Click here to close now.

Welcome!

Java IoT Authors: Pat Romanski, Elizabeth White, Carmen Gonzalez, Dana Gardner, Ed Featherston

Related Topics: @MicroservicesE Blog

@MicroservicesE Blog: Article

SOA Governance Best Practices – Architectural, Organizational, and SDLC Implications

Taking the management of services to the next level

How do we achieve these high standards for our services under development? By establishing standardized governance/review checkpoints throughout the service SDLC. We recommend that at a minimum, organizations should review services under development at these points in the SDLC:

  • Requirements Complete: All business requirements documented and initial service definition specified (ideally as WSDL), allowing reviewers to validate the service against its business architectural context
  • Design Complete: Implementation approach defined with sufficient documentation (e.g., UML design models completed, relevant legacy APIs identified) to allow reviewers to validate design against technical and application/integration architectural contexts
  • Implementation Complete: Service implemented and deployed in a test environment, with sufficient supporting documentation (e.g., sample client code, automated/manual test cases and test results, usage guide) to enable a potential consumer to understand the service and to trust its quality and stability
Other review points may also be appropriate based on organizational needs and objectives. However, don't overwhelm your development teams with process for the sake of process: you will quickly instill a revolt of the masses if you force seemingly arbitrary hoops for developers to jump through in the process of completing their work. Your objective should be "just enough process" - don't overwhelm your project teams with unnecessary workload, but rather provide enough guidance at key points in the production and consumption life cycles to make sure things stay on track. You are very likely going to have to iteratively reach the right level of process for your organization - start with as lightweight a process as you think will work, and then add process steps only as you find need for them. A well-designed services registry/repository can assist in automating these governance processes, thereby reducing the "organizational friction" that could otherwise hinder people from "doing the right thing."

Production Best Practice: Versioned Services Governance
Because services (like components) are meant to be used in more than one application, organizations need to plan for the incremental enhancement of their services over a long deployment lifetime. In effect, organizations planning to build a robust, stable, and extensible SOA need to treat their services as "products."

What does treating a service as a "product" mean to our IT organization?

1.  Each produced service must have a regular and well-defined release cycle. This release cycle needs to occur often enough to meet consumer needs on a timely basis, but not so often as to churn existing consumers. Typically a release cycle of somewhere between three and six months is appropriate for most organizations, and allows them to meet new service needs without unduly disrupting existing applications. As multiple versions of a service are released, consider defining these life-cycle states for your services:

  • Under Development: Available for requirements gathering and application development team planning purposes
  • Production: Mainline version for use in new development
  • Retired: Still in use by existing applications but not allowed for use by new apps
  • Obsolete: All applications should be migrated off this version; version metadata is maintained for traceability/audit purposes only
2.  Services must preserve backward compatibility wherever possible. Deprecation techniques (where obsolete operations are identified as such and notice is given to consumers that those operations will be removed from service interfaces in future releases) give existing consumers time to migrate to newer service releases. Service providers should provide n-1 version support at a minimum - all services provided in the prior version (except those marked as deprecated) should be preserved intact in the current version. In addition, consider providing a "grace period" where both service versions are deployed to allow consumers to make any necessary changes to integrate the new service version. Dynamic run-time binding techniques via Web services management infrastructure (e.g., service proxies or UDDI-based late binding) can also simplify the migration process from old to new service version.

3.  Mechanisms for gathering requirements from current and potential "customers" need to be established by the enterprise architecture and service review teams. Consider establishing a "product manager" role within these organizations, one that manages the aggregate set of business requirements for the service and works to prioritize requirements with its current and potential consumers.

Again, a well-designed services repository/registry can help organizations manage service versions over their lifetimes, with automated notifications, embedded discussion forums for requirements gathering and analysis, and filter-based search capabilities that expose services to potential consumers based on service state (e.g., new application project developers should not be able to search for "Retired" or "Obsolete" services).

