07/08/2008 1 CHAPTER 1 AL The SOA Governance Imperative S TE D MA TE RI ince my last Service-Oriented Architecture (SOA) book, in which I dedicated an entire chapter to the topic of SOA governance, industry interest in governance has exploded.
c01_1 07/08/2008 2 2 THE SOA GOVERNANCE IMPERATIVE Company XYZ Client Retention IP Mgt Project Delivery Sales Lead Gen Generate Electricity Solution Innovation PR Branding HR/ Recruitment Building Maintenance Core Payroll Processing Cafeteria Svcs Context Exhibit 1.1 Core vs. Context (Make vs. Buy vs. Rent) transactions. If an organization can accomplish business transactions more efficiently and at a lower cost by performing them internally, it will do so.
c01_1 07/08/2008 3 The Inevitable SOA Trend 3 However, as those functions become more critical to the enterprise, and as the cost of performing them is lower than in an internally-provided service, the organization may eventually insource those functions.
c01_1 07/08/2008 4 4 THE SOA GOVERNANCE IMPERATIVE activities, chunks of data that offer value to the enterprise through the sharing and reuse of these modular services. In an SOA, services are exposed using a standards-based interface that abstracts or ‘‘hides’’ its technical implementation from the service consumers. When consumers access the functionality of a service, they do so via its exposed interface using messagebased communications.
c01_1 07/08/2008 5 Introduction to Governance 5 initiative. SOA governance is mission critical to guide and manage all the ‘‘moving parts’’ of an SOA strategy. An enterprise SOA governance model must be informed by an actionable SOA strategy, since SOA governance helps enable the realization of your SOA strategy.
c01_1 07/08/2008 6 6 THE SOA GOVERNANCE IMPERATIVE oversight on such key issues as executive compensation and performance and corporate strategy and decision making. The board of directors normally is comprised of inside and outside directors to ensure all stakeholder interests are represented in a balanced fashion. When corporate governance fails, it is usually because of a lack of objectivity (e.g.
c01_1 07/08/2008 7 Introduction to Enterprise SOA Governance 7 governance, SOA governance must also address the convergence of other forces such as organizational structure, IT and governance processes, organizational culture, behavior and political dynamics, and metrics that help measure governance.
c01_1 07/08/2008 8 8 THE SOA GOVERNANCE IMPERATIVE a policy enforcement model, which is realized in the form of various policy enforcement mechanisms such as governance boards and committees; governance processes, checkpoints, and reviews; and governance enabling technology and tools. This SOA governance definition will be used for the remainder of this book.
c01_1 07/08/2008 9 Governance and Resource Management and Allocation & & & & 9 Physical assets, such as buildings, property, equipment, and similar fixed assets Intellectual property, such as patents, trademarks, copyrights, trademarks, brands Information, data, and IT assets Relationship assets, such as customer, supplier, and regulatory relationships In this sense, then, governance is essential where the allocation and management of critical corporate resources impacts corporate performance.
c01_1 07/08/2008 10 & & & & & 10 THE SOA GOVERNANCE IMPERATIVE IT Governance. Transparency and oversight for IT funding, actual IT spending, and input into key IT decisions. Architecture Governance. Oversight and conformance to the enterprise architecture (EA) standards and policies of the organization, as well as input into key enterprise architecture (EA) decisions. SOA Governance.
c01_1 07/08/2008 11 Information Technology Governance 11 stakeholder interests across multiple domains or constituencies involved. Both are related, and both are necessary in an SOA governance model. However, governance is essential where critical decisions require stakeholder involvement, and where those decisions have strategic or serious impact on business, IT or process performance. Do not confuse management processes with governance processes.
c01_1 07/08/2008 12 12 THE SOA GOVERNANCE IMPERATIVE and execution of IT for a given organization. IT governance became important when IT spending ballooned out of control in the late 1990s with the combined hype of Year 2000 and the rise of the Internet.7 As IT spending got more and more out of control with little return on the investment, business leaders realized little to no impact on their business operations.
c01_1 07/08/2008 13 IT Governance Approaches 13 over a few key governance dimensions, such as enterprise architecture, planning and budgeting oversight, configuration management, and IT operations readiness. Organizations with baseline competencies in some form of governance will have a far easier time adopting or extending these to SOA governance, while those without a basic governance foundation will suffer mightily to add SOA governance disciplines to their enterprise.
c01_1 07/08/2008 14 14 THE SOA GOVERNANCE IMPERATIVE planned IT investments based on business performance as well as emergent business needs. In addition to focusing on key IT decisions, they also described various ‘‘archetypes’’ for making these decisions, which include business organizations, IT-only organizations, cross-functional organizations, and more. They list the archetypes as follows:11 & & & & & Business Monarchies.
