Advancing SOA Governance and Service Lifecycle Management

IT governance is about the decision rights structure of the IT organization. Since SOA is a joint business/IT environment, SOA governance is an extension of IT governance to perform two functions:

• to define the decision rights for the new services within IT
• to define the new decision rights that now exist between the business and IT organizations.

SOA governance is intended to improve the ability to make better decisions, faster. It gives everyone in the organization a clear understanding to what decisions need to be made and who can make them, eliminating confusion and uncertainty, and increasing teamwork .

SOA governance is not an "afterthought"; it matters because the success of your SOA projects depends on adhering to proven methods and best practices. Services impact both business and IT across all lines of business, horizontally across the organization. SOA governance allows your business to realize the benefits of service reuse, by mitigating risk and maximizing control of service creation and reuse processes. With good governance, everyone understands their role and responsibility in the overall process. This allows people and teams to make the right decisions at the right time, and it allows for better teamwork and communications between business and IT.

The SOA governance environment has two main components – development and monitoring of the SOA governance process and Service Lifecycle Management using the governance process.

There are four phases to the SOA governance framework for developing and monitoring governance processes:

• In the Plan phase, the overall business and IT requirements are understood and documented.
• In the Define phase, the SOA governance approach is established based on corporate, enterprise and IT governance environments.
• In the Deploy phase, governance mechanisms are put into place, the organization is educated, and governance policies are deployed.
• In the Measure phase, policy compliance and effectiveness are monitored to see if governance changes need to be made.

Service Lifecycle Management

In realizing SOA governance, the enforcement and management of the Model, Assemble and Deploy phases of the SOA Lifecycle is essential and referred to as Service Lifecycle Management. Service Lifecycle Management is broken into 2 facets:

• Service Development and Delivery Management
• Infrastructure and Management in Support of SOA

Service Development and Delivery Management

Service Development and Delivery Management addresses the essential need to govern the services development process thru the established governance framework and management dashboards. The following are the key areas in Service Development and Delivery Management and their associated SOA Governance concerns:

• Change and Release Management – when, what and by whom can services be changed
• Requirements and Quality Management – ensure services are developed in alignment with business requirements and assure functional and performance compliance
• Design and Construction – ensure sound design and development principles are adhered to for maximum asset reuse and reliability
• Process and Portfolio Management – ensure projects follow the established governance policies thru project frameworks and monitor performance across all projects

Infrastructure and Management in Support of SOA

Some of the key aspects in an SOA environment are:

• The distributed, cross-boundary nature of services and access to them presents new security risks that need to be managed.
• The rapid deployment and loose coupling of services along with their virtualized application flows present new complexities in key processes that need to be managed.
• The need to effectively handle the performance and prioritization of virtualized services while efficiently utilizing available resources.

Service Security. To secure SOA based applications and services, customers should address:

• The need to manage identities and access control across multiple applications, platforms, business partners and business entities.
• The need for an end-to-end security architecture that can be deployed and integrated with existing, disparate security models already deployed in the enterprise.
• The need to consistently enforce security policies across the environment.

Service Management. The dynamically assembled SOA applications and the inherent interdependence that comes from application reuse can overwhelm IT operations managers. To ensure that these dynamic SOA_based services are deployed, managed and maintained properly in the production environment, the following must be addressed:

• Federate identity and access control across services.
• Secure services and applications.
• Consistently enforce security policy for services.

Service Virtualization. In SOA applications are broken up into constituent services. The services are used in new ways which makes it difficult to effectively plan infrastructure capacity. Thus, infrastructure responsiveness is important. Virtualization is an effective technique to help:

• support scaling infrastructure resources in support of services which become hot / popular,
• prioritize infrastructure across multiple services and/or business processes (composite/dynamic applications), and
• accelerate application performance by distributing composite/dynamic applications across infrastructure resources.

The key operative thought with service virtualization is to make sure that the services are at the right place at the right time – with the right quantity.

Service Registry and Repository

In SOA, there is an end-to-end reuse requirement for a service registry and repository. The registry component allows artifacts, such as services and policies to have an entry that has the information about the artifact. This allows for the searching of the registry to find out about services and the metadata associated with those services. The registry also lists ownership and usage of services and can notify people of changes or potential changes happening to services.

During service development and delivery, there is a need to discover services that may already supply the function or a similar function. In addition, the service registry can have policies or processes that are needed to govern and enforce the development process. Once a service is delivered, the operational management of that service, including potential changes, can be tracked and controlled by the registry.

Successful SOA and SOA governance implementations focus on organizational change and change management. Moving to SOA creates a significantly new environment for both business and IT, and there will need to be a focus on the impacts of this new environment. Going with the overall SOA governance plan there will need to be a group supporting an overall organization change plan. We refer to that group as the Center of Excellence. IBM can help your company establish an SOA Center of Excellence that leverages assets and best-practices developed from experience across IBM with similar enterprise transformations.

The IBM SOA Governance and Management Method is designed to help create the overall governance processes and policies needed to have an overall SOA governed environment. IBM supplies the Method in the Rational Method Composer SOA Governance Plug-in. The Method creates an end-to-end Governance process thru a series of steps. These steps can be customized and either put on the web or put into the Rational Portfolio Manager (RPM). By putting the steps into RPM, project templates are created that are in alignment with the established governance policies and procedures and ensures that all projects are in conformance.

The Center of Excellence Service Offering is designed to supply the skills needed for IBM to help clients implement SOA Centers of Excellence within their business/IT implementations. The IBM team can help the client develop the skills needed to support an SOA environment. They can help customize the SOA Governance and Management Method, perform SOA architecture and process reviews. They can supply processes and support for the Service Lifecycle management.

IBM WebSphere Service Registry and Repository capabilities support service life-cycle management and governance so that you can better control your SOA environment.

For Service Lifecycle Management, IBM Rational Software Development Platform provides the essential tools to automate and enforce the management of the governance process thru the Model, Assemble and Deploy phases of the SOA Lifecycle.