soa governance best practices management of enterprise
DESCRIPTION
TRANSCRIPT
SOA Governance Best Practices
Management of Enterprise Architectures
April, 2007
Scott MurrayBridle Park Consulting
46 Bridle Park DriveKanata, ON, K2M 2E2
(613) [email protected]
Bridle Park Consulting SOA Governance Best Practices – April 2007
ObjectiveObjective
1. Provide informational briefing on Governance Best Practices for Service Oriented Architecture (SOA) solutions.
Primarily based upon: • Research into public information from
Gartner, IBM, WebLayers, TIBCO, ZapThink and other organizations; and
• Experience with & input from TBS-CIOB.
Bridle Park Consulting SOA Governance Best Practices – April 2007
AgendaAgenda
1. Why should I care about SOA Governance?
2. The Government of Canada Service Oriented Architecture (GC SOA).
3. Why is SOA Governance different?
4. What do we mean by Governance?
5. Alternative Governance Styles.
6. SOA Governance Best Practices.
Bridle Park Consulting SOA Governance Best Practices – April 2007
Why should I care about SOA?Why should I care about SOA?Because SOA is coming from so many places, SOA is happening to everyone!Business Application Developers.
SAP, Oracle, Microsoft are all developing business applications as services & SOA.
Integration Middleware Developers. All major infrastructure vendors deliver their products as SOA.
Application Developers. Developing services, components & composite applications.
G2G & G2C interactions. Increasing value (and demand!) for delivering services.
Everybody Else. Consumer centric applications enable anyone to create/deliver services.
Bridle Park Consulting SOA Governance Best Practices – April 2007
Why use SOA?Why use SOA?
Source: GCR – 2006 study of over 150 large organizations with, at least,a SOA pilot underway
The Primary Business Drivers for SOA
IT Cost Savings
Customer ServiceImprovements
Faster time to Market
Information Visibility
New Products / Services
Regulatory Compliance
New Channels
Mergers & Acquisitions
Major CompetitorHas SOA Initiative
30%
23%
21%
6%
6%
5%
5%
4%
1%
The Expected Business Impact
65%
56%
53%
48%
36%
32%
25%
16%
75%
Business Agility
Bridle Park Consulting SOA Governance Best Practices – April 2007
The Government of Canada SOAThe Government of Canada SOA
TBS – CIOB has developed the GC SOA. This provides an architectural framework to address business,
information and technology design. It includes specific guidance and flavouring as appropriate to
the Canadian federal government.
The GC SOA is an enabler to creating integrated business processes that utilize both ERP and non-ERP solutions / services.
The key to the GC SOA is establishing discrete, re-usable services that can be quickly and effectively packaged to deliver new government business capabilities.
Bridle Park Consulting SOA Governance Best Practices – April 2007
GC Service Oriented ArchitectureGC Service Oriented Architecture
Context – Business Program Design
RecruitmentApplication
Personnel MgmtApplication
Application MgmtApplication
BusinessSolution(Application)Architecture
ArchitectedSolutions(Applications)
Hardware / Software Environment
LegacyApplication
Product
LegacyApplication
Product
LegacyApplication
Product
Technology ComponentArchitecture
GeneralizedComponents
InfrastructureServices
ServiceExchangeArchitecture
AutomatedBusinessServices
B C D EA F
Bridle Park Consulting SOA Governance Best Practices – April 2007
On-boarding a new GC employeeOn-boarding a new GC employee
GC On-boarding Program
RecruitmentApplication
Personnel MgmtApplication
Applicant MgmtApplication
GC Hardware / Software Environment
OtherApplication(s)
Product
SAP FinanceApplication
Product
PSFT HRMSApplication
Product
B C D EA F
Scenario: Collect and enter employee data, set up employee in systems, establish employee access and assets, hold employee start date / orientation.
Bridle Park Consulting SOA Governance Best Practices – April 2007
On-boarding a new GC employeeOn-boarding a new GC employee
GC On-boarding Program
PayrollApplication
FinancialApplication
AdministrationApplications
GC Hardware / Software Environment
OtherApplication(s)
Product
SAP FinanceApplication
Product
PSFT HRMSApplication
Product
B C D EA F
Scenario: Collect and enter employee data, set up employee in systems, establish employee access and assets, hold employee start date / orientation.
