approach.
ments, they are committed to developing details of exactly how the integration was
solutions that continue to support long- achieved would remain in the heads of In the following sections we highlight
term SOA strategies. Their complementary the few technical people who built it. some of the major SOA-related sectors,
leading and integrated technologies why they are relevant to SOA Governance,
address needs across the broad spectrum CentraSite Community partners take an their benefits to the business and
of SOA: Define, Create, Run and Govern entirely different perspective, with an introduce some of the real-world partner
(Figure 5). Interest in membership comes open standards-based architecture integrations with CentraSite.
from vendors in many different sectors, philosophy that delivers proven integra-
model and improve Enable legacy systems, Execute applications,
the CentraSite Community business processes build and test applications monitor service level
encompasses all key SOA agreements, enforce
areas, with vendors from Enterprise Architecture, Business Rules, SOA Testing,
policies and secure access
many sectors participating Enterprise Governance, Application Modernization
CMDB Business Intelligence, SOA
DEFinE CrEAtE run
SYS-CON Media 2007 SOA World Reader’s Choice Awards Best Web Services or XML Site: CentraSite Community Portal, CentraSite Community logo
Please Note: This
has not been trapped.
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 9
EntErPriSE ArChitECturE DEFinE
how do you change the enterprise to achieve
BrinGinG EA AnD SOA GOVErnAnCE
your business goals? intO OnE WOrlD
The partnership of Enterprise Architecture
software vendors with Software AG provides
WhAt iS EntErPriSE ArChitECturE? ¬ Supports better decision making. an SOA Governance solution that connects
When we use the term Enterprise Architec- ¬ Helps manage complexities. the conceptual planning world with that of
ture, or EA, we can be referring to either a ¬ Provides a transformation road map. the concrete executional one. The integra-
process or a result. In the first case, EA is ¬ Helps realize unique value propositions tion between EA toolsets and Software AG’s
the process we use to holistically describe more quickly. CentraSite provides increased visibility for
an enterprise, its interrelationships and Business and IT stakeholders and enables
business objectives, as well as plan changes ChAllEnGES OF EA end-to-end management of SOA (Figure 6).
that effectively achieve the defined goals. EA relies on a great deal of up-to-date This allows you to:
In the second case, EA is the documentation information for effective planning and ¬ Automate and enforce EA governance with
that describes the enterprise’s business control. EA tools not only help manage dynamic design-time and runtime policies.
strategy, business model, information complexities, but also facilitate the capture, ¬ Increase service reuse by making all
systems, and so on. analysis and optimization of the portfolio services visible to the Enterprise Architect.
of business strategies, organizational ¬ Govern business services and processes
To manage scale and complexity, the EA structures, business processes, information as defined in EA over the entire lifecycle.
process commonly uses methodologies and flows, applications and technology infra- ¬ Align business transformation with the
frameworks such as those defined by structure. SOA lifecycle.
Zachman, TOGAF and Spewak’s Enterprise
Architecture Planning (EAP). EA also defines, hOW DOES EA rElAtE tO SOA Enterprise Architecture vendors make up
establishes and maintains the internal GOVErnAnCE? the largest subset within the CentraSite
controls needed to keep the organization One of the greatest challenges in imple- Community, validating the importance of
in sync. menting an SOA is to connect the business the relationship between the conceptual
objectives with the actual execution in modeling world and the creation of
Why EA? order to effectively realize critical enterprise services often based upon the models EA
There are many reasons why Enterprise initiatives. SOA Governance is the key as it tools inspire. The following pages highlight
Architecture is important for the organization. both keeps the SOA initiative on track and some of the integrations created by
Some of the most common are that it: in sync with business governance. leading EA partners in the Community.
CentraSite impact Analysis of a
business process; synchronized EA
and SOA landscapes provide
end-to-end visibility and enable
effective SOA Governance
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 10
mEGA & SOFtWArE AG DEFinE
from the CIO and business process analysts business process optimization to shorten
to internal auditors and project managers. the time between business process design
Some key benefits: and implementation, for example:
¬ Leverages SOA across business process
¬ MEGA can discover services stored in
optimization initiatives to automate
CentraSite by name, organization or life-
workflow models end-to-end.
cycle state (Figure 7).
¬ Provides a Meta-Object Facility (MOF) 2.0
¬ Existing services in CentraSite can be
compliant platform along with an em-
reused and orchestrated in MEGA as part
bedded customizable methodology library.
of existing and new workflows.
