emily's picture
From emily rss RSS  subscribe Subscribe

Building on SOA Entry Point Successes 



 

 
 
Tags:  SOA  IBM  Success 
Views:  7764
Downloads:  175
Published:  September 29, 2007
 
2
download

Share plick with friends Share
save to favorite
Report Abuse Report Abuse
 
Related Plicks
 enm2007week9chap6

enm2007week9chap6

From: lvgangqiang
Views: 1808 Comments: 0

 
000-665 Exam Pdf Demo

000-665 Exam Pdf Demo

From: xuchun3898329
Views: 296 Comments: 0
000-665 ,000-665 exam,000-665 questions and answers,Test1pass 000-665 braindumps,free 000-665 example
 
000-669 Exam Pdf Demo

000-669 Exam Pdf Demo

From: xuchun3898329
Views: 370 Comments: 0
000-669 ,000-669 exam,000-669 questions and answers,Test1pass 000-669 braindumps,free 000-669 example
 
 Government SOA: Social Services and Social Security Organizations

Government SOA: Social Services and Social Security Organizations

From: IBMGovernment
Views: 435 Comments: 0
From possibility to actuality: Learn why social services and social security organizations are turning to SOA from IBM.
 
share IBM 000-M26 exam practice material

share IBM 000-M26 exam practice material

From: luckyking
Views: 241 Comments: 0
Wanting to pass IBM 000-M26 exam and get the IBM certification successfully and smoothly,Testpassport IBM 000-M26 exam real Q&A must be your biggest helper.Testpassport IBM 000-M26 exam also has its free demo. Beofre you decide to purchase it, you c (more)

 
Testinside 000-M22

Testinside 000-M22

From: ccna4
Views: 172 Comments: 0

 
See all 
 
More from this user
Java One 2005 Technical

Java One 2005 Technical

From: emily
Views: 3548
Comments: 0

NSDI - Poland

NSDI - Poland

From: emily
Views: 2780
Comments: 0

Welcome to the Minnesota SharePoint User Group

Welcome to the Minnesota SharePoint User Group

From: emily
Views: 6343
Comments: 0

Java One 2002 Overview

Java One 2002 Overview

From: emily
Views: 2938
Comments: 0

SQL Server 2005

SQL Server 2005

From: emily
Views: 3961
Comments: 1

CATPDG Quick Start Demo

CATPDG Quick Start Demo

From: emily
Views: 1808
Comments: 0

See all 
 
 
 URL:          AddThis Social Bookmark Button
Embed Thin Player: (fits in most blogs)
Embed Full Player :
 
 

Name

Email (will NOT be shown to other users)

 

 
 
Comments: (watch)
plicker Spending Less On Car Purchase (5 years ago)
thank you
 
 
Notes:
 