Bridle Park Consulting SOA Governance Best Practices – April 2007
On-boarding a new GC employeeOn-boarding a new GC employee
GC On-boarding Program
Security MgmtApplication
FinancialApplication
Facility MgmtApplication
GC Hardware / Software Environment
OtherApplication(s)
Product
SAP FinanceApplication
Product
PSFT HRMSApplication
Product
B C D EA F
Scenario: Collect and enter employee data, set up employee in systems, establish employee access and assets, hold employee start date / orientation.
Bridle Park Consulting SOA Governance Best Practices – April 2007
On-boarding a new GC employeeOn-boarding a new GC employee
GC On-boarding Program
Personnel MgmtApplication
Pension AdminApplication
TrainingApplication
GC Hardware / Software Environment
OtherApplication(s)
Product
SAP FinanceApplication
Product
PSFT HRMSApplication
Product
B C D EA F
Other Env.
OtherApplication(s)
Product
GC Business Program B
OutsourcedApplication
2 3 4 51 6
Scenario: Collect and enter employee data, set up employee in systems, establish employee access and assets, hold employee start date / orientation.
Bridle Park Consulting SOA Governance Best Practices – April 2007
The Key to Delivering SOA: GovernanceThe Key to Delivering SOA: Governance
Gartner Group: A well thought out SOA framework will increase the chance of successful SOA implementation. Key ingredients are the service registry and the concept of policy enforcement. SOA Registries, Policy enforcement bolster SOA Governance and Consumption
Computer Weekly: “The main reason that SOA projects fail is because there is a lack of governance. (It) isn’t an option, it’s an imperative” said Paola Malinverno, VP research Gartner
SOA will fail without governance warns Gartner
ZapThink: Governance is no longer an option for those seriously pursuing SOA.
The State of Worldwide SOA Adoption
Redmonk: “Without solid architecture and governance in place, SOA is basically a waste of time” James Governor, Principal Analyst,
Bridle Park Consulting SOA Governance Best Practices – April 2007
Operational program
B C D EA F
Human Capital Management program
2 3 4 51 6
SOA Governance Requirements are SOA Governance Requirements are DifferentDifferent
Personnel AdminApplication
Workforce MgmtApplication
TrainingApplication
GC Hardware / Software Environment
ProcurementApplication
Product
SAP FinanceApplication
Product
PSFT HRMSApplication
Product
Matrix, rather than monolithic, business solutions.
Bridle Park Consulting SOA Governance Best Practices – April 2007
Operational program
B C D EA F
Human Capital Management program
2 3 4 51 6
SOA Governance Requirements are SOA Governance Requirements are DifferentDifferent
Personnel AdminApplication
Workforce MgmtApplication
TrainingApplication
GC Hardware / Software Environment
ProcurementApplication
Product
SAP FinanceApplication
Product
PSFT HRMSApplication
Product
Service-usage (and service design!) cross program / organizational boundaries.
Bridle Park Consulting SOA Governance Best Practices – April 2007
Operational program
B C D EA F
Human Capital Management program
2 3 4 51 6
SOA Governance Requirements are SOA Governance Requirements are DifferentDifferent
Personnel AdminApplication
Workforce MgmtApplication
TrainingApplication
GC Hardware / Software Environment
ProcurementApplication
Product
SAP FinanceApplication
Product
PSFT HRMSApplication
Product
Other Env.
OtherApplication(s)
Product
New Program
NewApplication
2 3 4 51 6
Who pays to support & run newly reused services?.
Bridle Park Consulting SOA Governance Best Practices – April 2007
What is Governance?What is Governance?
Wikipedia definition:
Corporate governance is the set of processes, customs, policies, laws and institutions affecting the way a corporation is directed, administered or controlled. Corporate governance also includes the relationships among the many players involved (the stakeholders) and the goals for which the corporation is governed.
Governance has a value focus:
Good corporate governance is the use and management of an organization’s resources, in order to promote and enforce their use for targeted benefit.
Bridle Park Consulting SOA Governance Best Practices – April 2007
Where does SOA Governance Fit?Where does SOA Governance Fit?
Business strategies, goals, objectives & policies
Corporate
Governance
Information
Technology
Governance Procedures that enforce Corporate-level IT Policies.
Architectural principles and standards to enable business & IT goals.
