SOA What? Why You Need an SOA Governance Framework

CSO — Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes.

The promise of SOA is that developers can write software code once and have that code re-used by many disparate systems for a variety of functions, thus saving time and money. Governance is a set of processes, tools, and organizational structure that allows for oversight of the IT operation and is essential for delivering on the SOA promise.

Let's say your developers create a new service to open and track a "case" whenever a customer contacts your enterprise (let's call this service the 'Open Case Process'). By the nature of SOA other developers within the organization (or sometimes across an eco-system such as government organizations) may leverage that same service for their similar processes. So a sales department may use the Open Case Process to track contacts in their sales workflow software. The billing department may use the Open Case Process to track billing disputes in their contact center software.

Without an established governance plan and policy, the original author and support organization may not even know this "use" of their software is happening. This can lead to a lawless environment where:

1. Increased volume may cause a jump in users from hundreds to thousands overnight. Servers or networks being used for this process may not be able to handle the load;

2. Contrarily a service is created but "no one comes" to re-use it because there is no established procedure about how to communicate service availability within the enterprise;
   

3. Finally, it is easy for a developer to read a service definition and create a sample request message in minutes. In a SOA world, the data travels on the wire in the clear and even has tags identifying each and every data element. Ease of access to SOA services raises an important issue of security policies and SOA governance.

So without a well-thought out governance plan SOA can seem like the lawless Wild, Wild West.

The SOA Sheriff: A Governance Framework

To capture the maximum benefits of SOA while not opening up the enterprise to additional challenges, companies are adopting SOA governance frameworks.

Enforce, Set up, Deploy and Regiment is the 'mantra' for implementing a successful SOA Governance framework. The following are recommended best practices:

1. Enforce Architecture Governance

1. Define SOA reference architecture

2. Identify the infrastructure capabilities it will have

3. Evaluate and identify vendor technologies that the SOA architecture will be built with

4. Specify management, security, reliability and availability characteristics for the SOA infrastructure

2. Set up Design Time Governance

1. Set up rules governing the definition and creation of services.

2. Create a cross functional team responsible for identifying business areas which will most benefit by service sharing and its associated capabilities

3. Set up an architecture team to technically validate the service and enforce its compliance with SOA standards

3. Deploy Run Time Governance

1. Augment current IT operational functions to control the definition and enforcement of policies around availability, security and monitoring of deployed services

4. Regiment Change Time Governance

1. Create and enforce a robust change management process to manage and balance the process for changing service functions in response to ever-changing business needs

A good governance framework provides three main benefits all which lead to increased enterprise confidence in the IT Department's ability to deliver upon the promise of SOA.

• Full utilization of services (e.g. SOA processes) because they are known and accessible to other developers within the organization which results in improved ROI

• Predictable performance (i.e. no high volume glitches or expensive underutilization)

• Prevention of security breaches and/or methods to detect or trace any potential breaches

Without an effective governance model it is extremely difficult to enforce consistent management and security policy to make sure all these resources are standards compliant, properly secured and well monitored. So smart enterprises have made SOA governance frameworks an imperative part of any SOA implementation in their organization today.

Igor Khurgin, SOA Practice Manager, and Saurabh Verma, Director Global Services, are resident experts at Acumen Solutions (www.acumensolutions.com), a business and technology consulting firm with office across the U.S. and Europe. They can be reached respectively at ikhurgin@acumensolutions.com and sverma@acumensolutions.com.

Similar to this Article
• Security Threats Hinder SOA: CA study
• Are you Insecure about SOA Security?
• There is More to SOA Security Than Authorization and Authentication