c01_1 07/08/2008 15 Who Are the SOA Stakeholders? 15 model dimension of governance, not on the total policy enforcement context for IT policies. As such, it is an incomplete governance framework. We will explore the many facets of SOA governance in the chapters that follow so that you will not only understand what must be governed in order to capitalize on a SOA initiative, but how to begin designing and implementing SOA governance to ensure you realize the value of SOA.
c01_1 07/08/2008 16 16 THE SOA GOVERNANCE IMPERATIVE SOA Governance View SOA Strategy View Mission, Business, and IT View Governance Org, Processes, Policy Enforcement, EA and Lifecycle, Runtime governance DoD SOA Strategy, ID SOA Opportunities and Anti-Opportunities Process, Process,Domain Domain and and POR POR Expertise; Expertise;Knowing Knowing What What Must Must Be Done; Process Transformation Be Done SOA Finding View Acquisition View Security View SOA Funding and Budgeting, Service Port
c01_1 07/08/2008 17 Addressing SOA Stakeholder Biases & 17 What outcomes do we seek from SOA governance? How will we measure performance of governance? SOA governance is confusing to many organizations for a variety of reasons. In many cases, SOA governance is approached from too narrow of a perspective, such as services governance, technical design governance, or SOA platform governance.
c01_1 07/08/2008 18 & & 18 THE SOA GOVERNANCE IMPERATIVE Partial SDLC Governance. Design-time bias or run-time/operations bias: Another common stakeholder bias derives from focusing on either design-time governance of services, which emphasizes compliance to architecture and technical design standards, or on run-time governance, which emphasizes operational requirements for performance, quality of service (QoS), service-level agreements (SLA), and security.
c01_1 07/08/2008 19 SOA Governance Impacts IT Governance and Enterprise Architecture 19 IT Governance Business Imperatives Business Reqts. SOA Drivers Technology Imperatives SOA Initiative SOA Governance SOA Governance Model, Organization, Processes, Policies Technical Reqts. Architecture Governance SOA initiatives will impact current IT governance and Enterprise Architecture processes, organizations, governance, and change management. SOA will expose IT governance gaps and weaknesses Exhibit 1.
c01_1 07/08/2008 20 20 THE SOA GOVERNANCE IMPERATIVE SOA GOVERNANCE REQUIREMENTS VARY BY SOA MATURITY Another SOA governance misconception is that once you implement an SOA governance initiative, you will not have to revisit it again. This is patently false. SOA governance is fluid, evolving, and dynamic. SOA governance is a sustained and ongoing capability for your enterprise.
c01_1 07/08/2008 21 SOA Governance Requirements Vary by SOA Maturity & & & & 21 SOA Governance Model Development. This phase involves development and implementation of an SOA governance model that aligns to and supports the realization of an organization’s SOA goals and objectives. As mentioned above, often the SOA governance phase is started before an organization has defined its SOA strategy.
c01_1 07/08/2008 22 & & & 22 THE SOA GOVERNANCE IMPERATIVE this scenario, or will end up with a very limited bottom-up SOA implementation with limited business value. SOA Acceleration and Assimilation. The acceleration and assimilation phase of SOA adoption is where the organization leverages the reference implementation to add new SOA capabilities, add new processes, expand the consumption and development of new services, and accelerate the adoption of SOA by its IT and business consumers.
c01_1 07/08/2008 23 SOA Bill of Rights 23 lifecycle phases. We will detail some of these SOA governance differences in Chapter 8. In the meantime, review the SOA Adoption Model and determine where your organization is in its SOA maturity. After you have done this, write down the SOA governance processes, boards, policies and enforcement mechanisms you have in place now.
c01_1 07/08/2008 24 24 THE SOA GOVERNANCE IMPERATIVE PURSUE THE ‘‘RIGHT’’ SOA STRATEGY A SOA strategy is critical to establishing the appropriate business and mission context for your SOA initiative. But what constitutes the ‘‘right’’ SOA strategy? While there are recurring themes in our clients’ SOA goals and objectives, the exact SOA strategies pursued are very much customized to the specific requirements of a given organization. Agility. Faster time to market. Reduced software maintenance costs.
c01_1 07/08/2008 25 Identify and Build the ‘‘Right’’ Services 25 APPLY SOA TO THE ‘‘RIGHT’’ CHALLENGES SOA is not a solution for every challenge in your organization. SOA offers tremendous business value when applied to the right areas. However, if you apply SOA to the wrong challenges, you may end up creating more problems.
c01_1 07/08/2008 26 26 THE SOA GOVERNANCE IMPERATIVE The right services are derived from your SOA strategy and align with your future direction. The right services support your SOA goals. The right services offer a balance between immediate value and long term investment. The right services should be reusable and shared to ensure rapid return on investment, short payback periods and cost avoidances.
