Governance: Fundamental to SOA's Success

1,590 views

Published on

DATA Inc. Presentation: Governance: Fundamental to SOA's Success. Presented at the Architecture and Design World Conference in Chicago IL, 2008.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,590
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
107
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Governance: Fundamental to SOA's Success

  1. 1. Governance: Fundamental to SOA’s Success Ari Roy  Senior Project Manager  DATA Inc. Montvale , NJ arabinda@dataincusa.com www.datainc.biz
  2. 2. Why Governance? “Governance is much  more complex if not  thought out well in the  beginning” 2
  3. 3. SOA in the conventional enterprise ERP HR (SAP) (PeopleSoft) Legacy Billing system (IBM Mainframe) Internal Customers ESB Manual External Customers Firewall New Business Process CRM Sales Force Client OnBoarding (Seibel) (Custom) Symbol steps Description Corporate Policy 1 Sales Force 2 HR 3 CRM 4 Billing 3
  4. 4. Evolution after one year – without Governance Custom App ERP (v2) HR (SAP) (PeopleSoft) Internal Customers Legacy Billing system Compliance Policy (IBM Mainframe) ESB External Customers Manual Firewall New Business Process Business Partners Sales Force(v1.2) Client OnBoarding CRM(v2) (Custom) (Seibel) Symbol steps Description Corporate Policy 1 Sales Force 2 HR PLM 3 CRM SCM 4 Billing 5 Custom app Compliance Policy Development QA Deployment Operation 4
  5. 5. Evolution after one year – with Governance Run Time Policy Design Time Policy Management Development QA Deployment Operation 5
  6. 6. SOA Governance Defined The discipline of making SOA adoption within an  enterprise consistent and aligned with overall  business objectives through creation and  administration of a well organized set of top‐down  policies, procedures and controls. 6
  7. 7. Governance Roadmap ‐ 4 Long and 4 Short steps 7
  8. 8. Governance Roadmap ‐ 4 Long and 4 Short steps 8
  9. 9. Governance Roadmap ‐ 4 Long and 4 Short steps 9
  10. 10. Governance Roadmap ‐ 4 Long and 4 Short steps 10
  11. 11. Governance Roadmap ‐ 4 Long and 4 Short steps 11
  12. 12. Governance Roadmap ‐ 4 Long and 4 Short steps 12
  13. 13. Governance Roadmap ‐ 4 Long and 4 Short steps 13
  14. 14. Governance Roadmap ‐ 4 Long and 4 Short steps 14
  15. 15. Governance Model  1 SOA Governance Council Roles Policy 2 Define Roles and Responsibilites Establish Governance Process And Policies Domain-B owner 3 Domain-A owner Processes and Procedures Common SOA Infrastructure 15
  16. 16. Governance Model  1 SOA Governance Council Roles Policy 2 Define Roles and Responsibilites Establish Governance Process And Policies Role of the Governance Council  Domain-B owner 3 • Framework for Decision Making • Allocates Responsibility across organization Domain-A owner Processes and Procedures • Processes involving decision making • Metrics for monitoring effectiveness Common SOA Infrastructure 16
  17. 17. Governance Model  1 SOA Governance Council Roles Policy 2 Define Roles and Responsibilites Establish Governance Process And Policies Policy Management Recipe Domain-B owner 3 • Definition of Policies • Creation of Policies Domain-A owner Processes and Procedures • Storage of Policies • Communication of Policies Common SOA Infrastructure • Feedback of Policies 17
  18. 18. Governance Model  What is a Domain ? 1 • A domain contains set of services that relate to same  business area/context SOA Governance Council 2 Roles Policy Define Roles and Responsibilites Establish Governance Process And Policies – Billing, Purchase, Client Services  Domain-B owner 3 Domain-A owner Processes and Procedures Common SOA Infrastructure 18
  19. 19. Governance Model  What is a Domain ? 1 • Each domain owns and manages these services  SOA Governance Council – Service availability / Data and Message Format / Business  2 Roles Policy Define Roles and Responsibilites Establish Governance Process Logic Encapsulation And Policies Domain-B owner 3 Domain-A owner Processes and Procedures Common SOA Infrastructure 19
  20. 20. How does this fit within the Enterprise ? Corporate Governance aligns IT aligns Governance Architecture Governance <<extends>> <<extends>> <<extends>> SOA Governance 20
  21. 21. How does this fit within the Enterprise ? Corporate Governance aligns IT aligns Governance Architecture Governance <<extends>> <<extends>> <<extends>> SOA Governance 21
  22. 22. How does this fit within the Enterprise ? Corporate Governance aligns IT aligns Governance Architecture Governance <<extends>> <<extends>> <<extends>> SOA Governance 22
  23. 23. How does this fit within the Enterprise ? Corporate Governance aligns IT aligns Governance Architecture Governance <<extends>> <<extends>> <<extends>> SOA Governance 23
  24. 24. How does this fit within the Enterprise ? Corporate Governance aligns IT aligns Governance Architecture Governance <<extends>> <<extends>> <<extends>> SOA Governance 24
  25. 25. Typical Governance Framework  25
  26. 26. Typical Governance Framework  26
  27. 27. Typical Governance Framework  27
