SOA Governance > SOA Governance Overview

SOA Governance Overview

Main governance themes

State of the Art

Since their inception, service oriented architectures (SOA) was revealed as being the de facto paradigm for future systems. They combine best practices paradigms inspired from previous application models. Modularity, encapsulation, fine-grained granularity, publication and discovery help SOA to be widely used by developers and users. As a consequence, we have noticed enterprise systems moving to this new trend. For instance, a market study made by AMR research institute in 2005 over 134 different companies has shown a great interest for SOA technology, 20% has already implemented SOA in their systems, 50% were planning to implement it under 2 years and only 26% were not interested in it.

As systems are moving from classical IT to innovative SOA, essential functions need also to be exported and adapted. Governance is a first and foremost function in IT systems. It ensures the best interests of an organization to be met and this through corporate decisions from strategy to execution [Marks 2008]. MIT research scientist Peter Weill; gives a definition that goes in the same direction, according to him, IT governance is "specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT.” IT managers are then concerned with decisions, processes, and policies to encourage the behaviour that contributes to success. It can even go further including leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives [Afshar 2007].

In [Brown 2006], the authors give a global definition for governance as:

• Establishing chains of responsibility, authority and communication to empower people (decision rights)

• Establishing measurement, policy and control mechanisms to enable people to carry out their roles and responsibilities

SOA governance extends IT governance for the purpose of ensuring the SOA success. Lack of governance can be a serious impediment to success and the most common reason for the failure of SOA projects [Afshar 2007]. In [Papazoglou 2007], authors identify SOA governance as a major research area in the field of SOA design and development. Nevertheless, SOA governance is not clearly defined in literature. We rely on the following definitions to identify key topics in SOA governance:

  • In [Afshar 2007] Oracle researchers define SOA governance as the interaction between policies (what), decision-makers (who), and processes (how) in order to ensure SOA success. SOA governance is able to ensure that all of the independent (SOA) efforts come together to meet enterprise requirements. It covers the following levels: design, development, deployment, and operations of a service.
  • In [Brown 2006] IBM researchers assume SOA governance is an extension of IT governance specifically focused on the lifecycle of services, metadata and composite applications in an organization’s service-oriented architecture. SOA governance extends IT governance by assigning decision rights, policies and measures around the services, processes and lifecycle of SOA to address such concerns as: service registration, versioning, ownership, funding, monitoring, auditing, publishing, discovery, etc.
  • In [Marks 2008] the author aggregates several definitions to give his own one: SOA governance is the definition, implementation and ongoing execution of an SOA stakeholder decision model and accountability framework that ensures an organization is pursing an appropriate SOA strategy aligned with business goals, and is executing that strategy in accordance with guidelines and constraints defined by a body of SOA principles and policies. SOA policies are enforced via a policy enforcement model, which is realized in the form of various policy enforcement mechanisms such as governance boards and committees; governance processes, checkpoints, and reviews; and governance enabling technology and tools.

Through the previous definitions the essence of SOA governance is revealed in the trilogy (decision, process and policy):

                     SOA governance is doing the right SOA things (processes, decisions) the right way (policies) for the SOA stakeholders (decision-makers) [Marks 2008]

SOA governance needs to be achieved at several levels from strategy to execution. Governance tools provide the functionality required to support the governance processes associated with a specific SOA initiative including the following:

  • SOA policy management and enforcement
  • Registry/repository and metadata management
  • Statistical and KPI data collection
  • Governance of services in the cloud
  • Monitoring and management
  • Application and service life cycle management
  • Interoperability with other SOA governance technologies

The following approaches address SOA governance. This state of the art presents both academic and industrial solutions. Examples from industry are more numerous as SOA governance methodology is mostly driven by SOA vendors.

Authors in [Derler 2007] address the SOA governance by proposing a generic model and two governance tools. Services are described according to their life cycle. Actually, activities and roles which are relevant during the service life cycle are considered. Three roles are identified, the service developer, the product manager and the administrator. The product manager determines customer requirements, specifies a service for the business logic needed and is responsible for associating the service with a product. The developer is responsible for implementing the service and decides how the service is structured on a technical level. Meanwhile, the generic model contains elements describing clients and service proposals. It also contains elements for products and service modules. Basing on the previous model the authors propose two tools: a service repository console and a service browser. The Service Repository Console is used for creating service proposals and service descriptions, for specifying service relationships, and for defining service installations. The Service Browser is used for searching and browsing the service repository and for investigating service details, service relationships and service status. This approach proposes a standard way and a solid model to consider SOA governance. Nevertheless, the authors don’t address governing practices for neither orchestration nor choreography of services. Neither do they consider ultra large scale system requirements.

A methodological approach is presented in [Schepers 2008]; it relies on a six-step governance life cycle. The authors claim that SOA governance is more than a process, it is all about continuously aligning strategic goals. Actually, authors define six steps (1) defining a SOA strategy; this phase aims to aligning SOA with business requirements, (2) aligning organization to SOA by assigning responsibilities and establishing project groups, (3) managing service portfolio ensures that a sound method is used consistently to decide which 

services need to be developed; (4) controlling service lifecycle concerns the development and delivery of individual services in a SOA (service granularity and consistency, management procedures, etc.), (5) incorporating policy enforcement refers to performing service checks to verify it complies with policies, (6) service level management specifies the contract stating services levels and possible fees. This should be specified for each service. In this paper, the authors give clear guidelines to achieve SOA governance; however no details are given for describing practical governance prototype.

