***Editor's Note: Interested in SOA governance, then you cannot miss the upcoming ebizQ webinar, "Changing Tires on a Moving Car," which you can sign up for right here.

What follows is my podcast with Andrew Brown, the Director of Product Strategy for AmberPoint. Andrew works closely with hundreds of enterprise customers, which helps him set the company’s road map for SOA Security Solutions. Also, Andrew will be one of the featured speakers at AmberPoint’s upcoming webinar with ebizQ on July 15th, called Changing Tires on a Moving Car, which will cover solutions for governing the continuous evolution of complex SOA systems. This podcast provides a quick introduction to what will be covered in more depth and detail in the webinar.

Listen to or download the 5:57 minute podcast below:

Download file

------ TRANSCRIPT ------

Now, first of all, many companies today are turning to SOA in search of agility. But isn’t it the same agility and rapid change that is causing a lot of problems in these companies?

Well, in fact, it is and the main issue is that this agility comes from moving away from what we think of as traditional monolithic applications, and more waterfall approaches towards componentized architectures, and really more iterative development practices. And that means that usually different teams are going to own the atomic pieces of functionality that’s associated with these larger composite applications that are usually associated with SOA.

And those components are also going to be involved in end-to-end transactions that span the whole service network. They may even call out to external services that are beyond the direct control of internal teams responsible for development for testing, for deployment, and even operations. And so what this boils down to is the fact that applications are going to be updated piecemeal.

They are going to be updated in small kind of bite-sized chunks rather than getting pushed out all at once. And what this means is that a new component is not really going to be battle tested until its running in the context of the runtime environment. And the issues are functional changes that may break applications and also performance issues that can't really be forecast using traditional tools.

And then on top of this, you have the fact that a lot of the functional aspects of a service are prone to change even after its been deployed and you can chalk that up to loose coupling, and unintended reuse, and other aspects of SOA applications. And if you are successful with SOA, consumers are going to find new uses for your services even after you’ve relinquished control of them.

And then on top of that, you can add governance as an issue. The center of excellence or whomever is responsible for governance is going to be applying policies to your services even after you’ve pushed them out into the runtime environments and these are policies such as authentications, such as access control, logging, and various types of quality of service policies.

Interesting. So what exactly is the best approach for making sure change services and policies will work then?

Well, the best approach would be to fully replicate the production environment in an operational acceptance environment where all the components could be tested as a whole with all the firewalls and the load balancers and all the routers that makeup the production environment. But, of course, that’s prohibitively expensive.

The degree to which the difference between your operational acceptance and your production environment is really one of the major factors that feed into your deployment risk. If your staging environment nothing’s like your production environment, you’re going to have a lot of risk. And so the basic challenge for validation is to reduce that risk.

So first, you need to be able to baseline the production environment, or whatever runtime environment you have to be working with. And by baseline, what we mean is really kind of a snapshot in time. What are the dependences between the services? How are services being consumed? What are the traffic volumes, message types, and so on?

And then you need to be able to replay those baselines against your service network at some point in the future such as after you’ve made a change to the system, like updating component, changing its functionality, or applying a policy to a service. And so really the more realistic the baselines you work with, the lower your risk is going to be when you finally deploy your services.

And you need to be able to baseline and replay complex end-to-end transactions. And that’s a real challenge and that’s something that AmberPoint SOA Validation System can help you with.

Can you give me a quick overview of how quality assurance and validation can work together?

Well, that’s actually -- there’s a very simple answer to that question that has really lots of implications. And basically, the answer is that validation in the runtime environment building these baselines can feed various quality processes with operationally realistic snapshots.

So in other words, real data, real traffic flows, real service behavior can be modeled throughout the service devolvement lifecycle, which means that, for example, developers can work with more complete simulations of composite applications, QA teams can work with more realistic traffic patterns for doing load and capacity testing. And finally, operations teams can run really what we think of as a preflight check for applications before they actually get turned on the production environment.

So using these various baselines and snapshots, the operations team can go ahead and rerun these before turning the applications on with a much higher-level confidence of the integrity, the continuing interoperability, the capacity that’s been deployed in support of these different applications, and in support of these end-to-end complex transactions.

PS: Excellent information, Andrew. And I want everyone to know listening to this it’s just a preview and you should definitely signup for AmberPoint’s Webinar Changing Tires on a Moving Car. Also, if you have any questions, feel free to log onto ebizQ and submit them right here. Thank you so very much for joining me today, Andrew.