190 likes | 204 Vues
Explore the state-of-the-art in SOA governance, uncover challenges in implementing SOA, and learn key steps to manage and optimize your service-oriented architecture effectively.
E N D
Closed Loop Governance The State of the Art for SOA Infrastructure
SOA Defined WikipediaIII defines SOA as follows: In computing, the term Service-Oriented Architecture (SOA [pronounced "es-ō-ā"]) expresses a perspective of software architecture that defines the use of services to support the requirements of software users. In an SOA environment, resources on a network[1] are made available as independent services that can be accessed without knowledge of their underlying platform implementation[1] Service Oriented Architecture was first proposed by Gartner analysts Roy W. Schulte and Yefim V. Natis. They specified SOA as "a style of multitier computing that helps organizations share logic and data among multiple applications and usage modes." [2] SOA is usually based on Web services standards (e.g., using SOAP or REST) that have gained broad industry acceptance. These standards (also referred to as Web service specifications) also provide greater interoperability and some protection from lock-in to proprietary vendor software. However, one can implement SOA using any service-based technology.
SOA Goals • Reduce cost through reuse • Build applications faster • Use existing business logic rather than rewriting each time • Minimize cost of maintenance and upgrade by allowing incremental updates • Increase agility to better align IT and the Business • Allow rapid change through business process management and composition tools • Allow incremental updates to enterprise applications • Minimize change cycles with business granular interfaces • Reduce the risk, fragility and complexity of integration by improving interoperability through standards • Reduce investment in and risk of brittle proprietary integration techniques and technologies • Reduce frequency of data error caused by duplication
SOA Challenges • End-to-end security - trust and protect the privacy of message senders, receivers, and content • Identify, manage, and repair exceptions as they occur • Reliability and performance of a distributed set of services and consumers • Interoperability between different platforms and technologies • Decoupling of services and consumers • Measure and prove the business value of SOA to offset cost concerns • Control of (govern) the proliferation of duplicate or otherwise unnecessary services • Facilitate the identification of appropriate services by potential users to reduce initial development cost • Manage the lifecycle of services to minimize the cost and risk of ongoing maintenance and change • Simplify the actual USE of appropriate services (decoupling location, transport, policy, standards, messaging styles)
Step 1 - Create/Expose Services • SOA requires services • SOAP, REST, RSS, Atom, POX • New development • Java, .NET, Ajax, etc • Legacy services • CICS, IMS, etc • Packaged apps • Oracle, SAP, Microsoft • Integration • EAI, EII, ESB • Business Process • BPM, BI • Partners • EDI • Service Granularity is key
Step 2 - Register Services • Build a catalog of services • Make it easy for potential users to find services • Control (govern) the proliferation of services • Provide for dynamic discovery of service location and other metadata • It is hard to separate the role of registry and repository from SOA governance
Step 3 - Secure Services • Ensure the security of services • Authentication • SAML • Kerberos • X.509 • Basic Auth • https • Authorization • Privacy (XML-Encryption) • Non-repudiation (XML-Signature) • Audit • Ensure that consumers can comply with required security policies
Step 4 - Manage Services • Ensure the performance and reliablity of services • Monitoring • Real-time charts • SLA • Routing • Content • Itinerary • SLA • Identity • Alert and Exception Management • Root cause analysts
Step 5 – Virtualize/Mediate Services • Virtualize services • Policy variance • Composite services • HA/LB • Versioning • Mediation • Transport (e.g. http to JMS) • Message pattern (e.g. REST to SOAP, SOAP to POX, etc) • Synchronicity model (e.g. async to sync) • Reliability (e.g. WS-RM to MQ) • Standards (e.g. WS-S to WS-S) • Token (e.g. MS Kerberos to SAML) • Version
Step 6 – SOA Governance • Governance is about “encouraging desired behavior” • Measure and prove the business value of SOA to offset cost concerns • Control of (govern) the proliferation of duplicate or otherwise unnecessary services • Facilitate the identification of appropriate services by potential users to reduce initial development cost • Manage the lifecycle of services to minimize the cost and risk of ongoing maintenance and change • Simplify the actual USE of appropriate services (decoupling location, transport, policy, standards, messaging styles)
Step 7 – Integrate Services (ESB) • ESB is an integration centric service container • ESB consists of • Messaging middleware • Service Orchestration • Adapters • Most companies will have multiple ESBs • Microsoft • SAP • Oracle • IBM • BEA • The ESBs provide service containers and consumers that need to participate in an enterprise SOA Infrastructure
Comprehensive SOA Infrastructure • SOA Infrastructure provides core infrastructure services to the SOA and XML applications and messaging layer • Service providers, consumers, enterprise service bus platforms along with other service proxies, leverage these infrastructure services either directly, or via delegates and agents • Infrastructure services include: • Management Application • Implements management standards like WS-DM to provide central performance and health monitoring and reporting capabilities • Security Service • Implements standards like WS-Trust and XACML as well as common PKI features • Registry • UDDI services for core service discovery • Metadata Repository • Serves policies, WSDLs, Schema, virtual service definitions and many other key meta-data items
SOA Infrastructure Solutions • SOA Infrastructure includes Governance, Management and Security linked together through SOA Policy Management • Governance offers no value without a runtime solution to enforce policies and feed back metrics and compliance data • Runtime solutions (security and management) offer minimal value without central policy control and value-added service governance capabilities
SOA Governance Concepts • Governance is about encouraging desired behavior • Stick – policy enforcement • Carrot – tools and capabilities • Stick • Enforce lifecycle policies • Approval workflows • Measurement and monitoring • Carrot • Collaboration • Social networking for SOA • Demand side provisioning (avoid empty registry syndrome by providing a mechanism for capturing requirements early in the process)
Early Lifecycle Governance Capabilities • Demand-side provisioning • Consumers specify service and policy definitions to meet their needs • Development organization evaluate the merit of consumer submissions and bid to create appropriate services • Allows IT to respond quickly to changing business requirements • Contextual collaboration • Discussion and message forums in the context of managed assets (services, policies, contracts, schema, etc) • Make it easy for users to get answers to any questions they may have about the assets and processes • Enable early stage governance of the SDLC without onerous process controls overwhelming the participants • Active contracts • Define and manage the relationship between consumer and provider • Negotiation workflow • SLA • Policy • Service Definition • SDLC Integrated • Runtime enforcement, monitoring and reporting • Mediation
Closed-loop vs Broken-loop • Integrated (closed-loop) solutions are best-of-breed • There are no examples of integrated standalone solutions in production • Closed-loop governance is the state of the art in large enterprises like Pfizer, Citigroup, Merrill Lynch, Verizon, Ingram Micro and others