Is it ever too soon to
get good SOA governance underway? Or will ad hoc tools do the trick until the real critical mass of services is established?
That's the conundrum we're debating in this week's SOA Forum, and readers are urged to join in with their views on the issue.
It's that old chicken-or-egg question: should governance mechanisms be put into place before service oriented architecture gains steam, or should the investment in time and resources for governance wait until there is something to be governed? Does governance help SOA attain success at an earlier stage, or should SOA prove itself first?
Progress Software's Ramesh Loganathan raised the issue last year in a post asking, do we really need to sweat governance issues while we're trying to get services off the ground?
"I have always held that SOA governance is premature yet. While we are struggling to just get SOA adoption in the right spirit, governance is the least of our problems. If we cannot identify a mechanism to first re-engineer 'service orientation' into IT solutions and have the IT teams in an organization be 'SOA aware' ground up and not just deliver the POCs that the CIO or CTO demands, where is the need for operational processes and governance?"
There are many SOA proponents that say governance needs to be part
of the plan from day one, in order to ensure that a service oriented
architecture does fall into place as services proliferate -- and not
devolve into a tangled JBOWS non-architecture.
For example, Gartner's Frank Kenney urges enterprises to get started ASAP, even if all you have is a spreadsheet. SOA won't get too far up the Slope of Enlightment unless effective governance kicks in. SOA governance isn't just a nice feature to have -- it's critical. "SOA initiatives without SOA governance will fail," he emphasizes. Get started and get started now.
If these services exist or are being brought into the enterprise, they need to all be governed -- no exceptions. That's the takeaway from a very compelling talk I heard by Gartner's SOA guru, Frank Kenney, who declared that SOA already completed its dip into Gartner's proverbial "Trough of Disillusionment," and has now begun climbing the "Slope of Enlightenment," which is considered the serious, post-hype stage in which companies actually finally start seeing value from their investments.
There's a roadblock, though, to SOA's advancement at this stage. SOA won't get too far up the Slope of Enlightenment unless effective governance kicks in. SOA governance isn't just a nice feature to have -- it's critical. "SOA initiatives without SOA governance will fail," he emphasized repeatedly through the presentation. Get started and get started now.
The tools and solutions for SOA governance are getting better and better, Kenney said. But the reality is that Microsoft offers the most widely used SOA governance registry tool -- the Excel spreadsheet, he said. But, Kenney added, that's not such a bad thing. "You don't have to buy anything right away," he explained -- Excel may be the best first step toward providing the visibility needed to communicate the availability of services to the rest of enterprise.
Of course, Excel doesn't provide the more advanced capabilities needed to effectively govern SOA projects, such as security, scalability, and audit-ability. The tools are readily available, and Kenney noted that the "majority of vendors will help you meet 80% of your SOA needs today."
The challenge, however, is a lack of federation standards that hamper the ability of various parts of the organization to achieve common views on governance. SOA governance tools help with service governance, but business process management (BPM) tools are integration platforms are better suited for process governance. "Whether its around UDDI or something else, we need to address federated governance," he said. Without it, "we'll go back to old ETL [extract, transform, load] and FTP. The problem is that these things won't scale."
The problem is growing, since the number of services within enterprise walls is multiplying beyond comprehension. We're entering an age when business end-users are being actively courted by IT vendors with tools to create their own services. "If you think the only services you should govern are the ones you developed, you are wrong.... Just because you aren't aware of services doesn't mean you shouldn't govern them," Kenney said.
However, there often seems to be a "tipping point" that needs to be reached before full-fledged governance is needed. Various surveys I have been involved with have consistently found that governance efforts tend to kick in when companies reach a critical mass of services. The issue is whether companies can't see the value in nascent service deployments, and are waiting to see how things go before investing staff time and resources to move to the next level, the governance level.
We know you want to say something about this -- join in with your thoughts on the matter over at the Forum.
SOA Governance will be one of the key subjects covered in the SOA in Action Virtual Conference scheduled to commence October 28.
Answering Ramesh Loganathan, I can say that SOA governance is a bit more than the governance for the operational processes. The first thing SOA Governance does is it states WHY and WHAT service-oriented solutions and services are; WHAT types of business tasks should be addressed by which type of services (stand-alone vs. composite services), what methodology and tools may be used for service modelling, design, simulation and implementation. This information comes from EA, not from the code writing developer.
If the first service-oriented solution/project is done wrong way but meets CIO/CTO demand on budget and time-to-market, it is very likely that wrong practice would be implicitly ‘approved’ and change it later will be much more difficult and costly to the same CIO/CTO (i.e. it will require much more developer’s and PM’s ‘blood’).
All this means – SOA Governance is not a policeman but the director for all SOA work in the company. In this context, Excel may be an acceptable tool for the first SOA Governance step though it is inadequate tool after that step (I agree with Joe on this).
There are a few cost effective options are out there currently. Or you could build your own desing time governance on top of jUDDI. As for runtime governace look at JaxView. Comprehensive yet cost effective. For testing we used SOAP UI.
JR