¬ Includes templates for governance frame-
¬ MEGA-defined workflows can be connected
the partnership of mEGA and Software AG works such as ITIL, eTOM and TOGAF.
in CentraSite with other SOA artifacts.
unites SOA Governance and Enterprise ¬ Extends SOA Governance across
¬ CentraSite’s Impact Analysis reveals the
Architecture to bring SOA transparency compliance, risk management and audit
effect of design and implementation
and control enterprise-wide. initiatives.
changes to related EA artifacts.
Automated discovery and synchronization ASSOCiAtED PrODuCt ¬ MEGA’s Impact Analysis links SOA
incorporates services into business processes mEGA modeling Suite describes all orga- Governance information with business
and workflows to facilitate communication, nizational assets, from strategic objectives processes and objectives.
increase reuse and ensure consistency. In and customer value chains to IT systems
addition, business process analysis models and infrastructure
designed to reveal inefficiencies in the
production chain help pinpoint where thE mEGA AnD CEntrASitE
service automation will have the greatest intEGrAtiOn
business impact. Role-based access provides The MEGA-CentraSite integration facilitates
perspectives for a wide range of users, SOA planning, management and SOA-based
After searching for a
Web Service from
CentraSite, several are
found and can be
imported into mega for
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 11
QuAliWArE & SOFtWArE AG DEFinE
MAKE IT HAPPEN changes into the business operation Governance repositories are synchronized
¬ Configure new functions and capabilities on various levels, for example:
without the need for development.
¬ Web Services defined in either system
¬ Gain flexibility with user-defined
can be reused in the other. This allows
metamodels, versatile business models
the QualiWare model analysis and
and a full complement of object-orient-
design to cover all aspects of the
ed design and analysis capabilities.
realized environment. The web service
ASSOCiAtED PrODuCt definitions include all details, such as
QualiWare EA Suite is a toolset for bindings, operations, parameters,
implementing EA initiatives; it ensures attributes and methods.
the partnership of QualiWare and
that all areas of the architecture are linked ¬ Business processes expressed in BPMN
Software AG intersects the SOA
and integrated. QualiWare’s EA Suite notation in QualiWare are synchronized
Governance and Enterprise Architecture
provides a tailored, metamodel-driven with CentraSite for further development;
domains with a focus on enterprise-
approach for all aspects, methods and either BPEL or XPDL can be used to trans-
level quality improvements.
types of business models. Its object-based fer the process definitions to CentraSite.
QualiWare’s Enterprise Architecture Frame- model repository and functionality is ideal ¬ As a result, CentraSite can apply
work provides a holistic proven approach for management and governance of large governance to any of these definition
to organizing knowledge content. The scale enterprise architecture initiatives. levels.
flexible, state-of-the-art environment
facilitates a successful path from strategic thE QuAliWArE AnD CEntrASitE
vision to SOA Governance and process intEGrAtiOn
management. Some key benefits: The QualiWare EA Suite integration with
¬ Quickly assess the impact of changes to CentraSite provides the customer with one
any part of the architecture (Figure 8). solution for modeling, designing, implement-
¬ Effectively manage architectural changes; ing and governing the SOA environment.
clearly define, implement and integrate The QualiWare EA and CentraSite SOA
QualiWare analysis of
a CentraSite generated
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 12
AlFABEt & SOFtWArE AG DEFinE
implement SOA to achieve the most budget. This facilitates collaborative
business value. This benefits business planning with automated full architecture
analysts and solution architects, as well as lifecycle support, “what-if” scenarios and
CIOs managing the program portfolio. simulation of future states.
The partnership allows organizations to:
thE PlAnninG it AnD CEntrASitE
¬ Use IT Planning best practices to install
a formal process for systematically intro-
The planningIT-CentraSite integration bridges
ducing SOA to the enterprise.
the gap between IT Planning and Manage-
¬ Capture an inventory of dynamic data
ment and SOA Governance, thereby linking
from business, technology, information
the partnership between alfabet and business objectives with the services that
and application architectures, organiza-
Software AG delivers end-to-end SOA implement them, for example:
tional structures, hierarchical planning
Governance by uniting Enterprise
processes, service lifecycle and financial ¬ Web Service performance data stored in
Architecture management and it
data – a complete information base to CentraSite can be analyzed using planningIT
Planning with SOA design and imple-
support SOA-related decision making. to determine quality of service, technical
¬ Perform visual assessments and performance, user satisfaction and so forth.
