Many large organizations are reducing costs, improving agility and reducing risk with enterprise SOA programs. In order for SOA initiatives to succeed they need to follow sound Enterprise Architecture practices. Companies realizing the most success are those that have built an Integrated SOA Governance infrastructure that governs a wide range of assets and artifacts through their entire lifecycle.
Integrated SOA Governance helps enterprises:
- Ensure that services they identify, design and build are relevant and consumable across all distributed and mainframe platforms like Microsoft, SAP and IBM.
- Make services they expose from applications running on any platform visible to and compliant with enterprise policies defined, enforced and audited across other platforms
- Promote, ensure and formalize consistent alignment between demand from service consumers and the supply of services through Consumer Contract Provisioning.
In a nutshell SOA Governance is about making sure that the enterprise builds the right things, builds them right, and makes sure that what it has built is behaving right. This breaks down into distinct areas; Planning Governance is about making sure that you are building the right things, Development Governance is about making sure you’re building them right, and Operational Governance is about ensuring that what you’ve built is behaving right.
Integrated SOA governance ensures the applicability, integrity and usability of a wide range of assets through all their lifecycle stages from asset identification through deprecation. The full lifecycle is split into planning governance, lifecycle governance, and operational governance, with a cross-cutting policy governance theme.
Integrated SOA Governance promotes the core SOA governance best practices of:
- Governance Automation - lifecycle management workflow to implement building permit process, integrated provisioning and lifecycle management, and inter-departmental contract management and negotiation
- Uniform Policy Management - uniform lifecycle and policy governance across existing platform investments
- Meta-data Federation - seamless, heterogeneous SOA Governance, security and management integration with no requirement to introduce additional platforms to support the required architecture
- Service Virtualization - performance and reliability, standards support for governance automation (UDDIv3, WS-MEX), standards-based closed-loop governance system
- Trust and Management Mediation - Interoperability across disparate partners and platforms, trust enablement and trust mediation complementing threat prevention systems
- Continuous Compliance and Validation - consistent policy implementation and enforcement across all stages of the lifecycle, preserving the fidelity of the governance models, structures and mechanisms
- Change Impact Mitigation - provides change management and impact analysis processes integrated with the governance workflow to ensure that changes to services or other assets don’t cause major outages
- Consumer Contract Provisioning - provides offer, request, negotiation and approval workflows for service access, capacity, SLA and policy contracts
Leading industry analysts like Gartner recognize the importance of deep integration between the different governance solutions and tools to provide a comprehensive integrated SOA governance solution.
Policy Manager and Repository Manager provide a comprehensive registry/repository solution for SOA asset lifecycle management. Using this solution architects, developers, security administrators, and operations managers can define and govern policies that are applied to services throughout the appropriate stages of their lifecycle. These policies are automatically implemented and enforced by SOA Software’s industry-leading Service Manager, and other standards-based SOA runtime products. Service Manager generates usage, performance and policy compliance metrics that it delivers back to Policy Manager so that it can audit that its policies are being enforced in a closed-loop process.
The alternative to a closed-loop solution is a set of stand-alone applications for governance, management and security. These solutions may offer loose integration, but we have yet to identify a single organization that has successfully integrated stand-alone solutions in a production environment.
On one hand, stand-alone run-time solutions don’t deliver higher value design-time, or governance capabilities. They require central policy management, don’t offer developer or architect services, and have no understanding of the relationship between a provider and a consumer.
On the other hand, design-time, and governance solutions can only deliver value when they are built on a runtime foundation. They require a run-time solution to enforce policies; they need the run-time to provide statistics and metrics for demand, capacity, and value monitoring; and they also need the run-time to provide an audit trail to ensure that messages comply with defined policies.