04 service oriented architecture series - soa management
TRANSCRIPT
![Page 1: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/1.jpg)
SOA ManagementPouria Ghatrenabi
Based on IBM SOA Certificate Learning Objectives
![Page 2: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/2.jpg)
Learning Objectives• Explain the need for SOA governance. (compass ch4)• Describe SOA governance and related concepts (roles and responsibilities,
funding models, policies, enforcement, critical success factors, and metrics.)• Describe Quality of Service (QoS) issues pertinent to SOA.• Explain the need for a distributed security model (including issues like
identify provisioning and propagation.)• Identify the impact of changes to services in the SOA lifecycle (change
management, versioning, and service lifecycle.)• Identify the role of an enterprise service bus (ESB) in SOA management and
governance.
![Page 3: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/3.jpg)
Need for SOA Governance
![Page 4: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/4.jpg)
Need for SOA Governance• SOA governance is what enables diverse business unit and IT
stakeholders to ensure that the SOA is truly cross-enterprise.
• According to analysts, SOA governance is more critical to SOA success than is SOA technology.
• The goal of the iterative, four-phase SOA governance process is to refine and enhance governance effectiveness and optimize business value for the SOA initiative
Ref: McBride, (2007)
![Page 5: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/5.jpg)
Core Objectives or Challenges of Governance• Establish decision rights.• Define high value business services.• Manage the life cycle of your assets.• Measure effectiveness.
Ref: Buecker et al. (2008), p 419
![Page 6: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/6.jpg)
Central vs. Distributed GovernanceCentral Governance• Optimized for the enterprise. The governance council has
representation from each business domain. The council reviews addition or removal of services, changes, etc.
Distributed Governance• Optimized for the distributed teams. Each business unit has control over
how it provides the services within its own organization. This requires a functional service domain approach. A central committee can provide guidelines.
Ref: Bieberstein et al. (2006), p70
![Page 7: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/7.jpg)
SOA Governance Concepts
![Page 8: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/8.jpg)
SOA Governance Framework
Ref: McBride, (2007)
![Page 9: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/9.jpg)
Plan• Stakeholders collaborate to establish and commit to the need for SOA
governance and its overall scope• Project scope, ownership, and funding are planned• Perhaps a center of excellence to oversee the SOA project is established• In subsequent iterations, planning will identify areas where SOA
governance can be improved or new areas where it should be implemented
Define• Business and IT stakeholders collaborate to define new governance policies
and processes• Organizations delineate additional SOA capabilities, agree on policies for
service reuse across lines of business, establish processes to guarantee service levels, etc.
Ref: McBride, (2007)
![Page 10: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/10.jpg)
Enable• Policies defined in the previous phase are rolled out to the various
stakeholders across the enterprise• Policies are communicated to the decision-making community
Measure• Governance policies and processes (e.g., SLAs, reuse levels, or
change policies) are established• Policies are evaluated against success/effectiveness criteria
(established in the Define phase)• A new iteration of SOA governance activities is initiated on the
basis of those discussions
Ref: McBride, (2007)
![Page 11: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/11.jpg)
Ref: Keen (2007) , p16
![Page 12: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/12.jpg)
Ref: Keen (2007) , p17
![Page 13: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/13.jpg)
SOA Governance vs. SOA Service Lifecycle Management
Model validate against Plan• Architects collaborate to review the current SOA governance plan and
use it as a basis for modeling the SOA implementation.
Assemble validate against Definition• Developers assemble the reusable service assets that the architects
have modeled, to create service-oriented applications that automate and integrate business processes.
Deploy validate against Enablement• Testing and Release Management functions deploy the services.
Manage validate against Measurement• Whereby Operations manages the services in production.
Ref: McBride, (2007)
![Page 14: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/14.jpg)
Governance DefinitionsIBM defines governance as the establishment of the following
Ref: Keen (2007)
Chains of Responsibility• The establishment and assignment of decision rights. • Roles are defined, and associated with those roles are responsibilities.• Chains of responsibility signifies the assignment of accountability.
