Recent tactical success in the utilization of Web services has brought renewed attention to the timing for a strategic commitment to Service Oriented Architectures (SOA). Early adopters have been investing in SOA for the past five years but now the development of more rigorous methodologies and technologies, and the maturing of standards, are making SOA accessible to everyone.
Service-Oriented Architecture (SOA) is an approach to distributed computing that considers software functionality as services on a network. SOA represents the next major step in the evolution of IT strategies. Businesses can look to SOA as the best way to leverage information technology assets and to provide the business the agility required to compete in today’s economy. In addition, SOA holds promise to companies looking to bring order to an increasingly complex and chaotic IT environment and equip themselves to manage change.
However, are most Fortune 1000 companies actually taking the steps necessary to make a strategic investment in SOA? Are they planning to transform their business infrastructure and – in parallel – enhance their IT infrastructure to support such a transformation? SOAInstitute.org has been surveying its growing community to understand how much of an organized investment the Fortune 1000 is making in strategic SOA versus a tactical funding of SOA-style integration projects. Two indicators of this strategic focus on SOA are the procurement and use of an SOA Registry and the formation of an SOA Governance program. Results from 2007 SOAInstitute.org surveys reveal that the Fortune 1000 is still at an early, immature stage of SOA adoption. They are sending their senior people to training classes and implementing important projects but are not developing an SOA roadmap. For those people, 2008 represents an important year of investigation and commitment to SOA Governance.
SOA is an example of a software architecture. It can be defined as a software design and implementation methodology for creating loosely coupled, coarse-grained business services. These business services can be independently developed and combined into higher value business processes. At runtime SOA is a discoverable collection of available services on a network that communicate with one another. The services (e.g. applications and/or data) are loosely coupled so they can be flexibly and easily used and combined in various ways. They have well-defined platform-independent interfaces that promote interoperability. This service orientation provides business users with understandable services that they can compose into business processes as needed.
As more loosely coupled services are defined and made available on networks for expanded use and as visual composition and orchestration tools are enhanced, the brittleness of applications-driven business operations gives way to process-driven business operations. In other words, end-to-end process-oriented services can be used to support business requirements – such as an order-to-cash efficiency imperative – to allow for rapid customization and increased flexibility. That is markedly different from businesses needing to change large, brittle monolithic applications at great cost and time to make a minor change to a business process. SOA therefore allows the process change to take precedence and the applications to fall in line, not the other way around. Defining this rich repository of reusable service requires SOA Governance supported by an SOA Registry.
A main goal of SOA is the support of business agility – keeping pace with the velocity of change and uncertainty in the business climate facing an organization. In order to promote reuse, you need a place to store the IT assets that you want to repurpose. The service registry is the system of record for information about services. New services are published here, and business analysts and software developers can use this registry to easily find and reuse existing services. An SOA registry defines standards-based descriptions as well as access and interactions between SOA components. It also provides standard human and automated interfaces to these components.
The registry allows organizations to standardize publishing, discovery, approval and interoperability of SOA business services. The registry acts as a design-time service registry, a run-time service intermediary and a governance metadata repository. Some products separate the functionality into a registry and a repository. Repositories are where you put service artifacts and metadata at design time, while registries are where you list service descriptions and policies that are accessed at run time.
SOA introduces many independent and self-contained moving parts – components which are reused widely across the enterprise and are a vital part of mission-critical business processes. The goal of SOA Governance is to manage the quality, consistency, predictability, change and interdependencies of services. SOA Governance strives to blend the flexibility of service orientation with the control of traditional IT architectures.
SOA Governance is a subset of IT Governance which is a subset of Corporate Governance. The two aspects of a Corporate Governance Framework are 1) Establishing processes that define who is empowered to make certain decisions, and 2) Establishing mechanisms and policies to measure and control the way decisions are implemented. IT Governance defines the decision-making rights associated with IT investments and includes the mechanisms and policies used to measure and control the way IT decisions are prioritized and executed. SOA Governance defines the decision-making rights associated with the definition and deployment of business services and composite applications, and includes the mechanisms and policies used to measure and control the way services are defined, deployed, maintained and monitored.
The main areas of IT governance include the following:
- Strategic alignment focuses on the imperative to align the business vision, goals and needs with the IT efforts.
- Value delivery focuses on how the value of IT can be proved through results like profitability, expense reduction, error reduction, improved company image, branding, and so on.
- Risk management focuses on business continuity and measures to be taken to protect the IT assets.
- Resource management focuses on optimizing infrastructure services that are a part of the environment supporting the application services.
- Performance management focuses mainly on monitoring the services that run in a enterprise’s environment.
Any implementation of governance should be centered on the four pillars of an enterprise architecture: people, processes, technology, and services. One mechanism to implement an enterprise IT and SOA governance is by establishing a center of excellence (CoE) for IT and SOA governance that would enable a shared resource and capability center to function as a resource pool as new business application needs arise. A governance implementation needs to be supported by a hierarchical organizational reporting structure.
An SOA Governance Framework enables an organization to answer the following questions:
What happens when a service is changed? How can you be sure the service you are consuming is of high quality? How can you be sure a new service is compliant with IT, business and regulatory policies? How can you ensure predictable uptime of a service?
“Some typical governance issues that are likely to emerge in a SOA are:
- Compliance to standards or laws: IT systems require auditing to prove their compliance to regulations like [Sarbanes-Oxley]. In a SOA, service behavior is often unknown
- Change management: changing a service often has unforeseen consequences as the service consumers are unknown to the service providers. This makes an impact analysis for changing a service more difficult than usual.
- Ensuring quality of services: The flexibility of SOA to add new services requires extra attention for the quality of these services. This concerns both the quality of design as the quality of service. As services often call upon other services, one malfunctioning service can cause damage in many applications.
Some key activities that are often mentioned as being part of SOA governance are:
- Managing the portfolio of services: planning development of new services and updating current services
- Managing the service lifecycle: meant to ensure that updates of services do not disturb current service consumers
- Using policies to restrict behavior: rules can be created that all services need to apply to, to ensure consistency of services
- Monitoring performance of services: because of service composition, the consequences of service downtime or underperformance can be severe. By monitoring service performance and availability, action can be taken instantly when a problem occurs.” [Source: Wikipedia]
While the specific focus of SOA governance is on the development and use of services, effective SOA governance must cover the people, processes, and technologies involved in the entire SOA life cycle. [Source: Wikipedia]When implemented strategically, a service-oriented architecture enables the evolution of a well connected “service-driven enterprise” where information and application silos can be bridged to deliver better visibility of fast-changing business events and critical information. A service-driven enterprise embraces the concept of increasing business velocity and achieves the following strategic goals:
- A more succinct expression of purpose and strategic direction
- A shared understanding at the top team level of what needs to be improved by how much by when
- An integrated view of cross-group linkages and interdependencies
- A greater focus on the timeliness and quality of key customer-touching business process outputs to balance the traditional financial metrics.
- Tighter alignment of strategy, structure, business process and technology
- Arguably, the best return on your IT investment and top team agreement on where SOA applications are best applied, at what cost and for what results.
The true sign of a company implementing SOA strategically is that company’s development of an SOA Governance program and its implementation of an SOA registry to capture these strategic SOA assets.