Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The BSR will be the source of record for service metadata. Dev tools could, for example, use and write to a different kind of repository, such as an asset repository, but once a service exits development, often at deployment to a post-development environment, the service metadata will usually be copied to the BSR. This slide shows different aspects of the service metadata life cycle. Tools (probably development, config, deployment, admin ones) are responsible for controlling Test and Classify activities. The contributors are listed on the left and include software config and deployment tools, asset/develop tools, discovery utilities, and UIs. The act of publishing from one of these sources places a new or modified service description in the BSR. What gets published could be documents containing interfaces, endpoints and policies. Relationships between artifacts in the BSR or between BSR artifacts and external artifacts such as assets or portals could be what is published. Properties and classifications can also be published. A status is assigned at the time of publishing and will usually be ‘pending approval’ due to incompletely specified metadata, unknown reconciliation with partial data already there, or identity conflicts. If change is being driven through a structured process management, the process would take over to address those things I just mentioned -- resolving identity conflicts, duplicates, missing metadata, etc). Also need to consider some might want to have separate physical registries and the approval process (light weight as well as PRISM) might want to promote entities to different instances as they transition through the process. Could even be promotion from heterogenous registries. Some of the tasks identified to get a service artifact approved, and thus ready to be used, like impact analysis, can be performed by the BSR UI (lightweight) as well as the formal change and release process manager. The BSR will support promotion from one BSR instance to another.
  • Basic definitions of CEI and CBE
  • Basic definitions of CEI and CBE
  • SOA-Ch6.ppt

    1. 1. SOA Governance Xiaoying Bai Department of Computer Science and Technology Tsinghua University March 2007
    2. 2. Outline <ul><li>Governance and IT governance </li></ul><ul><li>SOA governance motivations </li></ul><ul><li>SOA governance challenges </li></ul><ul><li>SOA governance key elements </li></ul><ul><ul><li>SOA policies </li></ul></ul><ul><ul><li>Service lifecycle management </li></ul></ul><ul><li>IBM SOA governance model </li></ul><ul><li>Case study: Service Monitoring with IBM Websphere </li></ul>
    3. 3. Governance in General <ul><li>The concept of “governance” is as old as human civilization. </li></ul><ul><ul><li>Establishing chains of responsibility, authority and communication to empower people (decision rights) </li></ul></ul><ul><ul><li>Establishing measurement, policy and control mechanisms to enable people to carry out their roles and responsibilities. </li></ul></ul><ul><ul><li>E.g. “European governance” refers to the rules, processes and behavior that affect the way in which powers are exercised at European level, particularly as regards openness, participation, accountability, effectiveness and coherence. </li></ul></ul>
    4. 4. IT Governance <ul><li>Information Technology (IT) has been one of the foundational pillars of most business today </li></ul><ul><ul><li>Enterprise’s IT investment is greater that 4.2% of annual revenue in a average. </li></ul></ul><ul><li>Business and IT can be viewed as two cogs of the same wheel. </li></ul><ul><ul><li>A change in motion of one mandates that the other respond in kind. </li></ul></ul><ul><li>IT needs to be flexible, extensible, responsive, resilient, and dynamically reconfigurable. </li></ul><ul><li>Businesses measure the success of IT not only by how well it is being leveraged for business-as-usual activities, but also by how it is utilized to facilitate the enterprise to be a key differentiator in the market. </li></ul>
