Design Time and Run Time Governance

About the Presenter
Eranda
Sooriyabandara
is
a
member
of
the

Governance
Registry
team
at
WSO2

e-‐mail
:
eranda@wso2.com

About
WSO2

❏  Global
enterprise,
founded
in
2005

by
acknowledged
leaders
in
XML,

web
services

technologies,

standards

and
open
source

❏  Provides
only
open
source
plaGorm-‐
as-‐a-‐service
for
private,
public
and

hybrid
cloud
deployments

❏  All
WSO2
products
are
100%
open

source
and
released
under
the

Apache
License
Version
2.0.

❏  Is
an
AcNve
Member
of
OASIS,
Cloud

Security
Alliance,
OSGi
Alliance,

AMQP
Working
Group,
OpenID

FoundaNon
and
W3C.

❏  Driven
by
InnovaNon

❏  Launched first open source API
Management solution in 2012
❏  Launched App Factory in 2Q
2013
❏  Launched Enterprise Store and
first open source Mobile
solution in 4Q 2013

Overview
❏  SOA Governance
❏  SOA Governance Phases
❏  Design Time Governance
❏  Runtime Governance
❏  WSO2 Governance Registry
❏  Governance Use Cases
❏  Demo
❏  WSO2 Governance Registry Governance Features
❏  Conclusion

SOA Governance
“Ensuring
and
validaNng
that
assets
and

arNfacts
within
the
architecture
are
acNng
as

expected
and
maintaining
a
certain
level
of

quality”
-‐
Gartner

SOA Governance
In
a
nutshell,
SOA
governance
is
all
about

making
sure
that
you're
building
the
right

system
and
ensuring
it
operates
to
your

expectaCons.

SOA Governance
Activities that are often mentioned as being part of SOA governance
❏  Managing the portfolio of SOA artifacts
❏  Managing the SOA artifact lifecycle
❏  Using policies to restrict behavior
❏  Monitoring, analysing and presenting artifact data
❏  Managing how and by whom SOA artifacts are used

SOA Governance Phases
SOA governance can be broken into phases on their point of application
1.  Design Time SOA Governance
2.  Runtime SOA Governance

Design Time SOA Governance
o  Design
Nme
governance
refers
to
the
deﬁning
and

controlling
enterprise
services
creaNon.

o  It
involves
crea-on
of
enterprise
policies
used
to
ensure
that

enterprise
business
models
are
properly
funded
within
the

enterprise.

Runtime SOA Governance
o  RunNme
governance
refers
to
the
process
of
enforcing
the

adherence
to
run-‐Nme
service
policies.

o  In
addiNon
to
policy
enforcement,
this
term
is
oXen
used
to

include
aspects
of
SOA
management
as
it
relates
to
these

policies.

o  Also
include
real-‐Nme
policy
compliance
monitoring,

audi-ng
and
measuring,
as
well
as
collec-ng
result

sta-s-cs.

WSO2 Governance Registry
❏  A
Service
Oriented
Architecture
(SOA)
integrated
registry

repository
to
store,
manage
and
govern
service
arNfacts

❏  Flexible
and
Extensible

❏  Fully
open
source

❏  Supports
numerous
standards
(JMX,
SCM,
UDDI,
WebDAV,

WS-‐Discovery
,CMIS)

❏  Licensed
under
Apache
License
Version
2.0

Use Case 1 : Handling Policies
o  OrganizaNons
have
their
own
policies
which
can
be
hundred
to
thousands
in
numbers.

o  When
developing
a
service
there’s
no
way
of
idenNfying

what
policies
organizaNon

already
have
and
what
policies
they
want
to
use
in
the
service.
(No
discovery
and

reuse)

o  If
different
systems
tries
to
keep
the
policies
with
them
then
when
there
is
an
update

to
that
policy
system
admins
have
to
update
them
separately.
(No
centralizaNon)

o  When
service
lifecycle
changes
then
moving
policies
to
different
environment
need
to

be
done
manually.
(No
automaNon)

o  If
a
policy
moved
to
a
different
lifecycle
state
then
there
is
no
way
of
knowing
it
for

the
interested
party.
(No
noNficaNon)

o  Eg.
If
lifecycle
state
changed
to
Development
to
QA
then
quality
assurance

engineers
may
not
know
that
there
is
a
new
arNfact
in
QA
state
to
test.

