Toronix - SOA Governance Quick Start

© 2006 IBM Corporation
SOA on your terms and our expertise
IBM - SOA Governance
Fast Track
Robert R. Rowntree
SOA Enterprise Architect
IBM Software Group

SOA on your terms and our expertise2
What is Governance?
Establishing chains of responsibility,
authority and communication
to empower people (decision rights)
Establishing measurement,
policy and control mechanisms
to enable people to carry out
their roles and responsibilities

SOA Governance
is a catalyst
for improving
overall IT
governance
It’s all part of Corporate Governance
What is IT governance?
Establishing decision making rights
associated with IT
Establishing mechanisms and policies
used to measure and control the way
IT decisions are made and carried out
What is SOA governance?
Extension of IT governance
focused on the lifecycle
of services to ensure the
business value of SOA
What is Governance?
Corporate Governance
SOA
Governance
IT Governance

What is the Difference Between IT Governance and SOA
Governance?
 IT Governance is broader and covers all aspects of IT governance. For example, it
includes data governance and IT security
 SOA Governance addresses aspects of the service life cycle such as:
– Planning
– Publish
– Discover
– Versioning
– Management
– Security
 SOA Governance, while it contains aspects of IT Governance, SOA Governance
covers business aspects that are not captured in IT Governance such as the linkage
required between business and IT.
This is SOA governance. According to vendors, industry media, and IBM.

SO IT Governance Capability Model
Discipline-Independent Governance Capabilities
GovernanceofITFinancing
andPrioritization
ArchitecturalGovernance
ITPortfolioGovernance
GovernanceofSystems
DevelopmentLifecycle
ITDataCenterOperations
Governance
DataGovernance
SOAGovernance
Governance Disciplines

10 Principles of IT Governance
1. Decision Rights & Measurement etc. (Core Definition of
Governance)
2. Governance is Applied to Processes
3. Artifact lifecycle is an Important Process to be Governed
4. Decision Rights are Assigned to Roles
5. Governance Processes Applies Governance to Governed
Processes
6. Policies Guide Decision Making
7. Compliance is the Documentation of Decisions Made
8. Governance is about Behavior Change
9. The Level(s) and Style(s) of Governance should be Tailored
10.Organizations Approach Governance Incrementally

Principle 1: Core Definition of IT Governance

IT Governance:
– IT Governance is that subset of corporate governance that pertains to an organization’s IT activities and
the way those activities support the goals of the organization.
– IT governance includes the decision making rights associated with IT as well as the mechanisms and
policies used to measure and control the way IT decisions are made and carried out within the
organization.
 Why you should care?
– Clarifies what SOA Governance is and is not
[1] www.ibm.com/soa/gov
[2] http://en.wikipedia.org/wiki/SOA_Governance

Principle 2: Governance is applied to processes
 It is an important analytical simplification to understand that in IT :
– we govern processes,
– we apply policy to processes,
– we apply decision points to processes
– we measure and control processes
 Governance may be characterized by the sorts of decisions that need to be made at certain
control points within a process
– Control points provide an opportunity to measure the process and make decisions on whether any
adjustments are needed to the execution of the process
– Certain activites within a process may be associated with a control point
– Certain events may be a control point
 Why should you care?
– Provides a structure to understand where to start with the Plan phase
• Think about the key processes and how they are governed.

Principle 3: Artifact Lifecycle is an Important Process to be Governed
 The lifecycle of an artifact can be characterized as a process, involving a
set of activities and events associated with state changes of the artifact
– State transitions may be associated with a control point
– Changing state values of an artifact may be associated with a control point
 “assets” are artifacts that have value to the business
– Typically, it is “assets” that have governance focus
 It is also important to consider how “collections” of artifacts
– By understanding the set of artifacts associated with a particular
IT discipline, we can quickly enumerate a set of key processes
that need to be governed

Principle 4: Decision Rights are assigned to Roles
 Decision rights are assigned to roles in an organization, not to individuals.
– Governance is about assigning the rights to make the decisions and deciding
what measures to use and policies to follow in order to make those decisions.
• Therefore one aspect of governance is determining organization roles.
– Management, on the other hand, includes assignment of staff to the roles and
monitoring the compliance to policies during the execution of processes.
– This focuses the design phase to make sure the decision rights are properly
assigned at given control points
– Eases the enable phase to make sure decision rights are properly abstracted