Slide 3: 提供客戶彈性、可重覆利用的 SOA 產業解決方 案,以及隨需應變的軟體服務,希冀與客戶、合 作夥伴共創多贏局面 ( 彈性、隨需應變及速度 )
Slide 4: 落實「 SOA 最佳實踐年」 • 第一、 SOA 創新中心 (SOA Innovation Center) :自去年開始規 劃拓展 Open Partner center 成為 SOA Innovation Center ,台 灣 IBM 透過與第三單位合作,培植國內系統整合商自行開發 SOA 解決方案,藉由此中心, IBM 技術人員將協助國內 ISV/SI 進行解決方案、平台的相關測試。 • 第二、 SOA 研發中心 (SOA Development Center) :台灣 IBM 結合本土事業夥伴與經濟部共同合作,引進 IBM 全球 SOA 最 新技術在台研發,希望針對金融產業研發出適合的共用模組,期 望與台灣軟體廠商合作研發共用模組,讓金融產業皆可直接導入 此模組,並銷售至全球,拓展國際業務市場。 • 第三、 SOA 產品化: IBM 持續與產官學合作,協助客戶開發符 合 SOA 之解決方案;而 IBM 五大軟體品牌也將以 SOA 五個 切入點- People 、 Process 、 Information 、 Reuse 及 Connectivity ,解決客戶相關需求,降低企業導入風險。 • 第四、 SOA 深耕校園:「 2007 IBM 開發者新秀大賽」已開始 進行報名階段;此外,今年將繼續舉辦 SOA 校園講座,並延伸 對象至中、南部大學與技術學院,而 IBM 校園大使也持續在各 大專院校授課與進行軟體技術分享。
Slide 5: 如何確保 SOA 轉型成功 • Web Method :Governance: The Key to SOA Success – webMethods Infravio X-Registry and – webMethods Infravio X-Broker. • it-director.com : How do you govern SOA? -1 – http://www.itdirector.com/technology/infrastructure/content.php? cid=9423 • IBM: A case for SOA governance – http://www128.ibm.com/developerworks/webservices/library/w s-soa-govern/
Slide 7: Governance: The Key to SOA Success • Many organizations are embracing Service-Oriented Architectures (SOAs), drawn to the business benefits of improving business process visibility and flexibility. • This leads to the break up of the traditional application architecture that, at the enterprise-level, means a dramatic increase in the number of interdependent entities in the IT infrastructure. • A poorly managed SOA has the potential to lead to an enterprise infrastructure of such complexity that its benefits are immediately outweighed. • This complexity is compounded only by the possibility that services may be reused across organizational boundaries and heterogeneous domains of ownership.
Slide 8: The Problem of Poor Governance • SOA success is highly correlated with an organization’s ability to manage complexity. • SOA governance is concerned with establishing policies, controls, and enforcement mechanisms within the SOA domain (i.e., within the activities and constructs associated with SOA) and across the implementation lifecycle, from design through deployment to change-of-use. • Without it (Governance), organizations can expect: – – – – Services that cannot easily be reused Lack of trust and confidence in services as enterprise assets Security breaches that cannot easily be traced Unpredictable performance. • Quite simply, deployment of post-pilot SOA without proper governance is not a viable solution for most organizations.
Slide 9: The Technology of Governance • As the foundation of SOA governance is the ability to enforce and automate policies across the service lifecycle, there is a major role for software system mechanisms that enable the automation and enforcement of governance policies. • Two of the main components of this system are: – A registry, which acts as a central index of business services – A repository, for storing policies and other metadata related to the governance of the services. • However, by themselves, these components are not sufficient. The registry and repository must be fully interoperable with each other and other SOA assets, and they must form a comprehensive system that manages the entire SOA lifecycle.
Slide 10: webMethods Infravio Solution - 1 • Web Methods’ SOA solution provides integrated SOA governance during design-time, run-time, and changetime. It provides the registry, repository and run-time enforcement that are essential for standardizing and managing the leverage • Governance: The Key to SOA Success of SOA assets throughout the entire IT lifecycle by different “SOA stakeholders”; e.g., architects, developers, IT management, and business users. • The solution makes it easy to locate, understand and trust available services, which maximizes service reuse and adoption, and allows policy and process visibility to all SOA stakeholders.
Slide 11: Governance: The Key to SOA Success
Slide 12: webMethods Infravio Solution - 2 • The solution consists of two fully independent and comprehensive products, 1. webMethods Infravio X-Registry and 2. webMethods Infravio X-Broker. • With support for industry standards and initiatives, such as SOA Link, these standalone products work together seamlessly as well as with other standards-based SOA products.
Slide 13: webMethods Infravio Solution - 3 webMethods Infravio X-Registry allows stakeholders to: – Catalog, publish, locate, demo, and approve services – Reuse services easily and efficiently – Create a system of record for SOA metadata— policies, schema, performance criteria, and contracts – Interoperate with UDDI V2 and V3, JAX-R, and ebXML standards – Manage the governance rules engine and policy manager – Store digital documents and related service definitions – Capture audit trail of all registry activities.
Slide 14: webMethods Infravio Solution - 4 • webMethods Infravio X-Broker provides run-time support for securing, routing, monitoring, and managing Web services between provider and consumer applications. • webMethods Infravio X-Broker enforces the delivery terms specified in the Web Services Delivery Contract, including the processing requirements and instructions for four major categories: security, integration, operations, and business. • When combined with the webMethods Infravio XRegistry, the X-Broker provides end-to-end governance of services from design-time through runtime and change-time.
Slide 15: Bottom Line • Comprehensive governance is not an option for enterprise SOA; it is a necessary requirement. • SOA governance requires more than a registry or a repository. It requires an integrated solution that provides support for all SOA stakeholders throughout the entire SOA lifecycle. • webMethods Infravio X-Registry and X-Broker are independent but fully interoperable products that deliver comprehensive SOA governance capabilities. Together, they form a standards-based SOA platform that allows organizations to fully reap the business benefits
Slide 16: http://www.webmethods.com/Products/Fabric/SOA/Governance
Slide 17: What is SOA Governance? • SOA governance is the subset of IT governance related to establishing policies, controls, and enforcement mechanisms required for SOA — similar to those that exist for managing and controlling other aspects of IT. ( service management) • SOA governance – initially applied just to the development and use of Web services, – but today SOA governance spans SOA architecture as well as the governance of services across the entire implementation lifecycle.
Slide 18: Where Is Governance Required? • Architecture – Governance is necessary to ensure that SOA as architecture evolves by design and not by accident. • Design-Time - Design-time governance is primarily an IT development function that involves the application of rules for governing the definition and creation of Web services. • Run-Time - Governance at run-time revolves around the definition and enforcement of policies for controlling the deployment, • Change-Time - Change-time governance is the act of managing services through the cycle of change since most services will be modified many times, this is an essential component of long-term governance.
Slide 19: Technologies Required for Governance • Registry – a catalog or index that acts as the “system of record” for the services within an SOA • Repository – centrally-managed data storage for all governance policies and metadata • Policy Enforcement – Design-time enforcement (registry/repository), run-time enforcement: (message transport), and change-time enforcement (IT management system). • Governance Rules Engine - Incorporating rules engine technology within the registry/repository enables a significant degree of flexibility and automation, while reducing the reliance on humans to perform mechanical governance tasks (and the associated risk of error). • Lifecycle Management - The human interface to the registry/repository which incorporates the governance lifecycle processes and workflows.
Slide 21: SOA GOVERNANCE REQUIREMENTS CHECKLIST-1 The following checklist identifies key technical and functional requirements of an SOA governance solution and can be used to assess the completeness of your governance implementation strategy. • Registry/Repository – – – – – – – – – – Service metadata typing and validation Service relationship and dependency management Search by name, description, keywords, attributes Advanced search (multi-keys, Boolean expressions) Storage of business-level metadata Organization and business unit management Metadata filtering Delegated administration Consolidated auditing on registry/repository lifecycle actions File-system and database persistence options Workflow-driven approval/notification request processes User-configurable policies and assertions Service request reporting Consumer data collection • Service Publishing – – – – – – Workflow-driven approval/notification processes User-configurable policies and assertions WSDL validation and conformance reporting Customizable user-defined validation policies (e.g. corporate policies) Command-line publishing utilities Publication wizards Consumer/provider pair binding Service delivery contract model Contract enforcement, versioning, deployment, monitoring, reporting SLA management Security terms management Request/response routing management Failover/load-balancing management Logging and monitoring management Policy Deployment Management Runtime metrics warehousing • Service Delivery – – – – – – – – – – • Service Access – – – –
Slide 22: SOA GOVERNANCE REQUIREMENTS CHECKLIST-2 The following checklist identifies key technical and functional requirements of an SOA governance solution and can be used to assess the completeness of your governance implementation strategy. • Service Change Management – Service subscription management – Service metadata subscription – Email and SOAP notifications – Synchronous/asynchronous notifications • Security Features – Fixed and flexible roles – Role-based privileges – Service | Taxonomy | Attribute | Repository Object Access by Role – Access Control Lists (ACLs) – Digital signature support – LDAP support • Federation/Replication – – Master/slave replication Selective synchronization of multiple repositories – Selective promotion of objects across repositories • Standards Interoperability – UDDI v2 and v3 – Handling of any URI data types – JSR 93: Java API for XML Registries – JSR 223: Scripting for Java – JSR 94: Java Rule Engine API • Management Features – – – – – – – – Advanced policies and account management User activity auditing Taxonomy management API User Management API Access Control API Subscription API Administration API JAXR API
Slide 23: 如何確保 SOA 轉型成功 • Web Method :Governance: The Key to SOA Success – webMethods Infravio X-Registry and – webMethods Infravio X-Broker. • it-director.com : How do you govern SOA? -1 – http://www.itdirector.com/technology/infrastructure/content.php? cid=9423 • IBM: A case for SOA governance – http://www128.ibm.com/developerworks/webservices/library/w s-soa-govern/
Slide 25: How do you govern SOA? -1 • When organizations establish a Service Oriented Architecture (SOA) strategy, the governance model is usually not the first thing on the to-do list. However, it should be. Many organizations rush into SOA with a flurry of activities. • Typically these are technical efforts: everything from putting an Enterprise Service Bus in place to adding Web Services interfaces to a business service. • Because even simple SOA projects can have positive results for the business, it is not surprising that organizations want to "cut to the chase" without thinking of the consequences and, in particular, of the management requirements of a SOA implementation. • The way to manage the SOA environment is through SOA Governance.