SOA
Governance
Enforcement of SOA principles and standards throughout the lifecycle of a service.
Enterprise
Governance
Enterprise
Information
Technology
Governance
Enterprise
SOA
Governance
Bridle Park Consulting SOA Governance Best Practices – April 2007
What Does SOA Governance Entail?What Does SOA Governance Entail?
The Mechanics SOA Governance organization. SOA Governance processes. SOA Communications & Tools.
The Foundation High level principles regarding how SOA is to be used in the
organization. SOA investment priorities. SOA reference architecture & roadmap. SOA service portfolio.
Bridle Park Consulting SOA Governance Best Practices – April 2007
Note: Some governance styles inspired by Tom Davenport, Information Ecology. Oxford University Press, 1997.
BU Leaders or Key
Process Owners
Cen
tralize
dM
ore
Less
CxOLevel Execs
Corporate IT
and/orBU IT
A group of, or individual, business executives (i.e., CxOs). Includes committees comprised of senior business executives (may include CIO). Excludes IT executives acting independently.
Business Monarchy
Individuals or groups of IT executives
ITMonarchy
Business unit leaders, key process owners or their delegatesFeudal
Each individual userAnarchy
IT executives and one other group (e.g., CxOs or BU leaders)
IT / Bus. Duopoly
Shared by C level executives and the business groups (i.e., CxOs and BU leaders) — may also include IT executives. Equivalent of the centre and states working together.
Federal
Decision rights or inputs to decisions are held by:
Alternative Governance StylesAlternative Governance Styles
Bridle Park Consulting SOA Governance Best Practices – April 2007
SOA Governance Best PracticesSOA Governance Best Practices
Bridle Park Consulting SOA Governance Best Practices – April 2007
1. Have a Governor1. Have a Governor
It’s good to have a benevolent dictator! ….or at least a community-approved arbitrator.
Having a Senior Executive “Governor” provides: Legitimacy to the SOA initiative and it’s governance processes; and The ability to quickly address difficulties & decisions amongst teams.
Typical Governor tasks can include: Prioritizing targeted benefits; Establishing clear boundaries; Addressing core governance processes; Help with business buy-in and culture shock; and Establishing an operational / project oversight committee to ensure that things move
smoothly.
Bridle Park Consulting SOA Governance Best Practices – April 2007
2. Establish Boundaries2. Establish Boundaries
Situation: A service is built by Group A and now five other Groups want to use it as well. Who is responsible for adding the new horsepower needed to support the users
outside of Group A?
There is a need to identify who is responsible for: Building, operating and maintaining services that are used on a cross-organizational
basis. Where the funding comes from. The architecture upon which it is based.
Part of the solution may be to establish a central common services group.
This needs to be decided upon early in the process.
Bridle Park Consulting SOA Governance Best Practices – April 2007
3. Create an Oversight Committee3. Create an Oversight Committee
Another early requirement.
Oversight Committee members: Represent their own organizations; and Can take on an enterprise-wide view of the SOA initiative.
It can be useful to have members from groups whose responsibility spans multiple business / IT silos.
Typical Oversight Committee tasks can include: Ensure that the goals of the overall enterprise are targeted; and Ensure that the matrixed individual entities involved in the SOA solution are able to communicate
with each other. Assist in the establishment, publishing and tracking of metrics
Needs to have the “teeth” to stop projects that are not compliant.
Bridle Park Consulting SOA Governance Best Practices – April 2007
4. Govern the Architecture4. Govern the Architecture
Another early requirement. Ensures that the SOA solution evolves by design and not by accident.
Utilize both a top down & bottom-up design approach.
Architecture tasks can include: Establishing technology standards. Defining the high-level SOA architecture and
topology. Determining the SOA platform strategy and making
decisions about particular vendor products and technologies.
Specifying the management, operations, and quality-of-service—security, reliability, and availability—characteristics of the SOA
Establishing criteria for SOA project design reviews.
Business Program
RecruitmentApplication
Personnel MgmtApplication
Application MgmtApplication
Hardware / Software Environment
LegacyApplication
Product
LegacyApplication
Product
LegacyApplication
Product
B C D EA F
Bridle Park Consulting SOA Governance Best Practices – April 2007
5. Use Multiple Governance Patterns5. Use Multiple Governance Patterns
Publishing Pattern: Have established governance policies and standards They are of no value if no-one knows about them. Publish them and have then readily available.
