policy driven practices for soa - · pdf fileindependent insight for service oriented...

Independent Insight for Service Oriented Practice

www.cbdiforum.com

Policy Driven Practices for SOALawrence WilkesCBDI Forum

© 2006 CBDI Forum Ltd2 V1.0 0206

Agenda

! Enterprise SOA Challenge! SOA Policy Areas! Layered Service Architecture as a basis for Policy! Service Lifecycle as a basis for Policy! Compliance Testing! Service Engineering


Core SOA Characteristics

4. Resource virtualization

Who, What and Where

Consuming Solutions

Functional Capabilities/Resources

2. Functional standardization

Reuse to reduce cost and deliver consistency across

different solutions

Y Z

B

ServiceA

X

A

1. Loose CouplingEnabling rapid

process integration & optimization

ServiceB

3. Consumer (solution) flexibility

Use alternative and or specialize services

3. Supplier flexibilityUse alternative and

consolidated resources

C

Usage decisions determined by Policy


Enterprise ChallengeLots of Disparate Consuming Solutions Driven by Pressing Needs Of Individual Business Sponsors

Lots of Duplicated, Silo’ed, Disparate, Distributed Capabilities/Resources

Lots of Services delivered with good intention, but failing to deliver the full benefits of SOA

Minimal Sharing, still silo’ed, disparate, and meeting only the requirement of individual business sponsors!


Enterprise Service Bus, Web Service Protocols, etc

Technology Isn’t the SolutionLots of Disparate Consuming Solutions Driven by Pressing Needs Of Individual Business Sponsors

Lots of Duplicated, Silo’ed, Disparate, Distributed Capabilities/Resources

Technology is an important enablerBut it isn’t just a wiring problem!


Managed Service Portfolio

A B C

Services Provided and Consumed

X Y Z

Consuming Solutions

Functional Capabilities/Resources

Services Grouped by Domain

Services Organized by Purpose and Type

Services Selected for Sharing, Aggregation or

Differentiation

Business Domain


SOA – Three Perspectives

InterestFocus

! Standards! Service Technology! Run-time Governance! Operational Policies

! Run-time deployment of Services and Resources

! Operational Infrastructure! Service Management

SOA is aDeployment Framework

! Enterprise Architecture Context! Architectural Constructs for SOA! Architectural Governance! Architectural and Design Policies

! Federated Service Architectures! Service Identification and

Specification! Service Lifecycle

SOA is anArchitectural Framework

! Strategy and Roadmap! Organization and culture! IT Process Governance! Provisioning and Sourcing Policies

! Business and IT Resource Optimization

! Business/IT Convergence! IT Process for SOA?! Provider/Consumer Supply Chain?

SOA is aManagement Framework


SOA Policy Areas

CertificationChange in state - Service lifecycleAsset

Provider/ConsumerIT/Business

Obligations between different partiesRelationship

PricingHow a Service is paid forCommercial

AuthenticationPermissionsSecurity

Run-time policies

How Services and associated resources are sourced

Flexibility

Use of architectural constructs in the SOA

SOA Delivery process

Determines/Governs

MonitoringSLA

Operational

ExampleType

Standardization/CommoditizationSourcing

Mediation

LayeringArchitecture / Design

RAEWFunding

Program/ Process


Layered Service Architecture

! Reasons for Layering! Higher degrees of reuse/sharing! Flexibility in assembly of Services at different layers! Functional standardization and commoditization in lower levels! Customization in higher layers! Separation of concerns! Determine policies by layer

! Policies Vary by Layer. E.g.! Different Sourcing permitted! Degree of Standardization/ Differentiation allowed

© 2006 CBDI Forum Ltd10 V1.0 0206

Service Classification - Layers

Process Services(orchestration layer)

Order FulfillmentService

Core Business Services

(“backbone” layer)

Underlying Services(that need a facade)

Stock Movements ServiceProductsService

Orders Service

Stock Management Service

Purchasing(from highly generic component)

Order System

Stock ControlApplication

Product DevSystem

Solution Layer(presentation

and dialog)

