We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Twenty-Four Seven Security


Getting the Most Out of SOA With Governance: Jason Bloomberg Explains

Vote 0 Votes

Editor's Note: Interested in optimizing your SOA, then you cannot miss ebizQ's upcoming virtual conference on SOA Governance, which you can sign up for right here.

What follows is my podcast with Jason Bloomberg, Managing Partner and Service Oriented Architecture industry analysis and advisory firm, ZapThink, LLC. In this podcast we discuss SOA Governance and also offer a quick introduction to ebizQ’s upcoming SOA Governance Virtual Conference coming this September 24th were Jason will participate in a panel discussion.

Listen to or download the 5:24 minute podcast below:

Download file


How important is governance to SOA?

Well governance is really the key to making a SOA project successful. The challenge SOA projects have is that we are building services and were implementing these services that support flexible business needs so the business can implement business processes in a more flexible way.

And this will only work if the business is able to be responsible for those services and take control over the business processes that they build by leveraging those services. So you wouldn't be able to do this unless the IT organization is able to empower the business and give them the responsibility and capabilities that they need in order to achieve this level of agility. And that's where governance comes in. Without governance, IT is never going to be able to give that level of responsibility to the business.

What are the differences between design time, runtime, and change time SOA governance?

Well, this is one of the challenges when you look at SOA governance is that, there's a lot of different aspects to it. Basically, when we talk about governance, were talking about creating, communicating, and enforcing policies that are important in organization. So within the context of SOA governance, if you're just looking at really the narrow view of SOA governance, which is governance of the SOA initiative, well that initiative breaks down into these three areas.

You have design time governance issues where you're creating the services, and implementing them, and publishing them, discovering them as well. So for developers or other people on the team who want to find a service to be able to implement it in production environment, all of those are design time activities and the organization’s is going to have policies that apply to all of those.

So what are your policies for discovery? What are your policies for when to create a service versus when to reuse a service? How do you go about publishing services? All of these are design time governance issues. So runtime governance is really more of the management side of things. Once the service is deployed, it’s up and running. Well then, how do you maintain quality of service levels for it? How do you maintain the security policies for it?

All of these are runtime governance issues. But SOA also involves what we call change time where we're you can reconfigure and recompose services without necessarily doing any new development work so is not necessarily a return to design time although there may be some additional development that that we might need to do is well.

But even when you don't have any new service development, you may still have a reconfiguration, recomposition of services, and you need to have policies for that as well. So what are those policies are focused on? How services are composing into processes? How are you going to share services at runtime as the needs for those services change over time?

That makes a lot of sense. Now what types of tools do companies need to buy to help them with their SOA governance strategies?

Well, as you might expect, there are a range of different tools that provide for SOA governance. On the design time, there are number of repositories that don't just store SOA related artifacts but that also managed to policies that are related to those artifacts. So how are you going to publish them, and discover them, and create them, and deploy them?

And then on the runtime side, you have runtime SOA governance as I said is consistent of management tools. So you have SOA management tools that go in there and both discover as well as enforce the policies at runtime so you may have a policy enforcement point that enforces service security policies or a management tool that runs as an agent that may enforce a quality of service policy for instance.

Right. Now which people in a company need to be involved just to make sure that the SOA governance is going to be successful?

This is one of the tricky parts of SOA governance is that it's fundamentally important but it does involve different people at different parts of the project. So early on in the initiative when this just in the planning stage, its very important to tackle SOA governance early on because if you don't think through issues like service versioning, and service maintenance, and discovery over time, then you're not going to be able to achieve the business benefits SOA promises.

So early on, you have the architect team as well as participation from operations, from security, as well as the lines of a business who are driving the business process aspect of the story. As the project moves on, the focus moves more toward deployment and now operations is even more involved. This is one of the challenges many organizations have is that they think of SOA as an architectural initiative that is implemented by your application development team but it has to run in a runtime environment and now its operations security the network people have to supported and so they have to be involved in governance as well.

This is ebizQ’s Peter Schooff having spoken with ZapThink’s Jason Bloomberg. If you have any questions on SOA governance, make sure you log onto ebizQ and ask them so we can address them during the SOA Governance Virtual Conference coming this September 24th.

Leave a comment

Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

Peter Schooff

Peter Schooff is Contributing Editor at ebizQ, and manager of the ebizQ Forum. Contact him at pschooff@techtarget.com

Recently Commented On

Monthly Archives