c01_1 07/08/2008 27 Build Your Services the ‘‘Right’’ Way (Design-Time Governance) 27 technical implementations of services to the needs and demands of your enterprise. This is why an SOA strategy is so important. Any services that do not support the SOA strategy must be postponed. Any technical service implementation approaches that do not support your SOA strategy or enable services interoperability and reuse must be avoided.
c01_1 07/08/2008 28 28 THE SOA GOVERNANCE IMPERATIVE GET YOUR SOA TOOLS PLATFORM ‘‘RIGHT’’ This SOA ‘‘right’’ is essential to the realization of your SOA strategy, yet our field experience shows that many organizations implement their SOA technology platforms before they understand their services requirements. When we say get your SOA platform right, we mean making sure your SOA run-time technical platform supports your planned and current services and your target state architecture.
c01_1 07/08/2008 29 Create the ‘‘Right’’ Organizational, Cultural, and Behavioral Model 29 SOA GOVERNANCE IMPLICATIONS SOA governance provides the decision-making framework for specifying, selecting, and implementing your SOA platform, tools, and technologies.
c01_1 07/08/2008 30 30 THE SOA GOVERNANCE IMPERATIVE Many organizations ignore corporate culture and behavior. SOA, however, demands attention be paid to incentives for appropriate behavior and conformance to the architecture. Be creative, and be bold. Your current IT architecture is a behavioral artifact. If you want to achieve SOA, you must change behavior first and then architect forward.
c01_1 07/08/2008 31 Establish the ‘‘Right’’ SOA Governance Model and Policies & & & 31 Assiduously track your progress through clear metrics that prove SOA value and business value. Use Big Hairy Audacious Value (BHAV) as the gauge of SOA success. Be bold yet realistic with your SOA goals. Do not settle for reuse as the end state and ultimate objective of your initiative. There is much more enterprise value to be realized. You just have to plan for it.
c01_1 07/08/2008 32 & & & & & 32 THE SOA GOVERNANCE IMPERATIVE success. Separate the process of governing SOA from the supporting technology and tools. Do not buy any SOA technology or tools and expect to solve your SOA governance needs. This simply is not possible. Govern the ‘‘right’’ things. SOA governance means establishing roles and responsibilities for many things, such as funding and budgeting, services ownership and portfolio management, and software development lifecycle governance.
c01_1 07/08/2008 33 Common SOA Governance Mistakes & 33 begin enforcing policies using clear, transparent, and enforceable policies, it will seem like you are over-governing. You are, and you must, in order to assert control over key SOA activities. You must remember to temper this by focusing on critical SOA governance concerns (e.g., SOA Reference Architecture, services design standards, implementation patterns).
c01_1 07/08/2008 34 34 THE SOA GOVERNANCE IMPERATIVE The following is a partial yet representative overview of common SOA governance mistakes we have seen in the short time SOA governance has been top of mind for IT executives. See if your organization is guilty of any of these approaches. & & Buying a Tool versus Implementing Robust Processes. As described above, this SOA governance mistake is very common.
c01_1 07/08/2008 35 Common SOA Governance Mistakes & & & 35 Overcomplicating the Model—Too Many Boards. In many cases, we see organizations attempting to implement holistic enterprise governance processes when in fact they need focused SOA governance. There are many ways in which one may overcomplicate SOA governance: In one scenario, the organization implements too much governance complexity by implementing too many boards and committees.
c01_1 07/08/2008 36 & & 36 THE SOA GOVERNANCE IMPERATIVE the assumption that SOA governance is an event or a milestone. ‘‘Once we implement SOA governance, we’re all set.’’ SOA governance is not an event, a ‘‘one and done’’ kind of activity. Rather, it is an ongoing, sustained process of reviewing SOA and services on an ongoing basis. SOA governance must be managed, evolved, measured, and tuned based on the relative maturity and progress of SOA adoption.
c01_1 07/08/2008 37 Summary 37 alignment to the organization’s SOA strategy and goals. Only under these conditions can SOA be governed and the value proposition of SOA, achieved. Kumbaya governance does not work, period. RIGHT-SIZED SOA GOVERNANCE: HOW MUCH GOVERNANCE DO WE NEED? Many organizations are anxious about governance, especially when it is construed as adding layers of overhead and interfering in decision making processes that are not broken.
c01_1 07/08/2008 38 38 & & & & THE SOA GOVERNANCE IMPERATIVE Representing all SOA stakeholders is difficult. Assuaging them with SOA governance is more challenging. Governance will not be fun or easy. You will have to over-govern in the short term. This will be uncomfortable. You will inevitably take decision rights away from some individuals and organizations, while assigning them to others. This transfer of authority and control will anger people. Deal with it.
