Reaping long-term value from SOA requires a certain level of governance

Service-oriented architecture (SOA) promises so much: easier access to new applications, greater alignment of IT with business objectives, cost savings. But these benefits will be short-term, at best, unless a certain level of discipline is applied to both the development and maintenance of an SOA. Consider one of the most widely touted benefits of SOA: the ability to reuse services for multipl...

By Hope Neal, contributing editor June 1, 2007

Service-oriented architecture (SOA) promises so much: easier access to new applications, greater alignment of IT with business objectives, cost savings. But these benefits will be short-term, at best, unless a certain level of discipline is applied to both the development and maintenance of an SOA.

Consider one of the most widely touted benefits of SOA: the ability to reuse services for multiple business processes.

“A lot of people are buying into SOA because they like the concept of reuse,” says Jeff Kristick, senior director of product marketing for TIBCO , which offers software to support SOA and business process management projects. “But the reality is when companies start building services, they often build them in a manner that is so specific to their first project that no one could ever reuse them.”

Even if they developed services that could be reused, Kristick adds, many SOA early adopters failed to share information about those services with other developers within the enterprise, which means the duplication of effort continues.

Kristick and other experts say companies can avoid such problems—and ensure themselves of accruing long-lasting benefits from SOA—by practicing a newly emerging IT discipline called SOA governance. As the name implies, SOA governance involves establishing rules for how the various elements of an SOA will be built and managed throughout their life cycles.

As a company’s SOA expands over time, the task of governing it can become quite complex. There are, however, a number of vendors offering help in this area.

Dow Corning, a Midland, Mich.-based supplier of silicone-based products, governs its SOA through the Systinet 2 platform sold by Hewlett-Packard (HP). Kris Zywicki, enterprise architect, says Dow Corning created its SOA to support business processes that require collaborating with supply chain partners, and the Systinet platform “helped us to fully understand what is required to have a well governed SOA environment—what type of information needs to be visible, how services need to be controlled, and how they can be secured.”

The landscape of discovery

In short, Zywicki says, the Systinet platform gave Dow Corning a framework for creating sound SOA development practices, including those for publishing services, or making them “discoverable” to other services or applications. The result is an SOA in which all services are easily accessible—and usable—to anyone responsible for developing new applications or business processes both within Dow Corning and its extended supply chain.

HP assumed ownership of the Systinet platform when it acquired Mercury Interactive , which specializes in solutions for delivering and managing applications across corporate networks, in addition to its SOA governance solutions. When HP announced plans to purchase Mercury last July, analysts said the deal signaled that SOA governance was becoming a major part of the corporate IT management landscape.

Just two months later, webMethods , a supplier of enterprise application integration and business process management software, moved into the SOA governance space by acquiring a company called Infravio.

Miko Matsumura, a former Infravio executive who now serves as VP of SOA strategy at webMethods, says proper governance is important not only for reaping long-term benefits from an SOA, but to prevent poorly designed services—or incorrect use of well-designed services—from disrupting current business operations.

“What’s interesting about the reuse of services in an SOA—as opposed to traditional software programs—is that with services you are dealing with these living, potentially cranky and eccentric [pieces of software code] that may or may not even belong to you,” Matsumura says. “In an SOA, a service can just say, ‘Here’s what I have to offer; do whatever you want with it.’ That approach allows for combining services in ways that the original designer may not have intended.”

For this reason, says Matsumura, webMethods offers a cradle-to-grave approach with its SOA governance tools. The webMethods approach to SOA governance focuses on three stages of the services life cycle: design-time, run-time, and change-time.

Design-time governance involves applying specific rules for defining and creating services. “To establish a robust and successful SOA, it’s helpful to design services from the beginning with the idea that someone else might use them,” Matsumura says.

Run-time governance entails defining and enforcing policies for deploying services. Change-time governance is a method of ensuring that whenever a change is made to a service, it will not disrupt any existing processes or applications. Matsumura says change-time governance is the most essential component for long-term SOA success because it is recognition of the fact that almost all services will be modified many times.

Ensuring optimal performance

The webMethods SOA product offering includes a product called X-Registry, which Matsumura likens to a catalog or index in which all of a company’s services can be listed and described in detail. The registry is used extensively during the design stage of SOA governance.

The company also offers an SOA repository that can serve as a central vault for storing all data—including metadata—related to SOA governance policies. Another product, called X-Broker, is used in the run-time phase to ensure that services are always deployed properly.