Slide 26: How do you govern SOA? -2 • In brief, SOA Governance is the process of determining how to create SOA-based services that conform to business standards. • For example, let's say you create a service that conducts a credit check. The service has been designed to meet the needs of the business. – – – – Who is allowed to make a change to that service? Can any developer with a tool change it to fit another requirement? Is it alright to have five different versions of the check credit service? Who within the business confirms and signs off on the service? • Many organizations have not started to think about the process of constructing and managing services. This is quite dangerous because it does not just impact the IT department but the integrity of the business itself.
Slide 27: A hypothetical example-1 • We think this is already happening without companies being aware. Let's walk through an example: • An insurance company has made the decision to implement a SOA strategy in order to better leverage its IT assets and make the business more productive. There is top level approval both from business executives and IT. A project is selected as a starting point. • The organization decides that the claims processing operation will be an ideal pilot. A team consisting of IT professionals and claims practitioners collaborates and creates five business services that make it much easier to accommodate new business partners and to create new business initiatives without creating new applications from scratch. • After the first three months, it is apparent that the rewards are great. The company is able to implement new business ideas in weeks rather than months. The project is a showcase.
Slide 28: A hypothetical example-2 • Now, things start to go wrong. Several enterprising claims processing analysts take an existing business service and modify it so it can be used in one very different opportunity. • In another situation, a developer adds a different variation into the mix and inadvertently changes a key business rule that determines the amount of commission paid to a partner. • Looking at this scenario makes the problems appear obvious, but when things start to go wrong, it will typically take an organization a long time to discover what has been happening. – Are the individuals involved doing something illegal? – Are they being deceptive? • No, they are merely being pragmatic; taking advantage of resources and assets that have been successfully used already and "improving" upon them. They have not been given training on – what a business service actually is and – what the procedures are for changing a service or augmenting it.
Slide 29: The Bottom Line • Right now there is very little understanding that SOA governance is an important enabler that makes SOA safe for business. The well meaning practitioners are simply unaware that SOA needs to be managed both as part of IT governance and as a subset of corporate governance. • This understanding does not happen without a set policy and set of best practices designed and an appropriate business process to manage it. • SOA governance is an essential element to making SOA safe. Ignore it at your peril. ( 使臨險境 )
Slide 30: 如何確保 SOA 轉型成功 • Web Method :Governance: The Key to SOA Success – webMethods Infravio X-Registry and – webMethods Infravio X-Broker. • it-director.com : How do you govern SOA? -1 – http://www.itdirector.com/technology/infrastructure/content.php? cid=9423 • IBM: A case for SOA governance – http://www128.ibm.com/developerworks/webservices/library/w s-soa-govern/
Slide 31: http://www-128.ibm.com/developerworks/webservices/library/ws-soa-govern/
Slide 32: Successful implementation requires a structured approach • The IBM® SOA Governance lifecycle expands the governance layer of the IBM SOA Foundation into manageable components. Actions needed to establish, maintain and enhance an effective SOA Governance framework are depicted as a lifecycle consisting of four phases: 1. Model: Create, document and prioritize business 1. 2. 3. 4. plan, requirements 2. Assemble: --- Define, approve & monitor define, --- Design, code, build enable, and measure. 3. Deploy: • • Evaluate & execute functional & performance test cases
Slide 33: Plan – establish the governance need During the planning phase of building an SOA Governance framework, you focus on understanding the overall scope of the governance need within your organization and identify areas for improved governance. Most of these activities are people-centric and focus on extensive collaboration. Think of this as the step in the lifecycle where the team defines “the problem to address”. This phase includes: – – – – – Committing to a strategy for SOA within the overall IT strategy Explicitly determining the level of IT and SOA capabilities Articulating and refining the vision and strategy for SOA Reviewing current governance capabilities and arrangements Developing a governance plan
Slide 34: Define – design the governance approach Once the opportunities for improved governance are identified, business and IT professionals work together to define and modify the current governance arrangements and mechanisms. For example, new approaches to creating policies should be agreed on at this time. Other important governance decisions made during this phase include: – Establishing or refining a SOA Center of Excellence (COE) – Defining additional capabilities required, such as upgrades to the IT infrastructure – Agreeing on policies for service reuse across lines of business – Putting funding mechanisms in place to encourage this reuse – Establishing mechanisms to guarantee service levels
Slide 35: Enable – put the governance model into action Solutions to the governance need are then put into action during this phase. Common activities would include: • Deploying new and enhanced governance arrangements such as: – Tracking the decision making processes – Enabling the policy infrastructure – Providing the monitoring tools • Deploying technology to discover and manage assets • Communicating and educating expected behaviors and practices within both the business and IT decisionmaking communities • Enabling the policy infrastructure
Slide 36: Measure – monitor and manage the governance processes • Governance arrangements and mechanisms that were – identified in the Define phase and – deployed in the Enable phase are monitored. • This provides the opportunity to evaluate the results and if needed, initiate a new cycle of these 4 phases to refine and enhance its governance effectiveness. • Actions in this phase include: – Monitoring compliance with policies and governance arrangements, such as Service Level Agreements (SLAs), reuse levels, and change policies – Analyzing IT effectiveness metrics
Slide 38: pose unique management and security considerations for IT SOA Characteristics Applications reused in new dynamic ways Key Management Considerations Predictability •Demand •Performance •Availability Visibility •Quality Of Service Controllability •Release •Change Clarity •Problem Resolution •Financial Management Security •Access Control •Audit and Compliance The common characteristics of SOA-based services and applications Services combined from multiple sources Rapid deployment of Services Services route to any available resource Distributed and dynamic access to existing applications
Slide 39: Service oriented architecture SOA is an architectural approach to building applications and enables rapid development and deployment of new services to meet business needs. Business Challenge Increase the speed of business changes IT Imperative Become a more responsive IT organization to quickly adapt to changing business priorities Align IT more tightly with business strategies in a cost effective manner Provide a secure and managed integration environment Improve business efficiency and performance Protect critical business assets
Slide 40: SOA management for the success of SOA implementations-1 To address these potential service management challenges and ensure the success of SOA implementations, IT needs capabilities to: A) Manage and automate processes - for successfully deploying SOA-based services and to manage them from initial release to on-going updates and changes, IBM® Tivoli® offers automated process managers for effective and efficient execution of IT processes. These automated process managers help ensure the integrity and service levels of existing and new applications as well as help to reduce costs and errors. B) Manage Application Service Levels - end-to-end visibility into SOA based services and applications and their interaction with shared resources can be challenging. IBM Tivoli’s Composite Application Manager (ITCAM) for SOA provides visibility into message content, transaction workflows & flow patterns and the ability to identify and isolate performance bottlenecks across technology and platform boundaries.
Slide 41: SOA management for the success of SOA implementations-2 • In addition, to ensure that the right IT resources are deployed to serve the higher impact business services, IBM® Tivoli® Business Systems Manager provides a Services dashboard view to monitor higher value SOA services and prioritize and align IT operations to business priorities. • C) Predict and Manage Change - rapid and frequent change are inherent in a SOA environment. SOA-based applications and services share underlying IT resources. Any change made to one service or application could impact other services and applications in unforeseen and unexpected ways. IBM Tivoli’s Change and Configuration Management Database (CCMDB) helps clients predict, control and map the business impact of any change introduced in their IT environment. The CCMDB can serve as a single version of truth to facilitate the introduction of any change in the environment so as to ensure that the existing services and applications continue to deliver to their Service Level Agreements (SLA). • D) Security Management – the very openness of an SOA can create security challenges. As SOA-based services could be deployed across organization boundaries or security domains, traditional resource-centric security is necessary but no longer adequate for dynamic SOA environments. SOA security must take a user-focused approach to securing the environment. IBM Tivoli Federated Identity Manager provides a solution to manage identity and access to resources across security domains. In addition, Tivoli Security Operations Manager provides a solution to actively monitor and analyze the security posture of the SOA environment.
Slide 46: SOA Governance: Implementing the IBM method http://www-306.ibm.com/software/info/television/index.jsp? lang=en_us&cat=rational&media=video&item=en_us/rational/xml/B955013N10675J67.x
Slide 47: SOA Governance: Implementing the IBM method The briefing provides an in-depth look at the IBM SOA Governance and Management Method and the Rational Method Composer, IBM’s tool to facilitate the development of a governance framework. The briefing is intended for Software Architects, CIOs, and CTOs. It is centered around using the method to develop an SOA Governance framework, and the tools, processes, and activities that are a part of it.
Slide 48: http://www-306.ibm.com/software/info/television/index.jsp? lang=en_us&cat=rational&media=video&item=en_us/rational/xml/B955013N10675J67.x
Slide 49: SOA Service Lifecycle Management • Scott Hebner, VP of Marketing for Rational software, talks about SOA Quality Management as an aspect of SOA Service Lifecycle Management, and an important part of a well-governed Service-Oriented Architecture.
