This document discusses SOA governance. It begins by outlining some of the challenges of SOA adoption, including lack of standards and organizational change. It then defines SOA governance as the processes used to oversee and control SOA implementation according to recognized practices. Key components of governance include a registry, policies, and testing. The document also discusses design time and runtime governance, as well as technologies that support governance like ESBs, repositories, and governance products. It concludes with checklists and best practices for implementing SOA governance.

1. Topic 4
SOA Governance
Assoc.Prof.Dr. Thanachart Numnonda
www.imcinstitute.com

2. Agenda
 SOA Challenge
 What is SOA Governance?
 SOA Governance : Technologies and Products
 SOA Governance : Implementation
2

3. SOA Challenge

4. SOA Overarching Trends : IDC
• SOA adoption moving from project and application
level to system and enterprise scale
• Short and long term impact of SOA, along with
expectations, need to be better understood
• While technologies are key enablers, most study
participants focus on organization and program dynamics
• Success can be defined by multiple dimensions,
Including
• pervasiveness of SOA adoption in the enterprise and
• clear business results

5. SOA Challenges
5

6. SOA Success Factor : IDC Research
• Business Alignment
• Organizational Change
• Management
• Communication
• Trust
• Architecture
• Scale and Sustainability
• Governance

7. Why SOA Governance ?
• Enterprise Governance is business-oriented.
• In moving towards integrated business initiatives
(outsourcing, strategic supplier collaboration, value and
supply chain,…etc) and IT initiatives (XML, Web Services,
EAI, SOA…etc), companies want to ensure continuity of
• business operations
• manage security exposure
• align technology implementation with business requirements
• manage liabilities and dependencies,
• reduce the cost of operations.

8. SOA : Introduce a new layer

9. SOA Challenges
• It is so easy to create and utilize web services.
• Evolving Standards for Business Compliance, IT
Standards and Web Service Technologies .
• Lack of one Standards enforcement .
• A Variety of Vendors.
• Inadequate Tooling .
• New Layer - New Challenges

10. Developing SOA : New Paradigm

11. Ungoverned SOA: New Silo

12. Governance SOA

13. SOA in the Conventional Enterprise

14. Evaluation after One year without Governance

15. Evaluation after One year with Governance

16. What is SOA Governance?

17. SOA Governance : Definition
• The processes used to oversee and control the
adoption and implementation of SOA in
accordance with recognized practices, principles
and government regulations.
• SOA governance provides optimum service quality,
consistency, predictability and performance

18. SOA Governance : Components
• SOA registry : an evolving catalog of information
about the available services in the SOA
implementation.
• SOA policy : a set of behavioral restrictions
intended to ensure that services remain consistent.
• SOA testing : a comprehensive schedule of audits
and performance-monitoring procedures.

19. Key Components of Governance

20. Services in SOA
• Heart of SOA
• Life Cycle
• Designed
• Developed
• QA passed
• In production
• Metadata
• WSDL
• Schema
• Policy

21. SOA Governance : Service Life Cycle

22. SOA Governance : Phases
• SOA governance is divided between design time
governance and runtime governance.
• One way to make both design and runtime
governance more effective is through centralized
policy management.
• If the architecture is designed with all the policies
in an easily accessible location, then making
updates to an SOA after it has been implemented is
much easier.

23. Design Time SOA Governance

24. Runtime SOA Governance
24

25. Enterprise SOA Policies
• Policies set the goals that you use to direct and
measure success.
• Without policies, there is no Governance
• Policies need to address the overall impact to the
business of the Services that are being created and
deployed.
• Policies need to create a strong connection between
the business and technology.

