Welcome!

Related Topics: Microservices Expo

Microservices Expo: Article

SOA Governance Best Practices – Architectural, Organizational, and SDLC Implications

Taking the management of services to the next level

How do we achieve these high standards for our services under development? By establishing standardized governance/review checkpoints throughout the service SDLC. We recommend that at a minimum, organizations should review services under development at these points in the SDLC:

  • Requirements Complete: All business requirements documented and initial service definition specified (ideally as WSDL), allowing reviewers to validate the service against its business architectural context
  • Design Complete: Implementation approach defined with sufficient documentation (e.g., UML design models completed, relevant legacy APIs identified) to allow reviewers to validate design against technical and application/integration architectural contexts
  • Implementation Complete: Service implemented and deployed in a test environment, with sufficient supporting documentation (e.g., sample client code, automated/manual test cases and test results, usage guide) to enable a potential consumer to understand the service and to trust its quality and stability
Other review points may also be appropriate based on organizational needs and objectives. However, don't overwhelm your development teams with process for the sake of process: you will quickly instill a revolt of the masses if you force seemingly arbitrary hoops for developers to jump through in the process of completing their work. Your objective should be "just enough process" - don't overwhelm your project teams with unnecessary workload, but rather provide enough guidance at key points in the production and consumption life cycles to make sure things stay on track. You are very likely going to have to iteratively reach the right level of process for your organization - start with as lightweight a process as you think will work, and then add process steps only as you find need for them. A well-designed services registry/repository can assist in automating these governance processes, thereby reducing the "organizational friction" that could otherwise hinder people from "doing the right thing."

Production Best Practice: Versioned Services Governance
Because services (like components) are meant to be used in more than one application, organizations need to plan for the incremental enhancement of their services over a long deployment lifetime. In effect, organizations planning to build a robust, stable, and extensible SOA need to treat their services as "products."

What does treating a service as a "product" mean to our IT organization?

1.  Each produced service must have a regular and well-defined release cycle. This release cycle needs to occur often enough to meet consumer needs on a timely basis, but not so often as to churn existing consumers. Typically a release cycle of somewhere between three and six months is appropriate for most organizations, and allows them to meet new service needs without unduly disrupting existing applications. As multiple versions of a service are released, consider defining these life-cycle states for your services:

  • Under Development: Available for requirements gathering and application development team planning purposes
  • Production: Mainline version for use in new development
  • Retired: Still in use by existing applications but not allowed for use by new apps
  • Obsolete: All applications should be migrated off this version; version metadata is maintained for traceability/audit purposes only
2.  Services must preserve backward compatibility wherever possible. Deprecation techniques (where obsolete operations are identified as such and notice is given to consumers that those operations will be removed from service interfaces in future releases) give existing consumers time to migrate to newer service releases. Service providers should provide n-1 version support at a minimum - all services provided in the prior version (except those marked as deprecated) should be preserved intact in the current version. In addition, consider providing a "grace period" where both service versions are deployed to allow consumers to make any necessary changes to integrate the new service version. Dynamic run-time binding techniques via Web services management infrastructure (e.g., service proxies or UDDI-based late binding) can also simplify the migration process from old to new service version.

3.  Mechanisms for gathering requirements from current and potential "customers" need to be established by the enterprise architecture and service review teams. Consider establishing a "product manager" role within these organizations, one that manages the aggregate set of business requirements for the service and works to prioritize requirements with its current and potential consumers.

Again, a well-designed services repository/registry can help organizations manage service versions over their lifetimes, with automated notifications, embedded discussion forums for requirements gathering and analysis, and filter-based search capabilities that expose services to potential consumers based on service state (e.g., new application project developers should not be able to search for "Retired" or "Obsolete" services).

Distribution Best Practice: Service Distribution via Services Repository/Registry
Now that we have a set of broadly reusable services produced through our application of the aforementioned best practices, how are we going to get them into the hands of our application developers? This takes us back to the discoverability and consumability aspects of services production. Simply put, unless your services are all as simple as the ubiquitous Stock Quote example so often used in articles discussing Web services, WSDL is not enough. Syntactic definition does not equate to semantic understanding. Potential service consumers need ready access to supporting artifacts (e.g., usage guide, sample client code) to make the service consumable to them. The service also needs to be discoverable - wrapping the service with metadata that allows the user to search for useful services using varying techniques and user interfaces. \A well-designed services repository/registry goes a long way to helping IT organizations to efficiently deliver services to potential consumers. At a minimum, such a repository/registry should support both browser-based access and deep IDE integration to enable users with varying roles to discover the right services. For example, a business architect will likely feel most comfortable using domain terminology searches within a browser, while a designer or developer would prefer a UML-based visual search mechanism within their preferred IDE.

