Integrated Service Oriented Architecture Governance with ITIL v3.0

Transcription

1 Integrated Oriented Architecture Governance with ITIL v3.0 Jaka Sembiring *1, Fitri Susanti 2 School of Electrical Engineering and Informatics, Institut Teknologi Bandung, Jl. Ganesha 10, Bandung 40132, Indonesia School of Applied Science, Telkom University, Jl. Telekomunikasi Terusan Buah Batu, Bandung 40257, Indonesia *1 jaka@itb.ac.id; 2 fitri.susanti@tass.telkomuniversity.ac.id Abstract Oriented Architecture (SOA) governance is essential for a company who implements SOA to gain maximum benefit. One of major failures in SOA implementation is the lack of SOA governance. There are apparent weaknesses in SOA governance, such as no systematic process to manage service reuse; no guidance to determine what services should be created; no system to validate the sustainability of design and implementation result; and no complete guidance for change management system. In this paper, we propose a new SOA governance framework where we create the structure of SOA governance based on Information Technology Infrastructure Library (ITIL ) v3.0. We deduce a SOA governance lifecycle and elements to analyse the strength and weakness of several existing SOA governance. Then we propose a new structure of SOA lifecycle and elements, where we map the structure with ITIL v3.0. The result is a new concept of SOA governance which is adapted to the objectives of business in terms of optimization of service reuse for business agility. We elaborate the decision model, rules implemented, roles and responsibility, metrics, and procedure in SOA governance from ITIL perspectives. Keywords ITIL v3.0; SOA; SOA Governance; SOA Governance Lifecycle Introduction It is widely understood that Oriented Architecture (SOA) is developed to increase technology efficiency and business agility (Bieberstein, N., et. al., 2008). This is achieved through service reuse which is a key issue in SOA. reuse is based on the concept of service, service interoperability, and loose coupling (Josuittis, N. M., 2007). With service reuse, the implementation of services can be effective, efficient and business agility can be achieved. It is possible for companies to gain benefits from SOA implementation, such as business agility, flexibility and service reusability (Van de Berg, M., et. al., 2007). However, (Heffner, R., 2009) has shown that upon implementing SOA, not many companies succeed in achieving maximum benefit where only around 25% get the maximum benefits, 36% get some benefits, 20% does not get the benefits and would not continue using SOA until the SOA failure problems were found, 17% could not determine the result of implementation, and 1% of companies did not get the benefit at all. Some failures of SOA implementation have been identified such as: (i) the implementation approach dominated by a technological perspective, hardly any view from a business perspective; (ii) not properly handling the major changes as a result of SOA implementation; (iii) failing to implement SOA governance; and (iv) the service architecture design driven by IT vendor (Kavis, M., 2008). Others have shown that those SOA failures are related to the lack of SOA governance (Ott., C., et.al., 2008). The research result from (Janiesch, C., et. al., 2009) shows that SOA governance is an important factor for SOA implementation. But in his research, (Braun, C., 2007) has pointed out that there are still apparent weaknesses in SOA governance, such as failing to provide a systematic process to manage service reuse, no guidance to determine what services should be created, no system to validate the suitability of designing and implementation result, and no complete guidance of change management. As a result, there are various altenatives for SOA governance models such as from (Niemann, M., et. al., 2008), and companies like IBM, HP or Oracle. But these alternatives still possess deficiencies mentioned by (Braun, C., 2007), so that there is still some room for improvement for the model. In this paper, we propose a new model of SOA governance by taking advantage of interconnection between SOA 16 International Journal of Advances in Science, Vol. 4 No. 1, August /15/ , 2015 DEStech Publications, Inc. doi: /ijams

