Doing SOA Right: Why Is It So Hard?

Untitled Document I like doing things right; It's extremely satisfying when you know you've accomplished a task successfully, and have done so in a way that will stand the test of time.

The problem is, I don't always do things right. Sometimes I don't have time to do something right. Other times I'm not sure I know the right way to do something, so I make up a solution as I go along. Or perhaps I simply think that this time, there's no one watching me, so it doesn't make a difference how I do it. It won't matter, as long as it gets done.

In the same way, there are a million ways to do SOA wrong -- and a lot fewer ways to do it right. That's where SOA governance comes in.

SOA governance provides ways for organizations to help ensure that their SOA environment and SOA implementations are being built and maintained correctly. That not only are things being done, but that the right things are being done. Consistently.

As I mentioned in my last column, SOA really isn't about technology, and it isn't about picking which ESB is better than another ESB, or which version of what standard to use (though all these types of questions must, of course, be answered at some point). Rather, it's about creating a culture and a set of processes that let an organization invest in services-oriented approaches that will deliver real benefits.

In short, SOA is about culture, not technology. The goal of SOA is in creating re-usable systems. Good SOA results in systems composed of services that are and can be re-used in different systems.

However, doing SOA right requires significant changes from the way that organizations traditionally develop, deploy and maintain applications. It requires more and deeper collaborations across business units, IT architecture, infrastructure managers and project teams. It requires a level of detail and strategic thought -- even at the project and task level -- that has generally not been required in most IT shops.

In short, there is no way to "instant SOA." Individual products or projects can certainly move you along the path and help your organization put some components of a good SOA strategy in place.

However, that's where SOA governance comes in. Governance might just be the one "SOA product" that you can't do without. It's the secret sauce that can make SOA work. So, I guess there is one at least one "SOA product" that is absolutely essential for a successful SOA implementation. As I noted in the last column, without governance, SOA environments will spiral into chaos.

It's not hard to see why it is so hard to control SOA environments. For one thing, SOA is unfamiliar. For the most part, designing services is different from the way that people have built applications in the past. Not completely different, but different enough so that it can dramatically impact the productivity and effectiveness of a SOA development team. For example, in the past, applications were typically written to solve specific business problems. There may have been components or services within those applications that would be used multiple times, but such services or components were designed to be used outside of its original application. It wasn't built to be re-used or leveraged into new environments or applications or by a different line of business.

Of course, that's where technologies and approaches such as CORBA and DCOM came in -- helping organizations build distributed-object environments that were used across applications. However, these approaches did not reach the critical mass of developers and did not completely replace the more traditional approaches to application development. Even if they did, there are still subtle (and even sometimes large) differences in the granularity of services. Defining what's a service or what's not a service can be a very hard distinctions for even experienced organizations to make.

Another reason it's hard to control SOA environments that, in addition to being relatively new, many of the SOA technologies are pretty complex. We have all different types of standards and versions of standards. We have many standards that are still evolving and are standards in name only. It's tremendously difficult for most organizations to stay on top of, let alone ahead, of all these changing standards.

In addition, the very fact that SOA environments and solutions are designed to be loosely coupled and distributed creates an even more complex environment than many IT shops are used to. For example, the providers building SOA services don't always know who the consumers will be. The consumers consuming SOA service don't always know who the producers were. And no-one seems to understand the implications of managing different version of the same service over time.

So what's the solution? In short, I believe its governance. Governance doesn't specifically fix all of the problems and issues I've raised, but it can undoubtedly help organizations limit the extent of such problems and help move an organization towards a consistent, effective and efficient approach to implementing SOA. In fact, I believe that the difference between simply implementing SOA and implementing SOA effectively (from both a financial and capability perspective), comes down to effective SOA governance. Putting the right governance policies in place will help you not just do SOA, but do it right. And even though sometimes I personally take shortcuts and don't always do things right, I would like to think that my IT group is doing things right when it comes to SOA.

About the Author

David Kelly - With twenty years at the cutting edge of enterprise infrastructure, David A. Kelly is ebizQ's Community Manager for Optimizing Business/IT Management. This category includes IT governance, SOA governance,and compliance, risk management, ITIL, business service management,registries and more.

As Community Manager, David will blog and podcast to keep the ebizQ community fully informed on all the important news and breakthroughs relevant to enterprise governance. David will also be responsible for publishing press releases, taking briefings, and overseeing vendor submitted feature articles to run on ebizQ. In addition, each week, David will compile the week's most important news and views in a newsletter emailed out to ebizQ's ever-growing Governance community. David Kelly is ideally suited to be ebizQ's Governing the Infrastructure Community Manager as he has been involved with application development, project management, and product development for over twenty years. As a technology and business analyst, David has been researching, writing and speaking on governance-related topics for over a decade.

David is an expert in Web services, application development, and enterprise infrastructures. As the former Senior VP of Analyst Services at Hurwitz Group, he has extensive experience in translating the implications of new application development, deployment, and management technologies into practical recommendations for enterprise customers. He's written articles for Computerworld, Software Magazine, the New York Times, and other publications, and spoken at conferences such as Comdex, Software Development, and Internet World. With expertise ranging from application development to enterprise management to integration/B2B services to IP networking and VPNs, Kelly can help companies profit from the diversity of a changing technology landscape.

More by David A. Kelly

About ebizQ

ebizQ is the insiderís guide to next-generation business process management. We offer a growing collection of independent editorial articles on BPM trends, issues, challenges and solutions, all targeted to business and IT BPM professionals.

We cover BPM standards, governance, technology and continuous process improvement, as well as process discovery, modeling, simulation and optimization, among many other areas. We follow case management, decision management, business rules management, operational intelligence, complex event processing and other related topics. We closely track important trends such as the rise of social BPM, mobile BPM and BPM in the cloud. We also explore BPMís use in functional areas, such as supply chain and customer management, and in key verticals, such as financial services, health care, insurance and government.

ebizQ's other BPM-oriented content includes podcasts, webcasts, webinars, white papers, a variety of expert blogs, a lively online forum and much more.