Distribution Best Practice: Service Distribution via Services Repository/Registry
Now that we have a set of broadly reusable services produced through our application of the aforementioned best practices, how are we going to get them into the hands of our application developers? This takes us back to the discoverability and consumability aspects of services production. Simply put, unless your services are all as simple as the ubiquitous Stock Quote example so often used in articles discussing Web services, WSDL is not enough. Syntactic definition does not equate to semantic understanding. Potential service consumers need ready access to supporting artifacts (e.g., usage guide, sample client code) to make the service consumable to them. The service also needs to be discoverable - wrapping the service with metadata that allows the user to search for useful services using varying techniques and user interfaces. \A well-designed services repository/registry goes a long way to helping IT organizations to efficiently deliver services to potential consumers. At a minimum, such a repository/registry should support both browser-based access and deep IDE integration to enable users with varying roles to discover the right services. For example, a business architect will likely feel most comfortable using domain terminology searches within a browser, while a designer or developer would prefer a UML-based visual search mechanism within their preferred IDE.

Consumption Best Practice: Service Usage Registration and Traceability by Application Development Projects
The third leg of the SOA governance stool - consumption - comes into play as we begin to build, deploy, and maintain applications based on our previously produced and distributed services. Application-based tracking of service consumption is essential for a number of reasons: to support internally defined and externally imposed business governance mandates, to simplify the process of ongoing impact analysis and change management as the SOA matures, and to provide a quantitative ROI based on real service usage statistics back to the C-level within the enterprise.

Let's take a quick look at governance mandates. Business-level governance (through the form of government regulations such as HIPAA, SOX, and Basel III) is increasingly making its way down to IT. As a result, increasing numbers of auditability and traceability requirements are being applied to the IT organization, and these requirements cannot be met without some form of service usage registration mechanism (and again, for IT organizations of any size, this registration mechanism needs to be automated through the services repository/registry).

Remember also that our services will change over time as new requirements are identified (as discussed above in the "Production Best Practice: Versioned Services Governance" section). Existing application teams need to be kept abreast of planned and implemented changes to the services they are using, both to participate in requirements feedback and to prepare for the eventual obsolescence of back-level services as new service versions are deployed.

Finally, since enterprises are not in business to serve IT but rather it's the other way around, our organization's C-level executives are certainly going to expect a quantifiable ROI from any SOA initiative. Without direct traceability over service usage, it becomes arduous at best and impossible at worst to assemble such a quantifiable ROI based on service use and reuse. On the other hand, if usage registration is built right into the services repository/registry, quantifiable ROI is as simple as running a periodic report.

Summary
Don't think managing your services operationally is enough. Just because you can keep tabs on a service's execution doesn't ensure that the service is really supporting the overall business goals of the SOA. Traceability back to the business goals/priorities through EA to SDLC to operations will make SOA successful in the enterprise. Also, don't minimize organizational impacts that may be needed - monolithic, project-centric funding models are not likely to work in the loosely coupled world of SOA.

More Stories By Brent Carlson

Brent Carlson is vice president of technology and cofounder of LogicLibrary, a provider of software development asset (SDA) management tools. He is the coauthor of two books: San Francisco Design Patterns: Blueprints for Business Software (with James Carey and Tim Graser) and Framework Process Patterns: Lessons Learned Developing Application Frameworks (with James Carey). He also holds 16 software patents, with eight more currently under evaluation.

More Stories By Eric Marks

Eric Marks is founder, president, and CEO of AgilePath Corporation, a service-oriented architecture (SOA) and Web services consulting firm based in Newburyport, MA. Marks is a software and technology veteran with 18 years of experience with firms including PricewaterhouseCoopers, Cambridge Technology Partners, Novell, Electronic Data Systems, StreamServe, Ontos, and Square D/Schneider Electric.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
robertmorschel 10/10/12 03:57:00 AM EDT

In my experience SOA needs to begin with a single, skilled team that can define evolving standards and processes in an agile manner, before being let loose on the enterprise; and even then, only if the enterprise has an established and effective centralised governance function that would be able to enforce SOA policies across multiple teams.

Robert

Gary Smith - SOA Network Architect 02/22/06 11:51:19 AM EST

Excellent. This puts governance into perspective.
All the hype around SOA appliances and governance shouldn't have you running out and putting these devices on your network until you understand what governance is all about.