2 Integrated Oriented Architecture Governance with ITIL v governance and IT governance framework of Information Technology Infrastructure Library (ITIL ) v3.0 which is the best practice of IT governance framework (Taylor, S., 2007). It is widely understood that the SOA governance is a part of IT governance, so that the process and components of IT governance can be used as guidance for service management (Bieberstein, N., et. al., 2008). Through mapping procedure we have shown that the processes in ITIL v3.0 could complete the processes in SOA governance (Susanti, F., 2011). Based on the mapping result we propose a new SOA governance general model which is capable of managing SOA more effectively and efficiently, and able to overcome problems or apparent deficiencies found in the previous SOA governance model. Mapping SOA Governance with ITIL v3.0 To design an integrated SOA governance based on ITIL v3.0, first we need to create and analyze the mapping between services based on SOA governance structure with ITIL. Before we can create a mapping, we need to define the structure of SOA governance based on the general concept of governance. This step is presented in order to avoid the failing of SOA implementation as mentioned in the previous section. With this linkage the problem of overburden to the organization or business unit will be minimum. The SOA governance should guarantee the SOA lifecycle and service lifecycle. To define the SOA governance structure, we analyze the relation of service lifecycle, SOA lifecycle, and SOA governance lifecycle through comparing the works of (Van de Berg, M., et. al., 2007), (Earl, T., 2005), (Bieberstein, N., et. al., 2008), (Web Methods, 2006), and (Simanta, S., et. al., 2009). We deduce that the lifecycle should contain service planning, design, development and operation. Then by using keywords and comparing the works of (Josuttis, N. M., 2007), (Van de Berg, M., et. al., 2007), and (Bieberstein, N., et. al.), we can construct the main elements of SOA governance. Using lifecycle and main elements obtained, we analyze three models of SOA governance, i.e. governance for profit organization (IBM SOA, 2006), for non profit organization (SOA CoE Core Team, 2010) and general version from (Niemann, M., et. al., 2008). We can obtain the strength and weakness in each model. We deduce that to create a holistic approach for SOA governance we must include the following aspects: (i) planning, (ii) design, (iii) implementation, (iv) controlling, (v) measurement and (vi) improvement. Furthermore the main elements should be comprised of (i) policy, (ii) role and responsibility, (iii) metrics, (iv) decision, and (v) process. The main objectives of SOA governance are to align the IT, in particular implementation of SOA, with business objectives. The specific business objective is business agility based on service reuse. As a result, the SOA governance lifecycle and elements in service environment have several characteristics which separate themselves from other frameworks. We derive that the SOA governance lifecycle consists of five phases: Planning, to develop a service strategic planning, Design, to design a service architecture, Implementation, to transform the service design into production, Control, to focus on day to day service, and Improvement, to evaluate the operation of the service. Furthremore it can be derived that the SOA governance lifecycle has five elements: Policy, including the policy to manage the service, the roles and responsibility, the service architecture planning, the service from economic perspective, and policy to manage the processes in each phase, Procedure, including the procedure to plan service reuse, establish service, prioritize service, calculate service cost, implement service, manage service operation, measure the service, improve the service, Role and responsibility, including the definition of who is responsible in each phase and existing process, Metrics, consisting of measurement value of verification process of the implemented procedure, measurement value of monitoring achievement of governance and governance implementation, Decision, including determination of service to be developed, service architecture, role and responsibility, action for service control, service evaluation and service improvement. With this SOA governance lifecycle and main element structure we proceed further with mapping them with ITIL v3.0. The complete methods and mapping result can be found in (Susanti, F., 2011). A high level interconnection can be seen in Fig. 1.

3 18 JAKA SEMBIRING, FITRI SUSANTI FIG. 1 HIGH LEVEL MAPPING OF THE PROPOSED SOA GOVERNANCE STRUCTURE WITH ITIL V3.0 Integrated SOA Governace with ITIL v3.0 Based on the analysis on SOA governance lifecycle, elements of SOA governance and mapping of SOA and ITIL v3.0 in the previous section, we propose a new SOA lifecycle consisting of five phases: (i) Plan, (ii) Design, (iii) Implement, (iv) Control, and (v) Evaluate. The main objectives of the SOA governance is to manage the implementation of SOA. To satisfy this objective the characteristic of each phase can be described as follows. Planning phase, to identify all service demands, to assess the existing service and to formulate a strategic plan to make sure the service is developed to answer the business demands, Design phase, to design service requirement as a solution for business needs, Implementation phase, to transfer the design into operational services ready to be implemented in a real environment, Controlling phase, to monitor operational services, and Evaluation phase, to analyse the measurement results dan to recommend improvement at all phases. The next step is to determine the elements of governance in each phase. This elements is also derived from the mapping with a specific objective of service reuse. The elements should be able to satisfy reqirements such as: What is to be considered to satisfy service reuse? What kind of service should be developed so that it can be reused? What process should be available? What policy should be considered? Who should be responsible to plan, create and manage the services. The elements that could satisfy the above requirements consist of (i) Decision, (ii) Rule and Policy, (iii) Procedure, (iv) Role and Responsibility, and (v) Metrics. FIG 2. THE PROPOSED MODEL OF INTEGRATED SOA GOVERNANCE WITH ITIL V3.0. THE MODEL CONSISTS OF FIVE LIFE CYCLE PHASES, WITH FIVE ELEMENTS, AND MAINTAINING THE ALIGNMENT OF BUSINESS GOALS WITH IT IMPLEMENTATION IN GENERAL, SOA IMPLEMENTATION IN PARTICULAR.