    5. 5. IT Governance <ul><li>“ IT Governance is a collection of management, planning and performance reporting and review processes with associated decision rights, which establish controls and performance metrics over key investments, operational and delivery services and new or change authorizations and compliance with regulations, laws and organizational policies. It formalizes and clarifies oversight, accountability and decision rights.” </li></ul><ul><li>Gad J. Selig, “IT Governance – An integrated framework and roadmap: </li></ul><ul><li>how to plan, deploy and sustain for competitive advantage”, 2006. </li></ul><ul><li>What decisions must be made to ensure effective management and use of IT? </li></ul><ul><li>Who should make these decisions? </li></ul><ul><li>How will these decisions be made and monitored? </li></ul>
    6. 6. IT Governance <ul><li>“ IT governance refers to the aspects of governance that pertain to an organization’s information technology processes and the way those processes support the goals of the business. .. </li></ul><ul><li>IT governance defines a structure of relationships and processes to direct and control the enterprise. ” </li></ul><ul><ul><li>-- IBM white paper, August 2006 </li></ul></ul><ul><li>IT governance is a subset of enterprise governance </li></ul><ul><li>IT governance deals with the management and control of IT assets, people, processes and infrastructures, as well as the manner in which the assets are managed and procured. </li></ul><ul><li>IT governance helps to define the roles and responsibilities and specify the decision rights and accountability framework. </li></ul>
    7. 7. SOA Governance <ul><li>“ SOA governance is an extension of IT governance specifically focused on the lifecycle of services, metadata and composite applications in an organization’s service-oriented architecture. </li></ul><ul><li>As a specialization of IT governance, SOA governance addresses how an organization’s IT governance decision rights, policies and measure need to be modified and augmented for a successful adoption of SOA, thus forming an effective SOA governance model. ” </li></ul><ul><li>-- IBM white paper, August 2006. </li></ul>
    8. 8. What’s wrong with SOA <ul><li>“ Service-oriented architecture built opportunistically with the purpose of ‘getting it over with’ as soon as possible, and at as low a cost as possible, will prove to be a disaster for enterprises’ software infrastructures.” </li></ul><ul><li>“ In 2006, enterprises worldwide will have spent nearly $3 billion on failed and redesigned Web services projects because of poorly implemented service-oriented architectures.” </li></ul><ul><li>Gartner </li></ul>“ An enterprise chock-full of services is not an SOA. For that, you need the matrix of rules and policies that make up SOA governance. InfoWorld
    9. 9. Why SOA Governance <ul><li>Large enterprises must achieve a true Service Oriented Architecture. Governance is a critical element in meeting this goal. </li></ul><ul><ul><li>“ Doing lots of little Web Services projects all over the place with no governance isn’t SOA, it’s just playing.” (Thomas Manes, Burton Group) </li></ul></ul><ul><li>The impact of ungoverned integration projects can be significant to a company’s operation. </li></ul><ul><ul><li>“ The breakdown couldn’t have come at a worse time for AT&T wireless. It deprived the Telco of thousands of potential new customers and cost the company an estimated $100 million in lost revenue.” (AT&T Wireless) </li></ul></ul>
    10. 10. Why SOA Governance <ul><li>“ Without an effective governance approach, organizations could quickly face a rather messy and dysfunctional situation with uncontrolled, ad-hoc development of services, undermining the potential benefits of SOA.” </li></ul><ul><li>-- Marianne Hedin, “The impact of SOA on the consulting Services Market”, IDC, Dec. 2005. </li></ul><ul><li>“ SOA is an inherently distributed approach to architecture, and therefore the requirements for governance are even more critical than in more centralized environment.” </li></ul><ul><li>-- David Sprott, “The SOA Governance Framework”, CDBI, Sep. 2004 </li></ul><ul><li>“ In 2006, lack of working governance machanisms in midsize-to-large (greater than 50 services) post-pilot SOA projects will be the most common reason for project failure.” </li></ul><ul><li>--Paolo Malinverno, “The strategic Impact of SOA Broadens”, Gartner, Nov. 2005 </li></ul><ul><li>“ Through 2008, 70 percent of IT organizations will fail to successfully select and implement an SOA strategy on the first try. There organizations must be prepared to use software services tactically while planning for strategic evolution of their architecture.” </li></ul><ul><li>--Daryl C. Plummer, “Six Missteps That Can Result in SOA Strategy Failure”, Gartner, June 2005 </li></ul>
