Post on 13-Jan-2015
description
Independent Guidance for
Service Architecture and Engineering
www.everware-cbdi.com
www.cbdiforum.com
Engagement Process Overview
SOA
Governance
Framework
© 2008 Everware-CBDI Inc
Agenda
Engagement summary
SOA Governance overview
Engagement approach
Key tools and deliverable
examples
Appendix
Critical success factors
Customer resources required
Preparatory work required
Why Everware-CBDI
This presentation outlines the
process of delivering a SOA
Governance Framework
If you would like to engage
Everware-CBDI or our partners
to help you with this activity,
please contact Everware-CBDI
http://www.cbdiforum.com/feed
back.php3
+353 (0)28 38073 (Ireland)
703-246-0000 or 888-383-7927
(USA)
© 2008 Everware-CBDI Inc
SOA Governance Framework
- Engagement Summary
Objectives • Establish the SOA Governance Framework and policy type hierarchy which is used by
other SOA activities to set policy instances
• The framework covers the SOA Governance
- Process
- Infrastructure
- Policy Types
- Organizational roles and responsibilities
• Each element of the framework is mapped to current and target levels of SOA Maturity
• And adapted to the organization’s existing business and IT governance frameworks *
Deliverables • SOA Governance Framework
• SOA Governance Maturity View
• SOA Policy Hierarchy
• SOA Governance Deliverable Templates (e.g. SOA Policy Type, and Policy Instance)
• Service Life Cycle
• SOA Governance Plan
• Organizational RAEW
Participants • SOA Program Manager
• SOA Governance Lead
• Existing business and IT Governance Leads
• Input from appropriate business analysts, program managers, architects
Engagement
Profile
• Duration depends on scope of requirements, level of resourcing
• Typically 4-5 weeks of effort (not elapsed) to produce complete set of deliverables
• Contains one or more facilitated workshops – These can be run stand alone
* Where they exist
© 2008 Everware-CBDI Inc
SOA Governance Requirements
Must address new process and organizational challenges
Multi-track Delivery
Separation of Service Provider and Consumer
Federated Participation
Greater need for operational, run-time governance; particularly SLA, Security
Black box functionality
Needs clear obligations on provider and consumer
Must address new opportunities
Architecture structural improvements provide flexibility and reuse
Portfolio rationalization
Use of single services to ensure consistent business rules, view of information
Standardized services for compliance, interoperability
Delivery of differentiated services (core business, competitive advantage)
Use of commodity service provisioning
Must ensure SOA principles are applied
To deliver the benefits promised by SOA
© 2008 Everware-CBDI Inc
Overview of CBDI-SAE SOA Governance Framework
SOA Policy Hierarchy
SO
A G
overn
an
ce P
rocess
SO
A G
overn
an
ce M
atu
rity
SOA Governance Infrastructure
SOA Governance
Organization
Process View: The
processes that need to
be followed to
establish governance,
and set and monitor
policies
Organizational View: The organizational
structures, roles and responsibilities
necessary for SOA Governance
Maturity View: The
governance required at
each level of SOA
Maturity
Infrastructure View: The technical
infrastructure available to support
SOA Governance
Policy View: The
Policy Types that
are required to
ensure outcomes
are achieved
WHO
WHEN
HOW
WHAT
© 2008 Everware-CBDI Inc
SOA Governance in Context
SOA governance is a part of IT governance that refers to the organizational
structures, policies and processes that ensure that an organization’s SOA efforts
sustain and extend the organization’s business and IT strategies, and achieve the
desired outcomes
The SOA Governance Framework must work within the context of the Business and
IT strategy and Governance Frameworks
IT
Strategy
Business
Strategy
SOA
Strategy
IT
Governance
Framework
Business
Governance
Framework
Business
Outcomes
IT
Outcomes
SOA
Outcomes
SOA Policy Hierarchy
SO
A G
ove
rna
nc
e P
roc
es
s
SO
A G
ove
rna
nc
e M
atu
rity
SOA Governance
Infrastructure
SOA Governance
Organization
© 2008 Everware-CBDI Inc
Engagement Approach
Develop SOA
GovernancePolicy
Develop SOA Governance Organization
Develop SOA Governance Infrastructure
Develop SOA Governance
Process
