1

10 Steps to Simplify SOA Governance

February 29, 2012

2

Agenda

Introduction SOA Governance Overview Ten Steps to Simplify SOA Governance

1. Align SOA projects with business goals2. Develop a collaborative organization for SOA

governance3. Define organizational roles and responsibilities4. Establish the SOA lifecycle process and policies5. Adjust your software development lifecycle for SOA6. Define SOA foundational standards7. Define run-time processes8. Determine the role of technology in your governance

processes9. Establish SOA measurements and monitoring

techniques10. Evolve and improve SOA governance over time

Steps are non-linear

Eric RochChief Technologist

3

About Perficient

Perficient is a leading information technology consulting firm serving clients

throughout North America.

We help clients implement business-driven technology solutions that integrate

business processes, improve worker productivity, increase customer loyalty and

create a more agile enterprise to better respond to new business opportunities.

4

Perficient Profile

Founded in 1997

Public, NASDAQ: PRFT

2010 Revenue of $215 million

Major market locations throughout North America— Atlanta, Austin, Charlotte, Chicago, Cincinnati, Cleveland,

Columbus, Dallas, Denver, Detroit, Fairfax, Houston, Indianapolis, Los Angeles, Minneapolis, New Orleans, Northern California, Philadelphia, San Francisco, San Jose, Southern California,St. Louis and Toronto

Global delivery centers in China, Europe and India

1,700+ colleagues

Dedicated solution practices

85% repeat business rate

Alliance partnerships with major technology vendors

Multiple vendor/industry technology and growth awards

5

Perficient brings deep solutions expertise and offers a complete set of flexible services to help clients implement business-driven IT solutions

Our Solutions Expertise & Services

Business-Driven SolutionsEnterprise PortalsSOA and Business Process MgmtBusiness IntelligenceUser-Centered Custom Applications Interactive DesignCRM SolutionsEnterprise Performance ManagementCustomer Self-ServiceeCommerce & Product Information

ManagementEnterprise Content ManagementManagement Consulting Industry-Specific SolutionsMobile TechnologySecurity Assessments

Perficient Services End-to-End Solution Delivery IT Strategic Consulting IT Architecture Planning Business Process & Workflow

Consulting Usability and UI Consulting Custom Application Development Offshore Development Package Selection, Implementation

and Integration Architecture & Application Migrations Education Interactive Design

6

IT Governance

Asset and Portfolio Management Business Technology Optimization Performance and Service Management Security and Access Control Enterprise Architecture Project lifecycle management

IT already practices governance such as quality control, change management and service level agreements.

7

IT Governance Frameworks

The IT Infrastructure Library (ITIL) is a detailed framework with hands-on information on how to achieve a successful governance of IT, developed and maintained by the United Kingdom's Office of Government Commerce, in partnership with the IT Service Management Forum.

Control Objectives for Information and related Technology (COBIT) is another approach to standardize good information technology security and control practices. This is done by providing tools to assess and measure the performance of 34 IT processes of an organization. The ITGI (IT Governance Institute) is responsible for COBIT

The ISO/IEC 27001 (ISO 27001) is a set of best practices for organizations to follow to implement and maintain a security program. It started out as British Standard 7799 ([BS7799]), which was published in the United Kingdom and became a well known standard in the industry that was used to provide guidance to organizations in the practice of information security.

The Information Security Management Maturity Model ISM3 is a process based ISM maturity model for security.

AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology

We have a wealth of knowledge and processes to leverage for SOA.

8

What is SOA governance?Because services are intrinsically distributed and reusable

they introduce new governance challenges

SOA governance is an extension of IT governance that focuses on:

– lifecycle of services and composite applications – the decision rights for the development, deployment

and management of new services– monitoring and reporting processes for capturing and

communicating SOA results and process improvement

SOA governance mission: To create policies, principles, standards, procedures and processes that will realize the full business benefit of service orientation

Perficient’s SOA governance design goals:– Keep the process and deliverables lightweight – To manage change, build consensus and roll out

governance processes iteratively shifting software-engineering culture over time

– Mature SOA governance over time through measurements and process improvement

Keep the process and deliverables lightweight, easy to follow and add value.

9

SOA Governance Framework

Managing the portfolio of services: planning development of new services and updating current services

Managing the service lifecycle: meant to ensure that updates of services do not disturb current service consumers

Using policies to restrict behavior: rules can be created that all services need to apply to, to ensure consistency of services

Establish performance monitoring of services: because of service composition, the consequences of service downtime or underperformance can be severe.