    11. 11. Why SOA Governance <ul><li>Service orientation alone cannot bring about the effect of improved productivity, faster time to market and reuse because there are other forces at play that operate as impediments and constraints. </li></ul><ul><li>Effective governance of services through policies, principles, standards, procedures, processes, and cultural and organizational change will enable the full benefit of service orientation to be realized. </li></ul>
    12. 12. Why SOA Governance <ul><li>SOA requires Governance from day one </li></ul><ul><ul><li>Business-oriented </li></ul></ul><ul><ul><li>Ensure continuity of business operations </li></ul></ul><ul><ul><li>Manage security exposure </li></ul></ul><ul><ul><li>Align technology implementation with business requirements </li></ul></ul><ul><ul><li>Manage liabilities and dependencies </li></ul></ul><ul><ul><li>Reduce the cost of operations </li></ul></ul>
    13. 13. SOA Governance Challenges <ul><li>Evolving standards for XML and Web Services </li></ul><ul><ul><li>The effort involved in complying with industry standards conflicts with short-term project. </li></ul></ul><ul><ul><li>Project teams do not have the time and manpower to understand and adhere to the industry standards and corporate policies. </li></ul></ul><ul><li>Lack of one “SOA standards” </li></ul><ul><ul><li>SOA it self is not an industry standards. Every company has its own unique considerations and requirements. </li></ul></ul><ul><li>A variety of vendors </li></ul><ul><ul><li>XML and Web Services support has been on the product roadmap for all major software vendors. </li></ul></ul><ul><li>Inadequate tooling </li></ul><ul><ul><li>Commercially available tools are limited to application-level implementations. </li></ul></ul>
    14. 14. SOA Governance Challenges <ul><li>New layer – new challenges </li></ul><ul><ul><li>A new SOA layer in the enterprise IT architecture poses new challenges for security, management, reliability, change management, and much more. </li></ul></ul><ul><li>Operational complexities </li></ul><ul><ul><li>There are dependencies that are often outside the scope of the deployment team. </li></ul></ul><ul><li>SOA is not one project </li></ul><ul><ul><li>“ How do you align disparate efforts into a solid, reliable, agile and enterprise-quality architecture?” </li></ul></ul>
    15. 15. SOA Governance Objectives <ul><li>To implement SOA in a well-planned, well coordinated, and effectively managed way </li></ul><ul><ul><li>“ Develop Now, Integrate Later”  “Develop for Integration” </li></ul></ul><ul><li>To govern the design, development, deployment, and operations of any new Services in their enterprise. </li></ul><ul><li>To ensure that all of the independent efforts come together to meet the enterprise SOA requirements. </li></ul>
    16. 16. Key Elements of SOA Governance <ul><li>Policies </li></ul><ul><ul><li>Policy management </li></ul></ul><ul><ul><li>Policy association </li></ul></ul><ul><ul><li>Policy enforcement </li></ul></ul><ul><ul><li>Policy reporting </li></ul></ul><ul><li>Service Contract </li></ul><ul><ul><li>Provide a precise and unambiguous agreement for how the provider and consumer interact. </li></ul></ul>
    17. 17. Key Elements of SOA Governance <ul><li>Lifecycle management </li></ul><ul><ul><li>Manage services across a complete lifecycle </li></ul></ul><ul><li>Metadata </li></ul><ul><ul><li>Data about data, the set of policies and descriptions that enable service discovery and appropriate usage </li></ul></ul><ul><ul><li>Three types: business information, technical information, governance information </li></ul></ul><ul><ul><li>Rather than hard-code, SOA requires metadata to be externalized </li></ul></ul>
    18. 18. SOA Policy <ul><li>Objectives </li></ul><ul><ul><li>Address the overall impact to the business of the Services that are being created and deployed. </li></ul></ul><ul><ul><li>Create a strong connection between the business and technology. </li></ul></ul><ul><ul><li>Associate business policies, technical policies and actual implementation in a transparent fashion. </li></ul></ul><ul><ul><li>Create a common utilized language of information and process. </li></ul></ul><ul><ul><li>SOA policies need to address the very distributed, asynchronous, and heterogeneous nature of the SOA environment. </li></ul></ul>Palatable policy : easy to do the right thing and hard to do wrong thing.
