Closed Loop Policy
The diagram below shows the relationships between SOA governance, security and management, demonstrating how SOA Policy Management forms a closed loop of policy, metrics, and audit.
The alternative to a closed-loop solution is a set of stand-alone applications for governance, management and security. These solutions may offer loose integration, but we have yet to identify a single organization that has successfully integrated stand-alone solutions in a production environment.
On one hand, stand-alone run-time solutions don’t deliver higher value design-time, or governance capabilities. They require central policy management, don’t offer developer or architect services, and have no understanding of the relationship between a provider and a consumer.
On the other hand, design-time, and governance solutions can only deliver value when they are built on a runtime foundation. They require a run-time solution to enforce policies; they need the run-time to provide statistics and metrics for demand, capacity, and value monitoring; and they also need the run-time to provide an audit trail to ensure that messages comply with defined policies.
Closed loop means:
- Defining and managing actionable policies in a governance solution at design-time
- Enforcing these policies via deep integration with a management solution at run-time
- Auditing that these policies are being enforced
- Using industry standards (WS-Policy, WS-MEX) where appropriate for information exchange
Closed loop infrastructure enables demand and Value Management
- Collect performance, usage and exception statistics at run-time
- Track these statistics via the governance solution
- Use live, audited information to drive value-based decisions about the effectiveness of different services and organizations
- Provide developers with up to the minute information about a service in runtime to inform their decisions about which services to use
- Manage supply and demand to ensure maximum efficiency and benefit from SOA
The products share a common registry and metadata repository to ensure seamless integration and offer active governance. Closed-loop governance will:
- Ensure defined policies are enforced
- When you define a policy for a service you have to KNOW categorically that it is being enforced
- Generate audit trails for run-time and design-time policy compliance
- Measure the real-world value of SOA
- Not just theoretical value
- How many applications are using each service, and how much are they using it
- NOT how many applications have asked to use a certain capacity of each service
Manage, monitor and control relationships between consumers and providers
- Enforced contracts Capacity planning