Information Technology is beginning to migrate into the “cloud,” where dynamically scalable, virtualized resources are provided as a service over the Internet. Cloud computing encompasses infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS). With growing industry validation, cloud computing makes it possible for enterprises to access, or create, applications, or parts of applications, that exist on virtual servers that scale dynamically to meet demand. In contrast to conventional architecture, which relies on on-premises server installations and distinct, known Web services, cloud computing lets developers create whole applications and infrastructures that are completely remote and accessible through the Internet. For example, a cloud-based application might connect a browser-based word processor with Salesforce.com, providing CRM and personal productivity functioning without any installed infrastructure on the user’s end.
There are potentially significant financial benefits to building applications in the cloud. There is no investment in capital equipment or data centers. With computing available on a utility basis and dynamic scaling handled by cloud service providers, you can ramp up use of an application without large incremental investments in physical infrastructure. However, assuring secure and reliable performance of applications assembled out of multiple cloud-based components, each provisioned by third parties, makes governance a critical requirement for enterprise grade cloud services.
Each component in a cloud-based application should be considered a separate Enterprise Service, even if they are not hosted by your IT organization. To get a cloud-based application working right, and assuring that it will perform as expected over time, one needs a single point of governance over these highly virtualized Enterprise Services throughout the entire service lifecycle.
The example of the integrated browser-based word processor and Salesforce.com highlights how essential lifecycle governance of Enterprises Services should be in a cloud environment. If the goal of this cloud application is to enable a salesperson to write a letter to a contact on the CRM system and have that letter recorded in Salesforce.com’s task log, the application must provide for compatibility between the two cloud components on a platform and data schema basis over the long term, control access, and meet performance requirements – all through definition and enforcement of policy that binds third party entities.
Starting at the planning stage, creators of a cloud-based application need to develop and track the inventory of cloud services that are available or under construction. Business analysts, architects and developers need to be able to compare their enterprise SOA roadmap and desired slate of cloud applications with the Enterprise Service inventory, which consists of both cloud-based and traditional Enterprise Services. Planning governance gives these stakeholders the ability to assign development priority to the cloud services that are most urgently needed, as well as determine the applicability of cloud technology to the problem. For instance, is the application subject to “speed-of-light” concerns?
A development governance solution will provide seamless management of “the cloud” as a development target. It will provide a set of guidelines, policies, processes and even source control management for the development of cloud applications. The goal is the make sure that enterprise services running in the cloud conform to the same quality, performance, and security policies as any other enterprise service running on any other platform.
Operational governance for cloud services should ensure two important governance factors: First, it should ensure that the services themselves implement and enforce relevant policies for data protection, security, and service levels. Then, it should ensure the federation of externally provided cloud services into the enterprise network. This is similar to the way externally provided SaaS services need to be federated for policy and message exchange pattern mediation.
Cloud services are subject to the same governance process as any other enterprise service, and as such need the same levels of policy governance. Policy governance for cloud services includes the ability to define cross-cutting policies during the planning process and validate and enforce these policies through development and operations.
SOA Software’s product suite manages SOA Governance throughout the plan-build-run service lifecycle, anchoring the process with strong policy governance. In planning, SOA Software’s Portfolio Manager allows planning stakeholders to develop an SOA roadmap, compare it to existing and planned services, and assign priority to selected services. In development, SOA Software’s Repository Manager makes sure that enterprise services confirm to appropriate standards and guidelines, providing powerful change management capabilities. It also governs the consumption process, facilitating controlled and measurable asset reuse. When services are deployed, SOA Software’s Service Manager implements and enforces defined policies for security, performance, and reliability to ensure that enterprise services function as intended. SOA Software’s Policy Manager works in concert with these products to keep policy definitions, and associated metadata, consistent as the service matures from planning through development and then into operation.