1 / 19

Closed Loop Governance

Closed Loop Governance. The State of the Art for SOA Infrastructure. SOA Defined. WikipediaIII defines SOA as follows:

amora
Télécharger la présentation

Closed Loop Governance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Closed Loop Governance The State of the Art for SOA Infrastructure

  2. SOA Defined WikipediaIII defines SOA as follows: In computing, the term Service-Oriented Architecture (SOA [pronounced "es-ō-ā"]) expresses a perspective of software architecture that defines the use of services to support the requirements of software users. In an SOA environment, resources on a network[1] are made available as independent services that can be accessed without knowledge of their underlying platform implementation[1] Service Oriented Architecture was first proposed by Gartner analysts Roy W. Schulte and Yefim V. Natis. They specified SOA as "a style of multitier computing that helps organizations share logic and data among multiple applications and usage modes." [2] SOA is usually based on Web services standards (e.g., using SOAP or REST) that have gained broad industry acceptance. These standards (also referred to as Web service specifications) also provide greater interoperability and some protection from lock-in to proprietary vendor software. However, one can implement SOA using any service-based technology.

  3. SOA Goals • Reduce cost through reuse • Build applications faster • Use existing business logic rather than rewriting each time • Minimize cost of maintenance and upgrade by allowing incremental updates • Increase agility to better align IT and the Business • Allow rapid change through business process management and composition tools • Allow incremental updates to enterprise applications • Minimize change cycles with business granular interfaces • Reduce the risk, fragility and complexity of integration by improving interoperability through standards • Reduce investment in and risk of brittle proprietary integration techniques and technologies • Reduce frequency of data error caused by duplication

  4. SOA Challenges • End-to-end security - trust and protect the privacy of message senders, receivers, and content • Identify, manage, and repair exceptions as they occur • Reliability and performance of a distributed set of services and consumers • Interoperability between different platforms and technologies • Decoupling of services and consumers • Measure and prove the business value of SOA to offset cost concerns • Control of (govern) the proliferation of duplicate or otherwise unnecessary services • Facilitate the identification of appropriate services by potential users to reduce initial development cost • Manage the lifecycle of services to minimize the cost and risk of ongoing maintenance and change • Simplify the actual USE of appropriate services (decoupling location, transport, policy, standards, messaging styles)

  5. The SOA Platform

  6. Step 1 - Create/Expose Services • SOA requires services • SOAP, REST, RSS, Atom, POX • New development • Java, .NET, Ajax, etc • Legacy services • CICS, IMS, etc • Packaged apps • Oracle, SAP, Microsoft • Integration • EAI, EII, ESB • Business Process • BPM, BI • Partners • EDI • Service Granularity is key

  7. Step 2 - Register Services • Build a catalog of services • Make it easy for potential users to find services • Control (govern) the proliferation of services • Provide for dynamic discovery of service location and other metadata • It is hard to separate the role of registry and repository from SOA governance

  8. Step 3 - Secure Services • Ensure the security of services • Authentication • SAML • Kerberos • X.509 • Basic Auth • https • Authorization • Privacy (XML-Encryption) • Non-repudiation (XML-Signature) • Audit • Ensure that consumers can comply with required security policies

  9. Step 4 - Manage Services • Ensure the performance and reliablity of services • Monitoring • Real-time charts • SLA • Routing • Content • Itinerary • SLA • Identity • Alert and Exception Management • Root cause analysts

  10. Step 5 – Virtualize/Mediate Services • Virtualize services • Policy variance • Composite services • HA/LB • Versioning • Mediation • Transport (e.g. http to JMS) • Message pattern (e.g. REST to SOAP, SOAP to POX, etc) • Synchronicity model (e.g. async to sync) • Reliability (e.g. WS-RM to MQ) • Standards (e.g. WS-S to WS-S) • Token (e.g. MS Kerberos to SAML) • Version

  11. Step 6 – SOA Governance • Governance is about “encouraging desired behavior” • Measure and prove the business value of SOA to offset cost concerns • Control of (govern) the proliferation of duplicate or otherwise unnecessary services • Facilitate the identification of appropriate services by potential users to reduce initial development cost • Manage the lifecycle of services to minimize the cost and risk of ongoing maintenance and change • Simplify the actual USE of appropriate services (decoupling location, transport, policy, standards, messaging styles)

  12. Step 7 – Integrate Services (ESB) • ESB is an integration centric service container • ESB consists of • Messaging middleware • Service Orchestration • Adapters • Most companies will have multiple ESBs • Microsoft • SAP • Oracle • IBM • BEA • The ESBs provide service containers and consumers that need to participate in an enterprise SOA Infrastructure

  13. Comprehensive SOA Infrastructure • SOA Infrastructure provides core infrastructure services to the SOA and XML applications and messaging layer • Service providers, consumers, enterprise service bus platforms along with other service proxies, leverage these infrastructure services either directly, or via delegates and agents • Infrastructure services include: • Management Application • Implements management standards like WS-DM to provide central performance and health monitoring and reporting capabilities • Security Service • Implements standards like WS-Trust and XACML as well as common PKI features • Registry • UDDI services for core service discovery • Metadata Repository • Serves policies, WSDLs, Schema, virtual service definitions and many other key meta-data items

  14. SOA Infrastructure Solutions • SOA Infrastructure includes Governance, Management and Security linked together through SOA Policy Management • Governance offers no value without a runtime solution to enforce policies and feed back metrics and compliance data • Runtime solutions (security and management) offer minimal value without central policy control and value-added service governance capabilities

  15. SOA Governance Concepts • Governance is about encouraging desired behavior • Stick – policy enforcement • Carrot – tools and capabilities • Stick • Enforce lifecycle policies • Approval workflows • Measurement and monitoring • Carrot • Collaboration • Social networking for SOA • Demand side provisioning (avoid empty registry syndrome by providing a mechanism for capturing requirements early in the process)

  16. Early Lifecycle Governance Capabilities • Demand-side provisioning • Consumers specify service and policy definitions to meet their needs • Development organization evaluate the merit of consumer submissions and bid to create appropriate services • Allows IT to respond quickly to changing business requirements • Contextual collaboration • Discussion and message forums in the context of managed assets (services, policies, contracts, schema, etc) • Make it easy for users to get answers to any questions they may have about the assets and processes • Enable early stage governance of the SDLC without onerous process controls overwhelming the participants • Active contracts • Define and manage the relationship between consumer and provider • Negotiation workflow • SLA • Policy • Service Definition • SDLC Integrated • Runtime enforcement, monitoring and reporting • Mediation

  17. Closed-loop vs Broken-loop • Integrated (closed-loop) solutions are best-of-breed • There are no examples of integrated standalone solutions in production • Closed-loop governance is the state of the art in large enterprises like Pfizer, Citigroup, Merrill Lynch, Verizon, Ingram Micro and others

  18. Vendor Solutions

  19. www.soa.com

More Related