Independent Insight for Oriented Practice Policy Driven Practices for SOA Lawrence Wilkes CBDI Forum www.cbdiforum.com
Agenda! Enterprise SOA Challenge! SOA Policy Areas! Layered Architecture as a basis for Policy! Lifecycle as a basis for Policy! Compliance Testing! Engineering 2 V1.0 0206
Core SOA Characteristics 1. Loose Coupling Enabling rapid process integration & optimization Consuming Solutions Y X Z 3. Consumer (solution) flexibility Use alternative and or specialize services 2. Functional standardization Reuse to reduce cost and deliver consistency across different solutions A B Usage decisions determined by Policy 4. Resource virtualization Who, What and Where B A C 3. Supplier flexibility Use alternative and consolidated resources Functional Capabilities/Resources 3 V1.0 0206
Enterprise Challenge Lots of Disparate Consuming Solutions Driven by Pressing Needs Of Individual Business Sponsors Lots of s delivered with good intention, but failing to deliver the full benefits of SOA Minimal Sharing, still silo ed, disparate, and meeting only the requirement of individual business sponsors! Lots of Duplicated, Silo ed, Disparate, Distributed Capabilities/Resources 4 V1.0 0206
Technology Isn t the Solution Lots of Disparate Consuming Solutions Driven by Pressing Needs Of Individual Business Sponsors Enterprise Bus, Web Protocols, etc Technology is an important enabler But it isn t just a wiring problem! Lots of Duplicated, Silo ed, Disparate, Distributed Capabilities/Resources 5 V1.0 0206
Managed Portfolio Consuming Solutions X Y Z s Provided and Consumed Business Domain s Grouped by Domain s Organized by Purpose and Type s Selected for Sharing, Aggregation or Differentiation A B C Functional Capabilities/Resources 6 V1.0 0206
SOA Three Perspectives SOA is a Management Framework SOA is an Architectural Framework Focus! Business and IT Resource Optimization! Business/IT Convergence! IT Process for SOA?! Provider/Consumer Supply Chain?! Federated Architectures! Identification and Specification! Lifecycle Interest! Strategy and Roadmap! Organization and culture! IT Process Governance! Provisioning and Sourcing Policies! Enterprise Architecture Context! Architectural Constructs for SOA! Architectural Governance! Architectural and Design Policies SOA is a Deployment Framework! Run-time deployment of s and Resources! Operational Infrastructure! Management! Standards! Technology! Run-time Governance! Operational Policies 7 V1.0 0206
SOA Policy Areas Type Determines/Governs Example Program/ Process Architecture / Design Asset Sourcing Operational Security Commercial Relationship SOA Delivery process Use of architectural constructs in the SOA Flexibility Change in state - lifecycle How s and associated resources are sourced Run-time policies Permissions How a is paid for Obligations between different parties RAEW Funding Layering Mediation Certification Standardization/Commoditization Monitoring SLA Authentication Pricing Provider/Consumer IT/Business 8 V1.0 0206
Layered Architecture! Reasons for Layering! Higher degrees of reuse/sharing! Flexibility in assembly of s at different layers! Functional standardization and commoditization in lower levels! Customization in higher layers! Separation of concerns! Determine policies by layer! Policies Vary by Layer. E.g.! Different Sourcing permitted! Degree of Standardization/ Differentiation allowed 9 V1.0 0206
Classification - Layers Order System Product Dev System Stock Control Application Solution Layer (presentation and dialog) Order Fulfillment Stock Management Process s (orchestration layer) Orders Customers Products Stock Movements Core Business s Stock Reordering ( backbone layer) AccountsReceivableAPI (from legacy Accounting System) AddressReformatter Purchasing (from highly generic component) CurrencyConversion Underlying s (that need a facade) Utility s (high reuse layer) 10 V1.0 0206
Basis for Single and Shared Policy Solution Layer (presentation and dialog) Orchestrate operations from many core business operations Support process unique processing Store process level information Process s (orchestration layer) Business Domain Single provides consistent view of corporate data and business rules Provides a 360 view of the resource Stores a record of each instance of each business type Applies common validation and business rules Core Business s ( backbone layer) Exploit pre-existing functionality for wider reuse Aggregate functionality from pre-existing s and systems The most widely reused Shared s s that perform widely used sub-routines, operations 11 V1.0 0206 Underlying s (that need a facade) Utility s (high reuse layer)
Basis for Standardization and Customization Policy Critical policy area Determines economics, flexibility, competitive differentiation and standardization Determines sets of standard services based on economics and feasibility Manage solution usage on basis of competitive differentiation! Core/Context! Core/Non Core Manage sourcing on basis of economics Business Solutions & Business Processes Differentiated Usage Standardized Usage Standard s Commodity s Custom s Increasing Customization Increasing Commoditization Differentiated s Differentiated Behavior 12 V1.0 0206