Slide 51: SOA Governance and Service Lifecycle Management • Enhancing SOA Governance and Service Lifecycle Management with SOA Quality Management: An SOA is a business strategy that enables a company to more closely align and reuse existing technology to achieve business goals. • SOA Quality Management is the next component of SOA Governance and Service Lifecycle Management – March, 2006 - IBM announced our SOA Governance strategy and direction and tooling – October 2006 - Service Lifecycle Management was added to detail how SOA Governance will be operationalized within the SOA Lifecycle. – December 2006 - IBM featured Empowering the ‘A’ in SOA, which included a number of new and updated products targeted at approach to Service Lifecycle Management Architecture component. – Today - IBM is adding SOA Quality Management to our SOA Governance and Service Lifecycle Management • Why is Governance important to SOA
Slide 52: Why is Governance important to SOA-1 • The increased flexibility and crossorganizational nature of business services that SOA facilitates, requires that organizations establish a framework to implement active decision-making, accurate tracking, improved serviceability and better communication. • SOA governance is the mechanism to ensure – that the decision making structure is solid, relationships between services and parties and managed and – that there is compliance with the laws, policies, standards and procedures under which an organization operates.
Slide 53: Why is Governance important to SOA-2 • Specifically SOA governance – Creates higher return from focused SOA investments – Aligns IT and business strategies, creates communication paths – Reduces coordination costs: less time wasted due to poorly-managed conflicts – Institutes efficient and effective decision making and clarity executing roles and accountability – Measures effectiveness of SOA • An enterprise that fails to realize the importance of an effective governance structure may not stand to benefit much from a SOA transition.
Slide 55: Successful implementation requires a structured approach • The IBM® SOA Governance lifecycle expands the governance layer of the IBM SOA Foundation into manageable components. • Actions needed to establish, maintain and enhance an effective SOA Governance framework are depicted as a lifecycle consisting of four phases: plan, define, enable, and measure.
Slide 56: SOA 治理框架的生命週期 -1 想建立、維持、並強化有效的 SOA 治理,其過程如同一個生命週 期,包括了計畫、定義、執行,與評量等四個階段。 • 計畫 – 在建構 SOA 治理框架的計畫階段,專案負責人應專注於瞭解組織內所有 需涵蓋的整體治理範疇,並確認須改善之處。 – 這些範疇大多是以「人」為中心,並專注於 IT 與企業管理的共同結合。我 們可將此一階段,視為專案團隊定義「待處理問題」的時期。 – 同時,該階段也包括:在整體性 IT 策略下,初步規畫 SOA 架構;明白 定義 IT 與 SOA 功能的層級;清楚描述並勾勒 SOA 專案的願景;檢視 目前的治理能力與配置,以及發展全面性的治理計劃。 • 定義 – 一旦確認 SOA 治理有改善空間,企業經營者與 IT 專家應通力合作,定 義並修改目前的治理方式及機制。舉例來說,此階段在建立政策等新措施 上,應取得普遍共識。 – 此一階段的其他重要治理決策,尚需包含:建立或改善「 SOA 卓越中心 (SOA Center of Excellence, COE) 」;定義 SOA 所需的附加功能,如升級 IT 基礎架構;在服務再利用的政策上,取得各事業部門的認同;訂定獎勵 服務再利用的機制;以及建立確保服務品質的方法。 • 執行 • 評量
Slide 57: SOA 治理框架的生命週期 -2 想建立、維持、並強化有效的 SOA 治理,其過程如同一個生命週 期,包括了計畫、定義、執行,與評量等四個階段。 • 計畫 • 定義 – – • 執行 • 評量 – 本階段為將 SOA 治理相關的解決方案付諸行動,如:提升治 理流程與技術元件,用以發掘並管理企業資產。為建立具政 策的基礎架構,在企業決策者與 IT 主管雙方,應針對彼此 被期待的行為、以及實務過程,進行不可或缺的溝通。 – 最後,所有上述的治理過程,均需被監控、管理及評量,這 也進一步讓決策者瞭解評估的結果;同時,有必要時,更可 發起一項涵蓋上述四個階段的新週期,以修改並加強治理的 績效。另外,亦可透過分析 IT 效能、和監控法令規章、治 理原則規劃的一致性,來達到評量的目的。
Slide 59: 以 SOA 治理,結合企業彈性與資訊科技 • SOA(Service Oriented Architecture) 服務導向架構已被視為改善 企業彈性,並可結合企業營運與資訊科技的重要途徑。透過正式 定義的軟體介面,增加其重覆使用性,不僅可打破科技所造成組 織內、外部的藩籬,同時亦能降低系統整合成本。許多企業正迅 速採用 SOA 策略,在善用既有技術平台下,將企業營運模組化 ,進一步改善各組織部門的整體績效。 – 儘管 SOA 擁有許多優勢,卻也存在特有的挑戰。企業除非建立一個有效 的管理架構,以釐清相關的角色、責任及決策權,否則可能會徒勞無功 – 該架構也需包含評量與控制機制,方能確保內部法規能依循企業政策,並 傳達商業價值。 • 根據市調機構 Gartner 最近的一份報告指出, SOA 治理 (governance) 包含上述評量與控制機制,是必須落實的原則。 • 藉由 SOA 專案的推動,可促使組織思考企業營運流程,並改善 資訊技術的管理。而透過管理此一涵蓋 SOA 的資訊技術,企業 將可充分瞭解 SOA 這項「以服務導向為基礎」的潛能。有效的 SOA 治理,絕非僅只於科技而已,它還要求對組織人員、流程 、訊息與資產的整合性作法。簡言之,有效的治理能 ? 助團隊瞭 解「誰需要同意哪些事情」,若能剷除這種模糊、不確定性的挑 戰,便能有更多時間專注於建立與執行創新的企業解決方案。
Slide 60: • SOA 基礎軟體( SOA Foundation Software )提供 SOA 的流程設計、組合、佈署 與管理 - 1 流程設計: IBM 推出 WebSphere 商業塑模工具 ( WebSphere Business Modeler ),除了提昇 Rational Software Architect 的塑模能力外,更協助企業在建置 SOA 前 ,即能輕鬆地完成商業與 IT 流程的塑模與設計。 組合: IBM 推出以 Eclipse 為基礎的應用程式發展工具– WebSphere 整合開發工具( WebSphere Integration Developer ),提供企業 SOA 組合工具,以建置 SOA 的商 業流程,同時並協助複合應用程式開發商,將現有 IT 架構化 為多項服務,並可將之整合運用至所有的商業流程。此外, IBM 亦推出新版的 Rational 應用開發工具( Rational Application Developer ),為客戶提供更多組合 SOA 的利器 。 佈署: … 管理: … • • •
Slide 61: SOA 基礎軟體( SOA Foundation Software )提供 SOA 的流程設計、組合、佈署 與管理 - 2 • 流程設計: … • 組合: … • • 佈署:針對 SOA 的佈署, IBM 推出 WebSphere 企業服務匯流排( WebSphere Enterprise Service Bus; ESB ),大幅提升既有的 ESB 能力,連結並整合 以 Web Services 為主的應用程式。而新版的 WebSphere 訊息代理工具( WebSphere Message Broker ),亦為標準各異的應用程式提供連結與資料 轉化功能。 管理:為強化對 SOA 的管理, IBM 推出 WebSphere 商業監控( WebSphere Business Monitor )之增強版,協助企業監控商業流程績效及 重要績效指標。本月底 IBM 將繼續針對複合應用程 式推出新型 Tivoli 管理軟體,協助客戶管理並確保其
Slide 63: IBM SOA quality management • A critical component to the IBM SOA quality management portfolio includes new methods for testing SOA environments. The new IBM Rational testing solutions for SOA applications will automate the testing of web services within an SOA. These tests validate that the SOA functions and performs as it was designed and interoperates with the rest of a company's infrastructure. The tests also ensure the system is able to perform with a heavy volume of users, determines the maximum system capacity, and identifies and resolves any performance problems prior to deployment of the SOA. •
Slide 65: SOA Governance management (Lifecycle) - 1 • Once the SOA Governance framework is put into place, clients have the requirement to implement and manage Services using SOA Governance. This is referred to as Service Lifecycle Management and is a key aspect of SOA Governance. SOA Governance includes: – Design Governance – Runtime Governance – Asset Governance • Service Lifecycle Management is about the operational aspects of Design, Runtime and Asset SOA governance.
Slide 66: SOA Governance management (Lifecycle) - 2 Within Service Lifecycle management there are two components. • Related to the management of the services, there is Service Development and Delivery Management, which is about development and deployment of services. This includes enforcement during and after deployment • In addition, there is Infrastructure and Management, which is about the operational environment that the Services is developed and executes in.
Slide 67: http://www-128.ibm.com/developerworks/rational/library/mar07/mcbride/index.html
Slide 68: The Role of SOA Quality Management in SOA Service Lifecycle Management - 1 • Good governance is the foundation for building a successful Service Oriented Architecture (SOA). SOA governance is what enables diverse business unit and IT stakeholders to ensure that the SOA they collectively design is truly cross-enterprise. – – – A lack of appropriate governance makes it very difficult to gain the business process agility and time-to-market advantages that maximize the business value of SOAs. SOA initiatives that lack appropriate governance will almost certainly fail to deliver long-term business benefits. Moreover, by failing to account for the needs of disparate organizations within the enterprise, SOA without governance becomes yet another stovepipe application. • Many IT analysts are saying that SOA governance is more critical to SOA success than is SOA technology. In fact, as Danny Sabbah, general manager of IBM Rational, put it recently, "SOA is 1 percent services and 99 percent governance."1
Slide 69: SOA governance: The foundation of Service Lifecycle Management - 1 Effective governance serves an integrative function across people, processes, and technology. At IBM we see the essential governance activities that relate to the SOA lifecycle in terms of four phases (Plan, Define, Enable, and Measure), which are linked by an iterative process flow as illustrated in Figure
Slide 70: SOA governance: The foundation of Service Lifecycle Management - 2 • In many ways, the most challenging aspect of an SOA initiative can be the first step: getting all the stakeholders on board to work together in the initial Plan phase. Preliminary efforts to define the scope of the initiative, empower the various organizations involved, and determine how success will be measured require cooperation from many different departments and organizations. The goal of the iterative, four-phase SOA governance process is to refine and enhance governance effectiveness and optimize business value for the SOA initiative. The four phases are: – Plan: In the initial Plan phase, stakeholders collaborate to establish and commit to the need for SOA governance and its overall scope, as well as to plan project scope, ownership, and funding; and perhaps to establish a center of excellence to oversee the SOA project. In subsequent iterations, planning will identify areas where SOA governance can be improved or new areas where it should be implemented, while applying these changes to the governance plan. Define: Having identified opportunities for improved governance, business and IT stakeholders then collaborate to define new governance policies and processes. During this phase organizations delineate additional SOA capabilities, agree on policies for service reuse across lines of business, establish processes to guarantee service levels, and so forth. Enable: In this phase, policies defined in the previous phase are rolled out to the various stakeholders across the enterprise. During this phase organizations communicate their policies to the decision-making community, enabling them to ensure that their needs are being met, and that their organizations are poised to benefit from the SOA. Measure: In this phase governance policies and processes (e.g., Service Level Agreements (SLAs), reuse levels, or change policies) are established. These are evaluated against success/effectiveness criteria (established in the Define phase) and a new iteration of SOA governance activities is initiated on the basis of those discussions. • – – –
Slide 71: Service Lifecycle Management: SOA governance applied to software delivery - 1 • Once an organization has established SOA governance by moving through multiple iterations of Plan, Define, Enable, and Measure activities, a solid foundation of best practices is established that greatly facilitates the actual construction of the SOA implementation. Improved policies yield better metrics, which empower stronger planning, and so on. It is important to note that the SOA governance process is never left behind. Successful service implementation requires constant validation and updates based on the original SOA governance framework. Services must be built according to plan; plans that cannot be met must be modified. SOA governance supports and guides the iterative SOA implementation cycle of Service Lifecycle Management. •
Slide 72: Service Lifecycle Management: SOA governance applied to software delivery - 2 • One could think of the SOA governance phases as embodying the business requirements, and the corresponding Service Lifecycle Management phases as guiding the technical "building out" of those requirements. For example, an SOA governance requirement like "We want order entry to take no more than five minutes" might lead to Service Lifecycle Management metrics like "The system must respond to Input X in 100 milliseconds or less." In both cases, however, activities are managed in relation to the original business plan. Like SOA governance, SOA Service Lifecycle Management is an iterative process as illustrated in Figure 2. This process is ongoing for the duration of the SOA lifecycle. •
