Tony Baer presented his research on the connection between SOA and ITIL to the SOA Consortium. The inspiration for Tony's research was a concern over the growing numbers of governance silos that were becoming apparent. After being briefed by a vendor who announced an SOA life cycle management platform Tony immediately recognized the overlap across numerous other tools. Tony concluded that there was significant similarities between an SOA Service life cycle and the ITIL Service Management Lifecycle and considered how exchange of information between different groups at specific points in the life cycle could help integrate the silos.
Tony focused on run-time SOA governance, because he said that is where you see all the issues. He gave an example for the interaction between development and IT operations where the development group monitors and manages SOA at runtime and IT operations monitors and manages the underlying infrastructure. When an SLA issue arises with the SOA service, development analyzes the problem as the monitoring system automatically submits a trouble ticket to the service desk. IT operations then applies incident, problem, and change management processes (all defined in ITIL) if the problem is attributed to infrastructure.
Todd Biske was on the call, and talked about the role of a Service Manager. Tony enthusiastically embraced the concept as a way of assigning clear responsibility for life cycle management of each service.
I was very interested to hear what Tony and others on the call would have to say about ITIL and SOA because I believe that governance is key to SOA success. One of the most oft touted benefits of SOA is that it creates business alignment. However, there is nothing in the SOA concepts and precepts, including loose coupling, layers of abstraction through composite services, reuse, that actually delivers IT and business alignment. Governance does that.
While Tony focused on run time governance, I feel that the governance process must start at the very beginning. In fact, ITIL has some excellent processes for determine which IT projects to invest in, and track the value of IT investments to the business. ITIL also includes the definition of roles and responsibilities. IMHO this is crucial to SOA governance. A single service may be used by different parts of the organization. Policies governing that service may be defined by different people in the organization. While it all hits the fan at run time, defining this much earlier in the process using ITIL processes and best practices, will make run time much more manageable. Once you know who is responsible for what (which I'm afraid is a far more complex issue than just having a service manager for each service) then the technology is available to send alerts to the right person at the right level, or to trigger an automated process to remediate the problem.
Another big issue, not currently part of ITIL but which can be part of the Enterprise Architecture framework, is a data architecture for defining the policies and procedures for repository integration. It is clear that multiple repositories will remain. There is the LDAP repository for security information, the CMDB defined in ITIL for configuration management, the SOA registry/repository, and the runtime repository, and probably other home grown metadata repositories. Each of these repositories is the authoritative source for some information, and probably also duplicates information in other repositories. The problem with redundant data is when it is out of synch. Integration technologies and techniques make it possible to automate the synchronization of information across repositories. But unfortunately different parts of the organization own the different repositories and do not usually work together to ensure consistency.
IMHO what is needed is not a handoff of information during runtime, but an overall methodology, including processes, roles and responsibilities, best practices, metrics, and governors, to ensure the business maximizes the value of IT investments, and IT can manage the software and infrastructure in a cost effective and agile manner. ITIL also has frameworks for defining who gets value of out of services, which can help identify how service development is paid for.
I view ITIL as a good overall framework for finding best practices on managing IT assets to maximize business value. This is what will create IT and business alignment. Organizations generally choose a subset of ITIL that will work within their organization. These ITIL processes should be full integrated with enterprise architecture processes. SOA should be considered a subset of the overall enterprise architecture and not a separate new effort. In other words, rather than an interaction between ITIL processes and SOA processes, I am suggesting a full integration of portfolio management, enterprise architecture and SOA within the organization, through an overall governance framework. In fact,I would go as far as to say that governance silos are a recipe for failure, and think this is what we are seeing with the current state of SOA.