Few would argue that SOA is inevitable and has become a strategic imperative for organizations today. Those without a strategy for SOA risk being outpaced and outperformed by competitors who are better equipped to serve customers, seize opportunities and respond to change.
| print comment
SOA governance is about managing the quality, consistency, predictability, change and interdependencies of services. It's about blending the flexibility of service orientation with the control of traditional IT architectures. Roman Stanek is founder and VP products at Systinet, a Mercury Division. Learn more about governance and related SOA success factors from Systinet's series of archived webcasts.
Glossary terms: governance, SOA, metadata, service-oriented, loose coupling, lookup tool
In many respects, being service-oriented is synonymous with being business-oriented. IT systems are created as a set of reusable services that conform to discrete business functionality and that can easily be linked together to reflect changing business requirements. SOA also moves the focus away from the nuances of underlying technologies and toward process definition, visibility and governance. This requires a new approach to how IT is produced, shared and consumed. SOA brings new challenges with respect to the assurance of service quality, consistency, performance, predictability and, perhaps most fundamentally, trust between the providers and consumers of services.
Why SOA governance?
SOA introduces many independent and self-contained moving parts components which are reused widely across the enterprise and are a vital part of mission-critical business processes. What happens when a service is changed? How can you be sure the service you are consuming is of high quality? How can you be sure a new service is compliant with IT, business and regulatory policies? How can you ensure predictable uptime of a service? These questions illustrate the need for SOA governance. SOA governance is about managing the quality, consistency, predictability, change and interdependencies of services. It's about blending the flexibility of service orientation with the control of traditional IT architectures.
A significant challenge to widespread SOA adoption is that while the management of service quality is paramount, simply having quality is not enough. For the first time, quality must be proven and demonstrable to consumers to gain their trust and create an effective shared-service environment. Full SOA governance cannot be delivered out-of-the-box by a single technology vendor. Rather, it requires a cohesive strategy involving multiple elements that include:
The nature of SOA (highly distributed, heterogeneous and very dynamic) means that it is critical for SOA artifacts to be governed by specific business, technical and regulatory policies. In SOA, policies aren't hard-coded into a specific application, but are coupled to services. An SOA policy defines configurable rules and conditions that affect services during both design time and run time. This means that policies must be used to validate services before they are published, and as a basis for enforcing specific standards and behaviors at run time.
Contracts are key architectural tools for communicating and enforcing policies, as well as other requirements in a heterogeneous and distributed IT environment. Just as a business contract ensures a healthy commercial relationship, a service contract ensures a healthy provider/consumer relationship, and helps to establish an agreement and maintain trust between these parties. In other words, a service contract should provide a precise and unambiguous agreement for how the provider and consumer interact. Contracts are typically unique to a specific provider/consumer relationship, and they act as the container for both formal policies, as well as agreements that are unique to the parties.
The only way to achieve the promise of SOA is by managing services and other SOA artifacts across a complete lifecycle. In this sense, the management of the SOA lifecycle is an intrinsic part of SOA governance. In general, SOA lifecycle management is about:
- Ensuring the quality, performance and applicability of services that are published;
- Providing a means for consumers to discover and reuse services and other artifacts;
- Managing versions, security and state-change of services and other artifacts;
- Assessing and managing the impact of change across a network of consumers.
Because of the loosely-coupled nature of providers and consumers within an SOA, there are actually two parallel, but distinct lifecycles at work within SOA:
- The lifecycle of individual services as they are designed, built and deployed (which is primarily the concern of the service provider)
- The lifecycle of a network of services (in which services are accessed and used by changing populations of service consumers, and where the lifecycle primarily concerns those consumers).
In a tightly-coupled world, metadata is typically defined within the code of systems and applications. SOA requires this metadata to be externalized separated from the native system to enable the classification and governance of these independent services. Thus, metadata becomes a key artifact that needs to be managed within an SOA.
There are three types of metadata: business information, technical information and governance information. Business information includes information like service type (eg, order entry) and line of business focus (eg, retail banking). Technical information includes transport type, authentication, interfaces and implementation. Finally, examples of governance information include the various policies and agreements discussed previously, and the relationships and dependencies between SOA elements.
The governance mandate
The cost of an ungoverned SOA is lack of reuse, disruption and failure of business process, escalation of support costs resulting from service outages, security breaches, and non-compliance with enterprise or governmental regulations. It's a mistake for organizations to discount governance as something that is optional. Governance must begin with the initial SOA deployment, providing the framework, processes and practices for scaling out a healthy and efficient SOA. By focusing on maximizing quality and trust within a service network, SOA governance allows organizations to achieve the potential system flexibility promised by SOA with a consistent and managed approach that helps ensure long-term success.
More on this topic
Before SOA, governance was implicit in your IT architecture. The way your applications behaved and operated was hard-coded ...
Practical experience of service-oriented design and development is driving one critical requirement ...
SOA can only deliver business agility if it's built to adapt to changing demands ...
SOA governance is the main focus of articles in this archive issue of the digest.