Create, communicate and enforce governance policies

10

SOA Governance Lifecycle

Governance is the combination of people, policies, and processes that an organization leverages to achieve desired behaviors

SOA governance is about achieving the desired behavior associated with SOA adoption 

Project governance - the behaviors span the normal software development efforts

Run-time governance - the interaction between service consumers and service providers in production environments

Pre-project governance - processes associated with the proposal, approval, and funding of projects

During each of these efforts, people, policies, and processes must be established and leveraged to ensure that the changes to the culture are successful

Source: SOA Governance by Todd Biske (book)

11

Governance Process and Artifacts

Policies and Decision Rights – Set of guidebooks to address SOA Governance

Strategy and roadmap – Core Services – Roadmap: Projects and timeline – People and process impact – Technology enablement

Organization– SOA Steering Committee and Competency Center – Create, approve, communicate and enforce the governance

framework – Interrelationships and dependences – SOA measurement criteria and process

SOA Architecture – Documented standards – Design review process and checklists

SOA Lifecycle – Design to deploy methodology – Deliverable templates, checklists and samples – Release management

SOA Operations – Policy based monitoring and management– Security policies– Build and deploy standards and process– Administration documentation and processes

Governance should flow smoothly within a lifecycle with everyone working together.

12

Quick Start Rulebook™ Methodology

Develops SOA strategy and roadmapEstablishes the SOA competency

center organizational and maturity model

Define governance model for design, asset management and operations

Develops SOA reference architectureAddresses SOA project orientated

methodologyEstablishes the operations and quality

assurance strategy processes and procedures

Supported by design patterns and reusable components

Codify common design patterns – e.g. the Exception Handler

Optimize the operational environment

13

Step 1: Business Alignment

A top-down view of business services by domain identifies core services

Project alignment simplifies funding ensures ROI

Start a SOA program in the context of projects in the portfolio

Identify projects that will benefit from SOA: – Integration – Process automation and improvement – Information access – Multi-channel – APIs

14

Business Alignment Case Study

Six iterations delivered through the end of 2012

Automates sales role in the overall order process

Features: Visibility to product availability, automated cost estimates, collaborative (with customer) proposal process, capture of information to eliminate downstream duplicate data entry and facilitate process hand-offs

Key benefits: Process improvement and automation results in time savings for sales leads to increased sales

Cost estimate: $$$$

Portal

BPM

ESB

Data Services

Oracle

Data Services and Entities CRM

Adapter

OrderStaging

Legacy

Sales Order Initiation

Sa

les

Clie

nt

Se

rvic

esC

usto

mer

Category Availability

New Proposal

EPublish Category

Available Event

Transform XML

Table

Availablity

Table

Exceptions

Table

Costs

Availability Event & R/R

CostEstimate

Table

Contract

Sales: Availability QueryAvailability Notification

StartClient

Package

ReviewProposal

CreateOrder

Approved

Disapproved

Proposal

To Client Package Approval

JDBC

Order Topic

Sales: Proposal Entry and Status

Sales: Query Cost and View Reports

Publish Order

Events

Customers: Review, Mark-upApprove Proposals

Client Services: Notify and Start Client Package

AvailabilityTime Out

Map to Native Invoke Services

PackageCost

Reports

Format Cost Data

Mgt Dashboard KPI: Proposal Task Flow, Timing and Status, Deal Volume

and Forecast. Dollars Approved

Notifications

DW

15

Business Alignment Case Study

16

Step 2: Organizational Structure

Develop a formal organization for the SOA discipline

Build processes, best practices & internal competencies to best utilize resources

Architect and advise SOA project activities Standardization of architecture and product

roles Provide a governance role for reusable

services Coordinate with PMO to manage the SOA

project lifecycle (process and deliverables) Through process, standards and governance

create continuous and measurable improvements

Accomplish enterprise wide integration through iterations based on reusable artifacts

Evangelize SOA within the IT organization

17

CMDBCMDB

Governance People, Process, Technology

PlanPlanLifecy

cle R

ole

s Discip

lines T

ools

Lifecy

cle R

ole

s Discip

lines T

ools

PortfolioManagement

PortfolioManagement

Visual ModelingVisual

Modeling

RepositoryRepository RegistryRegistryProjects& AssetsProjects& Assets

VersionedSource

VersionedSource

BusinessProcesses& Rules

BusinessProcesses& Rules

BPMMetrics

& History

BPMMetrics

& History

ESBESB BPMBPM SourceControlSourceControl

SOA Management

SOA Management

PolicyAuditSLA

PolicyAuditSLA

XSDAuthoring

XSDAuthoring

App ServerApp Server

RegistryRegistry

Release ManagementRelease Management

Lifecycle ManagementLifecycle Management

Policy ManagementPolicy ManagementSOA Contract ManagementSOA Contract Management

Portfolio MgtPortfolio Mgt

Support & InfrastructureSupport & Infrastructure

SOASteering

Committee

SOASteering

Committee

Competency Center

Competency Center

EnterpriseArchitectureEnterprise

Architecture

BusinessLeaders

BusinessLeaders Application

DevelopmentApplication

Development

QualityAssurance

QualityAssurance

Administration & Operations

Administration & Operations

SpecifySpecify ProvisionProvision OrchestrateOrchestrate TestTest DeployDeploy RunRun