4 Integrated Oriented Architecture Governance with ITIL v The complete model graphically can be seen in Fig. 2. In line with the objectives of general IT governance, from Fig. 2, it can be seen that the objective of SOA governance is to align the business objective with IT implementation in general and SOA implementation in particular. In Planning phase, the analysis for the existing condition is very important. We need to catalogue all the existing services. The objective is to understand the condition as a reference to evaluate whether a service can be reused, recomposed or a new service should be created. The result of the evaluation should be documented in service portfolio and recorded in service registry. For service reuse, we need to consider service priority, service cost and service budget. In Design phase, basically the activities concentrate on designing service covering its reuse characteristic. Implementation phase is related to two processes, i.e. service configuration management and implementation of related technology. Control phase consists of activities related to service operation management, handling of service incidents/problems and service report. The final phase, Evaluation, deals with the measurement and verification of operational services. Measurement is created as a matrix that relates the CSF and KPI with business objectives. This measurement is an important factor for continuous improvement and for monitoring efficiency and effectivity of operational services. The derived model can be included in the general governance of the enterprise, and in fact it complement the governance structure. We elaborate the decision model for Integrated SOA governance based on ITIL v3.0 as shown in Table 1, the rules as in Table 2, the roles and responsibility as in Table 3 and metrics as in Table 4. For roles and responsibility we can derive the complete description for each role and related processes. We show the sample result in Table 5. For procedure, we can derive 31 procedures and 78 sub procedures. The sample of detail procedure can be seen in Table 6. TABLE 1. DECISION MODEL IN THE PROPOSED SOA GOVERNANCE No Phase Decision Description 1 Plan 3 Implement No Phase Rules 1 Plan Reuse Prioritization Value Portfolio Financial Asset Architecture Model Configuration Validation Release Monitoring Problem Report Measurement Improvement Determine which service can be reused Determine which service should be implemented What is the value of the service delivered to user Determine which service to be implemented to fulfill business requirement, and documented in service portfolio Calculate the cost, budget and ROI for the service Determine which asset already available as the first step in service reuse Determine the service architecture modeling Determine the service configuration Determine the service validation Determine the development and testing process, service capability adjustment Determine the processes for service monitoring Determine the action to be taken in case problems and failure occurring Day to day reporting of service Measurement of agreement between service performance and target Recommendation on service improvement which will be taken in Plan, Design, Implement and Control phase TABLE 2. RULES IMPLEMENTED IN THE PROPOSED SOA GOVERNANCE value is aligned with business objectives The service to be implemented should be able to respond to the business demands Employing reuse standardization and principle for service implementation implementation should have modular andloosely coupled characteristics Balancing the service development with availability of budget development priority is aligned with business requirement, service asset and service financial All of the developed service should be defined in service portfolio and service level agreement Each service has service owner who is responsible for service implementation