Slide 73: Service Lifecycle Management: SOA governance applied to software delivery - 3 Although they support implementation rather than governance per se, the phases of Service Lifecycle Management are very much analogous to the SOA governance phases: – – – – Model: validate against Plan. At this step architects collaborate to review the current SOA governance plan and use it as a basis for modeling the SOA implementation. Assemble: validate against Definition. At this step developers assemble the reusable service assets that the architects have modeled, to create serviceoriented applications that automate and integrate business processes. Deploy: validate against Enablement. Here Testing and Release Management functions deploy the services. Manage: validate against Measurement, whereby Operations manages the services in production. • Within each of the four SOA Service Lifecycle Management phases, practitioners continuously validate their activities and outcomes against the original business requirements. In this way, governance ensures that business requirements drive all aspects of the service delivery lifecycle, and that the implementation remains constantly aligned with business objectives. For example, during a Deploy phase the Testing team would validate that the deployed service works as expected for its intended user community, based on metrics agreed upon as part of the governance process. Naturally, requirements can be modified based on what the implementation team is actually encountering as they deliver the services.
Slide 74: The road to SOA Quality Management- 1 • Service reuse is the one of the key factors driving cost savings and business agility in SOA implementations. However, if a service is being consumed by a number of composite business applications, the requirements for high quality and performance of that service will be significantly greater than for many of today's vertically integrated applications. In addition, the promise of reuse is highly charged with potential risks: services that violate security or compliance policies, services that can interfere with the operation of other services, etc. There is a need to balance the risk and the value of service reuse, and that process is known as SOA Quality Management. Once upon a time, testing was the final phase of a waterfall-style release plan, undertaken at the end of the software development process. The high quality demands of SOA now requires that teams must validate what they're architecting, building, deploying, and managing against business requirements for performance, reuse, regulatory compliance, security, and more -- at every phase of the SOA implementation lifecycle. Validating SOAs means testing components at the service level as well as at the level of composite applications. It also means addressing the control issues inherent in working together with teams that are spread out in different departments, different practices, or perhaps distributed globally. •
Slide 75: The road to SOA Quality Management- 2 • SOA initiatives have thus served to drive the evolution of quality management within the software development process, as illustrated in Figure (From software testing to Business-Driven Quality Management ) This accelerating trend from traditional software testing to business-driven Quality Management is the next step forward in business/IT cooperation. Software testing is still critically important in this context, but it is just one component of managing quality across the entire SOA environment to optimize business flexibility and cut overall costs. •
Slide 76: SOA Quality Management: an aspect of Service Lifecycle Management -1 • SOA Quality Management is an important aspect of Service Lifecycle Management -- one that reflects the need to address multiple aspects of service quality across multiple SOA service implementations. IBM is focused on delivering SOA Quality Management end-to-end, from Model through Assemble, Deploy, and Manage. SOA Quality Management concerns far more than just conventional software development and testing. It encompasses all the ways in which the business and IT organizations collaborate on services, as well as the lifecycle from concept to retirement of services and composite business applications. The key capabilities that IBM SOA Quality Management delivers include: – – – Enabling through tools and best practices a quality management focus throughout the SOA lifecycle Ensuring business agility by enabling the functional and performance testing of business services for compliance with business and regulatory requirements Optimization and automation of workflows across business processes by streamlining and eliminating process redundancies. •
Slide 77: SOA Quality Management: an aspect of Service Lifecycle Management -2 The cyclic arrows within each Service Lifecycle Management phase indicate that SOA Quality Management activities iterate within each phase -diving down to the SOA governance foundation to validate that business requirements are being addressed at every step of the SOA lifecycle. The SOA Quality Management processes within each Service Lifecycle Management phase include the following activities: • Model: – – – Validate business requirements Discover and assess against current services Model service requirements • – – – Assemble: Create service update plan Create or modify the service to meet the business requirements Assess service against governance rules • – – – – – Deploy: Quality assure the services Function testing Performance testing Compliance testing Approve service deployment • – – – Manage: Manage and monitor the service throughout its lifecycle Track the service in the registry Report on the service against SLAs Figure 4 illustrates how SOA Quality Management activities inform SOA Service Lifecycle Management
Slide 78: The role of IBM Rational in SOA Quality Management -1 The fundamental value proposition of the IBM Rational brand is end-to-end software delivery lifecycle management among distributed teams and across distributed environments. So it's not surprising that IBM Rational tools and best practices are an important part of IBM's SOA Quality Management vision. As Figure 5 illustrates, quality management products represent one of the four key segments of the IBM Rational Software Delivery Platform.
Slide 79: The role of IBM Rational in SOA Quality Management - 2 • IBM Rational helps companies implement a business-driven -- that is, quality-driven -management environment for SOA by providing proven tools and process guidance that simplify and accelerate business process modeling and the assembly, deployment, and management of SOAs. Integrated with the IBM Rational Software Delivery Platform, Rational's ongoing enhancement of SOA governance capabilities helps companies to: Ensure quality by ensuring that business requirements drive the modeling and assembly of services that automate and integrate business processes Repurpose existing assets as services to extend their utility and assemble them into new solutions Deliver high-quality, services-based solutions on time and on budget Among the IBM Rational products that enable SOA Quality Management are several new tools and products. These include IBM Rational Tester for SOA Quality, which provides automated regression and functional testing for GUI-less Web services; and IBM Rational Performance Extension for SOA Quality, which supports performance testing for Web service-based applications. These new products feature a host of SOA-centric features, such as a visual test editor delivering both high-level and detailed test views; support for testing of non-GUI services; flexible modeling and emulation of service consumers; collection and visualization of server resource data; automated test generation from WS-BPEL business processes; and much more. It follows that SOA Quality Management entails process change as well as new technology. IBM Rational aims to provide teams with the necessary best practice support as well as tools, to effectively manage quality throughout the SOA lifecycle. This capability is essential not only to ensure integrity for composite applications, but also for reasons of cost reduction, investment protection, and alignment of the SOA with business strategy. • • • • • •
Slide 81: • In my experience with ITIL and SOA, I believe that these two concepts can have an happy marriage. Most organizations today have some type of an SOA initiative at some level of maturity. • Many have also taken on ITSM-related initiatives -most likely using the guidelines of the ITIL. I believe that as organizations embark on SOA and ITIL initiatives, they will quickly question the convergence of these two initiatives and see how one can be more effective with the other. It's a bit of a chicken-and-egg problem -- should you do ITIL first or SOA? And there's probably no single correct answer. • My recommendation is that the ITIL can be an SOA enabler and should probably be implemented first. Merging ITIL and SOA
Slide 82: Exploring the interrelation of SOA and the ITIL – 1 • Let's get to the crux of the concept: in ITSM, you're implementing services. You define what you do as an IT shop in terms of the service you provide to your customers. • These customers can be either other individuals or groups in your IT organization or the business. A centralized database administrator (DBA) group or a centralized UNIX™ group supporting an application development team are examples of internal IT services. The application team builds applications for the business users and customers. • In other words, the applications are external services that IT provides. These services are supported by ITIL processes, such as incident management, capacity management, problem management, and so on.
Slide 83: Exploring the interrelation of SOA and the ITIL – 2 • The convergence here with SOA is that as the loosely coupled, composable SOA services come into play, the service support and service delivery processes can manage and support them per ITIL guidelines. As a simple example, what would the incident management process be on a "get currency rate" SOA service built using technology such as Web services? • On the flip side, you can implement ITSM services such as DBA support in a more service-oriented manner, learning from the concepts of SOA. If you think about it, SOA and ITSM are less likely to be successful without each other. The ITIL is the glue that ties them together. • SOA is about creating agility in both IT and the business. This agility requires repeatable, standardized processes that can be measured, monitored, and reported on. That is the ITIL. Another way to look at it is that SOA needs a significant amount of governance, and the ITIL has a built-in governance framework.
Slide 84: Merging your SOA and ITIL road maps – 1 • Teams looking at implementing SOA or the ITIL can learn from each other. To implement a successful SOA, you need a set of best practices, processes, and details about your IT processes that are repeatable and measurable. The ITIL provides this information. Because the ITIL doesn't get into the specifics of how you implement the processes and merely presents a framework, it's relatively easy to "borrow" those concepts and apply them to your SOA implementation plans. Let me explain with a simple example. One of the key concepts of SOA is the fact that you need a common data model or data definition -- in other words, your enterprise must speak a single language. From an IT processes standpoint, the ITIL provides a common vocabulary and glossary that you can use as a starting point for your enterprise data dictionary. Why is this important? For example, let's say you have an incident management system and a problem management system. Without a common vocabulary and a set of defined parameters, how are these two systems going to talk to each other? This is the same classic problem with Web services and SOA. How are two services going to exchange data unless they speak the same language -- or at least know how to translate between one language and another? Stephen Watt has an excellent article that covers this aspect of SOA in more detail. (See Resources.) •
