This week, as our SOA feature, we ran a piece from WebLayer's Chandu Natarajan, who makes the startling claim that good service governance doesn't necessarily require a sophisticated registry and repository tool.
What do you think of that?
The premise is that when a company is in the early stages of service orientation, it shouldn't be weighed down by the costs and complexities of putting a high-level registry/repository in place.
However, as the SOA environment expands, reg/rep is essential. Chandu puts conditions on reg/rep adoption, stating that it may not be relevant for sites with less than 50 services. When organizations cross this threshold, or begin leveraging and reusing services that cross enterprise boundaries (internal or external), then you'd better have a good method of discovery and automated security and policy enforcement.
As Chandu points out in the article:
"If the goal is to put into place effective governance as your SOA evolves, you may or may not need a registry and repository. Effective governance tools exist for both the design time as well as runtime that do not require a registry or repository installation. However, you'll need a way to manage and track the services to avoid the creation of insecure services and redundant efforts. As cited above, existing online collaboration and workflow products along with the integration of policy management and governance tools will work in tandem with simple auditing and log querying capabilities for many organizations."
Will spreadsheets and wikis do, then?
There often seems to be a tipping point that needs to be reached before full-fledged governance is needed.
Various surveys I have been involved with have consistently found that
governance efforts tend to kick in when companies reach a critical mass
of services. The issue is whether companies can't see the value in
nascent service deployments, and are waiting to see how things go
before investing staff time and resources to move to the next level,
the governance level.
However, SOA won't get too far unless effective governance kicks in. SOA governance isn't just a nice feature to have -- it's critical. As I heard Gartner's Frank Kenney describe it, when it comes to SOA governance, it's never too soon -- get started and get started now.
The tools and solutions for SOA governance are getting better and better, Kenney said. But the reality is that Microsoft offers the most widely used SOA governance registry tool -- the Excel spreadsheet. But, Kenney added, that's not such a bad thing. "You don't have to buy anything right away," he explained -- Excel may be the best first step toward providing the visibility needed to communicate the availability of services to the rest of enterprise.
The problem is growing, since the number of services within enterprise walls is multiplying beyond comprehension. We're entering an age when business end-users are being actively courted by IT vendors with tools to create their own services. "If you think the only services you should govern are the ones you developed, you are wrong.... Just because you aren't aware of services doesn't mean you shouldn't govern them."
Point being, govern any way you can, but govern.