Utility Services(high reuse layer)CurrencyConversionServiceAddressReformatter

AccountsReceivableAPI(from legacy Accounting

System)

Stock ReorderingCustomers

Service

© 2006 CBDI Forum Ltd11 V1.0 0206

Basis for Single and Shared Service Policy





Utility Services(high reuse layer)

Exploit pre-existing functionality for wider reuseAggregate functionality from pre-existing Services and systems

The most widely reused Shared ServicesServices that perform widely used sub-routines, operations

Single Service provides consistent view of corporate data and business rulesProvides a 360° view of the resourceStores a record of each instance of each business type Applies common validation and business rules

Orchestrate operations from many core business operationsSupport process unique processingStore process level information

Solution Layer(presentation

and dialog)

Business Domain

© 2006 CBDI Forum Ltd12 V1.0 0206

Basis for Standardization and Customization Policy

Differentiated Services

Differentiated Service

Behavior

Business Solutions &Business Processes

Standardized Usage

DifferentiatedUsage

Standard Services

Commodity Services

CustomServices

Increasing Commoditization

Increasing Customization

Critical policy areaDetermines economics, flexibility, competitive differentiation and standardizationDetermines sets of standard services based on economics and feasibilityManage solution usage on basis of competitive differentiation

!Core/Context!Core/Non Core

Manage sourcing on basis of economics

© 2006 CBDI Forum Ltd13 V1.0 0206

Basis for Architecture and Design Rules





Utility Services(high reuse layer)

May call other Utility Services directly

Cyclic dependencies not normally permitted

May call Utility Services, but normally would not

May not call Core Business or Process Services

May call other Core Business, Underlying and Utility Services directly

Cyclic dependencies not permitted, except for call-back. May not call Process Services

May call Core Business & Utility services directly

May be called by apps that support other business processes

Dependencies allowedExample rules

© 2006 CBDI Forum Ltd14 V1.0 0206

Driving Service Architecture

Existing systems and databases

Analysis of Business DomainClassification into Layers

Business ProcessValue Chains

Service Identification

Business Type ModelsData-centricReuse analysis

Resource OptimizationSharing and ConsistencyStandardization/CommoditizationService Flexibility - Provider Agility

EnterpriseDomain

Domain Driven

Current Systems Analysis

Existing APIsIntegration

Existing SystemsApplication

System Driven

Process ModellingUse Case

Business OptimizationResource IntegrationProcess Agility

ProjectBusiness Process

Solution Driven

TechniquesFocusScope

Solution Model

Domain Model

Current Systems Model

Process Driven

Data Centric

Bottom Up

Order FulfillmentService

ProductsService

Orders Service

Process Services


Underlying Services

Utility Services Address Reformatting Service

AccountsReceivable API

© 2006 CBDI Forum Ltd15 V1.0 0206

Architecting for Agility

Pick Exterior Color

Standard GT Special

?Pick Interior Color

?

Pick Wheel Style

?

Base Product

Finished Product

Flexible Sourcing of Components

On Demand Assembly

Specialized Solutions

Commoditized Services

Planning and Design

Service Consumer

Service Provider

Service Provider

Applications

Business Services

Service Requestor

Applications

4

3

1

2

Management Service

Alternative Service or Provider

PolicyDriven

Process Service

Run-Time

PolicyDriven

© 2006 CBDI Forum Ltd16 V1.0 0206

The Service Life Cycle – Enabling Governance

Planned

Specified

Certified

Published

Operational

Retired

/prepare service specification and WSDLdemand for operations arises / …Being Provisioned

/handover tested service

/publicize service, catalog and subject to change control

Provisioned

/confirm service offers required quality

/deploy service

/withdraw obsolete service

/include proposed service in portfolio plan

Archived /archive service artifacts

Activity

State (post)

State (pre)

Policy Driven

Compliance Check

Lifecycle Governance over state change

© 2006 CBDI Forum Ltd17 V1.0 0206

Service Lifecycle Challenges

Planned

Specified

Certified

Published

Operational

Retired

BeingProvisioned

Provisioned

Archived

IDE, ESB

Service & Systems

Management

Registry

Requirements Management

Con

figur

atio

n &

Ass

et M

anag

emen

t

Pol

icy

Man

agem

ent

Service is defined in many different toolsHow is consistency maintained?How is the compliance with the specification checked?