SOA Policy Type Hierarchy
SOA Policy Type Template
SOA Policy Instance Template
Other templates, as needed
SOA Governance Framework (policy view)
Produce SOA Governance
Plan
Finalize SOA Governance Framework
• Duration depends on scope of requirements, and
level of resourcing
• Typically 4-5 weeks of effort (not elapsed) to
produce complete set of deliverables
• Contains one or more facilitated workshops –
These can be run stand alone
SOA Governance Framework (process, infrastructure, organizational views)
SOA Governance Framework (complete)
Compliance Templates
SOA Governance Plan
Align SOA Governance Framework Template
Identify SOA Governance
Outcomes and Risks
Identify SOA Governance Capabilities
Assess SOA Governance
Maturity
SOA Governance Framework Template
SOA Governance Maturity Assessment
SOA Governance Framework (maturity view)
Existing Governance Frameworks (IT, Business)
SOA Adoption Roadmap Maturity Assessment
SOA Adoption Roadmap Plan
© 2008 Everware-CBDI Inc
Example Engagement Work Plan
Specific tasks and timeframes may vary for each customer
0 5 10 15 20 25 30
Align SOA Governance Framework …
Identify SOA Governance Outcomes …
Identify SOA Governance Capabilities
Assess SOA Governance Maturity
Evolve SOA Governance Policy
Evolve SOA Governance Infrastructure
Evolve SOA Governance Organization
Evolve SOA Governance Process
Produce SOA Governance Plan
Review SOA Governance Compliance
© 2008 Everware-CBDI Inc
Process View: SOA Governance Activities are
Defined
Other Disciplines
Establish and Maintain
SOA Governance Framework
Consume
Provide
Set SOA
Governance
Framework
Strategy
Enable
SOA
Governance
Framework
Manage
SO Business
Requirements
Planning
Establish &
Maintain IT
Governance
Framework
Set and
Maintain
SOA
Policies
IT Governance Framework,
IT Outcomes
Business
Governance
Framework,
Business Outcome
Plan
IT Governance Framework
IT Outcome Plan
SOA
Policies
(deployed)
Monitor SOA
Compliance
Compliance
Feedback
Business
Governance
Framework
Business
Outcome
Plan
SOA Adoption
& Excellence SOA Outcome Plan
SOA Assessment
Report
Compliance Feedback
Evolve SOA
Governance
Framework
SOA Governance
Maturity
Assessment
SOA Governance
Adjustment Requirements
IT Policy Types
(approved)
© 2008 Everware-CBDI Inc
Policy View: Governance is Ensured Through
Identification and Setting Appropriate Policies
For each SOA Policy Category:
1. Business/IT goals are defined
Why is this policy important to the business?
2. How business/IT goals translate into SOA goals are defined
What needs to be accomplished with SOA to achieve business/IT goals?
3. Potential risks are identified
What are the consequences if goals are not achieved?
4. The Policy Hierarchy required to ensure expected outcomes are achieved in each governance category is developed
Policy Areas
Policy Types
Policy Category Service
Usage
Usage
Permissions
Usage Commercial
Basis
Usage
SecurityConstituency
SLA for
Usage
Usage
AlignmentPricing
Unit of
Usage
Example Policy Hierarchy for the Service Usage Policy category
Policy Hierarchy
Planning
Architectural
Sourcing
Operational
Org
an
iza
tio
n
Usage
Se
rvic
e A
ss
et
Ma
na
ge
me
nt
Be
st
Pra
cti
ce
© 2008 Everware-CBDI Inc
Organizational View: SOA Roles and
Responsibilities are Identified and Defined
R A E W
Governance Framework SOA Governance Lead ? ? ? ?
Setting Policy Within each appropriate discipline/domain ? ? ? ?
Complying with Policy Within each appropriate discipline/domain ? ? ? ?
Monitoring Compliance e.g. Review boards ? ? ? ?
Assigning Roles & Responsibilities - RAEW
Assign responsibilities for Governance to individuals or teams who:
Has (R)esponsibility for decisions/actions and ensuring tasks are performed
Has the (A)uthority to control or assess the actions of others
Has the (E)xpertise to contribute and lead – specialist skills
Does the (W)ork
Organizational Structures (examples)
Review Boards
Service Architecture
Funding
Steering Committees
SOA Adoption
SOA Governance
Centres of Excellence
SOA
Roles
SOA Governance
Lead
Enterprise Service
Architect
© 2008 Everware-CBDI Inc
Infrastructure View: Technology Required to Support
SOA Governance is Considered and Identified
Tools used
in specification
and delivery. e.g.
Data Stores. e.g.
Tools used
for operation
and run-time. e.g.