ITSteering

Committee

ITSteering

Committee

TestToolsTestTools

18

Organization Case Study

Structure Standards Responsibilities EscalationsProcess Coordination Collaboration Change management Consensus

Long-term manage SOA infrastructure

Work with SOA CC for capacity planning and SLAs

Build business services with SOA CC

Domain/Data subject matters experts

Consult with development to build business services

Support – Monitor Business Services Infrastructure

Liaison business services and technical deployment

Manage infrastructure until formal turnover

19

Organization Case Study

Long-term manage SOA infrastructure

Work with ICC for capacity planning and SLAs

Systems Development

TeamsICC

Systems Administration

Applications R C

Subsystems R C

Business Services R C

Application Service & Adapters R A

Orchestration C R

Common Components I R

Metadata I R

Logical Bus I R

Broker A R

BPM Engine A R

Physical Bus A R

SOA Infrastructure A R

Capacity Planning A R

Service Level Agreements A R

Platforms C R

OS C R

RDBMS C R

Networks C R

Build business services with ICC

Domain/Data subject matters experts

Consult with development to build business services

Support – Monitor Business Services Infrastructure

Liaison business services and technical deployment

Manage infrastructure until formal turnover

Legend – R Responsible, A Approve, C Consulted, I Informed

20

Step 4: SOA Lifecycle Process and Policies

Reference: SOA for Profit

21

Lifecycle Case Study – Trouble Spots

22

What’s in the SDLC to build services?

Contracts are packages of structured and unstructured assets -interfaces, conditional elements, and documentation

Operations available, along with the associated abstract payload definition (both inbound and outbound)

List of potential exception conditions

Functional semantics such as pre- and post-conditions

Business semantics and invariants related to the service

Synchronous or asynchronous access, and other message exchange patterns

Security requirements, including supported credentials, encryption,and signatures

Other important contextual information such as Quality of Service (QoS) that describes performance and availability metrics

23

Step 5: SDLC Adjustments

Add a very simple SOA deliverable templates early and gates to trigger the SOA lifecycle* Note: The Feasibility Phase Project Architecture has a section for conceptual architecture

Service Requirements

Business ServicesIn Feasibility Architecture*

Service Certification

24

Step 5: SDLC Adjustments

Add a very simple SOA deliverables to the Agile approach

Business ServiceSolution ArchitectureService Design Test Cases

25

Step 6: SOA Standards

Architecture Guide – SOA product roles within the organization – Service Decomposition and Design – SOA Design Patterns – SOA Registry Repository – Utility services – e.g. auditing, error

handling, transaction monitoring – Non-functional requirements and strategy to

meet requirements – Security standards – WSDL, XML and REST standards

Developers Guide – Environment setup – Product usage guidelines – Guidelines for reuse – Common schema usage guidelines – Naming standards – Pattern implementation – QA strategy and tools – Version management strategy

Systems Administration Guide – Build documents – Monitoring and management – Environment management – change control

and migration – Directory structure and security

Services are certified to meet standards

26

Case Study: SOA Standards

JAD Sessions Customize Guidebook Content

Pilot Verifies Guidebooks

Pilot Introduces Methodology

27

Run-Time Management

The distributed, cross-boundary nature of services and access to them presents new performance, availability and security risks that need to be managed

The rapid deployment and loose coupling of services along with their virtualized application flows present new complexities in key processes

The need to effectively handle the performance and prioritization of virtualized services while efficiently utilizing available resources

28

SOA Infrastructure and Management

Network Components Configuration: Load balancing, Firewalls, Routers– Impact of messaging – Configurations for application servers, messaging, ESBs, BPM

Virtualization of SOA Components – Virtualized provisioning for fault-tolerance and capacity

Monitoring and Management – SOA management integrated with enterprise management – Exception management and auditing as a service – Scripted ping and alert, shut down and restart

Application servers setup, capacity planning and tuning – Platform for most Portals, ESBs, and BPM software suites – Configuration for load-balancing, fault tolerance, tuning and capacity

SOA Software Suites configuration and automation

– Standardized environments with scripted build and deploy – Scripted monitoring and management – Documented administration and operations guides

Everything has to work together!