    19. 19. SOA Policy <ul><li>Examples </li></ul><ul><ul><li>Business policy </li></ul></ul><ul><ul><ul><li>“ Patient name and contact information may not be transmitted as clear text.” </li></ul></ul></ul><ul><ul><li>Security policy </li></ul></ul><ul><ul><ul><li>“ Every operation message must be uniquely identified and digitally signed.” </li></ul></ul></ul><ul><ul><li>Lower-level technical policy </li></ul></ul><ul><ul><ul><li>“ Do not use XML ‘anyAttribute’ wildcards” </li></ul></ul></ul>
    20. 20. SOA Policy <ul><li>Wrangling governance assets </li></ul><ul><ul><li>Governance artifacts need to be searchable, versioned, and easily – and precisely –referenced; should be in a machine-usable format for dynamic discovery and binding. </li></ul></ul><ul><ul><ul><li>Registry </li></ul></ul></ul><ul><ul><ul><li>Repository </li></ul></ul></ul><ul><ul><ul><li>Run-time policies </li></ul></ul></ul><ul><ul><ul><li>Policy reuse </li></ul></ul></ul>
    21. 21. SOA Policy <ul><li>Auditing & Conformance </li></ul><ul><ul><li>Policy should not be left for documentation, but be an active part of the operations of companies. </li></ul></ul><ul><ul><li>Automatic policy enforcement to detect, analyze, and audit policy compliance. </li></ul></ul><ul><ul><li>Policy process should be integrated with the design, development, deployment and operation of Services in an efficient and transparent manner. </li></ul></ul>Laying down the law: SOA policies aren’t worth anything unless they’re enforced
    22. 22. SOA Policy <ul><li>Policy management: track, review & improve </li></ul><ul><ul><li>Govern the implementation, encourage reusability, manage collaboration processes, and improve business metrics </li></ul></ul><ul><ul><ul><li>Policies – What policies we have? Where are these policies implemented? </li></ul></ul></ul><ul><ul><ul><li>Enterprise Interfaces – What enterprise Services are being developed? </li></ul></ul></ul><ul><ul><ul><li>Conformance Status – How well do our services conform to our policies? </li></ul></ul></ul><ul><ul><ul><li>Impact Analysis – What happens to our SOA operations if we change our current SOA policies ? </li></ul></ul></ul><ul><ul><ul><li>Interdependencies – How will operations be impacted by changes made to Services? </li></ul></ul></ul><ul><ul><ul><li>Exception Management – What will be the impact of an exception? </li></ul></ul></ul>
    23. 23. SOA Policy <ul><li>Integration </li></ul><ul><ul><li>Process integration </li></ul></ul><ul><ul><ul><li>SOA Governance must integrate with the current flow of Service development and with the tools and systems available. </li></ul></ul></ul><ul><ul><ul><li>Ensure that Service implementations are in conformance with enterprise policies throughout design, development, testing, implementation, deployment, and maintenance. </li></ul></ul></ul><ul><ul><li>System integration </li></ul></ul><ul><ul><ul><li>SOA Governance must transparently integrate with EAI, development tools, and other enterprise applications that are producing and consuming Services. </li></ul></ul></ul>
    24. 24. Service Lifecycle Management <ul><li>Service Lifecycle </li></ul><ul><ul><li>A model for describing the key activities and management tasks associated with the different phases of the life of a business service, from analysis and design to production support. </li></ul></ul><ul><ul><ul><li>Identification & Definition </li></ul></ul></ul><ul><ul><ul><li>Development & Testing </li></ul></ul></ul><ul><ul><ul><li>Publish & Deploy </li></ul></ul></ul><ul><ul><ul><li>Discover & Manage </li></ul></ul></ul><ul><li>Management Issues </li></ul><ul><ul><li>Service deployment </li></ul></ul><ul><ul><li>Service versioning </li></ul></ul><ul><ul><li>Service monitoring </li></ul></ul>Identification & Definition Development & Testing Publish & Deploy Discover & Manage