5 20 JAKA SEMBIRING, FITRI SUSANTI Implementation of balanced design between resources and service functionalities Optimization of reuse principles in process, system, service architecture development Attention to accuracy and quality of the results of service design, IT architecture and their agreement with time accuracy, service capability and service availability Agreement between service strategic plan and service design Holistic approach for defining service requirement Mapping between designed service and technology to be adapted report should satisfy SMART principles: Specific, Measurable, Relevance, Timely 3 Implement Optimization of process and system reuse No Phase 1 Plan 3 Implement Alignment between service transition and business demand Capability to detect incidents shortly Staff arrangement with appropriate skills for handling service incidents/problems time agreement to resolve service incidents/problems and documentation for service desk Good communication between operational team and other units to solve the service incidents/problems Evaluation and improvement process is integrated with enterprise culture Clearly defining what and why to measure; measurement criteria Roles and Responsibility IT Steering Group Financial Manager Portfolio Manager Catalogue Manager Level Manager Owner Design Manager Application Analyst Technical Analyst Risk Manager Capacity Manager Availability Manager IT Continuity Manager IT Security Manager Compliance Manager IT Architect Change Manager Change Advisory Group Change Owner Project Manager Application Developer Release Manager Configuration Manager Knowledge Manager Test Manager Incident Team Problem Team Request Fulfilment Group Access Team IT Operation Manager IT Operator IT Facilities Manager Technical Support CSI Manager Process Owner Process Manager TABLE 3. ROLES AND RESPONSIBILITY IN THE PROPOSED SOA GOVERNANCE

6 Integrated Oriented Architecture Governance with ITIL v TABLE 4. METRICS FOR PROPOSED SOA GOVERNANCE No Phase Metrics 1 Plan Percentage of new services to be developed Number of services with high value category Agreement of service development with agreed budget Percentage of developed services with cost benefit consideration Number of services with SLA supported by OLA Number of reuse services Agreement of service architecture with business demand Number of loosly coupled services 3 Implement Frequency of service verification Number of changes reviewed by Change Advisory Group (CAG) Number of emergency changes reviewed by CAG Number of Requests for Change (RFC), submitted, accepted and rejected Number of released services Time duration needed to deploy service until completed Percentage of service failures at acceptance test after released Number of errors found at service testing Percentage of service acceptance tests rejected by customer Time needed to resubmit service to be released Frequency of service verification agreed with Configuration System (CMS) Time duration needed to process service verification Number of error free CMS Percentage of service component configuration included in CMS Number of escalated service incidents as a result of incident solution longer than agreed time Mean time needed to completely solving incident Number of directly solved service incidents recorded in service desk Number of user complaints accepted and processed Result of client satisfaction at certain period Number of service evaluation at certain period Number of identified weaknesses as a result of service evaluation Number of bench marked process, maturity assessment and audit result at a certain period Number of process evaluation at certain period Number of identified weaknesses as a result of process evaluation Number of improvement initiatives as a result of weakness identification on service evaluation and process evaluation TABLE 5 SAMPLE OF ELABORATION OF ROLES AND RESPONSIBILITY OF THE PROPOSED SOA GOVERNANCE No Phase Roles Responsibility Processes 1 Plan IT Steering Group Manager Level Manager Determine the IT service guidance and strategy Review the business and IT strategy to guarantee their All Processes alignment Determine the priority for service to be developed Catalogue Responsible for managing the service catalogue, make sure Catalogue that all data in the catalogue is up to date Negotiate and make sure the compliance of SLA Make sure all IT processes, OLA, and contractual documents Level, agree to SLA Validation and Testing Monitoring all service design and reporting 3 Implement IT Architect Project Manager Application Developer Create the blueprint for future technology development IT Architect considering the availability/existing service and technology Responsible for planning and coordination of resources in Project service project implementation Develop the service application and systems that provide functionalities in line with the demand in IT services, Application Development and including development, maintaining and customization of Customization software/systems