Policy Governance using G-Reg
Governance Space for
Production
QA
Development
Governance Space
Governance Space
Governance Space
Dev
QA
Promote
Promote Demote
Demote
Prod

Creating XACML Policy

Distributed PDP Management

Reverse Lookup

Governing Policies Across Lifecycle States

Subscribing to Notification

Use Case 2 : Handling Endpoints
o  OrganizaNons
have
their
own
services
which
can
be
hundred
to
thousands
in

numbers.
Also
there
can
be
service
which
they
are
using.

o  When
developing
a
service
there’s
no
way
of
idenNfying

what
services
organizaNon

already
have
and
what
services
they
want
to
use
in
the
service.
(No
discovery
and

reuse)

o  If
different
systems
tries
to
keep
the
service
references
with
them
then
when
there
is

an
update
to
that
service
system
admins
have
to
update
them
separately.
(No

centralizaNon)

o  When
service
lifecycle
changes
then
moving
services
with
all
the
related
arNfacts
to

different
environment
need
to
be
done
manually.
(No
automaNon)

o  If
a
service
moved
to
a
different
lifecycle
state
then
there
is
no
way
of
knowing
it
for

the
interested
party.
(No
noNficaNon)

o  Eg.
If
lifecycle
state
changed
to
Development
to
QA
then
quality
assurance

engineers
may
not
know
that
there
is
a
new
arNfacts
in
QA
state
to
test.

Endpoints Governance using G-Reg
Governance Space
for Production
Governance Space
for QA
Governance Space
for Development
Governance
Space
Governance
Space
Governance
SpaceDev
QA
Prod
Promote
Promote Demote
Demote

Endpoint Governance using G-Reg
Adding WSDL

WSDL View

Service View

Creating Proxy Service Using the Service Endpoints

Governing Service Across Lifecycle States

Production….

Production - Echo Proxy Config = Dev - Echo Proxy Config

G-Reg Governance Features
❏  Built-‐in
SOA
arNfacts
support

❏  Support
for
common
types
(Services,
WSDL,
Schema,
Policy,
APIs,
Providers,

Documents,
URIs,
WADLs,
Endpoints,
Proxies,
Sequences)

❏  ValidaNon
policies
-‐

e.g.
WSDL
ValidaNon,
WS-‐I
ValidaNon,
and
Schema

ValidaNon

❏  Governance
Archive
(.gar)
for
uploading
arNfacts
with
imports

❏  WSDL
Tool
to
import
service
informaNon
from
a
given
WSDL,
and
WSDL

custom-‐view

❏  WS
API
for
built-‐in
arNfacts
(CRUD
OperaNon
Support)

G-Reg Governance Features (Cont.)
❏  Lifecycle
support

❏  Built-‐in
service
lifecycle

❏  Advanced
lifecycle
management

❏  checklists

❏  scripNng
support

❏  transiNon
validaNon

❏  transiNon
UI

❏  Lifecycle
Workﬂow
IntegraNon

❏  XML
editor
for
ediNng
lifecycle

❏  Lifecycle
state
transiNon
through
governance
API

❏  Approval
for
lifecycle
operaNons

❏  Lifecycle
audit

❏  Governance
registry
extensions

❏  Configurable
Governance
ArNfacts
(RXTs)

❏  Various
field
support
(text,
text-‐area,
opNons,
opNon-‐text,
date)

❏  Unbounded
field
support

❏  Tool-‐Np
feature

❏  Reg-‐ex
validaNon
support

❏  Lifecycle
in
RXT
DefiniNon

❏  API
to
govern
SOA
arNfacts

❏  Pluggable
media
type
handlers
for
handling
custom
media
types
and
XML

editor
for
ediNng
handler

❏  WS
API
for
Governance
ArNfacts
(CRUD
OperaNon
Support)

❏  Miscellaneous

❏  InternaNonalizaNon

❏  Worklist
noNﬁcaNons

❏  Dependency
management

❏  WS-‐Discovery
support

Conclusion
o  SOA
governance
plays
a
huge
role
in
an
enterprise
and
helps
the
industry
solve

emerging
issues.
A
majority
of
the
SOA
industry
has
adopted,
or
is
in
the
process

of
adopNng,
SOA
governance
into
their
systems
to
maximize
producNvity
and

proﬁtability
of
both
SOA
designs
and
SOA
producNon
systems.

o  SOA
governance
can
be
categorized
into
two
major
phases:
Design
Time

Governance
and
RunNme
Governance.

o  WSO2
Governance
Registry
can
be
use
in
both
governance
phases
and
there
are

numerous
OOTB
features
and
extension
points
to
implement
a
complete

governance
story.

More Information !
1.  hgp://wso2.com/products/governance-‐registry/

2.  hgp://docs.wso2.com/display/Governance460/Governing+External+References
+Across+Environments

References
1.  Thomas
Erl
...
[et
al.],
SOA
governance
:
governing
shared
services
on-‐premise

and
in
the
cloud

Design Time and Run Time Governance

More Related Content

Similar to Design Time and Run Time Governance

More from WSO2

Recently uploaded

Design Time and Run Time Governance