    25. 25. Service Lifecycle Management <ul><li>Provider lifecycle </li></ul><ul><ul><li>Understanding and managing the requirements </li></ul></ul><ul><ul><li>Managing the access and visibility </li></ul></ul><ul><ul><li>Publishing information </li></ul></ul><ul><ul><li>Managing delivery </li></ul></ul><ul><li>Consumer lifecycle </li></ul><ul><ul><li>Exploring service </li></ul></ul><ul><ul><li>Validating the conformance </li></ul></ul><ul><ul><li>Negotiating usage </li></ul></ul><ul><ul><li>Validating quality </li></ul></ul><ul><ul><li>Responding to changes </li></ul></ul>
    26. 26. Service Lifecycle Management <ul><li>Management principles </li></ul><ul><ul><li>Traceability – Services should be visible throughout life cycle, from business perspective to deployed software service </li></ul></ul><ul><ul><li>Managed – Services should be managed as an asset throughout the life cycle with established and consistently enforced policies </li></ul></ul><ul><ul><li>Application-Neutral – Concept of SOA is applicable to all classes of interoperability </li></ul></ul><ul><ul><li>Agile Process – The SOA is never finished or stable and should allow for the flexibility of dynamic process recomposition </li></ul></ul><ul><ul><li>Federated Process – The SOA is a collaboration of independent components that provide services according to contractual obligations. </li></ul></ul>
    27. 27. IBM SOA Governance Model <ul><li>Plan the governance requirements </li></ul><ul><li>Define the governance approach </li></ul><ul><li>Enable the governance model incrementally </li></ul><ul><li>Measure, monitor and manage the governance processes </li></ul>SOA Lifecycle SOA Governance Lifecycle SOA Governance and management approach
    28. 28. Case Study
    29. 29. WSRR – SOA Governance Interactions Test and classify 2 Production Registry & Repository 7 Change impact Analysis Life Cycle Management Processes Development Registry & Repository Archive Registry & Repository 1. Service metadata artifacts are created 2. Tools, utilities and users publish servicemetadata to the Service Registry & Repository 3. LCM processes enforce testing, classifying and validation. 4. Service and metadata is Published 5. Service is assigned a state of AWAITING APPROVAL <ul><li>LCM processes drive impact analyses, compliance checks, change policy conformance and scheduling. </li></ul><ul><li>Service is approved </li></ul><ul><li>Service is assigned a state of APPROVED </li></ul><ul><li>Notifications are Generated. </li></ul><ul><li>10. LCM processes drive: Deployment Production configuration </li></ul><ul><li>Service is promoted to production environment </li></ul><ul><li>Service is assigned an OPERATIONAL state. </li></ul><ul><li>Notifications Generated </li></ul><ul><li>13. LCM processes drive: impact of retiring retirement policy </li></ul><ul><li>Service is retired </li></ul><ul><li>Service is assigned a RETIRED state. </li></ul><ul><li>Notifications Generated </li></ul>Change impact Analysis Retirement policy conformance 13 Publish from UI Publish from deployment tools Discover from deployments and Publish Publish from Development Tools 2 Create 1 WSDL XSD SCDL BPEL Policy MXSD Change impact analysis Compliance checks Change policy conformance Scheduling 6 Test and classify Validate Artifacts 3 Deployment Production configuration 10 Publish Awaiting Approval 5 4 Approved 8 9 Approve 7 Notify Promote 11 Operational 12 Notify Retire Retired 14 15 Notify