Checkpoint Pattern: Establish checkpoints in key processes (e.g., funding a project, moving from design to
production, retiring a service, etc.). Establish them early and, initially, keep them simple; increase checkpoint
sophistication as needed.
Scoreboard Pattern: Most often missed governance pattern. Establish metrics, make them publicly available and update them on a regular basis. Sample metrics: what services exist, which are being used by whom, levels of reuse,
performance, policy conformance, etc.
Bridle Park Consulting SOA Governance Best Practices – April 2007
Governor
Oversight Committee
SOA SteeringBoard
Infrastructure ServiceGroup
Business SharedServices Group
Project Team(s)
ArchitectureGroup
Ensures that services being built comply with established architectural standards.
Develops SOA architectural standards and policies.
Manages the reference architecture. Develops & delivers non-business
specific infrastructure services that can be shared.
Develops & delivers shared business services.
Assembles and delivers SOA based business solutions.
Includes project management & business transformation specialists
Technical service review to ensure / monitor compliance with established principles and policies.
6. Establish SOA Roles6. Establish SOA Roles
Bridle Park Consulting SOA Governance Best Practices – April 2007
7. Govern the Complete SOA Lifecycle7. Govern the Complete SOA Lifecycle
SOA GovernanceLife-Cycle
ServiceUse
ServiceDeployment
ServiceOperation
ServiceCreation
ServiceManagement
ProcessModeling
RequirementsIdentification
ServiceModeling
Align efforts to address both Business & IT needs.
Administrator
Service Consumer
Administrator
Administrator Developer
All
Architect
Architect
Identify Owners, authority levels & responsibilities.
Establish Checkpoints between steps.
Bridle Park Consulting SOA Governance Best Practices – April 2007
SOA Design Time ConsiderationsSOA Design Time Considerations
SOA GovernanceLife-Cycle
ServiceUse
ServiceDeployment
ServiceOperation
ServiceCreation
ServiceManagement
ProcessModeling
RequirementsIdentification
ServiceModeling
Identifying which services to build against the backlog of business requirements.
Determining the fitness of a service as an GC-class asset.
Ensuring the strategic design of business services.
Promoting (enforcing) re-use of existing services.
Validating conformance to established design patterns and other corporate standards and practices.
Establishing the governance standards to which different categories of services will be held.
Bridle Park Consulting SOA Governance Best Practices – April 2007
SOA Run Time ConsiderationsSOA Run Time Considerations
SOA GovernanceLife-Cycle
ServiceUse
ServiceDeployment
ServiceOperation
ServiceCreation
ServiceManagement
ProcessModeling
RequirementsIdentification
ServiceModeling
Checking a service against a set of rules before it is deployed into production.
Securing services so that they are accessible only to authorized consumers.
Validating that services operate in compliance with prescribed corporate standards.
Service-level monitoring and reporting.
Ensuring that Corporate and IT policies are being enforced.
Bridle Park Consulting SOA Governance Best Practices – April 2007
8. Govern Service Evolution8. Govern Service Evolution
SOA GovernanceLife-Cycle
ServiceUse
ServiceDeployment
ServiceOperation
ServiceCreation
ServiceManagement
ProcessModeling
RequirementsIdentification
ServiceModeling
The only constant is change!
Need to maintain close Business and IT relationship.
Understand inter-service relationships and dependencies
Perform impact analysis to determine the implications of changing a particular service within the run-time environment
Manage the rollout of services into the existing run-time environment
Manage service custody transfers through the design, creation, and deployment stages
Manage changes to existing policies and service level agreements.
NewRequirements
Bridle Park Consulting SOA Governance Best Practices – April 2007
Governance Best PracticesGovernance Best Practices
1. Have a Governor.
2. Establish Boundaries.
3. Create an Oversight Committee.
4. Govern the Architecture.
5. Use Multiple Governance Patterns.
6. Establish SOA Roles.
7. Govern the Complete SOA Lifecycle.
8. Govern Service Evolution.
Bridle Park Consulting SOA Governance Best Practices – April 2007
SOA Governance Best Practices
Thank You.
Scott MurrayBridle Park Consulting
46 Bridle Park DriveKanata, ON, K2M 2E2
(613) [email protected]