Okay, so you've designed and created SOA-compliant services. Now the challenge is determining who's using these services, and how often -- before your systems are brought to their knees.
These are some of the issues discussed by Larry Fulton, senior analyst at Forrester Research, was a keynoter at ebizQ's SOA Governance conference earlier this fall. (Archived presentation available here. Transcript available here.)
One of the biggest challenges is understanding who is consuming what services from the catalog in an enterprise, he says. "A lot of organizations have some kind of service catalog and they allow developers to really freely include services from the catalog in their work. This can lead to a lot of problems not knowing who's actually consuming which services, unexpected capacity needs discovered in production, or even just using the wrong services."
Larry urges that SOA providers establish "consumption contracts" with service consumers as the service is being deployed and tested. This "provide the means to address all of these things upfront before any work has been done," he says. "Essentially, the consuming party is really registering an interest saying, hey, we want to use your service. This gives a service provider the opportunity to get involved and learn what is needed. Maybe suggest an alternative service, plan ahead for any needed capacity increases, and also work collaboratively with the service consumer to establish appropriate service levels for the service use".
In issuing service consumption contracts, a service provider "will have a contract for each service use meaning multiple contracts for each service," Larry says."Likewise, the service consumer will have a contract for each service they use, each one potentially tying them to a different service provider. Even better, the service contract serve at the organization's record of the relationship so everything from deployment, to planning, to impact assessment can use this information to drive appropriate and proactive decision-making."
Service consumption contracts can play a role in capacity planning, in which providers make sure there's an environment ready for doing development work against the service. "Like discovering that the production environment doesn't meet the needs of the target used because is not available 24 x 7 and that sort of thing," Larry points out.
"The first priority for SOA is always ensuring the quality of service interfaces. So when you talk about governance in that context, some kind of lifecycle management process is really key especially for companies that are working with either large development organizations internally or working with one or more outsourcers. I strongly recommend that you think seriously about having some kind of lifecycle management process that's consistent across all of those sources of services and hold all the parties to those."
Larry also identified there three types of SOA governance:
- "Technology governance supports evolving current technology portfolio where it needs to be to meet upcoming business needs".
- "Project governance is all about the decisions made on the critical path to delivering business solutions."
- "Service-level governance, which is sometimes called runtime governance, is used to monitor, manage, and enforce runtime policies in service levels."
Larry also adds a new form of governance to the list: SOA policy governance. "It's an emerging area where we start to talk about policy in the broad scope where we're not just focused on lower-level policies like what security attribute should be assigned to individual services, or what individual people are supposed to be able to do, but mapping those all the way into what is the enterprise's policy for security and tying that together so that you can actually work with those things at a higher level and be having discussions about how they apply to individual services."
"The biggest key to SOA is making sure that your services are the right services, that they're well defined, that they're fine in a way that's consistent and aligns with the business. As so an absolute minimum is some kind of review process that lets you ensure that those things are happening," Larry says.
Leave a comment