Slide 85: Merging your SOA and ITIL road maps – 2 • Another aspect where the ITIL and SOA road maps can merge is in the service delivery processes, such as service-level management, financial management for IT services, capacity management, and availability management. Key questions to ask when talking about SOA include who's going to pay to build the service, who's going to pay to make sure that the service is available and scalable, who'll make enhancements to the service, and who'll manage the service? Answers to all these questions lie in the Service Delivery book of the ITIL. As you get further along in establishing these processes for the ITSM-based services (DBA, UNIX support, and so on), you will start seeing how they will apply directly to what we consider services in an SOA or software world. • SOA plays a large role in business process management (BPM). ITIL plays a large role in IT management. As these two initiatives begin to merge, you will start seeing IT align itself more and more with the business.
Slide 86: Overcoming barriers to SOA and the ITIL • The challenges to implementing SOA and the ITIL (with or without each other) remain the same. In both cases, technology is the easy part. The biggest challenge is probably the culture change required in most organizations. The business must begin thinking "services." IT groups must reorganize themselves (people, process, and technology) to deliver and manage these services. This sort of a culture change is not easy to implement: It requires a strong business executive and a strong IT executive to partner and drive the process in a top-down manner. It also requires partnering at the grass-roots level -- business analysts and architects working with the users they support to show them the value of services. (See my article on SOA teams, which talks more about the roles of the team members in driving SOA initiatives in Resources). The second biggest hurdle of SOA is governance. What is the best way to implement governance, and what is the right level at which to govern? IT governance is a big buzz word for chief information officers (CIOs) today. Fortunately, this is one problem that can be mitigated if your organization is further ahead with the ITIL. Inherent to the best practices that the ITIL promotes is a framework for tracking, measuring, and reporting on these services. SOA projects can apply the same concepts to governing the different SOA services in the enterprise. •
Slide 87: Summary • As your ITSM (or ITIL) and SOA initiatives mature, you'll start to see a convergence of these concepts and begin to reap the values of standardized IT processes in a true service-oriented world. SOA management is the umbrella term that will encompass what is traditionally covered under SOA management and ITSM. • It is important that organizations bridge the gap between SOA plans and ITIL plans so that they can benefit from the fusion of these initiatives. The earlier these initiatives are aligned, the more successful the overall implementation will be -- and you will face fewer organizational issues and politics. Excellent starting points are a steering committee that bridges these two initiatives and a complementary communication and collaboration framework to weave the two together.
Slide 88: Looking at the ITIL, SOA, and Capability Maturity Model • Now that you've seen how the ITIL and SOA work together, let's take a quick look at the Capability Maturity Model (CMM). The CMM is a framework for accessing the maturity of the IT processes in an organization. The original focus of the CMM was on the software processes. However, the new Capability Maturity Model Integration (CMMI) is probably more applicable to the ITIL, as CMMI includes hardware and software (as ITIL does). If you study CMMI, you'll see an overlap of several CMMI processes with ITIL processes. • The maturity of your ITIL implementation can be directly related to your organization's rating on the CMMI scale of 1 to 5. However, my suggestion is to follow a "just-enough" paradigm. Implement only the amount of ITIL or CMM required for your organization -- not just to get a higher certification level.
Slide 90: SOA governance for developers and architects • SOA governance is becoming a big issue. Enterprise IT groups and CIOs are creating new governance policies around SOA, enterprise architecture, software development life cycle (SDLC), and more. Learn about governance from a developer's perspective, including concerns about governance milestones, the importance of governance, and how to be more productive on a day-to-day basis. By understanding this viewpoint, you can learn how to avoid wrestling with development teams over governance issues.
Slide 91: What is governance? • • The recent developerWorks article "Introduction to SOA governance" (see Resources for a link) talks in detail about governance. It defines governance as the means of establishing and enforcing how a group agrees to work together. Governance is about empowerment. It provides a framework of policies and best practices that can be used to define who has the right to make what sort of IT decisions. It also helps hold people accountable for those decisions. Many analysts have drawn a clear distinction between governance and management -- and it's important to reiterate this difference. Governance isn't about specific IT decisions; it determines the roles of the people who have the ability to make those decisions. Management, which is empowered using the governance guidelines, makes specific IT decisions. Confused? Think about your SOA projects; governance in such projects is more complex than it is in traditional projects. Now you're building smaller services that everyone wants to (and should) reuse. Governance policies are defined to control the life cycles of those services to maximize reuse. You have to constantly monitor who is putting out a service, how it's being designed and built, who is paying for it, who is managing security, and much more. Governance is the key to the success of your SOA project. Without governance, you can't fully realize the value of your SOA; without it, you could end up with a mess on your hands. • • •
Slide 93: • The value of governance may not be immediately obvious. You may not begin to appreciate the importance of governance policies until the first SOA project is complete. However, many SOA practitioners feel strongly that you should begin defining these policies up front -- even before you start the first project to build services. • Governance prevents chaos by laying out the rules and policies around service creation, service discovery, service identification and reuse, and so on. It defines the service-level agreements (SLAs) for how services should perform, so that both the consumers and the provider know their limitations and expectations. In a nutshell, governance gives the provider and the consumers the same view of the service's quality. Governance also prevents or reduces the number of redundant services and duplicated efforts, by defining the process to register and discover services across the enterprise. • Governance policies ensure that you follow standard processes and have the appropriate documentation at each step of the process. This allows for the enforcement of legal, regulatory, and other compliance issues, such as Sarbanes-Oxley. Why governance?
Slide 94: Avoiding common mistakes in implementing governance structures - 1 • Application development teams and the centralized EA group often wrestle over the fact that the EA group comes up with processes, procedures, guidelines, and so on in a vacuum. Many times, they don't talk in detail with all the project teams to understand their unique project requirements, timelines, and business drivers. The key word in the previous sentence is all. EA groups may feel that it's sufficient to talk only to project groups that are – Working on the largest project – Working on the highest visibility project – The easiest group to work with • The application teams that aren't consulted feel left out. These groups tend to provide the most resistance to the implementation of governance and as a result, can impede the overall success of the SOA initiative.
Slide 95: Avoiding common mistakes in implementing governance structures - 2 • A better tactic for the EA group is to start with a small project and demonstrate the value of governance on that project. This way, they can show value quickly and then extrapolate those benefits to bigger projects and to all the other groups. • A recommendation is to split the policy makers and enforcers from these EA groups. EA groups should function as mentors. They should show application groups how to use better design guidelines and follow standard practices, and explain the governance policies to those groups. They should not fill a "policing" function of making sure application groups comply with all the governance guidelines. Enforcement of governance policies should be left to a steering committee or a governance body specifically empowered to play that role. Figure 1 shows a high-level view of how the office of the CIO can build such an organization.
Slide 96: Avoiding common mistakes in implementing governance structures - 3 Figure 1. Governance structures
Slide 97: Avoiding common mistakes in implementing governance structures - 4 • The different players shown in Figure 1 must work together to ensure the success of the SOA and of individual projects. The governance review board is the policy definition group, and the enterprise architect is the glue between this group and the line-of-business IT group (application architects and developers). You can't have a successful SOA if there is a constant tug of war between these groups. The remainder of this article talks about the roles that enterprise architects, application architects, and developers need to play on a project.
Slide 98: Governance for enterprise architects- 1 • Suppose that governance has been defined for your organization, regardless of whether you have an organization structure, as shown in Figure 1. You as the enterprise architect may or may not have been involved in the definition of the governance policies. What's next for you? SOA governance is a social change. The enterprise architect plays the role of the teacher or educator, not the policeman. The policing can be performed by the review board. Your role as the mentor to the application teams is to show them the value of governance; how they can benefit from the governance processes, policies, and tools in place; and how the additional work involved in following these policies can help them be more productive and deliver more business value. You must become a salesperson who tries to understand the application team's perception of pain from all these new policies and helps them work governance into their process. Be sympathetic about how they feel -- but be ready to answer the tough questions. You need to understand and appreciate the value of governance before you can help others do so. •
