IBM Software Group
SOA Governance
© 2006 IBM Corporation
Agenda
● Why SOA Governance ?
● IBM Products and Solution
© 2006 IBM Corporation
2
IBM’s definition of SOA – it’s about the business
Service Oriented Architecture (SOA)
is a business-centric IT architectural
approach that supports integrating your
business as linked, repeatable business
tasks, or services. SOA helps users build
composite applications, which are
applications that draw upon functionality
from multiple sources within
and beyond the enterprise
to support horizontal
business processes
A more complete discussion of these definitions and related concepts
is found IBM SOA Foundation: An Architectural Introduction and
Overview
http://www-128.ibm.com/developerworks/webservices/library/wssoa-whitepaper/
© 2006 IBM Corporation
3
Service-Oriented Enterprise
BUSINESS DOMAIN
Business Process #1
Business Process #2
Business
Service #2
Business
Service #1
Business
Service
#4
Business
Service
#5
Business
Service #3
Business
Service #4
Business
Service #7
Business
Service #3
Business
Service
#4
Re-usable Business
Services
Business
Service
#6
Business
Service
#5
Business
Service
#5
Business
Service #3
IT DOMAIN
Business Service #3
IT Service
#1
Re-usable IT
Services
© 2006 IBM Corporation
Business Service #5
IT Service
#2
IT Service
#3
IT Service
#2
IT Service
#2
IT Service
#4
IT Service
#3
IT Service
#3
4
A scenario on the importance of SOA governance
App. 1
Sales
xX
X
X
Legal
xX
x
x
x
Order Fulfillment
1. Provide a
currency service
that fills a specific
LoB need
App. 2
x
Currency
Conversion
Service
Accounting
Dept.
3. LoB’s
4. Service is
2. Other LoB’s
increase use of
fixed at
start using the
service / quality
provider’s
service
suffers
expense
X
X
Purchasing
5. Fix works
6. Maintenance
temporarily
costs soar /
but problem
provider
reappears
ends service
* Scenario from “Introduction to SOA Governance” by Bobby Woolf
© 2006 IBM Corporation
5
The Journey to SOA is filled with potholes
● Most organizations are implementing SOI not SOA
● SOA is largely an IT effort, LoB is not in
● Without Senior IT endorsement, many SOA efforts are focused
on product selection, i.e., Shelf ware
● Funding to support Enterprise SOA is scarce or non-existent
● With no oversight comes no reuse and no relevance
● Oversight mechanisms lack teeth; projects evade the processes
● Inconsistent standards, drive inconsistent methodology,
competing tools, and a lack of skilled resources
● Organizations are replacing silo’d applications with silo’d SOA
© 2006 IBM Corporation
6
A scenario on the importance of SOA governance
Finance
Sales
Legal
Currency Service
Order
Fulfillment
1. All groups plan
a re-usable
currency service
© 2006 IBM Corporation
Purchasing
2. Service defined
that meets
everyone’s needs
3. Service enabled
to be available
to all LOBs
4. Success metrics
defined, monitored
to confirm service
scalability
7
14 Critical Processes That Constitute an Effective SOA
Governance Model Implementation
Service
Planning
Service
Modeling
Service
Implementation
Service
Management
Define Service
Focus Process
Identify Services
Process
Design Services
Process
Manage Quality of
Service Process
Identify Service
Owners Process
Specify Services
Process
Assemble
Services Process
Manage Service
Levels Process
Define Service
Funding Process
Realize Services
Process
Test Services
Process
Manage Service
Change Process
Deploy Services
Process
Manage Service
Security Process
Establishing decision rights
By effectively establishing governance
mechanisms in these 14 areas, clients
can address these common challenges:
Defining high value business services
Managing the lifecycle of assets
Measuring effectiveness
© 2006 IBM Corporation
8
Different Aspects of Governance
There are different aspects of Governance,
based on the process governed
SOA Governance:
examples of governed processes
SOA Governance is an extension
of IT Governance
●
●
●
●
●
SOA Governance
IT Governance
Corporate Governance
© 2006 IBM Corporation
service funding
service ownership
service creation
service reuse
composite application design
IT Governance:
example of governed processes
●
●
●
●
●
●
requirements management
portfolio management
change management
data design
architectural design
release management
9
Solution Overview: Service Lifecycle Management
Process design & implementation expertise based on the market’s
leading solutions delivery platform