IBM’s approach is presented in [Brown 2006] as a four-step life cycle approach to governance. It consists of a (1) planning phase during which the need for governance is established and the existing mechanisms are assessed, a definition phase (2), during which the desired governance framework, including new and modified principles, processes, organizational structures and roles are established, an enabling phase (3), where the new governance framework is introduced into the enterprise and finally, a measurement phase (4), during which the metrics are gathered and analyzed to refine the governance process. Relying on this framework IBM proposes IBM WebSphere Service Registry and Repository [WebSphere 2010] which offer a governance solution in IBM SOA; it supports service discovery, and accessing. Besides, it offers features for service metadata management. Advanced management capabilities are provided by IBM Tivoli product [Tivoli 2010].

Oracle Company proposes a framework and a six-step based solution. Relying on a previously stated SOA maturity model, the authors in [Afshar 2007] gives a roadmap for SOA governance. Key leverage points for policies are captured according to business areas. These are: architecture, technology infrastructure, information, finance, portfolios, people, projects and operations. Then, policies need to be designed and enacted across the cited areas. Depending on the area, policies model and medium may be different; some policies can be captured in technology solutions or simply in policy documents. For instance, operational policies such as governing services at runtime may be addressed through the adoption a technological solution as a registry/repository or a web service management, whereas, architectural and funding policies can be captured through documents distributed through the organization. Meanwhile, the authors give six generic steps and best practices in order to apply and benefit from SOA governance, these are: (1) Defining goals, strategies, and constraints, (2) Defining standards, policies, and procedures for financial, portfolio, project, services, (3) Defining metrics for success, (4) Putting Governance mechanisms in place, (5) Analyzing and Improving existing processes, and (6) Refining and going to the next level of SOA maturity.

Basing on the previous framework, Oracle proposes a proprietary product Oracle SOA Governance 11g [Registry 2010] [Repository 2010] and the recently acquired Amberpoint, consisting of an enterprise repository, a service Registry, an enterprise Manager, and a web service manager. Both Oracle and IBM are leading companies in this domain and their products cover most basic governance features.

Mule Galaxy [Galaxy 2009] is a service oriented architecture (SOA) governance platform. It provides an SOA registry/repository. Galaxy aids in the management of SOA by supporting features such as lifecycle, dependency and artefact management, service discovery and reporting, and application deployment management. It is an open source product. Although Mule ESB Enterprise includes a service registry/repository that assists in artefact management and publishing, its policy enforcement capabilities (particularly, the implementation and modification of life cycle management processes) fall short of similar capabilities in closed-source offerings.

 WSO2 [WSO2 2010] is an open source WS-based SOA governance registry. It is standardized and supports basic SOA governance and integration capabilities such as tracking SOA resources, managing services life cycles and controlling resource access. 

Moreover, WSO2 registry provides a repository where resources and collections can be stored and managed, tagged, rated, logged, etc. Besides, SOA governance tools support common schema validation policies as WSDL validation, web service discovery, lifecycle management, dependency relationship management and remote link support. Finally, WSO2 provides advanced features as ATOM protocol support, and local and remote registry management. Though WSO2 is seen as a visionary governance tool it may be improved by implementing a scalable subscription model and supporting some basic mechanisms dedicated to business applications.

Petals Master SOA Governance Solution [Master 2010] is an open-source governance tool UDDI-based, providing basic governance features as service Registry/Repository, organization management, Service Level Agreement management and Integration with Service Runtime Environment. The Registry/Repository also provides management of policies that govern the behavior of users (persons or systems), dependency management: between services and other SOA assets lifecycle management, and reporting: usage indicators, policy violations, etc. Petals Master can be deployed as a standalone tool or as integrated in the service bus Petals ESB. Though, it offers common governance functionalities and SLA and WS-agreement support, Petals Master need to be improved by enforcing policies and providing scale-up capabilities in order to suit to large distributed systems. The involvement of Petals Link in research projects gives an opportunity to implement new innovative features in Petals Master.

Other commercial products exist as Progress’s SOA tool CentraSite [CentraSite 2010], Hitachi‘s product Cosminexus [Cosminexus 2010] or Governance Interoperability Framework [GIF 2010], etc. They typically provide service discovery, dependency management, policy management, change notification, authentication and identity management, policy management, and federation with other repositories. An ideal SOA governance tool should benefit from best practices from the existing tools.

References

Interesting Papers

[SAGE: An Approach to Evaluate the Impact of SOA Governance Policies|^gov-sage.pdf]

[End-to-end service level agreements for complex ICT solutions|^gov-ict.pdf]

[Models and Tools for SOA Governance|^gov-modelsAndTools.pdf]

[SOA Governance: Framework and Best Practices|^gov-bestPractices.pdf]

[A lifecycle approach to SOA governance|^gov-lifecycle.pdf]

[SOA governance---IBM’s approach|^gov-ibm.pdf]

[Service-Oriented Architecture Governance for the Services Driven Enterprise|^gov-systemDriven.pdf]

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.