Example Decision Rights Matrix
Decision ESC ARB PMO SCB SAB BUC
Service Funding R I R I R
Service Ownership R I R I
Service Platform R R I
Service Identification R R I I I R
Service Specification I R I R
Service Realization I I R I I
Service Development I R R I
Service Release Mgmt R R I
SOA Training R I R I
 Input advisors (I) make recommendations; decision makers have the right (R) to decide.
 Executive Steering Committee (ESC), architectural review board (ARB), program
management office (PMO), SOA Center of Excellence Board (SCB), SOA CoE Advisory
Board (SAB), Business Unit Committees (BUC)
 This example uses only high-level service lifecycle steps (and not the related decisions).
It does not illustrate use of individual roles.

Principle 5: Governance Processes and Processes Being Governed
 The processes in SOA Foundation Governance Lifecycle
(Plan/Define/Enable/Measure) are “Governance Processes”
 The processes in SOA Foundation Lifecycle
(Model/Assemble/Deploy/Manage) are “Processes Being
Governed”
– It is important to distinguish whether a process is a governance
process or not.
– Many things called Governance Processes are in fact not
Governance Processes, but rather, they are simply processes that
Governance has a strong influence over.

Principle 6: Policies Guide Decision Making
 A policy is an artifact of a governance process that guides
decision making behavior associated with one or more control
points in one or more processes.
– That is, the policy provides guidelines for decision making, sets the
rigidity for following the policy and may provide for exceptions.
• E.g., federal judges are granted decision rights for sentences for convicts.
However, they are constrained by the sentencing guidelines.
 Policy provides guidelines
– sometimes sets limits
– sometimes enables
– Policy is at the heart of what makes governance actionable

Principle 7: Compliance is the Documentation of Decisions Made
 Compliance is an artifact of a governance process that records
the fact that a decision was made in accordance with policy(s)
associated with a control point within a process
– The relationship between Governance and Compliance are often
confused
– The relationship between Policy and Compliance are often confused

Principle 8: Governance is about Behavior Change
 The purpose of governance is to moderate behavior of
processes, particularly the way processes are executed by
humans and IT systems.
– The change of behavior is intended to increase the likelihood of
some specific outcome
 Although some may claim that process models drive behavior,
at best a process model standardizes tasks;
– Governance drives behavior.
– People understand how to execute their decision rights and react to
measures.
– Keep in mind what the purpose of Governance is.
• It is not just a ticky mark, it is about change
– Helps drive the measure phase to verify change in governance

Principle 9: The level(s) and style(s) of Governance should be Tailored
to the Needs of the Organization
 Different organizations have different needs
 Even within an organization, different processes may require
different styles of governance.
 Some governance styles need to consider the relationship
between an organization and its sub organizations
– Choosing an appropriate governance style is a Governance Process
– There is no “one size fits all” in governance

Principle 10: Organizations build up IT Governance capabilities
Incrementally
 IT Governance capabilities include
– formalizing processes and best practices associated with the various
disciplines of IT Governance
– establishing cross-discipline capabilities and services to make
Governance processes more efficient and cost effective.
 There are 2 reasons to iterate in the SOA Governance Lifecycle
– To incrementally add new Governance Capabilities
– To incrementally improve on existing Governance Capabilities
– Don’t bite off the entire governance problem all at once
• pick your battles
– Getting Governance right is an iterative process

 Principles
– Policies
– Guidelines
– Standards
 Method
– What & How do I tailor the model for individual projects
 Governance Processes
– Definition
– Compliance
– Vitality
– Communication
 Governance Organizational Structure
 Governance Roles and Responsibilities
What Constitutes a Governance Model
Governance
Foundational
Building Blocks

Principles for Success
 Enabling organizations to achieve the desired goals and promises of
SOA requires an interlock between People, Process and Technology.
This interlock is accomplished with SOA governance:
– Organizing business functionality into shareable services that meet the
needs of the business require governance that defines process and
technologies to make this vision a reality
– Breaking down silos and unlocking the value of legacy systems while
making software less brittle cannot be accomplished solely with technology it
requires governance
– Cross functional nature of SOA requires improving the alignment between
business and IT but this requires SOA governance to facilitate the dialog and
interactions between business and IT