Infrastructure
& Management
in Support of SOA
Service Development
& Delivery
Management
SOA Governance Method
Empowering development teams
to deliver the “A” in SOA
© 2006 IBM Corporation
10
Service Lifecycle Management is essential in the
realization of SOA Governance
Service Lifecycle Management
Service Development
and Delivery
Management
Enforce, execute, automate
process and policies
Infrastructure and
Management
In Support of SOA
Monitor and control
operational policies
SOA Governance
SOA Governance Method
Establish Process and Policies
© 2006 IBM Corporation
11
IBM SOA Governance Method
Establish the Governance Need
• Document and validate business strategy for SOA and IT
• Assess current IT and SOA capabilities
• Define/Refine SOA vision and strategy
• Review current Governance capabilities and arrangements
• Layout Governance plan
Monitor and Manage the Governance Processes
• Monitor compliance with policies
• Monitor compliance with governance arrangements
• Monitor IT effectiveness metrics
© 2006 IBM Corporation
Define the Governance Approach
• Define/modify Governance Processes
• Design policies and enforcement mechanisms
• Identify success factors, mechanisms
• Identify owners and funding model
• Charter/refine SOA Center of Excellence
• Design Governance IT infrastructure
Deploy the Governance Model Incrementally
• Deploy Governance mechanisms
• Deploy Governance IT infrastructure
• Educate and deploy on expected behaviors and practices
• Deploy policies
12
SOA Governance Challenges : Applying the SOA
Governance Life Cycle
● Establishing decision rights
● Defining high value business services
● Managing the lifecycle of assets
● Measuring effectiveness
© 2006 IBM Corporation
13
Getting Started – Establishing decision rights
Business
Executive
Determine business
strategy that leverages
SOA
SOA Assessment
Services
IT Executive
© 2006 IBM Corporation
Assess readiness for
SOA
Assess current
governance approach
Determine governance
plan
SOA Assessment
Services
SOA Governance
and Management
Method
Rational Method
Composer
14
Getting Started – Defining high
value business services
Business
Executive
IT Executive
Business /
System
Analyst
Software
Architect
Data
Architect
© 2006 IBM Corporation
Identify key
performance indicators
Document business
strategy milestones
Workplace Business
Strategy Execution
Document standards
and policies
Rational
RequisitePro
Charter Center of
Excellence
Strategy &
Planning Services
Identify metrics
Define development
process
Center of
Excellence Services
Strategy &
Planning Services
Rational Unified
Process for SOA
Central
Service
Registry
Model key performance
indicators across
business process
WebSphere
Business Modeler
WebSphere
Service
Registry
Instantiate standards in
application design
Rational Software
Architect
Instantiate data
standards & enable
Data Governance
Rational Data
Architect
19
Getting Started – Managing the
lifecycle of assets
IT Executive
Developer
Establish change
management process
for development
Establish change
management process
for operations
Rational Unified
Process for SOA
Tivoli Unified
Process
Discover service for
reuse / publish service
WebSphere
Service Registry
and Repository
Manage and track build
time assets
Rational
ClearCase
Deployment
Manager
Security
Manager
© 2006 IBM Corporation
Validate and
authenticate user
Instantiate security
policy
Tivoli Federated
Identity Manager
Tivoli Access
Manager
Ensure signoff and
create audit trail for
change
Rational
ClearQuest
Record service
configuration
information
Tivoli
Change and
Configuration
Management Database
20
Getting Started – Measuring effectiveness
Business
Executive
IT Executive
Monitor key
performance indicators
Central
Service
Registry
Measure performance
against business
strategy milestones
WebSphere
Business Monitor
WebSphere
Service
Registry
Workplace Business
Strategy Execution
Measure project costs
Rational Portfolio
Manager
Operations
Manager
© 2006 IBM Corporation
Monitor performance
against service level
agreement
Monitor and measure
service performance
Tivoli Service
Level Adviser
Tivoli Composite
Application Manager
21
The WebSphere Service Registry and Repository provides
value throughout the SOA lifecycle
WebSphere Service Registry and Repository
Publish
Publish
Find
Enrich
Manage
Govern
Find
Enrich
Encourage Reuse
Find and reuse services
for building blocks for new
composite applications.