Basis for Architecture and Design Rules Example rules Dependencies allowed May be called by apps that support other business processes May call Core Business & Utility services directly Process s (orchestration layer) Cyclic dependencies not permitted, except for callback. May not call Process s May call other Core Business, Underlying and Utility s directly Core Business s ( backbone layer) May not call Core Business or Process s May call Utility s, but normally would not Underlying s (that need a facade) Cyclic dependencies not normally permitted May call other Utility s directly 13 V1.0 0206 Utility s (high reuse layer)
Driving Architecture Scope Focus Identification Techniques Solution Driven Project Business Process Business Optimization Resource Integration Process Agility Business Process Value Chains Process Modelling Use Case Domain Driven Enterprise Domain Resource Optimization Sharing and Consistency Standardization/Commoditization Flexibility - Provider Agility Analysis of Business Domain Classification into Layers Business Type Models Data-centric Reuse analysis System Driven Existing Systems Application Existing APIs Integration Existing systems and databases Current Systems Analysis Process Driven Solution Model Process s Order Fulfillment Data Centric Domain Model Core Business s Orders Products Current Systems Model Underlying s Accounts Receivable API Bottom Up Utility s Address Reformatting 14 V1.0 0206
Architecting for Agility Specialized Solutions On Demand Assembly Requestor Applications Consumer Finished Product 1 Policy Driven Pick Exterior ColorPick Interior Color Pick Wheel Style??? Standard GT Special Policy Driven Alternative or Provider Process 2 3 Management Base Product Business s 4 Flexible Sourcing of Components Commoditized s Planning and Design Provider Applications Provider Run-Time 15 V1.0 0206
The Life Cycle Enabling Governance Planned Specified Being Provisioned /include proposed service in portfolio plan /prepare service specification and WSDL demand for operations arises / Lifecycle Governance over state change State (pre) Provisioned /handover tested service Activity Policy Driven Certified Published /confirm service offers required quality /publicize service, catalog and subject to change control Compliance Check Operational /deploy service State (post) Retired /withdraw obsolete service Archived /archive service artifacts 16 V1.0 0206
Lifecycle Challenges How can Policies be applied across different tools? Policies may be tool specific, with tool specific definitions How is compliance checked? Policies Policy Management Configuration & Asset Management Requirements Management IDE, ESB Registry & Systems Management is defined in many different tools How is consistency maintained? How is the compliance with the specification checked? Planned Specified Being Provisioned Provisioned Certified Published Operational Retired Archived Changing State may mean " Moving from tool to tool " Changing Level of Abstraction OMG RAS Reusable Asset Specification OMG UML 2 Models used to document service and the SOA WS-protocols even if the is not a WS Use of WS-Policy Standards that may help share artefacts or information across the lifecycle 17 V1.0 0206
Need for Richer Specifications! Operation signatures do not explain enough! WSDL is not good at explaining service behavior! CBDI Description (primarily used in Planning)! Lightweight not a specification! Described in business, not technical terms! CBDI Rich Specification 1. Interface Definition (signatures of all the operations) 2. Behaviour Definition (without pre-empting how implemented) e.g. pre-post condition pairs 3. Information model 4. Mandatory Message Sequences 5. Properties and Features 6. Quality of Standards Compliance Functional Specification Non-functional Specification 18 V1.0 0206
Role of Registry in the Lifecycle Consumption Asset Management Tools Developer Tools Plan Publish planned s Specify Discover s Certify in Approval Process Publish Via Staging Registry Discover Production Registry Staging Registry Dynamic Run-time Discovery Feedback QoS Consume Management Register Versions and Redirect Certify Publish Deploy Operate Version Provision Asset Management Tools Developer Tools Registry becomes System of Record for Lifecycle 19 V1.0 0206
Policy Compliance Points Consumption Validate Consumption Asset Management Tools Discover Developer Tools Validate Consume Validate Run-time Compliance Validate SLA Specify Registry Validate Provider Validate Consumer SM/ESB SM/ESB Validate Validate Specification Publish Certify Operate Validate Run-time Compliance Validate SLA Provision Asset Management Tools Developer Tools Validate Design 20 V1.0 0206
