SOA Governance - Harness the Power of Technology
Best-in-class Governance solutions for all leading platforms.
Many large organizations are reducing costs, improving agility and reducing risk with enterprise SOA programs.
In order for SOA initiatives to succeed they need to follow sound Enterprise Architecture practices. Companies realizing the most success are those that have built an Integrated SOA Governance infrastructure that governs a wide range of assets and artifacts through their entire lifecycle.
Integrated SOA Governance helps enterprises:
- Ensure that services they identify, design and build are relevant and consumable across all distributed and mainframe platforms like Microsoft, SAP and IBM.
- Make services they expose from applications running on any platform visible to and compliant with enterprise policies defined, enforced and audited across other platforms
- Promote, ensure and formalize consistent alignment between demand from service consumers and the supply of services through Consumer Contract Provisioning.
In a nutshell SOA Governance is about making sure that the enterprise builds the right things, builds them right, and makes sure that what it has built is behaving right. This breaks down into distinct areas; Planning Governance is about making sure that you are building the right things, Development Governance is about making sure you’re building them right, and Operational Governance is about ensuring that what you’ve built is behaving right.
Integrated SOA governance ensures the applicability, integrity and usability of a wide range of assets through all their lifecycle stages from asset identification through deprecation. The full lifecycle is split into planning governance, development governance, and operational governance, with a cross-cutting policy governance theme.
- Planning Governance - Planning Governance includes the identification analysis and modeling of candidate services, policies, profiles, processes and information. An effective planning governance tool with manage an organization’s SOA portfolio to examine existing and planned applications and determine which capabilities should be exposed as services, and where applications would benefit from consuming shared services.
- Development Governance - Development Governance marshals an asset through the typical design through deprecation phases of its lifecycle. It typically includes a workflow mechanism to approve migration, policy compliance validation, and a clear separation (logically, physically, or both) between lifecycle stages. Development Governance is the realm that most registry vendors have moved towards.
- Operational Governance - Operational Governance controls the runtime aspects of SOA. It typically includes service monitoring, security and management with a runtime policy system. Most Web Services Management vendors now position themselves as providing operation governance solutions.
- Policy Governance - Policy Governance defines and manages policies, associates them with various assets, and validates and reports on policy compliance.
Integrated SOA Governance promotes the core SOA governance best practices of:
- Governance Automation - lifecycle management workflow to implement building permit process, integrated provisioning and lifecycle management, and inter-departmental contract management and negotiation
- Uniform Policy Management - uniform lifecycle and policy governance across existing platform investments
- Meta-data Federation - seamless, heterogeneous SOA Governance, security and management integration with no requirement to introduce additional platforms to support the required architecture
- Service Virtualization - performance and reliability, standards support for governance automation (UDDIv3, WS-MEX), standards-based closed-loop governance system
- Trust and Management Mediation - Interoperability across disparate partners and platforms, trust enablement and trust mediation complementing threat prevention systems
- Continuous Compliance and Validation - consistent policy implementation and enforcement across all stages of the lifecycle, preserving the fidelity of the governance models, structures and mechanisms
- Change Impact Mitigation - provides change management and impact analysis processes integrated with the governance workflow to ensure that changes to services or other assets don’t cause major outages
- Consumer Contract Provisioning - provides offer, request, negotiation and approval workflows for service access, capacity, SLA and policy contracts
Leading industry analysts like Gartner recognize the importance of deep integration between the different governance solutions and tools to provide a comprehensive integrated SOA governance solution.
Akana (formerly SOA Software) builds its integrated SOA governance solution around its Policy Manager™ product for lifecycle governance and policy management. Policy Manager integrates seamlessly with Service Manager for operational governance with Service Manager providing a comprehensive operational policy implementation and enforcement solution. And with Portfolio Manager and Lifecycle Manager for comprehensive Planning and Development Governance
Akana's Policy Manager™, Portfolio Manager™, Lifecycle Manager™ and Service Manager™ combine to form a comprehensive closed-loop integrated SOA governance solution.
Policy Manager and Lifecycle Manager provide a comprehensive registry/repository solution for SOA asset lifecycle management. Using this solution architects, developers, security administrators, and operations managers can define and govern policies that are applied to services throughout the appropriate stages of their lifecycle. These policies are automatically implemented and enforced by Akana’s industry-leading Service Manager, and other standards-based SOA runtime products. Service Manager generates usage, performance and policy compliance metrics that it delivers back to Policy Manager so that it can audit that its policies are being enforced in a closed-loop process.
The alternative to a closed-loop solution is a set of stand-alone applications for governance, management and security. These solutions may offer loose integration, but we have yet to identify a single organization that has successfully integrated stand-alone solutions in a production environment.
On one hand, stand-alone run-time solutions don't deliver higher value design-time, or governance capabilities. They require central policy management, don’t offer developer or architect services, and have no understanding of the relationship between a provider and a consumer.
On the other hand, design-time, and governance solutions can only deliver value when they are built on a runtime foundation. They require a run-time solution to enforce policies; they need the run-time to provide statistics and metrics for demand, capacity, and value monitoring; and they also need the run-time to provide an audit trail to ensure that messages comply with defined policies.