Service
Registry
Asset
RepositoryCMDB
IDE Tools
Policy Store
Service/
System
Management
Policy
Management
Tools
Enterprise
Service Bus
Rules
Engine
Configuration
Management
Tools
Modeling &
Requirements
Tools
Policy
Engine
© 2008 Everware-CBDI Inc
Service Life Cycle Based Governance
13
Planned
Specified
Certified
Published
Operational
Retired
Being Provisioned
Provisioned
Archived
Assets Policies
Service Plan
Service Description
Architecture
Service
Specification
Design
Automation Units Sourcing
Architecture
Test Plans Testing
Certificates Certification
Registry Entry Usage
Commercial
Service Endpoint
Deployment Unit
Logs
Operational
Usage
Versioned Services Change Control
All related assets Deletion and
Retention
Activity
State (post)
State (pre)
Policy
Driven
Compliance
Check
Tool A
Tool B
Tools designed to
perform activity. E.g.
IDE
Tools designed to
manage Governance
e.g. Service Registry
© 2008 Everware-CBDI Inc
Maturity View: Governance Capabilities are Matched
to the Maturity Level
SOA Governance is a broad and far reaching topic
Our approach is to introduce SOA Governance step-by-step, considering:
Current level of SOA Maturity
What SOA governance should be in place now?
Planned level of SOA Maturity
What SOA governance is required
to enable target state?
Early
Learning
Integrated
Enterprise
Ecosystem
Initial SOA
activity
Shared
services
integrate silos,
rationalize EAI
contracts
Common
ecosystem
services
eliminate
organizational
boundaries and
enable broader
economic
activity
Enterprise level
shared services
create enterprise
adaptability and
consistency
AppliedProject
based
SOA
activity SAE SOA Capability
Maturity Model
SOA Governance Organization:
SOA Policy Types:
SOA Governance Process:
SOA Governance Infrastructure:
Ca
pa
bil
itie
s
Current initiatives
1 year
outlook
Target
stateNOW
Gap
© 2008 Everware-CBDI Inc
SOA Governance Considerations
Ea
rly L
ea
rnin
g
Ap
plie
d
Inte
gra
ted
En
terp
rise
Ec
os
ys
tem
Outcomes/Strategies What SOA outcomes are you trying to ensure?
Risks What are the risks you are trying to mitigate against?
Organization and Roles What organizational constructs, and Roles are required to
perform/support SOA Governance?
Policy Subjects What things do you need to govern to achieve these
outcomes?
Compliance
Mechanisms
How will governance be achieved? What mechanisms should
be used
Infrastructure What infrastructure is required to support SOA Governance?
Prioritization What is the prioritization of governance activities?
Service Life Cycle What governance is required at each state in the service life
cycle?
A number of considerations are analyzed for
each relevant SOA Capability Maturity Level
© 2008 Everware-CBDI Inc
The Result: An Example
The result is a definition of the Customer specific SOA Governance strategy and
capabilities for each relevant SOA Capability Maturity Level
Governance Essentials: Maturity Level = Applied
Project based SOA activity
Service architecture enables business adaptability for limited scope
Services are provided and consumed within the project, requiring minimal governance
Informal exchange between projects
Outcomes/Risks Organizational and Roles
Basic QoS is ensured
Basic sharing of services within scope
Flexibility within applied solutions
Risks – Solution meets immediate requirements,
but is no better able to respond to future changes.
Risk – SOA applied for wrong reasons
Establish SOA Centre of Excellence
EA perform SOA Governance Lead role
Key Policy Subjects Compliance Mechanisms
Service Architecture
Operational Services
Agreed Service and Service Architecture
Concepts
Service Monitoring
Infrastructure Policies
Simple Service Catalog
Monitor/log service run-time, alert to problems
Architecture (e.g. Layering)
Monitoring
Basic QoS policy
© 2008 Everware-CBDI Inc
Balancing Bureaucracy with Freedom
0
2
4
6
8
10
12
14
16
Technical Project LOB Enterprise External
Low
Medium
High
Str
en
gth
of
Go
ve
rna
nc
e
Scope of Service Usage
Most important policy:
Where and when to apply
policies!
0
2
4
6
8
10
12
14
16
Technical Project LOB Enterprise External
Low
Medium
High
Nu
mb
er
of
Se
rvic
es
Scope of Service Usage
Change in scope or risk
requires re-evaluation of
policy
Re-classify in portfolio
Not every Service Type
needs a full blown
specification, a business
case, or be subject to all
policies
© 2008 Everware-CBDI Inc
Key Deliverables (1 of 3) – High Level
Examples
2.Detailed meta-model for
documenting policies
1.Policy Hierarchy
Policy Areas
Policy Types
Policy Category Service
Usage
Usage
Permissions
Usage
Commercial Basis
Usage
SecurityConstituency SLA for
Usage
Usage
AlignmentPricing
Unit of
Usage
© 2008 Everware-CBDI Inc
Key Deliverables (2 of 3) – High Level
Examples
4.SOA Organization Roles &
Responsibilities (RAEW)
3.SOA Governance Essentials
for each relevant SOA
Capability Maturity Level
Governance Essentials: Maturity Level = Applied
Project based SOA activity
Service architecture enables business adaptability for limited scope
Services are provided and consumed within the project, requiring minimal
governance
Informal exchange between projects
Outcomes/Risks Organizational and Roles
Basic QoS is ensured
Basic sharing of services within
scope
Flexibility within applied solutions
Risks – Solution meets immediate
requirements, but is no better able to
respond to future changes.