Changing State may mean" Moving from tool to tool" Changing Level of Abstraction

Policies

How can Policies be applied across different tools?Policies may be tool specific, with tool specific definitionsHow is compliance checked?

OMG UML 2 –Models used to document service and the SOA

OMG RAS –Reusable Asset Specification

Standards that may help share Service artefacts or information across the lifecycle

WS-protocols –even if the Service is not a WSUse of WS-Policy

© 2006 CBDI Forum Ltd18 V1.0 0206

Need for Richer Service Specifications

! Operation signatures do not explain enough! WSDL is not good at explaining service behavior

! CBDI Service Description (primarily used in Planning)! Lightweight – not a specification! Described in business, not technical terms

! CBDI Rich Service Specification1. Interface Definition (signatures of all the operations)2. Behaviour Definition (without pre-empting how

implemented) e.g. pre-post condition pairs3. Service Information model4. Mandatory Message Sequences5. Properties and Features6. Quality of Standards Compliance

Non-functionalSpecification

FunctionalSpecification

© 2006 CBDI Forum Ltd19 V1.0 0206

Role of Registry in the Service Lifecycle

Staging Registry

Service Provision

Publish

Discover Consume

Version

Service Consumption

OperateDeploy

Specify

Certify

Plan

Production Registry

Service Management

Publish planned Services

Certify in Approval Process

Register Versions and Redirect

Publish Via Staging Registry

Dynamic Run-time Discovery

Feedback QoS

Asset Management Tools

Developer Tools


Developer Tools

Discover Services

Registry becomes “System of Record” for Service Lifecycle

© 2006 CBDI Forum Ltd20 V1.0 0206

Service Provision Asset Management Tools

Developer Tools

Service Consumption

Policy Compliance Points

SM/ESB

Publish

DiscoverConsume

Operate

Specify

Certify

RegistrySM/ESB

Validate Run-time ComplianceValidate SLA

Validate Service Design

Validate ServiceValidate Specification

Validate Consumer

Validate Provider

Validate Service

Validate Service Consumption

Validate Run-time ComplianceValidate SLA


Developer Tools

© 2006 CBDI Forum Ltd21 V1.0 0206

Sample Governance Compliance Checks

Proper assignment to layer, compliance with dependency policiesArchitecture

Inspect endpoint references against known and approved providers. For exampleApproved Provider

Ensure that only Services published in catalog are consumed. For exampleService Consumption

Monitor compliance with SLA policiesSLA definitions and hence compliance checks are likely be proprietary to the WSM/SOAM/ESB product

SLA

Inspect Service Requests and Responses to ensure business rule compliance, and/or transform Service Requests and Responses based on business rulesBusiness Rules Engine defines compliance testsWSM/SOAM/ESB can enforce business-based mediation rules (routing, transformation, etc)

Business Policy Compliance

Inspect Service Requests and Responses to ensure regulatory compliance, and auditing requirements. Use WSM/SOAM/ESBTypically user defined. Some products may have pre-defined templates.

Regulatory or Auditing Compliance

Completeness of specification according to user defined methodologyService Specification

User defined methodology conformance to best practices. Design Policies

Validate classification of Services. Registries provide classification mechanismsClassification

Validate XML Schemas, validate that Services use the correct schemaSchema

Enforce and validate Security policiesWS-Security

Check compliance with WS-I profiles to ensure interoperabilityWS-I profile

Enforce and Validate usage of various WS protocols.Products may ship with ready made profiles for WS-I, WSDL, WS-SecurityEnsure that consumed Services comply with policies for usage of various WS protocols.

