SOA governance: A sample service lifecycle management process

What is SOA governance?

SOA governance is the intersection of business and it governance, focusing on service lifecycle to ensure the business value of SOA. SOA governance is an effective management of the service lifecycle, and the service lifecycle is a key goal of SOA governance.

Figure 1. Definition of SOA governance

IBM's approach: SOA Governance and management methodologies

IBM's governance approach includes two different aspects of success: definition and execution. The SOA governance and management approach (SOA governance and Management METHOD,SGMM) is an end-to-end approach to defining, implementing, and improving SOA governance. SGMM provides you with a descriptive approach to identifying all the necessary elements to ensure proper governance, including identifying new roles and responsibilities, defining policies and metrics, and placing checkpoints in the processes that IBM follows. During execution, IBM distributes these strategies across different execution points and monitors and measures the metrics to improve the governance model.

Governance scenarios in the SOA development lifecycle

In addition to the SOA development lifecycle described above, IBM also encourages the use of SOA Foundation lifecycle. The SOA Foundation lifecycle starts with business modeling, transforms the model into an information system, deploys the information system, and then manages the deployment. As the SOA development lifecycle closely follows the IBM SOA Foundation Lifecycle, typical service development will experience modeling, assembly, deployment, and management phases. Let's analyze these phases in more detail:

Modeling

The modeling phase is based on business requirements, in which the business process model is designed, business services are identified, the process is modeled using hypothetical business conditions, and subsequent results are analyzed based on business objectives. If the target is not met, the process is redefined with the modified business service. From these modeling aspects, the identification of business services is a very important activity, which is a one-to-one mapping to IT service implementations.

Assembly

Once you have defined IT services, you will arrive at the assembly phase of design, specification, creation, and testing. Use a combination of business processes to test the constructed services independently. Test-qualified services are entered into the Run-time repository and are published for service consumers. Because the services used by different service clients have slightly changed functionality, they will build different versions of the same service with different functionality after the change process has been approved.

Deployment

During the deployment phase, different versions of services are published in the repository and deployed in a service container with integrated business processes. You can also dynamically select deployed services at run time to build composite applications based on certain selection criteria from the service requester.

Management

During the management phase, these services are monitored for timely responsiveness to different service requests, detect unmet service levels, and restore the operational status of the system. During this phase, the service and overall operating environment are optimized to meet business objectives. Identity and compliance management of services through the design and implementation of appropriate service level security.

In this SOA development lifecycle, if there is a lack of clearly defined and implemented SOA governance processes, you are likely to encounter the following challenges:

It is difficult to identify new services and prioritize them.

Serious problems with service creation and reuse, such as creating redundant or inefficient services.

Using test strategies and standards is very casual.

Changes and versioning of services are very rough and undefined.

There is no systematic approach to implementing governance policies for service management, quality of service (quality of Service,qos), and service security.

These challenges lead to the need to define and execute the following processes as part of the SOA governance model:

Controls how to identify new services and determine their priority (service identification).

Controls how to create and reuse new services (service creation).

Perform test procedures and policies for the best service implementation (service testing).

Perform governance policies for service level management (management, SLM).

Control change management and version management for services (service versioning and change management).

Perform security standards and policies (service security) for the service runtime.