Govern
Enable Governance
Govern services
throughout the service
lifecycle
© 2006 IBM Corporation
Enhance Connectivity
Enable dynamic and
efficient interactions
between services at
runtime.
Manage
Help optimize
service performance
Enable enforcement of
policies. Impact analysis
22
WebSphere Service Registry and Repository: Publish and Find
WebSphere Service Registry and Repository
●
Encourage Service Reuse
 Publish and Find Services through all stages of SOA
 Encourage greater leverage of services
Publish
Find
(1) Search is performed for a
service or mediation or
policy to (re)use
(4) WSRR performs
validation and
enforces policies
(3) Service metadata
artifact is published
to the WSRR
Development
Tool
(2) Development tools are
used to create a new
service metadata
artifact
© 2006 IBM Corporation
Publish
Find
Enrich Manage Govern
(7) The assembled
service is (re)
published using the
Service Explorer
during deployment.
(5) Search is
performed for a
service or
mediation or policy
to use
Assembly/
Admin
Tool
(6) The service is
configured/wired and
policy relationships are
established.
23
WSRR Eclipse Plug-in
● Generalized Eclipse plug-in
 Read and/or write access to WSRR
 Selectively browse for WSRR meta-data
 Import meta-data into a selected project
 “Deep” import available to include nested resources
 Publish meta-data to WSRR
 Uses published Java interface
● Available for any Eclipse based component
 Rational Application Developer
 WebSphere Integration Developer
 Portlet development environment
 Other eclipse environment
From the Resource Perspective
© 2006 IBM Corporation
24
WSRR Eclipse Plug-in: Retrieve/Import
© 2006 IBM Corporation
25
Service Lookup During Assembly Phase
WSRR
DowJones
WSDL
NASDAQ
WSDL
Meta-Data:
Finance
0.01
...
Finance
0.03
...
Category
Cost
...
Metadata
Repository
Retrieve
Import
Publish
© 2006 IBM Corporation
26
How it works (How it’s used): Operational Monitoring Interactions
WebSphere Service Registry and Repository
Publish
Find
Enrich
Manage
Govern
Performance and health alerts
are generated based on
operational data and recorded in
the WSRR
Performance data
3) Retrieve monitoring
policy for the message
from the WSRR
Service
Management
Repositories
4) Mediation records
the operational
data about the
running service
Message
1) During service invocation
a message is received by
the ESB
Message
Message
Mediation
2) The ESB routes the
message to an
intermediate logging
mediation or agent
5) The ESB then
continues with the
invocation of the
service.
Message
Service
© 2006 IBM Corporation
27
WebSphere Service Registry & Repository Governance
GE
E
Organization
Classification
Versioning
Role
Action
Concepts
Governed Entity
Documents
Lifecycle State
Collections
Access Control
State
State
GE
Promotion
Approval
Validation / Compliance
Impact Analysis
Governed Entity
Actions
Development
Specified
IT Governance
Procured
New Version
What was done to it ?
Operational
Who changed it ?
States
When did they change it ?