29

SOA Run-time Governance and ITIL

The Information Technology Infrastructure Library (ITIL) is a set of concepts and policies for managing information technology (IT) infrastructure, development and operations.. ITIL gives a detailed description of a number of important IT practices with comprehensive checklists, tasks and procedures that can be tailored to support SOA concepts and artifacts.

Service Support – Service Desk / Service Request Management– Incident Management– Software Asset Management– Problem Management– Configuration Management– Change and Release Management

Service Delivery – Service Level Management – Capacity Management – Availability Management– Financial Management for IT Services

Service Level Management– Capacity Management– IT Service Continuity Management– Availability Management– Financial Management for IT Services

ICT (Information and Communication Technology) Infrastructure Management – ICT Design and Planning– ICT Deployment Management – ICT Operations Management– ICT Technical Support

30

Step 6: Run Time

Involve operations early in a SOA program – organizational structure

Monitoring and Management are SOA standards

Properly plan for infrastructure cost, time, deliverables and dependences as part of the SOA roadmap and project plans

Put the vendor on the hook to support the sizing, architecture, configuration and performance of the infrastructure

Dedicate and train an administrator to the SOA infrastructure early in the project to work with the vendor though the installation, configuration and testing

Do a capacity test on the production environment before deployment and maintain a capacity baseline

Include deployment and the testing of deployments as part of the process and deliverables

Track your systems dependencies and include them in an operations guide as part of project transition

31

Step 8: Governance Technology

The registry repository supports SOA lifecycle development and run-time management

Evaluation of the registry repository should be on the SOA roadmap

The SOA lifecycle management should fit into your SDLC

The SOA run-time management should fit into your architecture standards

32

SOA Governance Case Study

Activities – Requirements for governance - steps, policies, metadata – Map metadata and SOA design deliverable templates

requirements to registry taxonomy– Customization of the SOA design templates – Definition of Policy Manager and Policy Agents – Configuration of the registry - set up of taxonomy and service

entries (for PoC) – To be tested with PoC project lifecycle

Deliverables – SOA design templates for Registry and Policy Manager– Defined and configured Registry and Policy Manager entries (Per

POC needs)

33

Step 9: Measurements and Monitoring

COE Services – Architecture effectiveness

• Time required for process change, service reuse, metadata (reuse, coverage, quality, depth)

– Service Reuse– Resource demand – Deprecated interfaces – Service Level Agreements (SLA) – Software quality

Finance – ROI for the SOA/integration

software – Project cost savings

Source: SOA Governance by Todd Biske (book)

34

Case Study – Measures / Maturity Models

35

Step 10: Evolve Over Time

Program ManagementTechnical ArchitectureBusiness ArchitectureImplementationQuality AssuranceOperationsSupport

Program ManagementTechnical ArchitectureBusiness ArchitectureImplementationQuality AssuranceOperationsSupport

A SOA Program Requires Activities and Deliverables in the following categories:

36

Case Study – SOA Program Iterations

1.1

Business Service

Specification

Analysis

Ready for Design

Activity Deliverable Milestone

Ready for Testing

Program Foundation

Pilot (GetProvider)Ready for

Deployment

Business Process Model

Non-Functional

Requirements

Design

Architecture Design

(Service)

DetailDesign

Construction Test Implementation

Technical Architecture

Program Management Operations

Future State Architecture

Standards Templates Support Process

Processes

Communications

Architecture

Audit, Logging, & Exception

Handling

Security Standards

Design Patterns

Design Operations

Repository

SLA

QA

Service Testing Strategy

Operations

SLA

Program Management

SLA

Prototype

1.2 1.3

DataVirtualization

37

SOA is an incremental journey

A Path to SOA Maturity

38

Perficient SOA Health Check

Engagement Structure– Get SOA projects on target with actionable and prioritized recommendations – 2 Perficient Consultants for 1 week– Fluid engagement pre-planned and coordinated with the client

Facilitated sessions– Document as-is architecture and make best practices recommendations– Review…

• IT strategy for SOA including completed projects to date• Organization and governance • Solution architecture and design• Enterprise and reference architecture • Service monitoring, auditing, and exception handling practices• Current staffing roles to support SOA • Existing service level agreements and escalation procedures• Testing and quality assurance • Current change control process

Key deliverables– Findings Presentation– Recommendations Document

• Findings, Best Practices, Recommendations, Priorities