GES

@ThingsExpo Stories
2015 predictions circa 1970: houses anticipate our needs and adapt, city infrastructure is citizen and situation aware, office buildings identify and preprocess you. Today smart buildings have no such collective conscience, no shared set of fundamental services to identify, predict and synchronize around us. LiveSpace and M2Mi are changing that. LiveSpace Smart Environment devices deliver over the M2Mi IoT Platform real time presence, awareness and intent analytics as a service to local connected devices. In her session at @ThingsExpo, Sarah Cooper, VP Business of Development at M2Mi, will d...
"For over 25 years we have been working with a lot of enterprise customers and we have seen how companies create applications. And now that we have moved to cloud computing, mobile, social and the Internet of Things, we see that the market needs a new way of creating applications," stated Jesse Shiah, CEO, President and Co-Founder of AgilePoint Inc., in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will addresses this very serious issue of profound change in the industry.
Health care systems across the globe are under enormous strain, as facilities reach capacity and costs continue to rise. M2M and the Internet of Things have the potential to transform the industry through connected health solutions that can make care more efficient while reducing costs. In fact, Vodafone's annual M2M Barometer Report forecasts M2M applications rising to 57 percent in health care and life sciences by 2016. Lively is one of Vodafone's health care partners, whose solutions enable older adults to live independent lives while staying connected to loved ones. M2M will continue to gr...
The world is at a tipping point where the technology, the device and global adoption are converging to such a point that we will see an explosion of a world where smartphone devices not only allow us to talk to each other, but allow for communication between everything – serving as a central hub from which we control our world – MediaTek is at the heart of both driving this and allowing the markets to drive this reality forward themselves. The next wave of consumer gadgets is here – smart, connected, and small. If your ambitions are big, so are ours. In his session at @ThingsExpo, Jack Hu, D...
The multi-trillion economic opportunity around the "Internet of Things" (IoT) is emerging as the hottest topic for investors in 2015. As we connect the physical world with information technology, data from actions, processes and the environment can increase sales, improve efficiencies, automate daily activities and minimize risk. In his session at @ThingsExpo, Ed Maguire, Senior Analyst at CLSA Americas, will describe what is new and different about IoT, explore financial, technological and real-world impact across consumer and business use cases. Why now? Significant corporate and venture...
"At our booth we are showing how to provide trust in the Internet of Things. Trust is where everything starts to become secure and trustworthy. Now with the scaling of the Internet of Things it becomes an interesting question – I've heard numbers from 200 billion devices next year up to a trillion in the next 10 to 15 years," explained Johannes Lintzen, Vice President of Sales at Utimaco, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Aria Systems, which helps enterprises grow recurring revenue, today announced that its co-founder and inventor of cloud billing Brendan O'Brien, will be a featured speaker at the Cloud Expo, June 9-11 at The Javits Center in New York. Aria also will be demonstrating its Active Monetization platform in Booth #424 on the Expo Floor. O'Brien will lead the following sessions: June 9 - 11:00 am - 11:35 am, Room 1A16 with participants from Constant Contact, MGI Research and ATG Enabling Complex Recurring Revenue Strategies – With IoT exploding, massive data will transform businesses with oppor...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it!
SYS-CON Events announced today that the "First Containers & Microservices Conference" will take place June 9-11, 2015, at the Javits Center in New York City. The “Second Containers & Microservices Conference” will take place November 3-5, 2015, at Santa Clara Convention Center, Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
"There is a natural synchronization between the business models, the IoT is there to support ,” explained Brendan O'Brien, Co-founder and Chief Architect of Aria Systems, in this SYS-CON.tv interview at the 15th International Cloud Expo®, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
The basic integration architecture, as defined by ESBs, hasn’t changed for more than a decade. Most cloud integration providers still rely on an ESB architecture and their proprietary connectors. As a result, enterprise integration projects suffer from constraints of availability and reliability of these connectors that are not re-usable across other integration vendors. However, the rapid adoption of APIs and almost ubiquitous availability of APIs amongst most SaaS and Cloud applications are rapidly redefining traditional integration approaches and their reliance on proprietary connectors. ...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
“Connect2Me is basically a game changer in the IoT industry. We have created IoT connecter middleware that can enable a connection to any kind of device," explained Yasser Khan, CTO of Connect2Me, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
“In the past year we've seen a lot of stabilization of WebRTC. You can now use it in production with a far greater degree of certainty. A lot of the real developments in the past year have been in things like the data channel, which will enable a whole new type of application," explained Peter Dunkley, Technical Director at Acision, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that BMC will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. BMC has worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to mobile, BMC pairs high-speed digital innovation with robust IT industrialization – allowing customers to provide amazing user experiences with optimized IT per...
SYS-CON Events announced today that the "First Containers & Microservices Conference" will take place June 9-11, 2015, at the Javits Center in New York City. The “Second Containers & Microservices Conference” will take place November 3-5, 2015, at Santa Clara Convention Center, Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.