Sample Governance Compliance Checks Compliance Check WS-Protocol WS-I profile WS-Security Schema Classification Architecture Design Policies Specification Approved Provider Consumption SLA Business Policy Compliance Regulatory or Auditing Compliance Type of Check and Standards Relevance Enforce and Validate usage of various WS protocols. Products may ship with ready made profiles for WS-I, WSDL, WS-Security Ensure that consumed s comply with policies for usage of various WS protocols. Check compliance with WS-I profiles to ensure interoperability Enforce and validate Security policies Validate XML Schemas, validate that s use the correct schema Validate classification of s. Registries provide classification mechanisms Proper assignment to layer, compliance with dependency policies User defined methodology conformance to best practices. Completeness of specification according to user defined methodology Inspect endpoint references against known and approved providers. For example Ensure that only s published in catalog are consumed. For example Monitor compliance with SLA policies SLA definitions and hence compliance checks are likely be proprietary to the WSM/SOAM/ESB product Inspect Requests and Responses to ensure business rule compliance, and/or transform Requests and Responses based on business rules Business Rules Engine defines compliance tests WSM/SOAM/ESB can enforce business-based mediation rules (routing, transformation, etc) Inspect Requests and Responses to ensure regulatory compliance, and auditing requirements. Use WSM/SOAM/ESB Typically user defined. Some products may have pre-defined templates. 21 V1.0 0206
Relationship Governance IT ROI Business Requirement Provider/ Supplier Enterprise Capability QoS/SLA Payment Shared capability Usage Consumer Project! Use policies as a way of managing relationships! Compliance works both ways and places obligations on both parties SOA Architect Frameworks Style Guide Compliance Developer 22 V1.0 0206
Engineering Process Context BUSINESS MODELING Define business capabilities SERVICE PORTFOLIO PLANNING policies Define Policies Identify s Describe s Publicize Portfolio Plan SERVICE PROVISIONING Specify a Planned Descriptions Business Ontology Business Type model Capabilities Required s Define business relationships Define business policy Model Business Semantics Model Business Capability Model Value Chains Business policies BUSINESS PROCESS DESIGN Model Business Process Value Chains Business Process Model Acquire the Certify, Deploy Publish in Catalog Operational s SOLUTION DELIVERY Design Software Solution Request s and Operations Construct Software Solution Test Software Solution 23 V1.0 0206
SPP Policies! View policies govern portfolio content identification and classification:! Layering rules! Dependency Rules! Standardization and customization! Sourcing! Target consumers, QoS!...! Implementation View policies govern mapping to automation to automation units:! Sourcing! Component selection and or design criteria! Integration! Deployment View policies govern allocation of automation units to technical infrastructure:! Performance, Security 24 V1.0 0206
Conclusions! SOA Policies fall into many areas! Process! Architecture! Operational! Relationships! Layered Architecture drives much policy thinking! lifecycle provides a framework for managing compliance governance! Policies must be flexible! Know when to enforce, and when to allow optionality! Many policies must be checked by hand don t over burden the organization with bureaucracy 25 V1.0 0206
Relevant CBDI Reports! Practical Specification and Design - a five part series commencing with: http://www.cbdiforum.com/secure/interact/2005-03/practical Spec.php! Portfolio Planning Revisited http://www.cbdiforum.com/secure/interact/2005-09/_portfolio_planning_revisited.php! Improving SOA Governance with the Systinet Business s Registry http://www.cbdiforum.com/secure/interact/2005-04/improving_soa_gove_systinet_business_registry.php! Software Development Asset Management with LogicLibrary Logidex http://www.cbdiforum.com/secure/interact/2005-06/software_dev_asset_man_logiclibrary_logidex.php! The Lifecycle! http://www.cbdiforum.com/secure/interact/2005-11/the_service_lifecycle.php! SOA Governance in the Life Cycle! http://www.cbdiforum.com/secure/interact/2005-11/soa_governance_in_life_cycle.php 26 V1.0 0206
Independent Insight for Oriented Practice! Monthly CBDI Journal! Best Practice Series e.g.! Practical Identification and Specification! Enterprise SOA! Developing the Architectural Framework for SOA! Oriented Business Series e.g.! Telco! Insurance! Pharmaceutical! Automotive! Market Trends e.g.! Management! ESB! 15,000+ subscribers worldwide! Architects, Business Analysts, CIOs, CTOs, Product Managers,! Some Free Resources! SOA and Web Roadmap! http://roadmap.cbdiforum.com/! SOA Fundamentals! http://roadmap.cbdiforum.com/rep orts/fundamentals/! Consulting and Education! SOA Roadmap Planning! Portfolio Planning! Business Requirements for SOA! Technology Infrastructure for SOA! http://www.cbdiforum.com/public/ente rprise_services/educational_services. php www.cbdiforum.com 27 V1.0 0206