closed loop governance

Copyright © 2006 SOA Software, Inc. All Rights Reserved. All content subject to confidentiality agreement between SOA Software and Customer.

Closed Loop Governance

The State of the Art for SOA Infrastructure

April 21, 2023 Copyright © 2006 SOA Software, Inc. All Rights Reserved. All content subject to confidentiality agreement between SOA Software and Customer.

Slide 2

SOA Defined

WikipediaIII defines SOA as follows:

In computing, the term Service-Oriented Architecture (SOA [pronounced "es-ō-ā"]) expresses a perspective of software architecture that defines the use of services to support the requirements of software users. In an SOA environment, resources on a network[1] are made available as independent services that can be accessed without knowledge of their underlying platform implementation[1]

Service Oriented Architecture was first proposed by Gartner analysts Roy W. Schulte and Yefim V. Natis. They specified SOA as "a style of multitier computing that helps organizations share logic and data among multiple applications and usage modes." [2]

SOA is usually based on Web services standards (e.g., using SOAP or REST) that have gained broad industry acceptance. These standards (also referred to as Web service specifications) also provide greater interoperability and some protection from lock-in to proprietary vendor software. However, one can implement SOA using any service-based technology.


Slide 3

SOA Goals

• Reduce cost through reuse– Build applications faster – Use existing business logic rather than rewriting each time– Minimize cost of maintenance and upgrade by allowing incremental updates

• Increase agility to better align IT and the Business– Allow rapid change through business process management and composition tools– Allow incremental updates to enterprise applications– Minimize change cycles with business granular interfaces

• Reduce the risk, fragility and complexity of integration by improving interoperability through standards

– Reduce investment in and risk of brittle proprietary integration techniques and technologies

– Reduce frequency of data error caused by duplication


Slide 4

SOA Challenges

• End-to-end security - trust and protect the privacy of message senders, receivers, and content

• Identify, manage, and repair exceptions as they occur• Reliability and performance of a distributed set of services and consumers• Interoperability between different platforms and technologies• Decoupling of services and consumers• Measure and prove the business value of SOA to offset cost concerns• Control of (govern) the proliferation of duplicate or otherwise unnecessary services• Facilitate the identification of appropriate services by potential users to reduce

initial development cost• Manage the lifecycle of services to minimize the cost and risk of ongoing

maintenance and change• Simplify the actual USE of appropriate services (decoupling location, transport,

policy, standards, messaging styles)


Slide 5

The SOA Platform


Slide 6

Step 1 - Create/Expose Services

• SOA requires services– SOAP, REST, RSS, Atom, POX

• New development– Java, .NET, Ajax, etc

• Legacy services– CICS, IMS, etc

• Packaged apps– Oracle, SAP, Microsoft

• Integration– EAI, EII, ESB

• Business Process– BPM, BI

• Partners– EDI

• Service Granularity is key


Slide 7

Step 2 - Register Services

• Build a catalog of services• Make it easy for potential users to find

services• Control (govern) the proliferation of

services• Provide for dynamic discovery of

service location and other metadata

• It is hard to separate the role of registry and repository from SOA governance


Slide 8

Step 3 - Secure Services

• Ensure the security of services– Authentication

• SAML• Kerberos• X.509• Basic Auth• https

– Authorization– Privacy (XML-Encryption)– Non-repudiation (XML-Signature)– Audit

• Ensure that consumers can comply with required security policies


Slide 9

Step 4 - Manage Services

• Ensure the performance and reliablity of services

– Monitoring– Real-time charts– SLA– Routing

• Content• Itinerary• SLA• Identity

– Alert and Exception Management– Root cause analysts


Slide 10

Step 5 – Virtualize/Mediate Services

• Virtualize services– Policy variance– Composite services– HA/LB– Versioning

• Mediation– Transport (e.g. http to JMS)– Message pattern (e.g. REST to SOAP,

SOAP to POX, etc)– Synchronicity model (e.g. async to sync)– Reliability (e.g. WS-RM to MQ)– Standards (e.g. WS-S to WS-S)– Token (e.g. MS Kerberos to SAML)– Version


Slide 11

Step 6 – SOA Governance

• Governance is about “encouraging desired behavior”

– Measure and prove the business value of SOA to offset cost concerns

– Control of (govern) the proliferation of duplicate or otherwise unnecessary services

– Facilitate the identification of appropriate services by potential users to reduce initial development cost

– Manage the lifecycle of services to minimize the cost and risk of ongoing maintenance and change

– Simplify the actual USE of appropriate services (decoupling location, transport, policy, standards, messaging styles)


Slide 12

Step 7 – Integrate Services (ESB)

• ESB is an integration centric service container

• ESB consists of– Messaging middleware– Service Orchestration– Adapters

• Most companies will have multiple ESBs

– Microsoft– SAP– Oracle– IBM– BEA

• The ESBs provide service containers and consumers that need to participate in an enterprise SOA Infrastructure


Slide 13

Comprehensive SOA Infrastructure

• SOA Infrastructure provides core infrastructure services to the SOA and XML applications and messaging layer

• Service providers, consumers, enterprise service bus platforms along with other service proxies, leverage these infrastructure services either directly, or via delegates and agents

• Infrastructure services include:– Management Application

• Implements management standards like WS-DM to provide central performance and health monitoring and reporting capabilities

– Security Service• Implements standards like WS-Trust

and XACML as well as common PKI features

– Registry• UDDI services for core service

discovery

– Metadata Repository• Serves policies, WSDLs, Schema,

virtual service definitions and many other key meta-data items


Slide 14

SOA Infrastructure Solutions

• SOA Infrastructure includes Governance, Management and Security linked together through SOA Policy Management

• Governance offers no value without a runtime solution to enforce policies and feed back metrics and compliance data

• Runtime solutions (security and management) offer minimal value without central policy control and value-added service governance capabilities


Slide 15

SOA Governance Concepts

• Governance is about encouraging desired behavior– Stick – policy enforcement– Carrot – tools and capabilities

• Stick– Enforce lifecycle policies– Approval workflows– Measurement and monitoring

• Carrot– Collaboration– Social networking for SOA– Demand side provisioning (avoid empty registry syndrome by providing a mechanism for

capturing requirements early in the process)


Slide 16

Early Lifecycle Governance Capabilities

• Demand-side provisioning– Consumers specify service and policy definitions to meet their needs– Development organization evaluate the merit of consumer submissions and bid to create

appropriate services– Allows IT to respond quickly to changing business requirements

• Contextual collaboration– Discussion and message forums in the context of managed assets (services, policies,

contracts, schema, etc)– Make it easy for users to get answers to any questions they may have about the assets

and processes– Enable early stage governance of the SDLC without onerous process controls

overwhelming the participants

• Active contracts– Define and manage the relationship between consumer and provider– Negotiation workflow

• SLA• Policy• Service Definition

– SDLC Integrated– Runtime enforcement, monitoring and reporting– Mediation


Slide 17

Closed-loop vs Broken-loop

• Integrated (closed-loop) solutions are best-of-breed

• There are no examples of integrated standalone solutions in production

• Closed-loop governance is the state of the art in large enterprises like Pfizer, Citigroup, Merrill Lynch, Verizon, Ingram Micro and others


Slide 18

Vendor Solutions

closed loop governance

Documents