Friday, July 25, 2008

SOA Governance - Introduction

This post summarizes the white paper 'SOA Governance - Introduction' by WebLayers.

Service-oriented architectures (SOAs) promise unlimited agility and organizational flexibility with a new layer of Services that need to be carefully created and managed.

These services are standards-based, reusable, platform independent, and easy to integrate.

The promised benefits of SOA for business include

1. A substantial IT cost reduction,
2. Faster delivery on business requirements
3. Effective introduction of new and competitive business models.

In moving towards SOA, companies want to

1. Ensure continuity of business operations
2. Manage security exposure
3. Align technology implementation with business requirements
4. Manage liabilities and dependencies
5. Reduce the cost of operations

In other words, SOA is about facilitating change, about gaining and leveraging agility for competitive advantage and SOA governance is about managing change to maintain that agility and to ensure that it consistently serves business objectives and delivers return on investment (ROI).

Another way to define SOA governance is, it is the ability to ensure that all of the independent efforts (whether in the design, development, deployment, or operations of a Service) come together to meet the enterprise SOA requirements.

The failure to govern the evolving SOA can result in millions of dollars in costly service redesigns, maintenance, and project delays

Gartner, Inc says, in 2006, enterprises worldwide have spent nearly $3billion on failed and redesigned Web services projects because of poorly implemented service-oriented architectures.

Further, SOA requires a major shift in the way software is developed and deployed within enterprises. Companies will have to move from the “Develop Now, Integrate Later” view to a “Develop for Integration” paradigm. The new paradigm, technologies, and standards created to support this shift require companies to implement their SOA in a well planned, well coordinated, and effectively managed way – which raises the requirement of SOA Governance.

Following elements are required to achieve SOA Governance:

1. Enterprise SOA Policies
2. Auditing & Conformance
3. Management: Track, Review & Improve
4. Integration

Policies set the goals that you use to direct and measure success.

E.g.:

- Customer name and contact information may not be transmitted as clear text
- Each message must carry information to uniquely identify the message source, destination, timestamp, and transaction ID, to meet mandatory archiving requirements
- Messages must contain an authorization token
- Password element lengths must be at least 6 characters long and contain both numbers and letters
- Every operation message must be uniquely identified and digitally signed
- Do not use RPC Encoded web service operations
- Do not use Solicit-Response style of operations
- Do not use XML ‘anyAttribute’ wildcards

Policies should not be left to documentation. Policies should be an active part of the operations of companies. Following the policy definition stage, policies should be put to work to detect, analyze, and audit compliance.

0 comments: