IBM Software Group SOA Governance © 2006 IBM Corporation Agenda ● Why SOA Governance ? ● IBM Products and Solution © 2006 IBM Corporation 2 IBM’s definition of SOA – it’s about the business Service Oriented Architecture (SOA) is a business-centric IT architectural approach that supports integrating your business as linked, repeatable business tasks, or services. SOA helps users build composite applications, which are applications that draw upon functionality from multiple sources within and beyond the enterprise to support horizontal business processes A more complete discussion of these definitions and related concepts is found IBM SOA Foundation: An Architectural Introduction and Overview http://www-128.ibm.com/developerworks/webservices/library/wssoa-whitepaper/ © 2006 IBM Corporation 3 Service-Oriented Enterprise BUSINESS DOMAIN Business Process #1 Business Process #2 Business Service #2 Business Service #1 Business Service #4 Business Service #5 Business Service #3 Business Service #4 Business Service #7 Business Service #3 Business Service #4 Re-usable Business Services Business Service #6 Business Service #5 Business Service #5 Business Service #3 IT DOMAIN Business Service #3 IT Service #1 Re-usable IT Services © 2006 IBM Corporation Business Service #5 IT Service #2 IT Service #3 IT Service #2 IT Service #2 IT Service #4 IT Service #3 IT Service #3 4 A scenario on the importance of SOA governance App. 1 Sales xX X X Legal xX x x x Order Fulfillment 1. Provide a currency service that fills a specific LoB need App. 2 x Currency Conversion Service Accounting Dept. 3. LoB’s 4. Service is 2. Other LoB’s increase use of fixed at start using the service / quality provider’s service suffers expense X X Purchasing 5. Fix works 6. Maintenance temporarily costs soar / but problem provider reappears ends service * Scenario from “Introduction to SOA Governance” by Bobby Woolf © 2006 IBM Corporation 5 The Journey to SOA is filled with potholes ● Most organizations are implementing SOI not SOA ● SOA is largely an IT effort, LoB is not in ● Without Senior IT endorsement, many SOA efforts are focused on product selection, i.e., Shelf ware ● Funding to support Enterprise SOA is scarce or non-existent ● With no oversight comes no reuse and no relevance ● Oversight mechanisms lack teeth; projects evade the processes ● Inconsistent standards, drive inconsistent methodology, competing tools, and a lack of skilled resources ● Organizations are replacing silo’d applications with silo’d SOA © 2006 IBM Corporation 6 A scenario on the importance of SOA governance Finance Sales Legal Currency Service Order Fulfillment 1. All groups plan a re-usable currency service © 2006 IBM Corporation Purchasing 2. Service defined that meets everyone’s needs 3. Service enabled to be available to all LOBs 4. Success metrics defined, monitored to confirm service scalability 7 14 Critical Processes That Constitute an Effective SOA Governance Model Implementation Service Planning Service Modeling Service Implementation Service Management Define Service Focus Process Identify Services Process Design Services Process Manage Quality of Service Process Identify Service Owners Process Specify Services Process Assemble Services Process Manage Service Levels Process Define Service Funding Process Realize Services Process Test Services Process Manage Service Change Process Deploy Services Process Manage Service Security Process Establishing decision rights By effectively establishing governance mechanisms in these 14 areas, clients can address these common challenges: Defining high value business services Managing the lifecycle of assets Measuring effectiveness © 2006 IBM Corporation 8 Different Aspects of Governance There are different aspects of Governance, based on the process governed SOA Governance: examples of governed processes SOA Governance is an extension of IT Governance ● ● ● ● ● SOA Governance IT Governance Corporate Governance © 2006 IBM Corporation service funding service ownership service creation service reuse composite application design IT Governance: example of governed processes ● ● ● ● ● ● requirements management portfolio management change management data design architectural design release management 9 Solution Overview: Service Lifecycle Management Process design & implementation expertise based on the market’s leading solutions delivery platform Infrastructure & Management in Support of SOA Service Development & Delivery Management SOA Governance Method Empowering development teams to deliver the “A” in SOA © 2006 IBM Corporation 10 Service Lifecycle Management is essential in the realization of SOA Governance Service Lifecycle Management Service Development and Delivery Management Enforce, execute, automate process and policies Infrastructure and Management In Support of SOA Monitor and control operational policies SOA Governance SOA Governance Method Establish Process and Policies © 2006 IBM Corporation 11 IBM SOA Governance Method Establish the Governance Need • Document and validate business strategy for SOA and IT • Assess current IT and SOA capabilities • Define/Refine SOA vision and strategy • Review current Governance capabilities and arrangements • Layout