Slide 99: Governance for enterprise architects- 2 • Another job of the enterprise architect is to continually monitor the SOA governance policies. You must keep an eye on which policies are working, which aren't, and which need to be tweaked. You need to be in touch with the review board to make sure policies are amended or created as needed. You must also ensure that policies are documented clearly and that the community of application architects and developers is kept abreast of the latest policies. The success of the governance program lies on the shoulders of the enterprise architect. If your interactions with the application architects and developers gets off on the right foot, you'll help the entire project move ahead more smoothly. •
Slide 100: Governance for application architects • When confronted with governance, the initial reaction of most application architects is, "Big Brother is watching you." This response is justified. However, as an application architect, you need to begin to understand and internalize the value that governance brings. Governance will help you bridge the gap between people and processes to expand your focus from just applications or projects. Your role isn't just to make sure that you conform to all the governance policies and processes. You must also demonstrate how these policies are effective or ineffective and help your team understand and reap the benefits of having these policies in place. You have to ensure that the tools in place let you deliver your applications or services in a more effective manner. Governance should save application architects from having to put these processes and controls in place for your team, which in turn enables you to focus more on business and architectural issues and help identify better business solutions and services for your project. Collaboration and communication are your buzzwords. It's also important to remember that governance doesn't take over your job. You still play the role of architect who must design the applications or services. Governance just provides guidelines and parameters to help you with the design. It answers some questions involving requirements for scalability, availability, and more. • •
Slide 101: Governance for developers • As a developer, governance should affect you the least. It doesn't concern you on a daily basis. Governance is more about politics than technology. Let your architect or project manager deal with the politics -- from your perspective, governance policies provide the necessary tools, best practices, and guidelines that let you work on projects and deliver solutions or services more effectively. These policies are built to try to reduce the stress in your job by ensuring consistency in the way you build and manage services. The governance policies show you how to build your services, how you can find services built by others and available to you, and what SLAs your services need to conform to. They also give you the tools you need to do all of this. Governance reduces the unpredictability and unknowns that come with implementing SOA. So, having governance in place can reduce finger-pointing by providing a clear set of standards and policies to follow. •
Slide 102: Summary • SOA is EA that is service based or service oriented. Issues around governance aren't new. The initial sign of governance in IT organizations was the formation of EA groups or project management offices (PMOs). These came with their own benefits and challenges. However, governance is becoming increasingly important as IT organizations move up the SOA maturity curve. As an IT team member -- architect or developer -- you don't need to fear governance; rather, you should embrace it, because it will help make your job less stressful. You can be more productive, because governance removes some of the unknowns and answers basic questions about SOA. It also helps address legal requirements, such as Sarbanes-Oxley compliance. Governance and SOA require teamwork. At the end of the day, all the different people involved need to work together to ensure the success of the SOA and individual projects. •
Slide 104: A case for SOA governance • Help your enterprise reap its true benefits by strengthening your awareness to the importance of SOA governance for an enterprise which has IT as one of its key organizations. The author illustrates some key responsibilities of a governance body and concludes by showing you how you can effectively implement SOA governance.
Slide 105: What is governance? • The definition of the word governance implies the action or manner of governing. Further, IT governance, as defined by Peter Weill and Joanne Ross in their wonderful work on IT governance, is a decision and accountability framework to encourage desirable behavior in IT. Participants of the governance body lay down policies around different categories of decisions that need to be made. That body also decides upon the people in the enterprise who are empowered to make those decisions; that is, it carries out role identification. The members of the governance council also identify subject matter experts who are expected to provide input to firm up the decisions and also identify the group of people who may be held accountable for exercising their responsibilities (based on their roles). An effective IT governance council must address three questions: – What decisions must be made to ensure effective management and use of IT? – Who should make these decisions? – How will these decisions be made and monitored? • Although governance addresses the three questions, management actually implements that governance.
Slide 106: The importance of IT and SOA governance - 1 • IT today is the most pervasive of organizations within an enterprise, having a horizontal presence across most, if not all, lines of business (LOBs). An organization which holds such an important key to business growth and success must be viewed as one of the enterprise's key assets. An asset so important must be fully understood not only to maximize the benefits obtained from it, but also to properly manage and, consequently, to mitigate the risks associated with it. This brings up the need for a governance body to formulate, control, and oversee the proper maintenance and growth of the business asset -- the need for IT governance.
Slide 107: The importance of IT and SOA governance - 2 • SOA is like old wine in a new bottle. SOA concepts have been around for quite a long time in the IT industry. But it is only recently that it has gained attention as a way of aligning the business strategy and imperatives of an enterprise with its IT initiatives. What makes an enterprise that embraces SOA need to take governance more seriously is the distributed nature of services across various LOBs. The proliferation of more moving parts (that is, building blocks in the form of services) that need to be maintained by different organizations both within and outside the enterprise makes governance more challenging. This cross-organizational nature of business services and the potential composition of services across organizational boundaries can function properly and efficiently if, and only if, the services are effectively governed for compliance to requirements dictated by a service level agreement (SLA) for factors such as security, reliability, performance, and so on. Identifying, specifying, creating, and then deploying enterprise services thus needs SOA governance through a very strong, efficient body to oversee the entire life cycle of an enterprise's service portfolio.
Slide 108: The importance of IT and SOA governance - 3 • In the wake of several corporate standards disasters, compliance to regulatory standards like Sarbanes Oxley (SOX -- see Resources) has become more important, as evidenced by the current inclination of investors to put their money behind companies that enforce high governance standards. These regulatory acts stress the need to establish and maintain corporate accountability as well as periodically assess its effectiveness. Good and efficient practice of corporate and IT governance is attracting investors as they attach more credibility and faith to the success and stability of companies that take governance seriously. Investors are more inclined to invest in companies that implement strict standards, and the general (and aptly justified) feeling is that adherence to standards can only be achieved through a governance mechanism. Statistics also reveal that firms with a well exercised IT governance have had 20 percent greater profit margins than their counterparts who make very little or no investment in IT governance, as Peter Weill and Jeanne Ross state in their book on IT governance (see Resources). It is quite evident that the investment in strict governance standards has a direct impact to the bottom line of any ITcentric enterprise.
Slide 109: Governance responsibilities- 1 • The role of IT in the enterprise must be fully understood and carefully monitored. Investments in an asset so important must be carefully managed and hence the company stakeholders need to ensure that their organizations' IT investments support the overall business strategy and mitigate its potential risks. The essential responsibilities of a governance body are captured in Figure 1. I describe the pieces of this illustration more fully below.
Slide 110: Governance responsibilities- 2 Figure 1. Governance responsibilities
Slide 111: Governance responsibilities- 3 • • • • • • The main areas of governance include the following: Strategic alignment focuses on the imperative to align the business vision, goals and needs with the IT efforts. Value delivery focuses on how the value of IT can be proved through results like profitability, expense reduction, error reduction, improved company image, branding, and so on. Risk management focuses on business continuity and measures to be taken to protect the IT assets. Resource management focuses on optimizing infrastructure services that are a part of the On Demand Operating Environment (ODOE -- see Resources) or other environment supporting the application services. Performance management focuses mainly on monitoring the services that run in a enterprise's ODOE or other environment.
Slide 112: Governance responsibilities- 4 A governance meta model that illustrates the five major interrelated IT decisions can address the above areas of governance, as Figure 2 shows. Figure 2. Governance meta model
Slide 113: Governance responsibilities- 5 • Figure 2 depicts the various elements of governance and their relationships. Broadly stated, IT and SOA principles that are laid out at the enterprise level as guiding principles drive the IT architecture and the service model, which in turn dictate how the enterprise IT infrastructure services may be defined. The required business application needs can be evaluated based on the capability of the IT infrastructure framework. The maturity of the IT architecture and service model and the IT infrastructure services drive which parts of the required business application can be prioritized for IT investment.
Slide 114: IT and SOA principles - 1 • While IT principles are a related set of high-level statements about how IT should be used in the business, SOA principles define the general guiding principles to be followed while coming up with an enterprise SOA. The IT principles should be derived from a higher-level set of business principles that management owns. For example, the following is a sample list of business principles: 1. Standardize processes and technologies wherever possible. 2. Alignment and responsiveness to negotiated business principles. • The following could be derived from those IT principles: 1. Architectural integrity 2. Responsive, flexible, and extendible infrastructure 3. Rapid and efficient deployment of applications • The IT principles can be mapped to the business principles as follows: Architectural integrity (the first IT principle) provides for standardized processes and technologies (the first business principle) while rapid and efficient deployment of applications (the third IT principle) promotes alignment and responsiveness to negotiated business principles (the second business principle).
