04 service oriented architecture series - soa management
TRANSCRIPT
SOA ManagementPouria Ghatrenabi
Based on IBM SOA Certificate Learning Objectives
Learning Objectives• Explain the need for SOA governance. (compass ch4)• Describe SOA governance and related concepts (roles and responsibilities,
funding models, policies, enforcement, critical success factors, and metrics.)• Describe Quality of Service (QoS) issues pertinent to SOA.• Explain the need for a distributed security model (including issues like
identify provisioning and propagation.)• Identify the impact of changes to services in the SOA lifecycle (change
management, versioning, and service lifecycle.)• Identify the role of an enterprise service bus (ESB) in SOA management and
governance.
Need for SOA Governance
Need for SOA Governance• SOA governance is what enables diverse business unit and IT
stakeholders to ensure that the SOA is truly cross-enterprise.
• According to analysts, SOA governance is more critical to SOA success than is SOA technology.
• The goal of the iterative, four-phase SOA governance process is to refine and enhance governance effectiveness and optimize business value for the SOA initiative
Ref: McBride, (2007)
Core Objectives or Challenges of Governance• Establish decision rights.• Define high value business services.• Manage the life cycle of your assets.• Measure effectiveness.
Ref: Buecker et al. (2008), p 419
Central vs. Distributed GovernanceCentral Governance• Optimized for the enterprise. The governance council has
representation from each business domain. The council reviews addition or removal of services, changes, etc.
Distributed Governance• Optimized for the distributed teams. Each business unit has control over
how it provides the services within its own organization. This requires a functional service domain approach. A central committee can provide guidelines.
Ref: Bieberstein et al. (2006), p70
SOA Governance Concepts
SOA Governance Framework
Ref: McBride, (2007)
Plan• Stakeholders collaborate to establish and commit to the need for SOA
governance and its overall scope• Project scope, ownership, and funding are planned• Perhaps a center of excellence to oversee the SOA project is established• In subsequent iterations, planning will identify areas where SOA
governance can be improved or new areas where it should be implemented
Define• Business and IT stakeholders collaborate to define new governance policies
and processes• Organizations delineate additional SOA capabilities, agree on policies for
service reuse across lines of business, establish processes to guarantee service levels, etc.
Ref: McBride, (2007)
Enable• Policies defined in the previous phase are rolled out to the various
stakeholders across the enterprise• Policies are communicated to the decision-making community
Measure• Governance policies and processes (e.g., SLAs, reuse levels, or
change policies) are established• Policies are evaluated against success/effectiveness criteria
(established in the Define phase)• A new iteration of SOA governance activities is initiated on the
basis of those discussions
Ref: McBride, (2007)
Ref: Keen (2007) , p16
Ref: Keen (2007) , p17
SOA Governance vs. SOA Service Lifecycle Management
Model validate against Plan• Architects collaborate to review the current SOA governance plan and
use it as a basis for modeling the SOA implementation.
Assemble validate against Definition• Developers assemble the reusable service assets that the architects
have modeled, to create service-oriented applications that automate and integrate business processes.
Deploy validate against Enablement• Testing and Release Management functions deploy the services.
Manage validate against Measurement• Whereby Operations manages the services in production.
Ref: McBride, (2007)
Governance DefinitionsIBM defines governance as the establishment of the following
Ref: Keen (2007)
Chains of Responsibility• The establishment and assignment of decision rights. • Roles are defined, and associated with those roles are responsibilities.• Chains of responsibility signifies the assignment of accountability.
Measurement• How to measure the effectiveness of the governance that is put in place. • What key performance metrics need to be defined? • What KPIs need to contribute to the initial goal?
Governance Definitions (Continued…)
Ref: Keen (2007)
Policies• Are used to prescribe management direction• To guide to meet business objectives• To demonstrate management commitment• To clearly define responsibilities of a particular party
Control Mechanisms• Instruments to make sure that everyone is doing what they are supposed to• Ensure compliance with the policies• Operate by assuring compliance at various compliance checkpoints
Communication• The glue of governance. The parties must be informed to enable compliant behavior
Levels of Governance
Ref: Keen (2007)
SOA Governance Concerns
Service Registration Service Versioning Service Ownership Service Funding Service Monitoring
Service Auditing Service Diagnostics Service Identification Service Modeling Service Publishing
Service Discovery Service Development
Service Consumption Service Provisioning Access to Services
Deployment of Services and Composite
Applications
Security for Services
Ref: Keen (2007)
SOA Initiative Roles and Responsibilities
• Responsible for analyzing the goals and needs from a business perspective
• Work with the business and the IT Architect to ensure the proper translation of business requirements to IT solution requirements
Business Analyst/Architect
• The capabilities are comprised of three roles (next Slide)• They collectively contribute the current and future realization of
best practices, governance processes, and the operational environment
SOA Governance Architects
• Responsible for understanding capabilities in business, operations, and technology and assessing the impact of changes to the organization.