Service information is captured as an quantitative metric comparisons with ¬ Business planners can evaluate if the
integral part of the Enterprise Architecture. user-friendly data views that appeal to services support the business objectives
EA and IT Planning best practices are the diverse pool of stakeholders involved as intended, are candidates for reuse in
built-in to provide both service planning in planning for services. another business process, adhere to SLAs
and change management with transpar- ¬ Evaluate and relate service performance or should be retired.
ency on the entire SOA lifecycle. The data to enterprise-specified criteria to ¬ Planners can shape the criteria for enhanced
alignment of current and future architec- ensure business–IT alignment. business planning using data stored in
ture and SOA initiatives with business CentraSite; dimensions such as Business
priorities, SOA strategies and IT deliver- ASSOCiAtED PrODuCt Criticality, Operational Stability and
ables means that a wider audience has alfabet’s planningit supports all aspects Maintainability Risk (Figure 9).
a better understanding of where to of the IT planning process from demand to
Analysis of Web Service
performance data sourced
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 13
SOA tEStinG CrEAtE
how can your organization maintain quality in a
Testing verifies that SOA assets meet the
complex and constantly changing environment? functional and operational business
requirements, and provides an actionable
means of enforcing policy within the testing
WhAt iS SOA tEStinG? Why SOA tEStinG? process. To maintain a continuous quality
Contrary to what one might have expected, Some of the most common reasons why focus across all SOA lifecycle stages, SOA
SOA Testing involves far more than just SOA Testing is important to the success of Testing tools need to be integrated with
applying traditional QA techniques and an SOA initiative are that it: SOA Governance tools.
unit test approaches to SOA. Enterprise ¬ Establishes trust and predictability.
SOA applications are complex, modular, ¬ Helps manage exceptions and ensure BrinGinG SOA tEStinG AnD SOA
decentralized and dynamic. Conventional service levels are met. GOVErnAnCE intO OnE WOrlD
testing methods are mostly ineffective; no ¬ Improves reuse and agility as services The integration between SOA Testing tool-
longer can you “draw a box around it” or are more reliable. sets and Software AG’s CentraSite helps
leave testing to be a “last step before ¬ Helps reduce costs and improve quality. ensure quality and compliance throughout
production” project activity. the service lifecycle – a key SOA Governance
ChAllEnGES OF SOA tEStinG requirement. This automated approach
On a very simplistic level, an SOA imple- SOA introduces a number of challenges to allows you to:
ments business processes as a collection the world of testing, many of them complex ¬ Detect defects earlier and reduce costs.
of one or more services; individual services and difficult to control. These range from ¬ Manage SOA Testing scripts across the
can be added or tuned to quickly create loosely coupled services and lack of a service lifecycle.
new business capabilities. This means that service user interface, to a “work-in-progress” ¬ Trigger lifecycle stages based on testing
to meet the demands of service reusability, environment, external business units and results.
for example, service quality and trust need distributed development. Testing needs to ¬ Activate test procedures based on
to be established and re-verified through- ensure continuous quality across all services, lifecycle state changes.
out the service lifecycle. SOA Testing needs endpoints and interfaces. Automated SOA ¬ Store test results as part of the SOA
an end-to-end quality management Testing tools make it possible to keep up asset metadata (Figure 10).
strategy to ensure business requirements with the dynamic nature of an SOA.
are met. This strategy should also address The following section highlights several
testing for performance and security across hOW DOES SOA tEStinG rElAtE tO integrations between CentraSite and
multiple integration layers, a variety of SOA GOVErnAnCE? leading Testing vendors.
delivery platforms and at both the business Fundamental to SOA Governance are the
process and service level. key elements of trust and credibility. SOA
the ui extension of the detailed
service view via the additional
“SOA test Status” tab, contains the
test result summary
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 14
itKO & SOFtWArE AG CrEAtE
¬ Invoke and verify services, as well as reference point for an SOA initiative that:
critical layers of the underlying application ¬ Certifies and enforces SOA policies (e.g.,
the service exposes, including Web UIs, structural, behavioral or performance-
ESB and integration servers, Java objects, related) before publishing as well as at
databases and mainframes. runtime; policies declared in CentraSite
¬ Ensure adherence to behavior and are certified and enforced with iTKO LISA.
performance polices. ¬ Functionally validates SOA endpoints to
¬ Enable complete, collaborative and help ensure reliability and trust.
continuous SOA testing. ¬ Automatically executes tests via action
templates; events or state changes in
the partnership of itKO and Software AG ASSOCiAtED PrODuCt CentraSite, such as promotion of one state
unites SOA Governance with automated iTKO LISA is a comprehensive automated to another or adding a WDSL, invoke
quality. testing tool built especially for SOA and a validation test in iTKO LISA via action
composite application integration. iTKO LISA’s templates.