  28. 28. Authorized User Publishes Governance Process Workflow  A new Web service Service (appears in registry) Delivery is monitored and recorded ESB Potential 1. Consumer Requests Use of Consumer Service discovers the 2. Consumer agrees on Terms of Web service delivery 3. Consumer is Authorized 4. Service is provisioned 28
  29. 29. Governance Requirements  scenario analysis General Ledger Application Customer Portal (J2EE) (.Net ) Online Online Ordering Payable Financial Reporting Payable/ Online Service Receivable Order Status What is a internal control requirements? SOA Infrastructure Ref :404 of Sarbanes Oxley Act (SOX) Warehouse Application (Mainframe –COBOL/CICS) Inventory Shipping/ Check Receiving 29
  30. 30. Governance Requirements  scenario analysis General Ledger Application Customer Portal (J2EE) (.Net ) Online Online Ordering Payable Financial Reporting Payable/ Online Service Receivable Order Status What is a internal control requirements? SOA Infrastructure Ref :404 of Sarbanes Oxley Act (SOX) Control Objective Risk Control Practice Accurate Recording  Missing Documents  Invoice amounts are  Warehouse Application of invoices for all  or incorrect  properly recorded to  (Mainframe –COBOL/CICS) authorized shipments information account, amount,  period Inventory Shipping/ Check Receiving 30
  31. 31. Governance Requirements  scenario analysis General Ledger Application Customer Portal (J2EE) (.Net ) Online Online Ordering Payable Financial Reporting Payable/ Online Service Receivable Order Status Many Ways to What is a internal implement… control requirements? SOA Infrastructure Schema Validation, Ref :404 of Sarbanes Cross Referencing Oxley Act (SOX) Control Objective Risk Control Practice Accurate Recording  Missing Documents  Invoice amounts are  Warehouse Application of invoices for all  or incorrect  properly recorded to  (Mainframe –COBOL/CICS) authorized shipments information account, amount,  period Inventory Shipping/ Check Receiving 31
  32. 32. Key components of Governance 32
  33. 33. SOA Governance‐Service Lifecycle  Run Time Design Time Registry / Repository Upgrade Time 33
  34. 34. Design Time Governance (some or all) Entitlement Identity(?) Management Design Notification/ Time Approvals Audit Trail Content Validation 34
  35. 35. Identity Management Purpose: To Establish Rights and Responsibilities in the registry/repository Measuring the Service usage/Logging Enforcing Approval Requirements Enforcing Role/Individual based Governance Features: LDAP based, SSO Digital Identity 35
  36. 36. Entitlements Purpose: To grant fine grained access to registry/repository assets Features: Ability to secure assets Ability to Classify assets and provide access Ability to classify Policies and Assign Roles 36
  37. 37. Notification and Approval Purpose: To Trigger events in response to Create, Update, Read and Delete activities Features: Must be applied before and/or after interaction Support for different Notification models (Message based, Email) 37
  38. 38. Content Validation Purpose: To scan and validate contents in Registry/Repository as per type and pre-configured compliance checks Features: WSDL validation Schema Validation Validation related to Interoperability 38
  39. 39. Audit Trail Purpose: To establish accountability To track interaction among participants and registry/ repository Establish Usage pattern Features: Format /Verbosity Requirements Archival Policy 39
  40. 40. Run Time Governance (some or all) Service Virtualization ESB End Point Management Message Transport Runtime Custom Policy Management Provisioning Version Management 40
  41. 41. Service Virtualization Purpose: To compose task-specific “virtual” services from existing services. Features: Ability to Consolidate one or more operations from different services into one Create Skeleton services from WSDL Auto generation of WSDL for new virtual service 41
  42. 42. Message Brokering Purpose: To deliver service based on business or compliance criteria Features: Routing rules based on Content/Context Transform Inbound request / Outbound response Logging ,Monitoring, Alerting SLA Management Mediate across different transport protocols (HTTP-to- JMS, JMS-to-HTTP or custom) 42
  43. 43. Policy provisioning Purpose: Provisioning of Operational, Compliance policy Features: Auto Enforcement of policies on new Services Auto adaptation of Client to new Policy Requirements Auto Provisioning of policy based upon Change in service profile 43
  44. 44. Version Management Purpose: To allow smooth evolution of production systems Features: Publication of multiple versions of the same service simultaneously Transparent Rolling upgrades to published service Back-ward compatibility Version based routing 44
  45. 45. Custom Management Purpose: Template based approach to Policy Management Features: Custom policy libraries for specific management needs Content, context or custom instrumentation based approach to any domain- or application-specific policy Reuse of custom policies across multiple applications or SOA projects 45
  46. 46. End Point Management Purpose: Fine grain control of the service deployed in each of the container Features: Managed endpoints for each service Special purpose end points based on type of usage secured/unsecured) Load Balancing/Fail Over for Highly available End points 46