Consumption Best Practice: Service Usage Registration and Traceability by Application Development Projects
The third leg of the SOA governance stool - consumption - comes into play as we begin to build, deploy, and maintain applications based on our previously produced and distributed services. Application-based tracking of service consumption is essential for a number of reasons: to support internally defined and externally imposed business governance mandates, to simplify the process of ongoing impact analysis and change management as the SOA matures, and to provide a quantitative ROI based on real service usage statistics back to the C-level within the enterprise.

Let's take a quick look at governance mandates. Business-level governance (through the form of government regulations such as HIPAA, SOX, and Basel III) is increasingly making its way down to IT. As a result, increasing numbers of auditability and traceability requirements are being applied to the IT organization, and these requirements cannot be met without some form of service usage registration mechanism (and again, for IT organizations of any size, this registration mechanism needs to be automated through the services repository/registry).

Remember also that our services will change over time as new requirements are identified (as discussed above in the "Production Best Practice: Versioned Services Governance" section). Existing application teams need to be kept abreast of planned and implemented changes to the services they are using, both to participate in requirements feedback and to prepare for the eventual obsolescence of back-level services as new service versions are deployed.

Finally, since enterprises are not in business to serve IT but rather it's the other way around, our organization's C-level executives are certainly going to expect a quantifiable ROI from any SOA initiative. Without direct traceability over service usage, it becomes arduous at best and impossible at worst to assemble such a quantifiable ROI based on service use and reuse. On the other hand, if usage registration is built right into the services repository/registry, quantifiable ROI is as simple as running a periodic report.

Summary
Don't think managing your services operationally is enough. Just because you can keep tabs on a service's execution doesn't ensure that the service is really supporting the overall business goals of the SOA. Traceability back to the business goals/priorities through EA to SDLC to operations will make SOA successful in the enterprise. Also, don't minimize organizational impacts that may be needed - monolithic, project-centric funding models are not likely to work in the loosely coupled world of SOA.

More Stories By Brent Carlson

Brent Carlson is vice president of technology and cofounder of LogicLibrary, a provider of software development asset (SDA) management tools. He is the coauthor of two books: San Francisco Design Patterns: Blueprints for Business Software (with James Carey and Tim Graser) and Framework Process Patterns: Lessons Learned Developing Application Frameworks (with James Carey). He also holds 16 software patents, with eight more currently under evaluation.

More Stories By Eric Marks

Eric Marks is founder, president, and CEO of AgilePath Corporation, a service-oriented architecture (SOA) and Web services consulting firm based in Newburyport, MA. Marks is a software and technology veteran with 18 years of experience with firms including PricewaterhouseCoopers, Cambridge Technology Partners, Novell, Electronic Data Systems, StreamServe, Ontos, and Square D/Schneider Electric.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
robertmorschel 10/10/12 03:57:00 AM EDT

In my experience SOA needs to begin with a single, skilled team that can define evolving standards and processes in an agile manner, before being let loose on the enterprise; and even then, only if the enterprise has an established and effective centralised governance function that would be able to enforce SOA policies across multiple teams.

Robert

Gary Smith - SOA Network Architect 02/22/06 11:51:19 AM EST

Excellent. This puts governance into perspective.
All the hype around SOA appliances and governance shouldn't have you running out and putting these devices on your network until you understand what governance is all about.

GES

Latest Stories
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
Providing secure, mobile access to sensitive data sets is a critical element in realizing the full potential of cloud computing. However, large data caches remain inaccessible to edge devices for reasons of security, size, format or limited viewing capabilities. Medical imaging, computer aided design and seismic interpretation are just a few examples of industries facing this challenge. Rather than fighting for incremental gains by pulling these datasets to edge devices, we need to embrace the i...
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
SYS-CON Events announced today that Dataloop.IO, an innovator in cloud IT-monitoring whose products help organizations save time and money, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Dataloop.IO is an emerging software company on the cutting edge of major IT-infrastructure trends including cloud computing and microservices. The company, founded in the UK but now based in San Fran...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
When you focus on a journey from up-close, you look at your own technical and cultural history and how you changed it for the benefit of the customer. This was our starting point: too many integration issues, 13 SWP days and very long cycles. It was evident that in this fast-paced industry we could no longer afford this reality. We needed something that would take us beyond reducing the development lifecycles, CI and Agile methodologies. We made a fundamental difference, even changed our culture...
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togethe...
"We formed Formation several years ago to really address the need for bring complete modernization and software-defined storage to the more classic private cloud marketplace," stated Mark Lewis, Chairman and CEO of Formation Data Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
In the next five to ten years, millions, if not billions of things will become smarter. This smartness goes beyond connected things in our homes like the fridge, thermostat and fancy lighting, and into heavily regulated industries including aerospace, pharmaceutical/medical devices and energy. “Smartness” will embed itself within individual products that are part of our daily lives. We will engage with smart products - learning from them, informing them, and communicating with them. Smart produc...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in Embedded and IoT solutions, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 7-9, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and E...