26. Enterprise SOA Policies (cont.)
• Policies might start at the business level:
• Projects must comply with Internal Architecture
guidelines
• Security and regulatory compliance policy reviews are
mandatory for all IT projects
• Policies could represent more specific regulatory
compliance issues: (SOX, HIPPA)

27. SOA Governance : Benefits
• Greater alignment with business objectives
• Greater control over creation, deployment
and consumption of services
• Centralized management of policies and regulation
• Can embed compliance with government and indus
try regulations
• Sarbanes‐Oxley, MiFID, HIPAA, GLBA

28. SOA Governance :
Technologies and Products

29. Technologies behind SOA Governance
• Enterprise Service Bus (ESB)
• Repository
• Registry

30. Role of ESB in Governance
• Security
• Ensure Privacy, Authenticity, Authorization and
Auditing of all Message exchanged
• Mediation
• Policy based mediation (protocol/invocation)
• Management
• Holistic view of Transactions that passes through
• Intercept Service call

31. Role of Service Registry/Repository
• Where all Services are published
• Implements process to publish service that
matches Governance model
• Contains Policies applicable to each service

32. Service Registry

33. Service Repository

34. Benefit of Integrating Registry/Repository
• Consistent view of service definition
• No duplication of Data
• No need for data synchronization
• Discover both Service info and dependencies

35. Key Features of SOA Governance Product
• Versioning
• Publishing & Discovery
• Associations & Dependencies
• Relationship between resources
• Federation
• Control (Permission, Life Cycle, Validations)
• Monitoring (Notifications, Dashboard)
• Auditing

36. SOA Governance Product (Cont.)
• Most important of all..
• Governance cannot be bought, you need to
customize it..
• Extensibility Features
• BAM (Business Activity Monitoring)
• BI (Business Intelligence) gathering
• CEP (Complex Event Processing)

37. Gartner Magic Quadrant for Integrated
SOA Governance Technology Sets

38. SOA Governance Products : Example
• SOA Software
• Portfolio Manager
• Policy Manager
• Repository Manager
• Service Manager
• Oracle SOA Governance
• Oracle Enterprise Repository
• Oracle Web Services Manager
• Oracle Service Registry

39. SOA Governance Product : Example
• SOA Software
• Portfolio Manager
• Policy Manager
• Repository Manager
• Service Manager
• Oracle SOA Governance
• Oracle Enterprise Repository
• Oracle Web Services Manager
• Oracle Service Registry
• WSO2 (Open source)
• Governance Registry

40. WSO2 Governance Registry
40

41. SOA Governance :Implementation

42. SOA Governance : Checklist -1
• Registry/Repository:
• Service Meta‐Data setup and Validation
• Service Relationship and Dependency Management
• Access to Service:
• Workflow based Request Process
• User Configurable Policies

43. SOA Governance : Checklist -2
• Publishing Service
• Workflow based Notification
• WSDL validation and Conformance Reporting
• Wizards for Publication
• Delivery of Service
• Provider/Consumer Binding
• SLA enforcement, Versioning, Deployment
• Centralized monitoring
• Routing Management
• Failover /Load Balancing
• Logging and Audit Trailing

44. SOA Governance : Checklist -3
• Service Change Management
• Service subscription management
• Service Metadata subscription
• Replication strategy
• Selective synchronization / promo.
• Master/Slave based

45. SOA Governance : Checklist -4
• Enforcement of Security
• Role based
• ACL
• Fixed and Configurable Roles
• Support for LDAP
• Interoperability
• Handling any URI data
• Java Rule Engine API

46. SOA Governance : Best Practices
• Establish early
• Organizational acceptance for Governance
• Communicate relentlessly
• Automate
• Govern the entire service lifecycle
• Anticipate mixed technologies
• Monitory, access & report business value
• Consider cross organizational boundaries

47. SOA Governance Success Factors
• Align with internal software development
methodology.
• Minimize overhead.
• Maximize synergy with existing IT governance
processes.
• Gain visibility of project pipeline as early as
possible.
• Prefer influence over enforcement.

48. Resources
 SOA Governance, WSO2 SOA Workshop, 2009
 Governance: Fundamental to SOA’s Success, Ari Roy,
DATA Inc.
 Policy Based Governance for the Enterprise, Web
Layers

49. Thank you
thananum@gmail.com
www.facebook.com/imcinstitute
www.imcinstitute.com