Measurement• How to measure the effectiveness of the governance that is put in place. • What key performance metrics need to be defined? • What KPIs need to contribute to the initial goal?
![Page 15: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/15.jpg)
Governance Definitions (Continued…)
Ref: Keen (2007)
Policies• Are used to prescribe management direction• To guide to meet business objectives• To demonstrate management commitment• To clearly define responsibilities of a particular party
Control Mechanisms• Instruments to make sure that everyone is doing what they are supposed to• Ensure compliance with the policies• Operate by assuring compliance at various compliance checkpoints
Communication• The glue of governance. The parties must be informed to enable compliant behavior
![Page 16: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/16.jpg)
Levels of Governance
Ref: Keen (2007)
![Page 17: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/17.jpg)
SOA Governance Concerns
Service Registration Service Versioning Service Ownership Service Funding Service Monitoring
Service Auditing Service Diagnostics Service Identification Service Modeling Service Publishing
Service Discovery Service Development
Service Consumption Service Provisioning Access to Services
Deployment of Services and Composite
Applications
Security for Services
Ref: Keen (2007)
![Page 18: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/18.jpg)
SOA Initiative Roles and Responsibilities
• Responsible for analyzing the goals and needs from a business perspective
• Work with the business and the IT Architect to ensure the proper translation of business requirements to IT solution requirements
Business Analyst/Architect
• The capabilities are comprised of three roles (next Slide)• They collectively contribute the current and future realization of
best practices, governance processes, and the operational environment
SOA Governance Architects
• Responsible for understanding capabilities in business, operations, and technology and assessing the impact of changes to the organization.
Organizational Change Manager
Ref: Keen (2007), Ch2
![Page 19: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/19.jpg)
Services, Connectivity Through ESB and BSRR
Ref: Carter (2007), Ch 5
![Page 20: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/20.jpg)
SOA Governance Architects Roles• Responsible for identifying services• Define reference architectures & create component models• Responsible for performance, availability, and scalability of the applications• maintains the functional interface to the application infrastructure• Perform evaluation & selection of the packages, software, & hardware
components of the architecture
SOA Initiative Architect
• Responsible for the integrity of all process and procedure definitions and documentationProcess Architect
• Responsible for the design of the physical (or operational) aspect of a total system, line of business, or technology domain
• Concerned with designing the architecture to reach desired system qualities, including performance, scalability, availability, security, and maintainability
Infrastructure Architect
Ref: Keen (2007), Ch2
![Page 21: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/21.jpg)
Empowerment and Funding• Underfunding can lead to small-scale implementation Web services rather
than a move toward the benefits of a true SOA.
• Successful SOA project needs strong support of senior executives, identified funding, and proper empowerment of governance body.
• Organization should avoid a weak governance body that has a more consultative role and cannot enforce its recommendations.
• The governance body needs to have proper practical control of project funding
Ref: Bieberstein et al. (2006), p70
![Page 22: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/22.jpg)
Quality of Service (QoS) Issues
![Page 23: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/23.jpg)
Quality of Service (QoS) Issues• Common services has the benefits of flexibility, reuse, cost savings, etc.,
but also has increased dependency and must be monitored and managed accordingly.
• To achieve the quality of service (QoS) defined by the business, each service endpoint should be managed as a resource.
• Resource view of services includes the invocation of services (service consumer) and the application functionality exposed as a service (service provider).
Ref: Keen (2007), Ch2
![Page 24: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/24.jpg)
Quality of Service (QoS) Issues (Continued…)
• Services are typically implemented as Web Services.
• Managed services must have real-time availability and performance metrics and a defined SLA.
