Integrated SOA Governance

Many large organizations are reducing costs, improving agility and reducing risk with enterprise SOA programs.  In order for SOA initiatives to succeed they need to follow sound Enterprise Architecture practices and be built on a solid foundation.  The companies seeing the most success are those that have build an integrated SOA governance infrastructure that governs a wide range of assets and processes through their lifecycle.

As recently as 2006 the market mainly consisted of vendors offering standalone products for registry, management, or security.  Through 2006 and 2007 the market has evolved to the point where customers now require integrated SOA governance solutions that combine these products into a single infrastructure solution that provides a single user interface for service governance and asset management, operational security, and operation management.

Sophisticated enterprise customers are no longer looking to buy a management product, a registry product and a security product, each from separate vendors with separate purchasing initiative.  They are now looking for a single solution that combines strong, standards-based infrastructure components into an integrated platform.  This approach models SOA Software’s SOA governance reference model , first published in 2005.

Integrated SOA governance ensures the applicability, integrity and usability of a wide range of assets through all their lifecycle stages from asset identification through deprecation.  The full lifecycle is split into planning governance, lifecycle governance, and operational governance.

  • Planning Governance - Planning governance includes the identification analysis and modeling of candidate services, policies, profiles, processes and information.  An effective planning governance tool with manage an organization’s SOA portfolio to examine existing and planned applications and determine which capabilities should be exposed as services, and where applications would benefit from consuming shared services.
  • Lifecycle Governance - Lifecycle governance marshals an asset through the typical design through deprecation phases of its lifecycle.  It typically includes a workflow mechanism to approve migration, policy compliance validation, and a clear separation (logically, physically, or both) between lifecycle stages.  Lifecycle governance is the realm that most registry vendors have moved towards.
  • Operational Governance - Operation governance controls the runtime aspects of SOA.  It typically includes service monitoring, security and management with a runtime policy system.  Most Web Services Management vendors now position themselves as providing operation governance solutions.

Integrated SOA Governance promotes the 5 core SOA governance best practices of:

  • Governance Automation - lifecycle management workflow to implement building permit process, integrated provisioning and lifecycle management, and inter-departmental contract management and negotiation
  • Uniform Policy Management - uniform lifecycle and policy governance across existing platform investments
  • Meta-data Federation - seamless, heterogeneous SOA Governance, security and management integration with no requirement to introduce additional platforms to support the required architecture
  • Service Virtualization - performance and reliability, standards support for governance automation (UDDIv3, WS-MEX), standards-based closed-loop governance system
  • Trust and Management Mediation - Interoperability across disparate partners and platforms, trust enablement and trust mediation complementing threat prevention systems

Leading industry analysts like Gartner recognize the importance of deep integration between the different governance solutions and tools to provide a comprehensive integrated SOA governance solution.

SOA Software builds its integrated SOA governance solution around its Policy Manager™ product for lifecycle governance and policy management.  Policy Manager integrates seamlessly with Service Manager for operational governance with Service Manager providing a comprehensive operational policy implementation and enforcement solution.  And with Repository Manager for comprehensive Development Governance

SOA Software’s Policy Manager™, Repository Manager™ and Service Manager™ combine to form a comprehensive closed-loop integrated SOA governance solution. 

Policy Manager and Repository Manager provide a comprehensive registry/repository solution for SOA asset lifecycle management.  Using this solution architects, developers, security administrators, and operations managers can define and govern policies that are applied to services throughout the appropriate stages of their lifecycle.  These policies are automatically implemented and enforced by SOA Software’s industry-leading Service Manager, and other standards-based SOA runtime products.  Service Manager generates usage, performance and policy compliance metrics that it delivers back to Policy Manager so that it can audit that its policies are being enforced in a closed-loop process. 

The alternative to a closed-loop solution is a set of stand-alone applications for governance, management and security.  These solutions may offer loose integration, but we have yet to identify a single organization that has successfully integrated stand-alone solutions in a production environment. 

On one hand, stand-alone run-time solutions don’t deliver higher value design-time, or governance capabilities.  They require central policy management, don’t offer developer or architect services, and have no understanding of the relationship between a provider and a consumer.

On the other hand, design-time, and governance solutions can only deliver value when they are built on a runtime foundation.  They require a run-time solution to enforce policies; they need the run-time to provide statistics and metrics for demand, capacity, and value monitoring; and they also need the run-time to provide an audit trail to ensure that messages comply with defined policies.