This overcomes the limitations of conven- declarative, no-code testing approach helps ¬ Reports test results back to CentraSite via
tional testing methodologies and provides maximize quality delivered and minimize UDDI or JAXR.
accelerated delivery of an integrated quality business risk. LISA provides implementation ¬ Verifies that new service versions will
process for SOA. QA can quickly construct and testing teams with a 360-degree view not disrupt the business.
test cases assisted by virtualization of any of quality and reliability at every stage of
technology component not (yet) available. the lifecycle across applications and into
This drives a high level of test automation implementation layers.
and reuse across the application lifecycle.
To ensure trust in critical business applica- thE itKO liSA AnD CEntrASitE
tions, orchestrated test suites help verify intEGrAtiOn
that scalability or latency issues will not The iTKO LISA-CentraSite out-of-the-box,
show up in production. Key benefits in- native integration (Figure 11) provides
clude the ability to: an immediate and continuous quality
itKO liSA test cases can be
stored in and invoked directly
from CentraSite, enabling
services and underlying layers
to be validated with rich test
data and metrics feeding back
into the SOA repository
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 15
PArASOFt & SOFtWArE AG CrEAtE
¬ Validation of implementation of service thE PArASOFt SOAtESt AnD
policies, contracts and business scenarios CEntrASitE intEGrAtiOn
using a series of automated regression The Parasoft SOAtest-CentraSite integration
suites provides a number of benefits to an SOA
¬ Automatically generated test cases and initiative, such as:
test suites can be run as part of the
¬ Extension of the UI within CentraSite en-
nightly regression test process.
ables the display of a Parasoft test results
¬ Service reliability, quality, security and
summary, with a link to the detailed test
interoperability can be ensured.
report stored in the CentraSite WebDAV
¬ There is correlation of test cases with
repository. In doing so, CentraSite acts as
the partnership of Parasoft and requirements and bug tracking systems,
a cockpit indicating a service’s quality or
Software AG means SOA initiatives get automation of test execution provides
off to a fast start: automatically generated results in the format or test management
¬ Ability to assess a service’s historical quality
tests are instantly executable, while framework of your choice.
data, which can be used as the basis for
inherent best practices and workflows
assessing its suitability for reuse.
help ensure error prevention is always
ASSOCiAtED PrODuCt ¬ Based on CentraSite service descriptions,
Parasoft SOAtest is designed to handle the SOAtest automatically creates executable
In addition, workflow elements promote evolving complexities inherent in testing test scenarios, such as a set of tests for
reuse of testing assets in a distributed an SOA related to policy compliance, each operation of a service in a WSDL file
development environment. The ability to security, scenario testing, scalability, and so or all services used in a specific business
graphically model and test complex, multi- on. A streamlined collaborative workflow, process (Figure 12).
layered transactions over multiple protocols, along with the ability to rapidly construct, ¬ Intelligent “stubs” can validate a service’s
then report test results directly to CentraSite reuse and place any use case into a conformance to mutually agreed test stan-
and view them in the integrated UI, continuous regression suite facilitates the dards. This means services can be exposed
streamlines SOA testing efforts. This joint creation of realistic test scenarios at any to a third party in confidence, with no
approach means: stage of the SOA lifecycle. “finger pointing” should issues arise.
An executed test on a service
whose description (including
associated policies) was imported
from CentraSite can be viewed in
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 16
SOA mAnAGEmEnt run
how can your organization ensure
hOW DOES SOA mAnAGEmEnt
what should happen, does happen? rElAtE tO SOA GOVErnAnCE?
The relationship between SOA Management
and SOA Governance is an interdependent
WhAt iS SOA mAnAGEmEnt? is and be able to maintain control. What one (Figure 13). The visibility, monitoring
SOA Management is not the same thing as good is reuse if lower priority consumers and security requirements as defined in
SOA Governance, rather it is an integral cause service performance to drop below the SOA Governance policies will drive the
part of SOA Governance. To put them in SLAs for your key customers? Or where requirements for an SOA Management
context, if we wanted to build a car, SOA unexpected consumers cause performance solution.
