chief technology officer sonic and actional products dan foody visibility and governance in an soa

Chief Technology OfficerSonic and Actional Products

Dan Foody

Visibility and Governance in an SOA

© 2006 Progress Software Corporation2

You’ve figured out your SOA backplane……Now what?

Browser

User-FacingLogic

Service discovery, binding, multiprotocol communicationWeb services (URL, XML, SOAP, WSDL, HTTP)Runtime support of service deployment and policies (SCA, WCF)

Rich Client

Reliable message delivery

Security

Publish and Subscribe

ESB

Load balance, failover

BPM

Source: Gartner


Implications Risks

You’ve figured out your SOA backplane……Now what?

Incremental Deployment Gradual migration Cost "spreading" across projects Reduced maintenance cost

Sharing (Reuse) of Services: Faster time to deployment Lower development cost Greater adaptability

Architectural Partitioning Diverse life-cycle "speeds" Synergy of different technologies Optimal tech skills allocation Processes visibility Greater maintainability Easier outsourcing/"offshoring"

Benefits

More Distributed Infrastructure Extensive use of middleware Transaction management Debugging/troubleshooting End-to-end management More granular security Metering/logging

Tighter Management/Governance Ownership/accountability Cost allocation Prioritization/conflict resolution

Higher Upfront Costs Cultural change Infrastructure (SOA backplane) More formal methodology Longer design time for services Testing (unit/end-to-end)

Source: Gartner


You’ve figured out your SOA backplane……Control the risks to achieve the benefits

Incremental Deployment Gradual migration Cost "spreading" across projects Reduced maintenance cost

Sharing (Reuse) of Services: Faster time to deployment Lower development cost Greater adaptability

Architectural Partitioning Diverse life-cycle "speeds" Synergy of different technologies Optimal tech skills allocation Processes visibility Greater maintainability Easier outsourcing/"offshoring"

Benefits

Robust Distributed Infrastructure Extensive use of middleware Transaction management Debugging/troubleshooting End-to-end management More granular security Metering/logging

Tight Management/Governance Ownership/accountability Cost allocation Prioritization/conflict resolution

Predictable Upfront Costs Cultural change Infrastructure (SOA backplane) More formal methodology Longer design time for services Testing (unit/end-to-end)

Benefits

Source: Gartner


IT is already disconnected from the businessSilos of infrastructure are the cause

Business

IT

Bottom-up IT-focused monitoring(OpenView, Tivoli, etc.)Detected problems are without context• What customers are impacted?• What business processes are impacted?• What’s the cost to the business?• What’s most important?

Simple business-focused monitoring(BI, dashboards, etc.)Focused, but always-out-of-date visibility• Only sees what you explicitly configure• No understanding of interdependencies• No awareness of IT cause• Only know about issues once it’s too late


Ignoring the impact of SOA makes the IT-business disconnect even worse

The global enterprise with SOA Business processes span “silos”

• No one team has end-to-end responsibility• No one team knows all the moving parts• No one team makes all the decisions

The one-to-one mapping has disappeared

Traditional line-of-business silos Each business process is self-contained

• One team has end-to-end responsibility• One team knew all the moving parts• One team made all the decisions

►Applications and business functionsmap one-to-one


Ignoring the impact of SOA makes the IT-business disconnect even worse

?The global enterprise with SOA Business processes span “silos”

• No one team has end-to-end responsibility• No one team knows all the moving parts• No one team makes all the decisions

The one-to-one mapping has disappeared

Traditional line-of-business silos Each business process is self-contained

• One team has end-to-end responsibility• One team knew all the moving parts• One team made all the decisions

►Applications and business functionsmap one-to-one

If you can’t see it:

• You can’t measure it

• You can’t secure it

• You can’t control it

• You can’t optimize it


ActionalSOA management, security, and governance

Actional products provide discovery, visibility, security and control for• Services• Inter-dependencies• End-to-end business processes

Without application re-coding or performance degradation

Across the many technologies and platforms that make up an SOA

POLICYDRIVENSECURITY

POLICYDRIVENSECURITY

CONTROLOF ROGUESERVICES

CONTROLOF ROGUESERVICES

BUSINESS POLICY ENFORCEMENT

BUSINESS POLICY ENFORCEMENT

END-TO-ENDVISIBILITY

END-TO-ENDVISIBILITY


Actional fills the SOA blind-spots withvisibility from the eyes of IT and Business

By Infrastructure

• Which services are where?

• Who uses what services?

• Where are the bottlenecks?

• What’s the impact of change?

By Business Criteria

• How is my business doing?

• Are customer having issues?

• Am I keeping up with demand?

• Am I meeting my commitments?

By Business Process

• What really occurs in ordering?

• How many are in production?

• How long from order to delivery?

• Why has purchasing stalled?


Beyond the buzzword: What is governance?

The systems and processes in place for ensuring proper accountability and openness in the conduct of an organization's business

The word derives from Latin origins that suggest the notion of steering


How is governance usually handled?

Ye Olde Book Of Policies• Policies are made available to everyone

• Every reads all the policies

• Everyone follows all the policies

Do you know, understand, and follow, every rule that might apply to you…… at all times…

… as rules change?


Prioritize governance concerns

Business policies• Complying with rules, regulations, etc.

FinesJail timeLawsuitsRevenue loss

Technical policies• Comply with WS-I, schema requirements, etc.

Reuse is harder / more costly

Focus on what matters most


What you don’t know can hurt you

If a service is in-production, and it’s not encrypting personally identifiable information,You can face extreme penalties

You don’t get extra credit from the EU if your policy said privacy compliance was required

Service registries can only address technical policies

Business policies require runtime governance


Business policies require a business focus

Without Actional...…users take the 10s of business policies…and manually convert them…into potentially 100s of enforceable policies

Information Policies Process Policies Contextual Policies

Encrypt all personal identities for EU privacy

directives

Alert if approaching gold customer service

level limit

Audit all steps of financial processes for

US Sarbanes-Oxley

GoldGold

Error prone, complex, costly


<Licensee><ID>1837363</ID><Name>John Q. Public</Name><SSN>145-98-3847</SSN><Address><Street>100 Any Lane</Street><City>Any Town</City><State>CA</State><Zip>94099</Zip>

</Address></Licensee>







From business policies to enforced policiesWith Actional runtime governance

PersonalIdentity

ShippingDestination

PersonalIdentity

ShippingDestination

CustomerClass

Policy Target

Policy Owner(s)

Service

Owner(s)

Audit

Encrypt


Actively enforces policies across the SOA

ManagedEnvironment

Automatically adjusts to changes in the SOA

From business policies to enforced policiesWith Actional runtime governance


Summary

Actional dramatically reduces the risks of SOA• Aligns IT and business• Provides process visibility• Senses and responds in real-time• Automatically enforces policies

This enables organizations to turn SOA into a competitive weapon• Faster time to market• Lower costs• Continuous innovation• Process flexibility

chief technology officer sonic and actional products dan foody visibility and governance in an soa

Documents

soa slide

gartner slide

impact of soa

cause business

progress software corporation6

progress software corporation5

late slide

faster time