As industry experts are quick to point out, however, the ability to design, deploy, and change services is not the only measure of a successful SOA. Companies need assurance that all services on their networks are always performing as intended.

To assist in this area, vendors have developed SOA performance management solutions, which function in similar fashion to traditional IT systems and application performance management solutions.

“Performance management is a critical part of ensuring an SOA implementation works properly,” says Jason Bloomberg, a senior analyst with ZapThink , a Baltimore-based IT advisory and analysis firm. “For services to be used effectively, they must meet certain performance levels,” Bloomberg says. “That requires a management infrastructure to determine if services are working properly at all times.”

Dan Foody, a VP with IT infrastructure vendor Progress Software , says the loosely coupled nature of services in an SOA implementation limits the ability of traditional application management tools to effectively monitor service performance.

Foody describes a hypothetical situation in which two users are accessing the same service and are promised an eight-second response time. Because traditional performance management products usually only measure the average response time of a service, “We don’t actually know if we’ve met the guarantee that we’ve given to the two different users. We know one of two things: either they’re both happy, or one’s happy and one’s unhappy,” says Foody.

Furthermore, different service consumers might have different requirements, so that a longer response time is more acceptable to one user, while the other user requires a shorter response time.

That’s why, says Foody, “When you think about measuring performance in an SOA, you actually have to think about it not from the perspective of the services, but from the perspective of the users of the services.”

Prevent disruptions

Even though managing SOA services might require unique tools, as Foody says, ZapThink’s Bloomberg points out that SOA performance management should not—and cannot—be performed in a silo.

“When you talk about SOA performance management, you can think of that as just managing the services, which are the interfaces to software applications that are used to perform business processes,” Bloomberg says. “But that’s sort of like managing the frosting and forgetting about the cake. You can’t really just think about managing the services as interfaces. Good SOA performance management has to become a part of the broader systems management value proposition.”

Bloomberg’s philosophy is echoed by CA , a well-known supplier of IT performance management solutions that recently unveiled Wily SOA Manager, a tool for monitoring services in SOA implementations. This product acts as an extension of Wily Introscope, CA’s Web application management product.

“Where we excel is being able to isolate a problem because we have such a broad view of the entire infrastructure,” says CA Product Manager Karen Jaworski. “We don’t just examine what your services are doing. We look at what your [traditional middleware and messaging solutions] are doing; what your database is doing. We can pull all this management information together in a single view.”

Jaworski argues that having a single view into the performance of the entire IT infrastructure, and not just the SOA, is key to helping organizations pinpoint any potential problems that could disrupt business operations.

“When you start thinking about a single pane of glass for managing the application infrastructure, it’s really much more useful to have an application management product that looks across the entire infrastructure, and not just the services themselves,” she says.

CA isn’t the only vendor to stress the importance of integrated management tools. For instance, HP positions its SOA solution set as encompassing SOA governance, performance management, and a third element it refers to as quality.

David Butler, HP’s chief SOA evangelist, says the quality element focuses on testing services before deployment. But, he adds, HP doesn’t just test the services themselves; it also tests how services work with the underlying applications that are involved in executing specific business processes.

“It’s very critical that if you’re going to put services into an application environment, they should be tested with those applications,” says Butler. “I call it testing the whole stack. Some vendors may be testing the SOA service only and not have the ability to test it against the whole application stack or the right use cases.”

Butler says HP is the only vendor offering a platform-independent solution that stretches across the SOA governance, performance management, and quality realms. This platform is a set of interconnected products sold under the banner of HP Business Technology Optimization (BTO) for SOA.

“We’ve integrated each one of those pieces so that we can pass information between governance to quality, between governance to performance management, etc.,” Butler says.

Clearly, tools like those offered by HP and other vendors moving into the SOA governance space can help IT organizations better manage their architectures. But ZapThink’s Bloomberg doesn’t advise buying any software to manage an SOA before determining what business processes the SOA will support, and the types of services that will be needed to execute those processes.

“You need to think about SOA governance from the very beginning,” Bloomberg says. “But you don’t have to go out and buy a bunch of software at the very beginning.”

Bloomberg says the best way to build an SOA is by defining the architecture and business processes, and using that information to develop services. “At some point you’ll need to consider purchasing software,” he says, “but you don’t want to start there. You don’t get an SOA by buying software.”