7 22 JAKA SEMBIRING, FITRI SUSANTI Configuration Manager Incident Team IT Operator CSI Manager Process Owner Process Manager Manage the information of configuration of each product, Change service and application Concentrate on handling/resolving the service incidents which cannot be resolved by Technical Support Responsible for effectivity and efficiency of the Incident implementation of the process in the Incident IT staffs who responsible for day to day operation of the Event, IT Operation service, data back up, make sure the process in line with the, schedule, service instalation Rrelease Mangement Manage service improvement and its processes Measure the performance of the service regularly, design the Evaluation, improvement for the processes, services, and infrastructure Initiative, Monitoring to increase effectivity and efficiency of the services Make sure each process is agree with its objectives Responsible for continuous improvement and measurement Process Evaluation of the processes Plan and coordinate all activities in the Process Coordinate all process and service changes, and make sure Process Evaluation all services working properly TABLE 6. SAMPLE OF ELABORATION OF THE PROCEDURES IN THE PROPOSED SOA GOVERNANCE No Phase Procedure Objectives Subprocess Description Input Output 1 Plan Assessment Requirement Valuation of IT existing condition in the enterprise including system, infrastructure, service aligned with and supported business objectives Asset Identification High Value Identification Determine the needed service for SOA implementation including its requirement specification Determine the value for Value every service of service catalogue including all Catalogue information related to operational services Negotiation on the Level agreement of service to be developed, target to be achieved Value Catalogue Identification of Requirements Decomposition of Business Identification of assest valuation in the form of resources (management, organization, people, knowledge and capabilities) Identification of high value services as a consideration for service resuse Determine the needed service, service classification (service core/ service support) and service specification Combination of utility (fitness for purpose) and warranty (fitness for use). Consideration factor includes resources, service capabilities and ROI service Main focus of this process is to create a structured document with content consists of Business goals, business requirements, business process, business budget allocation all information of created services including how Business needs to deliver the service to & users and service Requirement, specification Prioritization, Identification of users Portfolio Decomposition of business process to service to be provided Asset, Reuse Requirement Value Catalogue Architecture, Model, Design Package, Level Agreement, Operational Level Agreement, Acceptance Criteria

8 Integrated Oriented Architecture Governance with ITIL v Implement Measurement of business impact and determine Business the possible threat and Impact & vulnerability in the Analysis service and business asset Risk identification, valuation Determine the action for and controlling, including Risk risk mitigation and Process, Asset asset valuation for business, determine the risk owner Valuation threat identification, asset Risk Mitigation who is responsible for risk, vulnerability evaluation implementation and maintenance Monitor all possible risk. Risk Monitor process/ Monitoring activities and corrective action when needed Manage all the change, determine that the change Change taken is beneficial, and minimalize the impact of change to the service Planning, controlling, Release & coordinating resources, and Deployment testing the service in the real environment Request for Change (RFC) Classsification & Assessment Change Evaluation Release Support Release Deployment Determine the priority of the proposed change and determine whether accept or reject certain RFC Evaluate and verify the change that has been done Provide guidance to develop service release Release the service in the real environment Request for Change Release Risk Analysis, Risk Log Change Model, RFC Template Post Implementtaion Review Release Policy Release Record Categorizing dan filtering Event event that occur in order to determine the appropriate action Maintenance of Event Monitoring Event Filtering Control the service mechanism so that it function properly Catagorizing, filtering event that is considered unsupported to the operation of the service, and analyzing relation amongst events to identify certain trend Event, Configuration, Change Event Record, Event Trends/ Even Patterns, Event Categories, Event Relation Provide and control user Access access to the service, and conduct the established policy Evaluation Evalaute service quality regularly. Identify under performed service to be improved later. Make certain the SLA is in agreement with business need Maintenance of User Roles & Profile Manage User Access Request Complaint User Satisfaction Survey of user role to prevent user access abuse Process the addition, change, termination user access and make sure appropriate user access is granted to the user User Identity Request, Request for Access Right User Identity Record, User Role, User Access Profile, Access Right Collect the user complain as a base for service User Complain Complain Log improvement Conducting user satisfaction survey, analyze the result to find User Survey the expectation of the Response user which is not yet provided by the service User Survey Evaluation Initiative Recommendation for service and process improvement based on the result of service Initiative Plan and process evaluation Create plan for service improvement, Process Evaluation Report Improvement Plan