WS-Protocol

Type of Check and Standards RelevanceCompliance Check

© 2006 CBDI Forum Ltd22 V1.0 0206

Relationship Governance

Service Provider/ Supplier

Service Consumer

IT Business

Enterprise ProjectShared capability

ROI

QoS/SLACapability

Payment

Requirement

Usage

SOA Architect Developer

Frameworks“Style Guide”

Compliance

! Use policies as a way of managing relationships

! Compliance works both ways and places obligations on both parties

© 2006 CBDI Forum Ltd23 V1.0 0206

SERVICE PORTFOLIO PLANNING

SERVICE PROVISIONING

BUSINESS MODELING

SOLUTION DELIVERY

BUSINESS PROCESS DESIGN

Capabilities

Required Services

Operational Services

Business Process Model

Planned Service Descriptions Service policies

Business OntologyBusiness Type model

Business policies

Value Chains

Service Engineering Process Context

Define Policies

Identify Services

Describe Services

Publicize Portfolio Plan

Specify a Service

Acquire the Service

Certify, Deploy Service

Publish Service in Catalog

Model Business Process

Design Software Solution

Request Services and Operations

Construct Software Solution

Test Software Solution

Define business capabilities

Define business relationships

Define business policy

Model Business Semantics

Model Business Capability

Model Value Chains

© 2006 CBDI Forum Ltd24 V1.0 0206

SPP Policies

! Service View policies govern portfolio content Service identification and classification:! Service Layering rules ! Service Dependency Rules ! Standardization and customization! Sourcing! Target consumers, QoS! . . .

! Implementation View policies govern mapping to automation to automation units:! Sourcing! Component selection and or design criteria! Integration

! Deployment View policies govern allocation of automation units to technical infrastructure:! Performance, Security

© 2006 CBDI Forum Ltd25 V1.0 0206

Conclusions

! SOA Policies fall into many areas! Process! Architecture! Operational! Relationships

! Layered Service Architecture drives much policy thinking! Service lifecycle provides a framework for managing compliance

governance

! Policies must be flexible! Know when to enforce, and when to allow optionality! Many policies must be checked by hand – don’t over burden the

organization with bureaucracy

© 2006 CBDI Forum Ltd26 V1.0 0206

Relevant CBDI Reports

! Practical Service Specification and Design - a five part series commencing with:http://www.cbdiforum.com/secure/interact/2005-03/Practical_Service_Spec.php

! Service Portfolio Planning Revisitedhttp://www.cbdiforum.com/secure/interact/2005-09/Service_Portfolio_Planning_Revisited.php

! Improving SOA Governance with the Systinet Business Services Registryhttp://www.cbdiforum.com/secure/interact/2005-04/Improving_SOA_Gove_Systinet_Business_Registry.php

! Software Development Asset Management with LogicLibrary Logidexhttp://www.cbdiforum.com/secure/interact/2005-06/Software_Dev_Asset_Man_LogicLibrary_Logidex.php

! The Service Lifecycle! http://www.cbdiforum.com/secure/interact/2005-

11/the_service_lifecycle.php! SOA Governance in the Life Cycle

! http://www.cbdiforum.com/secure/interact/2005-11/SOA_Governance_in_life_cycle.php

© 2006 CBDI Forum Ltd27 V1.0 0206

Independent Insight for Service Oriented Practice

! Monthly CBDI Journal! Best Practice Series e.g.

! Practical Service Identification and Specification

! Enterprise SOA! Developing the Architectural

Framework for SOA! Service Oriented Business Series e.g.

! Telco! Insurance! Pharmaceutical! Automotive

! Market Trends e.g.! Service Management! ESB

! 15,000+ subscribers worldwide! Architects, Business Analysts, CIOs,

CTOs, Product Managers,

! Some Free Resources! SOA and Web Service Roadmap

! http://roadmap.cbdiforum.com/! SOA Fundamentals

! http://roadmap.cbdiforum.com/reports/fundamentals/

! Consulting and Education! SOA Roadmap Planning! Service Portfolio Planning! Business Requirements for SOA! Technology Infrastructure for SOA! http://www.cbdiforum.com/public/ente

rprise_services/educational_services.php

www.cbdiforum.com

policy driven practices for soa - · pdf fileindependent insight for service oriented...

Documents