Risk – SOA applied for wrong
reasons
Establish SOA Centre of Excellence
EA perform SOA Governance Lead
role
Key Policy Subjects Compliance Mechanisms
Service Architecture
Operational Services
Agreed Service and Service
Architecture Concepts
Service Monitoring
Infrastructure Policies
Simple Service Catalog
Monitor/log service run-time, alert to
problems
Architecture (e.g. Layering)
Monitoring
Basic QoS policy
R A E W
Governance
Framework
SOA Governance
Lead
? ? ? ?
Setting
Policy
Within each
appropriate
discipline/domain
? ? ? ?
Complying
with Policy
Within each
appropriate
discipline/domain
? ? ? ?
Monitoring
Compliance
e.g. Review
boards
? ? ? ?
© 2008 Everware-CBDI Inc
Key Deliverables (3 of 3)
6. SOA Governance Process Activity Diagrams for the SOA
Governance Discipline and each of its Process Units to include:
Establish & Maintain the SOA Governance Framework
Set & Maintain SOA Policies
Monitor SOA Compliance
7. SOA Governance Plan to implement the Framework
Tasks
Timeline
Dependencies
8. SOA Governance Templates, e.g.
Service Description
Service Specification
Service Level Agreement
Policy Type Template & Examples
Policy Instance Template & Examples
Business Case
Feasibility Study
Service Plans
SOA Reference Architecture
SOA Meta Model
Independent Guidance for
Service Architecture and Engineering
www.everware-cbdi.com
www.cbdiforum.com
Additional Discussion/
Appendix Slides
Next Steps
© 2008 Everware-CBDI Inc
Critical Success Factors
Evolve from IT Governance to SOA Governance
Keep policies flexible
Know when to enforce, and when to make optional
Many policies must be checked by hand – don’t over burden the
organization with bureaucracy
Policies must be compatible, enforceable, measureable<Add others
according to what we know about the customer>
© 2008 Everware-CBDI Inc
Customer Resources Required
Participation of those responsible for the SOA Governance
Framework
Participation of business experts and technical experts (enterprise
architects, application experts, business analysts, operations), who
will contribute their knowledge and insight to the identification of:
Current Business and IT Governance Frameworks and Policies
Current IT and SOA Outcome Plans and Objectives
Current Governance enforcement capabilities
© 2008 Everware-CBDI Inc
Preparatory Work
Customer
Ensure availability of key resources for the duration of the
workshop(s)
Ensure a suitable environment, facilities and working conditions for
the duration of the workshop(s)
Provide background information for Everware-CBDI
Everware-CBDI
Review background documents as provided by the customer
Provide a project overview, workshop outline(s) and draft agenda(s)
© 2008 Everware-CBDI Inc
Why Everware-CBDI ?
Independent specialist SOA
methodology firm
Merger of established
UK and US companies in 2006
27,000+ subscribing architects
worldwide
Enabling structured, enterprise levelSOA
Facilitating SOA standards
Defined, documented SOA methodology
Widely used best practices, referencearchitecture, repeatable processes
SOA Solution Business including
Education, Consulting, Knowledge
products
www.cbdiforum.com
www.everware-cbdi.com
© 2008 Everware-CBDI Inc
Everware-CBDI - World Wide Reputation
Over 12 years of experience in applying Service Oriented concepts, methodology, and best
practices have established the Everware-CBDI as a leader in SOA adoption.
Partial list of credentials and achievements:
CBDI Forum Portal - 27,000+ member architects worldwide
Keynote Speakers on SOA on recent industry conferences including Microsoft Architect’s Councils
(US, Europe), IBM Architect’s Councils, SAP User Group, Open Group, IDG SOA Europe, and
many more
SOA Metamodel Submission to OMG
Active membership of the OMG UPMS Joint Submission team
IAC EA-SIG/Services Committee Chair
OMG GovDTF Co-Chair
Publications:
CBDI Journal - over 100 Editions published
White Papers (e.g., CIO Council, IAC, Lead Role in Practical Federal Guide for SOA)
Books (e.g., Service Orientation, Information Modeling)
http://www.cbdiforum.com/feedback.php3
+353 (0)28 38073 (Ireland)
703-246-0000 or 888-383-7927 (USA)