    30. 30. IBM Websphere Business Monitor Continuous Business Process optimization - Round trip Process Execution/Choreography Services Interaction Glue Process Modeling Monitor Analysis V Optimize Existing Components Process Requirements Manage Execution Participate
    31. 31. Business Monitor Goals <ul><li>Report on business performance measured against targets (scorecard) </li></ul><ul><ul><li>Share growth and new product revenue </li></ul></ul><ul><li>Track business process flow </li></ul><ul><ul><li>Status of particular insurance claim </li></ul></ul><ul><ul><li>Bottlenecks due to human tasks </li></ul></ul><ul><li>Monitor business process metrics </li></ul><ul><ul><li>Duration, cost, branch ratios </li></ul></ul><ul><li>Business Analysis through aggregation and multidimensional reporting </li></ul><ul><ul><li>Total monthly revenue by customer </li></ul></ul><ul><li>Detect and alert of anomalous situations </li></ul><ul><ul><li>Gold customer order with no inventory and supplier decommitted </li></ul></ul>
    32. 32. Websphere Monitoring Components <ul><li>Monitor Server </li></ul><ul><ul><li>Is the core component of WebSphere Business Monitor. </li></ul></ul><ul><li>Dashboard Client </li></ul><ul><ul><li>Is another server component of the WebSphere Business Monitor and provides the runtime environment </li></ul></ul><ul><li>Databases </li></ul><ul><ul><li>Are the data storage component </li></ul></ul><ul><li>Monitor Administration </li></ul><ul><ul><li>Provides the administrative functions </li></ul></ul>
    33. 33. Websphere Monitoring Components DB2 Replicator Monitor Server Action Manager Tooling (Business Measure Editor) CEI DB2 Replicator Runtime State Monitor Dashboards Business Measures Model CBE events CBE Situation events Event Processing Replication Dashboard access Define BMs Performance Warehouse
    34. 34. Sample Usage Scenario
    35. 35. Business Performance Monitoring
    36. 36. Summary <ul><li>SOA requires a major shift in the way software in developed and deployed within enterprise. </li></ul><ul><ul><li>“ Develop now, Integrate later”  “Develop for Integration” </li></ul></ul><ul><li>The new paradigm, technologies and standards created to support this shift require companies to implement their SOA in a well planned, well coordinated, and effectively managed way. </li></ul><ul><li>To ensure business continuity, reduce integration costs and complexities, it must govern the design, development, deployment, and operations of services in the enterprise. </li></ul><ul><li>Policy and service lifecycle management are the important elements to achieve SOA Governance. </li></ul><ul><ul><li>Policies set the goals to direct and measure success </li></ul></ul>
    37. 37. Reference <ul><li>Gad J. Selig, “IT Governance – An integrated framework and roadmap: how to plan, deploy and sustain for competitive advantage”, 2006. </li></ul><ul><li>WebLayers, “SOA Governance Introduction”, 2005. </li></ul><ul><li>Ben Brauer and Sean Kline, “SOA governance: a key integredient of the Adaptive Enterprise”, Feb. 2005. </li></ul><ul><li>P. J. Windley, “Governance, Rules of the Game”, InfoWorld, Jan. 06. </li></ul><ul><li>P. J. Windley, “Governing SOA”, InfoWorld, Jan. 06. </li></ul><ul><li>“ SOA Governance: Balancing Flexibility and Control Within an SOA”, Systinet, Mercury, Sep. 2006. </li></ul><ul><li>Andrew G. Weekes, “Service Oriented Architecture Governance”, Accenture, Nov. 2006. </li></ul><ul><li>Tilak Mitra, “A case for SOA governance”, IBM developworks, Aug. 2005. </li></ul><ul><li>William A. Brown and Murray Cantor, “SOA governance: how to oversee successful implementation through proven best practices and methods”, IBM white paper, August 2006. </li></ul>