• Like other resources, services are deployed, configured, versioned, monitored, managed, secured, and audited
Ref: Keen (2007), Ch2
![Page 25: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/25.jpg)
Perspectives for the End-to-End View
Horizontal View• The view of the transaction
Vertical View• The view of the service
invocation through the architectural abstraction layers
Ref: Keen (2007), Ch2
![Page 26: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/26.jpg)
SOA Distributed Security Model
![Page 27: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/27.jpg)
Ref: Buecker et al. (2008), p9
![Page 28: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/28.jpg)
Web service security specifications
Ref: Buecker et al. (2008), p 445
![Page 29: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/29.jpg)
WS-Security
Ref: Buecker et al. (2008), pp 445-446
• WS-Security provides message-level security which is used when building secure Web services. Message content protection (integrity, confidentiality, and authentication) and security token propagation are features of this specification.
• The advantage of using WS-Security instead of SSL is that it can provide end-to-end message level security. This means that the messages are protected even if the message goes through multiple services or intermediaries.
![Page 30: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/30.jpg)
Identity Challenges in SOA
Ref: Buecker et al. (2008), p11
![Page 31: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/31.jpg)
User and Service Identities and Their PropagationIdentities exist for both users and services, and both must be subject to the same controls.
The identities might need to be propagated throughout the SOA environment.
Identity Services are required in the infrastructure to deal with identity mediation, so that services can interconnect without worrying about mapping and propagating user identity.
This approach can greatly improve the speed and ease of developing new services.
Ref: Buecker et al. (2008), p10
![Page 32: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/32.jpg)
Securing Inter-organization Interactions• Regardless of the interaction form, it is imperative that security,
identity, and access policies are defined and enforced for all transactions.
• Policies need to be enforced for both incoming and outgoing requests.
• Boundary security services are an obvious starting point to provide coarsely grained verification that requests are coming from or going to trusted parties.
Ref: Buecker et al. (2008), p12
![Page 33: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/33.jpg)
Securing Inter-organization Interactions (Continued…)
• Establishing the trust relationship between the organizations is a key step in allowing inter-organization cooperation.
• Trust relationship includes establishing rules around interaction (e.g. defining identity information that must be propagated between organizations), cryptographic keys.
Ref: Buecker et al. (2008), p12
![Page 34: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/34.jpg)
Swivel Chair Management• Policy enforcement points will be located both at the service
connectivity level, and within the implementations of the services
• Management of a policy across various heterogeneous enforcement points requires an administrator to use a diverse set of resource centric management interfaces, associated security policy terminology, and semantics. (sometimes called Swivel Chair Management)
Ref: Buecker et al. (2008), p13
![Page 35: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/35.jpg)
Service-oriented Life Cycle From a Security Perspective
Ref: Buecker et al. (2008), p14
![Page 36: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/36.jpg)
Role of ESB in SOA Management and Governance• Because the ESB acts as a mediation hub, various aspects of security
need to be enforced at the ESB to ensure valid and secure access to systems and data.
Ref: Buecker et al., (2008), Ch1
![Page 37: 04 Service Oriented Architecture Series - SOA Management](https://reader035.vdocuments.mx/reader035/viewer/2022070509/589cf8d01a28abcc258b6625/html5/thumbnails/37.jpg)
References of Section Four • Bieberstein, N., Bose, S., Fiammante, M., Jones, K., & Shah, R. (2006). Service-Oriented
Architecture (SOA) Compass-Business Value. Planning, and Enterprise Roadmap, IBM developerWorks.
• Buecker, A., Ashley, P., Borrett, M., Lu, M., Muppidi, S., Readshaw, N., & others. (2008). Understanding SOA Security Design and Implementation. IBM Redbooks.
• Keen, M. (2007). Implementing Technology to Support SOA Governance and Management. IBM, International Technical Support Organization.
• McBride, G. (2007, March 15). The Role of SOA Quality Management in SOA Service Lifecycle Management. Retrieved from http://www.ibm.com/developerworks/rational/library/mar07/mcbride/