Slide 115: IT and SOA principles - 2 • Some guiding SOA principles that drive the service model could be: – Compliance to standards that are industry-specific as well as cross organizational – Service identification and categorization – Service provisioning – Service monitoring and tracking – Capability of services to be composed in order to realize different business services • The SOA principles also influence the IT principles. While creating the IT and SOA principles, the members of the governance council should align them with how IT proposes to support the enterprise's desired operating model. Above and beyond creating the IT and SOA principles, it is also the council's responsibility to see to it that they are properly exercised across the enterprise.
Slide 116: IT architecture and service model • IT architecture and the service model identify the organization of enterprise data, applications, and infrastructure and how they are interrelated both statically as well as during run-time execution. It also determines the enterprise business services portfolio (exposed both externally and internally) and its subsequent categorization. It may be noted that the service model (according to the IBM Service-oriented modeling and architecture (SOMA) methodology -- see Resources) can be at a project level, line of business level, enterprise level, or ecosystem level. (The service ecosystem model has been further described in Ali Arsanjani's work, "Toward a Pattern Language for Service-oriented Architecture and Integration, Part 1: Build a Service Eco-system," listed in the Resources section of this paper.) While creating and owning the IT architecture and the service model is an essential responsibility of the governance team, it is also the team's responsibility to create and agree upon a set of architecture decisions upon which the IT architecture and the service model should be built. The involved parties in the governance council should be also responsible for process standardization across the enterprise. Process standardization, which defines how things are done in an enterprise, is a necessary input to process integration and the key to process integration is a standardization of data across the enterprise, that is, a single view of the business entity that represents a customer. •
Slide 117: IT infrastructure • IT infrastructure defines the foundation of the IT capabilities available throughout the enterprise to be shared across multiple applications. It is the responsibility of the members of the governance council to define the architecture of the enterprise IT infrastructure as a set of services, if that organization has adopted SOA. The services can be either technical in nature or can be human services and skill sets that are built around physical corporate assets, such as printers, scanners, and so on. It is commonplace for enterprises to use some software applications as infrastructure services or capabilities. These software applications can be in the form of customer relationship management (CRM), enterprise resource planning (ERP), supply chain management (SCM), and other systems. The architects in the governance council are also responsible for creating the infrastructure architecture around such standard, well-accepted software packaged applications. Given that IT infrastructure requires long lead times between implementation cycles, a lot of emphasis needs to be devoted to this discipline so that it can be used as a source of competitive advantage and a key differentiator.
Slide 118: Business needs • Business needs drive the requirements for specific business applications. Business needs are identified primarily based on market opportunities that can help an enterprise to seize a competitive advantage. Specific business imperatives are identified by stakeholders and conveyed to the IT disciplinarians in the governance council. It is the responsibility of the IT wing of the governance consortium to address the business needs creatively and innovatively by conceptualizing new business applications. A keen eye needs to be kept on the compliance of the new business applications to the existing enterprise IT architecture. This can very well be viewed as a conflicting objective to the creativity that is required to come up with new applications, which often does not follow any constraints. It is the responsibility of the enterprise architects to see to it that the new applications follow the enterprise IT architecture. New business applications can also lead to identification of new candidate services. These services need to abide by the SOA principles laid down by the governance body before they make their way into the enterprise service portfolio. It is also the responsibility of the enterprise architects to address the exceptions that may arise. Exceptions can be dealt with in two ways: The architects can impose limitations and constraints on the architecture of the new application so that it follows the existing architectural constructs. Or, they can use the new applications as a mechanism to evaluate whether the architecture has become outdated and needs to incorporate new constructs. With the proper •
Slide 119: IT investment • The IT investment decision is the most important of the five decisions that traditionally interests the company stakeholders. IT decisions revolve around three main questions: – How much to spend? – What to spend it on? – How to create a balance between the needs different LOBs? • proposed way to make intelligent decisions is to have the designated members of the governance council obtain responsibility and ownership that is aligned with the following management objectives: – – – – Competitive advantage and core differentiation Cost reduction through better transactional throughput Iterative maturing of IT infrastructure architecture Providing information in digital form • It is the responsibility of the governance body to collectively make IT decisions based on the market trend, the financial direction of the company, and historical data pertaining to the relationship between IT spending and revenue generation.
Slide 120: Additional significant responsibilities • SOA governance enforces the use of discipline to maintain consistency and relevance within the SOA life cycle. By following a SOA methodology like SOMA, SOA governance tries to bridge the gap between business and IT by allowing traceability from business goals down to services and key performance indicators (KPIs) for measuring the results of those services. SOA governance also needs to keep a constant connection between business and IT through the concept of domain ownership. It is the responsibility of the members of the SOA governance council to logically partition the enterprise into a set of managed business services that share a common business context. Business owners and IT owners of a business domain are responsible for maintaining the applications that support the business domain's exposed business services. They are also responsible for maintaining and monitoring the SLAs of their existing business services as well as negotiating SLAs between different domains. The provisioning of metadata for enterprise business services is critical to both business and IT users. The metadata can provide information like WS-* compliance, business criticality, and so on. Based on the metadata, the business services can be monitored and managed. This is also a key responsibility of the members of the SOA governance council. To ensure that services are not redundant and that they are relevant to business goals across the organization, the governance body should enforce coordination between new services and the existing services across •
Slide 121: Governance implementation - 1 • Any implementation of governance should be centered on the four pillars of an enterprise architecture: people, processes, technology, and services. One mechanism to implement an enterprise IT and SOA governance is by establishing a center of excellence (CoE) for IT and SOA governance that would enable a shared resource and capability center to function as a resource pool as new business application needs arise. A governance implementation needs to be supported by a hierarchical organizational reporting structure. As shown in Figure 3, the such a reporting structure can be categorized into the four following hierarchies. •
Slide 122: Governance implementation - 2 Figure 3. A sample governance organizational structure
Slide 123: Governance implementation - 3 • Sponsorship level. This essentially consists of the stakeholders in the steering committee and is adequately represented by the members of the c-suite along with the LOB owners and executives. The steering committee articulates the business strategy, goal, and vision for the enterprise. Members of this level are the key decision makers on how IT investment needs to be made and channeled to specific areas of the business that either need business process improvement or need to implement new applications that can be competitive market differentiators. Leadership level. This is composed of the leader(s) of the governance CoE and two representatives (one business and one IT) from each business domain. (Note: Business domains as mentioned in the previous section represent a logical grouping of business services that share a common business context). The leadership team learns the business strategies and visions from the sponsorship members and also obtains directives from and reports to the steering committee. The leadership team creates enterprise IT architecture and SOA principles that stand as over-arching rules which any application architecture needs to conform to. The team also prioritizes which application architecture needs to be created and ensures that the IT •
Slide 124: Conclusion • This paper stressed the importance of implementing an effective SOA and IT governance in any enterprise which considers IT to be one of its key assets to generating revenue and staying competitive in the market. The importance of not only having a governance body but also maintaining a high standard in its execution is further compounded with the recent introduction of various compliance acts like Sarbanes Oxley that must be adhered to by any enterprise. It has also been noted that investors put more faith behind companies that maintain a high standard of governance, the effects of which are directly reflected through better profit margins. Responsibilities of the governance body have been articulated with the hope that they provide a good platform to enterprises that are planning on implementing a governance mechanism. Finally, a proposed implementation of SOA and IT governance has been recommended that can be customized to suit the corporate culture and structure of a given enterprise. The reasons for efficient enterprise SOA governance can only be compounded by the pervasive nature of enterprise services in the industry today. Enterprise services can be viewed so differently by different contributors within the industry, which leads to different and often misunderstood views about how an enterprise should govern its services portfolio in order to gain maximum benefit from its investment in the portfolio. The initial investment in a new service can •

   
Time on Slide Time on Plick
Slides per Visit Slide Views Views by Location