Governance would plan, design, build and bottlenecks or obtain access to sensitive
operate the car; while SOA Management data? Even worse, what if one of these BrinGinG SOA mAnAGEmEnt AnD
would observe who drove the car, where exceptions related to a Sarbanes-Oxley SOA GOVErnAnCE intO OnE WOrlD
and how fast it went, take the keys out of requirement or exposed credit card numbers? The partnership of SOA Management vendors
the ignition if a 10-year-old tried to drive Without SOA Management, you may not with Software AG provides end-to-end
it around the block, and raise an alert if even be aware of the problem. visibility across design, change and runtime.
the car’s engine or brakes were not Feedback improves planning, alerts where
performing as expected. In terms of an ChAllEnGES
more controls are needed and validates if
SOA, SOA Management focuses on the OF SOA mAnAGEmEnt
requirements are met. This integrated and
runtime visibility, monitoring, performance Conventional security and management
automated approach allows you to:
and security aspects. It provides the solutions cannot deliver the control and
¬ Discover unknown services and
information for “what is really happening visibility needed in the complex environ-
in production?” It makes sense that for ment that comprises an SOA. SOAs need
¬ Use advanced security features, such as
effective SOA Governance, you need to SOA-specific solutions that are able to
XML threat & intrusion protection.
know how and where your services are auto-discover producers, consumers,
¬ Perform advanced impact analysis based
being used and be able to control them. dependencies and rogue services; apply
on runtime dependencies.
security and policies dependent on the
Why SOA mAnAGEmEnt? service user; handle services consumed The next section highlights some of the
In order to achieve the benefits of SOA, outside the firewall; and report results back real integrations of Community SOA
you need to know how effective your SOA in real-time. Management partners and CentraSite.
SOA management tool
SOA management assists SOA Governance
Brings rogue services under control, governs them Discovers all runtime relationships
Prevents end-runs around runtime policies Publishes key service metrics
Delivers alerts on SlA and policy violations Publishes runtime policies
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 17
AmBErPOint & SOFtWArE AG run
automatic policy provisioning system thE AmBErPOint SOA mAnAGE-
reduce costs by minimizing the time and mEnt SyStEm AnD CEntrASitE
skills required to set new policies. The intEGrAtiOn
partnership enables organizations to: The AmberPoint-CentraSite integration (via
¬ Monitor and manage business transac- UDDI) keeps complex SOA design-oriented
tions flowing across many technologies, activities and deployed realities in line.
from leading platform vendors to open For example:
source SOA solutions and low-level ¬ Bi-directional exchange of design-time
custom components. metadata and runtime information with
¬ Identify rogue services and policies, as CentraSite helps maximize component
the partnership of AmberPoint and well as outdated service versions on reuse and minimize disruptions.
Software AG connects the SOA Gover- production servers. ¬ Runtime policies in CentraSite are
nance and SOA management domains ¬ Submit all synchronized information automatically synchronized and enforced
with advanced visibility and monitoring (services, endpoints and policies) for by AmberPoint.
capabilities that bridge the gap approval before promotion to the ¬ Service Scorecards published to
between design-time intentions and production environment. CentraSite provide vital performance
runtime realities. data, such as throughput, availability,
ASSOCiAtED PrODuCt response times, faults, service level
Ongoing automatic discovery of deployed the AmberPoint SOA management agreement violations and exceptions.
components, services and dependencies System is a comprehensive platform for This allows developers and architects to
is used to create runtime SOA blueprints runtime governance of SOA applications. It select services based on behavior and
that support SOA Governance. Strategic enables policy-based management of the service characteristics relative to
instrumentation of the entire service net- service network, providing unprecedented performance.
work provides end-to-end SOA visibility visibility into and control of a services- ¬ Service-to-consumer dependencies
with policy enforcement at key points to based environment including supporting published to CentraSite facilitate impact
minimize latency (Figure 14). In addition, components such as EJBs, databases, analysis based on actual runtime usage.
a pioneering policy reuse mechanism and third-party appliances, etc.
Figure 14: Closed-loop SOA Governance with CentraSite
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 18
ACtiOnAl & SOFtWArE AG run
service throughout the business day. Some Actional for Active Policy Enforcement
key benefits include: ensures compliance with security and
regulatory policies. It centralizes SOA
¬ Obtain an accurate picture of the SOA in
policy creation and management, provides
operation with “always-on” SOA Manage-
consistent, distributed policy enforcement
ment; detect even unanticipated issues as
and helps reduce costs.
services and consumers change over time.