Transitions
Audit History Trail
Guards
Audit
Actions
Life Cycle Model
© 2006 IBM Corporation
State
Deployment
IT Management
What was changed ?
Approved
Process
Published
State
Notification
Collaboration
Communication
Socialization
28
Browser based console
● User role based browser perspectives
● Standards based service metadata
documents support
● “Shredding” documents into meaningful
and optimized organization
● Query
 Canned and user wizard based search
● Classification
 Helps Manage service metadata (more on this
later under the Manage capability)
© 2006 IBM Corporation
29
WebSphere Service Registry & Repository Integration with IBM SOA Products
WebSphere Service Registry and Repository
Publish
RSA, RAD,
WID
Publish and Find
Generic Client
Using SOAP
RAM
Find
Enrich
Enterprise
Service Bus
Synchronize with Mediations based
BuildTime
on WSRR Lookup
Manage
Process
Server
Govern
Tivoli
CCMDB
ITCAM for
SOA
Mediations based
Extends toITIL Service Health
on WSRR Lookup
Change Mgmt information
Publish and Find
© 2006 IBM Corporation
30
Rational Asset Manager - RAM
● Asset Consumption
 Asset Search via Web client and Eclipse
 Asset Subscriptions via Web client
 Asset download via Web client and Eclipse
● Asset Creation
 Asset packaging via Web client and Eclipse
 Asset submission for review and approval
● Asset Usage and Reporting
 Asset comments, discussions, ratings and user tagging
 Asset Repository metrics by download, state, type, teamspace and history
● Asset Governance Operations
 Define review boards
 Review state notification
● Adminstration Operations
© 2006 IBM Corporation
31
RAM – Integrations
● ClearQuest – submit a change request from an asset details
● ClearCase – store and download versioned assets in ClearCase
● WebSphere Service Registry and Repository:
 Federated search of deployed WSRR Services from RAM search
 Retrieve service artifacts for usage as artifact in RAM service asset.
 Exchange Categorizations between RAM and WSRR
 Ensure consistent Access Controls for RAM and WSR
 Link Asset ID and version with WSRR deployed Service ID and version
● Rational Method Composer:
 Customize out of the box RAM process
● Eclipse Based clients
 Search, Download and extract assets into Eclipse Workspaces
© 2006 IBM Corporation
32
What the Analysts Are Saying
“Half of all companies and 77% of large enterprises reported that they are or will be using
SOA by the end of 2005. Why? Evidence is mounting that SOA provides real benefits for
business integration and flexibility.”
Real-World SOA: SOA Platform Case Studies, Forrester Research, Inc., September 2005
CIOs continue to struggle to align
business and IT in meaningful,
measurable ways. More effective IT
governance processes and tools are
becoming top priorities among businesssavvy CIOs.
Five Ways the Rise of IT Governance Will Change How
Enterprises Buy IT, Summit Strategies, December 2005
In 2006, lack of working governance
mechanisms in midsize-to-large
(greater than 50 services) post-pilot SOA
projects will be the most common reason for
project failure (0.8 probability).
Management Update: Predicts 2006: The Strategic Impact of SOA
Broadens, Gartner, Inc., Jess Thompson,
Yefim V. Natis, Massimo Pezzini, Paolo Malinverno,
November 23, 2005
With the widespread adoption of SOA, the challenges associated with
SOA projects are emerging. SOA governance isn't optional — it's imperative.
Without it, return on investment will be low and every SOA project
out of pilot phase will be at risk.
Service-Oriented Architecture Craves Governance, Gartner, Inc., Paolo Malinverno, January 20, 2006
© 2006 IBM Corporation
33
Governance is not just about compliance – it is an
enabler of business value
● With the right focus, support and funding, it can be an enabler by
Facilitating reuse
Prioritizing spending
Reducing costs
Setting the technology direction
Subsidizing enterprise-value efforts like Service-Oriented
Architecture
© 2006 IBM Corporation
34