9 24 JAKA SEMBIRING, FITRI SUSANTI Since we deduce the design from the most general criteria of SOA governance, it means that when we consider service reuse as a main consideration, the main structure is still intact functioning as a governance framework. To further validate the result, we distribute a questionnaire to three experts in the field, and receive their comments on the structural design and completeness. The result is favorable to our proposed framework. For further works, it is valuable to have a comparison with other works other than the ones that are already mentioned in this paper, such as TOGAF framework based. Conclusions We proposed a new framework for SOA governance with emphasis on the service reuse. This is the most important aspect in SOA implementation. It is closely related to SOA implementation objectives to create service reuse to make business more agile. We derive the framework by mapping SOA lifecycle with ITIL v3.0. We elaborate the decision model, rules implemented, roles and responsibility, metrics, and procedure in SOA governance from ITIL v3.0 perspectives. By deduction we can show that the proposed framework is designed to overcome several apparent weaknesses in the previously published SOA governance. REFERENCES [1] Bieberstein, N., R. Laird, K. Jones, T. Mitra. Executing SOA: A Practical Guide for the Oriented Architect. Washington: IBM Press, [2] Braun, Chrstian, Robert Winter. Integration of IT into Enterprise Architecture. Proceedings of the 2007 ACM Symposium on Applied Computing. Seoul, March 11 15, [3] Brown, C., and R. Winter. Succeeding With SOA, Realizing Business Value Through Total Architecture. Addison Wesley [4] Earl, Thomas. Oriented Architecture. Prentice Hall, [5] Heffner, R. Survey Results Show SOA Governance Improves SOA Benefit. Accessed January 10, [6] IBM SOA. IBM s SOA Governance Model. IBM Corp Accessed February 17, sos/research/areas/upload/governanceintroduction.pdf. [7] Janiesch, C. et.al. Conceptualisation and Facilitation of SOA Governance. The 20 th Australasian Conference on Information Systems, [8] Josuittis, N. M. SOA in Practice: The Art of Distibuted System Design, Sebastopol, CA: O Reilly Media Inc., [9] Kavis, M. Ten Mistakes that Cause SOA to Fail. 2008, Accessed January 10, [10] Niemann, M., J. Eckert, N. Repp, R. Steimetz. Towards a Generic Governance Model for SOA. Proceeding of the Fourteenth Americas Conference on Information Systems. Toronto, ON. Canada August [11] Ott, Christian, Axel Korthaus, Tilo Böhmann, Michael Rosemann, Helmut Krcmar. Towards a Reference Model for SOA Governance. 2010, qut.edu/au. [12] Simanta, S., E. Morris, G.A. Lewis, S. Balasubramaniam, D.B. Smith. A Scenario Based Technique for Developing SOA Technical Governance Technical Note CMU/SEI TN.009, [13] SOA CoE Core Team. Oriented Architecture (SOA) Governance Model. Franchise Tax Board, State of California. May, Accessed February 17, [14] Susanti, F., J. Sembiring. The Mapping of Interconnected SOA Governance and ITIL v3.0. International Conference on Electrical Engineering and Informatics [15] Taylor, S., S. Lacy, I. Macfarlane. ITIL v3.0 Publication Framework: ITIL Support, Desk, Strategy, Design, Transition, Operation and Continual Improvement. Office of Governance Commerce (OCG), [16] Van de Berg, M., N. Bieberstein, E. Van Ommeren. SOA for Profit A Manager Guide to Success with Oriented Architecture. IBM & Sogeti, 2007.

10 Integrated Oriented Architecture Governance with ITIL v [17] WebMethods. SOA Governance: Enabling Sustainable Success with SOA Accessed March 17, Jaka Sembiring earned the Bachelor s degree in 1990 from Institut Teknologi Bandung (ITB), Indonesia, Master s degree in 1997, and Doctoral degree in 2000, from Waseda University, Japan, all in electrical engineering. He is now an associate professor at the School of Electrical Engineering and Informatics (SEEI), ITB where he joins the Information Technlogy Research Division. His main interest is on the application of stochastic system in information technology related field. His working experiences includes: Head of Data and Information Division, The Ministry of Communication and Information Technology, Indonesia, Vice Director of Information Technology Center, ITB. His current position is The Vice Dean for Resources Affairs, SEEI, ITB. He has already written around 50 technical papers in stochastic process theory and its application in enterprise architecture, risk analysis, robotics and agent systems. Dr. Sembiring is an active member of IEEE and ACM. Fitri Susanti was born in Duri, 21 th June She earned Bachelor s degree from Department of Informatics Engineering, STT Telkom Bandung in In 2012, she earned her Master s Degree in information technology from Department of Informatics Engineering, Institut Teknologi Bandung. During her study at STT Telkom Bandung, She was actively participating in lab works as lab assistant, both at Mathematics & Statistics Laboratory and Database Laboratory. From 2008 until now, she is a lecturer at Telkom University, teaching algorithm and cloud computing related courses. Her research interests are including but not limited to SOA and Cloud Computing. Fitri Susanti., M.T. is an active member of the Society of Digital Information and Wireless Communications (SDIWC).