¬ Use efficient and lightweight agents to
thE ACtiOnAl AnD CEntrASitE
monitor SOA performance, enforce
security and privacy policies, and then
The Actional-CentraSite integration provides
aggregate the information for advanced
the partnership of Actional and increased runtime visibility, monitoring and
Software AG joins the SOA Governance control that allow you to:
¬ Snapshot problem transactions to help
and SOA management domains to
isolate the root cause of issues without ¬ Get deep visibility into your SOA Infra-
provide full lifecycle policy enforce-
impacting performance. structure to enable root cause analysis.
ment with advanced visibility and
¬ Automatically discover process flows and ¬ Jump start SOA Governance by automating
apply defined policies across the entire registration of existing deployed services
This enables, for example, performance process with just a few key strokes. to CentraSite.
monitoring for SLAs, automatic discovery ¬ Provide automatic correlation between
of dependencies, and historically-based ASSOCiAtED PrODuCtS service interactions and business processes.
traffic and performance analysis. Service Actional for SOA Operations provides ¬ Merge dependencies from Actional into
dependencies can be managed better end-to-end visibility across the SOA the existing dependencies of CentraSite
across the SOA landscape and the root landscape to accelerate problem resolu- to get a complete view of your SOA
cause of problems diagnosed faster. Costs tion and mitigate risks. Environment.
for governance, security and compliance Actional for Continuous Service ¬ Detect rogue services and unexpected
are reduced both initially and over time. Optimization (CSO) provides business in- consumers and bring them into the
Service metrics and alerts are real-time so sight into SOA operations for decision support governance process.
the user has a clear view, for example, and integrated runtime controls for continu- ¬ Quickly diagnose the root cause of policy
into average response times for a particular ous optimization of business outcomes. violations (Figure 15).
A simple click within
CentraSite takes you
into a detailed
metrics report from
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 19
As you have seen in this white paper, there are many facets of SOA Governance
and a wide range of integrations possible across the SOA lifecycle. Summarized
below are some of the key aspects in order to achieve maximum business agility
with an SOA:
¬ Consider the need for SOA Governance This is the first version of this white paper,
before you embark on your SOA and it will updated over time to include
initiative. additional integration solutions across the
¬ Think of the Governance Reference areas of SOA referred to, plus several others,
Framework – and consider your organi- as integration projects with complementary
zation, its norms (policies, procedures vendors is an ongoing process.
and processes) and the technology tools
that can help support SOA Governance. Lastly, look out for the forthcoming SOA
¬ A registry / repository should be at the Link Cookbook, which goes into the subject
heart of your technology tools, recording of standards in more detail, and provides
your services, their lifecycle stages, a more in-depth technical explanation of
helping to enforce policies and acting as how CentraSite can be integrated with
a command center for governing SOA other technologies you already have or
¬ Use a designed-for-purpose tool – not are considering investing in.
Excel as a quick fix or interim solution.
¬ CentraSite, the market leading SOA
registry/repository is a tool ideally
suited for the command center role.
¬ The registry and repository should be
open and capable of integrating with
other best-in-class solutions to provide
comprehensive end-to-end SOA
Governance. In addition, how do
registry / repositories vendors approach
integration with existing tools in your
specific IT environment?
¬ A great way to build up your under-
standing of an SOA registry / repository is
to download the free Community Edition
of CentraSite at www.centrasite.com
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 20
Please see the following links if you would like to know more about the
subjects covered in this white paper:
¬ SOA GOVErnAnCE
Software AG Business Community – includes white papers, best practice
guides, and discussion forums
CentraSite Developer Community – includes latest CentraSite product
news, plug-in downloads and discussion forums
CentraSite Community – includes partner profiles, latest white papers,
SOA Governance newsletter and latest partner-related downloads/demos
JAxr: Java APi for xml registries
uDDi: universal Description, Discovery, and integration
SOAP: (formerly known as) Simple Object Access Protocol
WebDAV: Web-based Distributed Authoring and Versioning
WSDl: Web Services Description language
WS-Policy: Web Services Policy Framework
ebxml: Electronic Business using extensible markup language
W H I T E PA P E R | C E N T R A S I T E COM MU N I T Y 21