The SOA Governance processes require active participation and
decisions from different individuals and groups that are contributing to
the success of SOA.
Business Flexibility
Directives
 Business Process Owners understand and maintain certain processes with all its
business and IT implications.
 The Business Unit Committees are the functional business competencies stakeholders
that have to be involved in the SOA Governance process, because SOA is business
driven.
Executive Leadership
& Funding Sources
 The Executive Sponsor is the principle stakeholder and the champion of the SOA CoE
organization.
 The Executive Steering Committee provides strategy and initial funding and resolves
final disputes and funding issues
Advice and
Enablement
 The SOA CoE Board deals with the management and the operations of the SOA CoE.
 The SOA CoE Advisory Group is like a community of practice; they are the first line
review to ensure enterprise wide compliance with reuse and business agility guiding
principles.
IT Resources and
Architecture
 The Architectural Review Board is overseeing the whole IT. The SOA CoE might be a
part of it or identical. Because similar work is done the relationship has to be defined.
 The Program Management Office is organizing the different projects. SOA Governance
effects then due to inspections and reviews.

14 Critical Processes to be Created or Modified for an
Effective SOA Governance Model Implementation
Service
Planning
Service
Ownership and
Funding
Service
Modeling
Service
Implementation
Service
Management
Define Service
Focus
Assemble
Services
Deploy Services
Test Services
Design Services
Manage Service
Levels
Manage Service
Security
Manage Service
Change
Manage Quality
of Service
Specify Services
Realize Services
Identify Services
Define Service
Funding
Identify Service
Owners
By effectively establishing governance
mechanisms in these 14 areas, clients
can address these common challenges:
Establishing decision rights
Defining high value business services
Managing the lifecycle of assets
Measuring effectiveness

 Deploy SOA technology like service registries and SOA management solutions
 Registries needed to manage services at runtime but not sufficient on its own
 Management is most effective when done in the context of governance
 Fragmented, uncoordinated activities around SOA
 Inconsistent approaches that result in limited ability for reuse
 Business as usual
 Treat SOA projects same as others
What is needed…
 Comprehensive approach encompassing entire services lifecycle with multiple
entry points
 Best practices, methodology, processes and tools/ technology
Currently the industry and our clients employ a variety of
sub-optimal approaches to SOA Governance
Current Approaches to SOA Governance in the Marketplace

SOA Governance Lifecycle
Define the Governance Approach
 Define/modify governance processes
 Design policies and enforcement mechanisms
 Identify success factors, metrics
 Identify owners and funding model
 Charter/refine SOA Center of Excellence
 Design governance IT infrastructure
Monitor and Manage
the Governance Processes
 Monitor compliance with policies
 Monitor compliance with governance arrangements
 Monitor IT effectiveness metrics
Enable the Governance
Model Incrementally
 Deploy governance mechanisms
 Deploy governance IT infrastructure
 Educate and deploy on expected behaviors
and practices
 Deploy policies
Plan the Governance Need
 Document and validate business strategy
for SOA and IT
 Assess current IT and SOA capabilities
 Define/Refine SOA vision and strategy
 Review current Governance
capabilities and arrangements
 Layout governance plan

New Services and Products in the Press Announcement
 BCS: SOA Governance and Management Method
– Services to help customers map their requirements, policies, procedures and regulations to execute new
business plans based on SOA, and help with the necessary cultural changes
 Rational: SOA Governance plug-in for IBM Rational Method Composer
– Select governance best practices from IBM Business Consulting Services packaged as a reusable asset
and delivered as part of Rational Method Composer
 WebSphere: IBM WebSphere Service Registry and Repository
– Offering to help customers discover, access, and manage service metadata used in the selection,
invocation, management, reuse and governance of services in an SOA
– Target availability: Q3
– WW Technical Sales Leader: Naveen Sachaeva
 Information Management: IBM Rational Data Architect
– Helps customers adopt and enforce corporate and industry standards on their data models, and helps
customers design, discover and govern SOA compliant information architectures
 Tivoli: IBM Tivoli Change and Configuration Management Database
– Automatically discovers and manages information about a client’s IT environment, including IT resources,
configuration items, user identities, and the interrelationships between these entities.
IBM Software news: New IBM Software and Consulting Services
Help Organizations Reach Business Goals (2006-03-22)

Thank You
Merci
Grazie
Gracias
Obrigado
Danke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Hindi
Tamil
Thai
Korean

Toronix - SOA Governance Quick Start

More Related Content

What's hot

Similar to Toronix - SOA Governance Quick Start

Recently uploaded

Toronix - SOA Governance Quick Start