Governance plan Monitor and Manage the Governance Processes • Monitor compliance with policies • Monitor compliance with governance arrangements • Monitor IT effectiveness metrics © 2006 IBM Corporation Define the Governance Approach • Define/modify Governance Processes • Design policies and enforcement mechanisms • Identify success factors, mechanisms • Identify owners and funding model • Charter/refine SOA Center of Excellence • Design Governance IT infrastructure Deploy the Governance Model Incrementally • Deploy Governance mechanisms • Deploy Governance IT infrastructure • Educate and deploy on expected behaviors and practices • Deploy policies 12 SOA Governance Challenges : Applying the SOA Governance Life Cycle ● Establishing decision rights ● Defining high value business services ● Managing the lifecycle of assets ● Measuring effectiveness © 2006 IBM Corporation 13 Getting Started – Establishing decision rights Business Executive Determine business strategy that leverages SOA SOA Assessment Services IT Executive © 2006 IBM Corporation Assess readiness for SOA Assess current governance approach Determine governance plan SOA Assessment Services SOA Governance and Management Method Rational Method Composer 14 Getting Started – Defining high value business services Business Executive IT Executive Business / System Analyst Software Architect Data Architect © 2006 IBM Corporation Identify key performance indicators Document business strategy milestones Workplace Business Strategy Execution Document standards and policies Rational RequisitePro Charter Center of Excellence Strategy & Planning Services Identify metrics Define development process Center of Excellence Services Strategy & Planning Services Rational Unified Process for SOA Central Service Registry Model key performance indicators across business process WebSphere Business Modeler WebSphere Service Registry Instantiate standards in application design Rational Software Architect Instantiate data standards & enable Data Governance Rational Data Architect 19 Getting Started – Managing the lifecycle of assets IT Executive Developer Establish change management process for development Establish change management process for operations Rational Unified Process for SOA Tivoli Unified Process Discover service for reuse / publish service WebSphere Service Registry and Repository Manage and track build time assets Rational ClearCase Deployment Manager Security Manager © 2006 IBM Corporation Validate and authenticate user Instantiate security policy Tivoli Federated Identity Manager Tivoli Access Manager Ensure signoff and create audit trail for change Rational ClearQuest Record service configuration information Tivoli Change and Configuration Management Database 20 Getting Started – Measuring effectiveness Business Executive IT Executive Monitor key performance indicators Central Service Registry Measure performance against business strategy milestones WebSphere Business Monitor WebSphere Service Registry Workplace Business Strategy Execution Measure project costs Rational Portfolio Manager Operations Manager © 2006 IBM Corporation Monitor performance against service level agreement Monitor and measure service performance Tivoli Service Level Adviser Tivoli Composite Application Manager 21 The WebSphere Service Registry and Repository provides value throughout the SOA lifecycle WebSphere Service Registry and Repository Publish Publish Find Enrich Manage Govern Find Enrich Encourage Reuse Find and reuse services for building blocks for new composite applications. Govern Enable Governance Govern services throughout the service lifecycle © 2006 IBM Corporation Enhance Connectivity Enable dynamic and efficient interactions between services at runtime. Manage Help optimize service performance Enable enforcement of policies. Impact analysis 22 WebSphere Service Registry and Repository: Publish and Find WebSphere Service Registry and Repository ● Encourage Service Reuse Publish and Find Services through all stages of SOA Encourage greater leverage of services Publish Find (1) Search is performed for a service or mediation or policy to (re)use (4) WSRR performs validation and enforces policies (3) Service metadata artifact is published to the WSRR Development Tool (2) Development tools are used to create a new service metadata artifact © 2006 IBM Corporation Publish Find Enrich Manage Govern (7) The assembled service is (re) published using the Service Explorer during deployment. (5) Search is performed for a service or mediation or policy to use Assembly/ Admin Tool (6) The service is configured/wired and policy relationships are established. 