Organizational Change Manager
Ref: Keen (2007), Ch2
Services, Connectivity Through ESB and BSRR
Ref: Carter (2007), Ch 5
SOA Governance Architects Roles• Responsible for identifying services• Define reference architectures & create component models• Responsible for performance, availability, and scalability of the applications• maintains the functional interface to the application infrastructure• Perform evaluation & selection of the packages, software, & hardware
components of the architecture
SOA Initiative Architect
• Responsible for the integrity of all process and procedure definitions and documentationProcess Architect
• Responsible for the design of the physical (or operational) aspect of a total system, line of business, or technology domain
• Concerned with designing the architecture to reach desired system qualities, including performance, scalability, availability, security, and maintainability
Infrastructure Architect
Ref: Keen (2007), Ch2
Empowerment and Funding• Underfunding can lead to small-scale implementation Web services rather
than a move toward the benefits of a true SOA.
• Successful SOA project needs strong support of senior executives, identified funding, and proper empowerment of governance body.
• Organization should avoid a weak governance body that has a more consultative role and cannot enforce its recommendations.
• The governance body needs to have proper practical control of project funding
Ref: Bieberstein et al. (2006), p70
Quality of Service (QoS) Issues
Quality of Service (QoS) Issues• Common services has the benefits of flexibility, reuse, cost savings, etc.,
but also has increased dependency and must be monitored and managed accordingly.
• To achieve the quality of service (QoS) defined by the business, each service endpoint should be managed as a resource.
• Resource view of services includes the invocation of services (service consumer) and the application functionality exposed as a service (service provider).
Ref: Keen (2007), Ch2
Quality of Service (QoS) Issues (Continued…)
• Services are typically implemented as Web Services.
• Managed services must have real-time availability and performance metrics and a defined SLA.
• Like other resources, services are deployed, configured, versioned, monitored, managed, secured, and audited
Ref: Keen (2007), Ch2
Perspectives for the End-to-End View
Horizontal View• The view of the transaction
Vertical View• The view of the service
invocation through the architectural abstraction layers
Ref: Keen (2007), Ch2
SOA Distributed Security Model
Ref: Buecker et al. (2008), p9
Web service security specifications
Ref: Buecker et al. (2008), p 445
WS-Security
Ref: Buecker et al. (2008), pp 445-446
• WS-Security provides message-level security which is used when building secure Web services. Message content protection (integrity, confidentiality, and authentication) and security token propagation are features of this specification.
• The advantage of using WS-Security instead of SSL is that it can provide end-to-end message level security. This means that the messages are protected even if the message goes through multiple services or intermediaries.
Identity Challenges in SOA
Ref: Buecker et al. (2008), p11
User and Service Identities and Their PropagationIdentities exist for both users and services, and both must be subject to the same controls.
The identities might need to be propagated throughout the SOA environment.
Identity Services are required in the infrastructure to deal with identity mediation, so that services can interconnect without worrying about mapping and propagating user identity.
This approach can greatly improve the speed and ease of developing new services.
Ref: Buecker et al. (2008), p10
Securing Inter-organization Interactions• Regardless of the interaction form, it is imperative that security,
identity, and access policies are defined and enforced for all transactions.
• Policies need to be enforced for both incoming and outgoing requests.
• Boundary security services are an obvious starting point to provide coarsely grained verification that requests are coming from or going to trusted parties.
Ref: Buecker et al. (2008), p12
Securing Inter-organization Interactions (Continued…)
• Establishing the trust relationship between the organizations is a key step in allowing inter-organization cooperation.
• Trust relationship includes establishing rules around interaction (e.g. defining identity information that must be propagated between organizations), cryptographic keys.
Ref: Buecker et al. (2008), p12
Swivel Chair Management• Policy enforcement points will be located both at the service
connectivity level, and within the implementations of the services
• Management of a policy across various heterogeneous enforcement points requires an administrator to use a diverse set of resource centric management interfaces, associated security policy terminology, and semantics. (sometimes called Swivel Chair Management)
Ref: Buecker et al. (2008), p13
Service-oriented Life Cycle From a Security Perspective
Ref: Buecker et al. (2008), p14
Role of ESB in SOA Management and Governance• Because the ESB acts as a mediation hub, various aspects of security
need to be enforced at the ESB to ensure valid and secure access to systems and data.
Ref: Buecker et al., (2008), Ch1
References of Section Four • Bieberstein, N., Bose, S., Fiammante, M., Jones, K., & Shah, R. (2006). Service-Oriented
Architecture (SOA) Compass-Business Value. Planning, and Enterprise Roadmap, IBM developerWorks.
• Buecker, A., Ashley, P., Borrett, M., Lu, M., Muppidi, S., Readshaw, N., & others. (2008). Understanding SOA Security Design and Implementation. IBM Redbooks.
• Keen, M. (2007). Implementing Technology to Support SOA Governance and Management. IBM, International Technical Support Organization.
• McBride, G. (2007, March 15). The Role of SOA Quality Management in SOA Service Lifecycle Management. Retrieved from http://www.ibm.com/developerworks/rational/library/mar07/mcbride/