  47. 47. Upgrade Time Considerations ¬ Understand Inter-Service relationship and dependencies ¬ Analyze the Impact of changing a Web Service in a runtime environment ¬ Complexity in Roll outing Service in Runtime Environment ¬ Service Custody Transfer ¬ Changes to existing SLA and Policies 47
  48. 48. Automating Governance  Design Time Code analysis Content Validation Run Time WS-I compliance Usage of Predefined schema Usages of Specific Transport Automated policy Discovery /provisioning Change Time Monitoring and Measurement of SLA metrics (response time, availability, or throughput of service) 48
  49. 49. Technologies Behind Governance 49
  50. 50. Role of ESB in Governance ¬ Security - Ensure Privacy, Authenticity, Authorization and Auditing of all Message exchanged ¬ Mediation - Policy based mediation (protocol/invocation) ¬ Management - Holistic view of Transactions that passes through - Intercept Service call 50
  51. 51. Role of Service Registry/Repository  Where all Services are published Implements process to publish service that matches Governance model Contains Policies applicable to each service 51
  52. 52. Service Registry  SOA Registry Universal Description Discovery and Integration UDDI API sets UDDI Schema (Web service Access) (Meta Data Standard) SOA MetaData Business Policy Policies Taxonomy Association Dependencies Configurations Subscription Service Provider Information Information 52
  53. 53. Service Repository SOA Repository Common Features Design Time Policy WSDL Libraries Libraries Message Logs Run Time Policy Performance Info Libraries Extensions Run Time Event Reports Dashboards Notification Blogs Wikis 53
  54. 54. Integrated Registry/Repository‐ Key Benefits ¬ Consistent view of service definition ¬ No duplication of Data  ¬ No need for data synchronization ¬ Discover both Service info and dependencies 54
  55. 55. Implementing SOA Governance  55
  56. 56. SOA Governance Checklist ‐1 ¬ Registry/Repository: Service Meta‐Data setup  and Validation Service Relationship and  Dependency Management ¬ Access to Service: Workflow based Request  Process  User Configurable  Policies  56
  57. 57. SOA Governance Checklist ‐2 ¬ Publishing Service Workflow based Notification WSDL validation and  Conformance Reporting Wizards for Publication ¬ Delivery of Service Provider/Consumer  Binding SLA enforcement,  Versioning, Deployment  Centralized monitoring 57
  58. 58. SOA Governance Checklist ‐3 ¬ Delivery of Service (cont.) Routing Management Failover /Load Balancing Logging and Audit Trailing ¬ Service Change  Management Service subscription  management Service Metadata  subscription 58
  59. 59. SOA Governance Checklist ‐4 ¬ Replication strategy Selective synchronization  /promo. Master/Slave based ¬ Enforcement of  Security Role based  ACL Fixed and Configurable Roles Support for LDAP ¬ Interoperability  Handling any URI data types Java Rule Engine API 59
  60. 60. Analysts Comments: • “The governance of objects and components is relatively  straightforward: We create the gadget  and put into a repository and fix it when we  need to.” Carl Lentz ‐ Panelist ‐ The Role of Objects in a Services‐obsessed  World ‐ ACM, 10/2007 • "Enterprise governance models, early adopters are implementing  organizations whose focus is to advance  SOA adoption."  Rajeev Mahajan ‐ Practice Manager ‐ The Service Integration Maturity Model: Achieving  Flexibility in the Transformation to  SOA ‐ IEEE, 9/2006 60
  61. 61. Benefits of SOA Governance ¬ Greater alignment with business objectives ¬ Greater control over creation, deployment  and consumption of services ¬ Centralized management of policies and regulations ¬ Can embed compliance with government and industry  regulations ¬ Sarbanes‐Oxley, MiFID, HIPAA, GLBA 61
  62. 62. Challenges of SOA Governance ¬ Multiple organizations: ‐ How to create governance for service providers, infrastructure  providers, and application developers? What if policies  conflict? ¬ Managing exceptions: ‐ How to record and maintain sometimes necessary exceptions? 62
  63. 63. Challenges of SOA Governance ¬ Enforcing compliance: ‐ How to make sure that policies and procedures are being  followed at design time as well as runtime? ‐ What are the incentives for compliance? ¬ Seems counterintuitive: ‐ If SOA foundation lies in loose coupling and flexibility, why  do we need centralized control? 63
  64. 64. Case Study  Operational Risk management in  Derivative Trade Processing 64
  65. 65. Life Cycle of a Derivative Trade Confirmation Settlement Termination/ Novation Portfolio Reconciliation 65
  66. 66. Process Flow Dealer 1 Clients 4 2 5 SOA Trade Trade Trade 3 Capture Capture Execution 8 System System 6 Platform 7 9 DTCC 66
  67. 67. Implement Governance to avoid blind spots in the SOA  highway 67
  68. 68. Resources BEA :  http://www.bea.com/framework.jsp?CNT=index.jsp&FP=/content/solutio ns/soa_governance IBM : http://www‐ 306.ibm.com/software/solutions/soa/entrypoints/advancing_soa_govern ance.html INFOQ: http://www.infoq.com/governance/ 68
  69. 69. Q & A 69

×