23 WSRR Eclipse Plug-in ● Generalized Eclipse plug-in Read and/or write access to WSRR Selectively browse for WSRR meta-data Import meta-data into a selected project “Deep” import available to include nested resources Publish meta-data to WSRR Uses published Java interface ● Available for any Eclipse based component Rational Application Developer WebSphere Integration Developer Portlet development environment Other eclipse environment From the Resource Perspective © 2006 IBM Corporation 24 WSRR Eclipse Plug-in: Retrieve/Import © 2006 IBM Corporation 25 Service Lookup During Assembly Phase WSRR DowJones WSDL NASDAQ WSDL Meta-Data: Finance 0.01 ... Finance 0.03 ... Category Cost ... Metadata Repository Retrieve Import Publish © 2006 IBM Corporation 26 How it works (How it’s used): Operational Monitoring Interactions WebSphere Service Registry and Repository Publish Find Enrich Manage Govern Performance and health alerts are generated based on operational data and recorded in the WSRR Performance data 3) Retrieve monitoring policy for the message from the WSRR Service Management Repositories 4) Mediation records the operational data about the running service Message 1) During service invocation a message is received by the ESB Message Message Mediation 2) The ESB routes the message to an intermediate logging mediation or agent 5) The ESB then continues with the invocation of the service. Message Service © 2006 IBM Corporation 27 WebSphere Service Registry & Repository Governance GE E Organization Classification Versioning Role Action Concepts Governed Entity Documents Lifecycle State Collections Access Control State State GE Promotion Approval Validation / Compliance Impact Analysis Governed Entity Actions Development Specified IT Governance Procured New Version What was done to it ? Operational Who changed it ? States When did they change it ? Transitions Audit History Trail Guards Audit Actions Life Cycle Model © 2006 IBM Corporation State Deployment IT Management What was changed ? Approved Process Published State Notification Collaboration Communication Socialization 28 Browser based console ● User role based browser perspectives ● Standards based service metadata documents support ● “Shredding” documents into meaningful and optimized organization ● Query Canned and user wizard based search ● Classification Helps Manage service metadata (more on this later under the Manage capability) © 2006 IBM Corporation 29 WebSphere Service Registry & Repository Integration with IBM SOA Products WebSphere Service Registry and Repository Publish RSA, RAD, WID Publish and Find Generic Client Using SOAP RAM Find Enrich Enterprise Service Bus Synchronize with Mediations based BuildTime on WSRR Lookup Manage Process Server Govern Tivoli CCMDB ITCAM for SOA Mediations based Extends toITIL Service Health on WSRR Lookup Change Mgmt information Publish and Find © 2006 IBM Corporation 30 Rational Asset Manager - RAM ● Asset Consumption Asset Search via Web client and Eclipse Asset Subscriptions via Web client Asset download via Web client and Eclipse ● Asset Creation Asset packaging via Web client and Eclipse Asset submission for review and approval ● Asset Usage and Reporting Asset comments, discussions, ratings and user tagging Asset Repository metrics by download, state, type, teamspace and history ● Asset Governance Operations Define review boards Review state notification ● Adminstration Operations © 2006 IBM Corporation 31 RAM – Integrations ● ClearQuest – submit a change request from an asset details ● ClearCase – store and download versioned assets in ClearCase ● WebSphere Service Registry and Repository: Federated search of deployed WSRR Services from RAM search Retrieve service artifacts for usage as artifact in RAM service asset. Exchange Categorizations between RAM and WSRR Ensure consistent Access Controls for RAM and WSR Link Asset ID and version with WSRR deployed Service ID and version ● Rational Method Composer: Customize out of the box RAM process ● Eclipse Based clients Search, Download and extract assets into Eclipse Workspaces © 2006 IBM Corporation 32 What the Analysts Are Saying “Half of all companies and 77% of large enterprises reported that they are or will be using SOA by the end of 2005. Why? Evidence is mounting that SOA provides real benefits for business integration and flexibility.” Real-World SOA: SOA Platform Case Studies, Forrester Research, Inc., September 2005 CIOs continue to struggle to align business and IT in meaningful, measurable ways. More effective IT governance processes and tools are becoming top priorities among businesssavvy CIOs. Five Ways the Rise of IT Governance Will Change How Enterprises Buy IT, Summit Strategies, December 2005 In 2006, lack of working governance mechanisms in midsize-to-large (greater than 50 services) post-pilot SOA projects will be the most common reason for project failure (0.8 probability). Management Update: Predicts 2006: The Strategic Impact of SOA Broadens, Gartner, Inc., Jess Thompson, Yefim V. Natis, Massimo Pezzini, Paolo Malinverno, November 23, 2005 With the widespread adoption of SOA, the challenges associated with SOA projects are emerging. SOA governance isn't optional — it's imperative. Without it, return on investment will be low and every SOA project out of pilot phase will be at risk. Service-Oriented Architecture Craves Governance, Gartner, Inc., Paolo Malinverno, January 20, 2006 © 2006 IBM Corporation 33 Governance is not just about compliance – it is an enabler of business value ● With the right focus, support and funding, it can be an enabler by Facilitating reuse Prioritizing spending Reducing costs Setting the technology direction Subsidizing enterprise-value efforts like Service-Oriented Architecture © 2006 IBM Corporation 34