Bea Idc Orggov Wp
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Bea Idc Orggov Wp as PDF for free.
More details
- Words: 6,313
- Pages: 13
WHITE P APER BEA Systems: Expediting SOA Governance Initiatives Sponsored by: BEA Systems Sandra Rogers
Marianne Hedin
March 2007
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA
P.508.872.8200
F.508.935.4015
www.idc.com
SO A GOVERNANCE: CRE ATING A FOUNDATION FOR MAN AGEMENT AND CHANGE SOA Happens: Prepare to Enable Value and Minimize Risk Service Oriented Architecture (SOA) has generated a groundswell of activity across the IT market. Most organizations seek to adopt SOA for efficiency by leveraging reusable services for consistency and savings and to create systems that can rapidly be configured and modified to support dynamically changing business requirements — the operative word here being "change." Enterprises typically begin their SOA efforts at a tactical application or departmental level and then progressively expand to build more pervasive enterprise foundations. Each new effort is ideally designed to take advantage of previous ones, reaping value from earlier investments and avoiding the creation of yet another generation of solution silos. However, as the number of services and engaged systems increases, SOAs can quickly get out of hand. Along with core development efforts, one must consider the growing amount of services in packaged applications and other IT components, combined with the intensifying pressure to exchange services with partners and customers. Add to this the random activities of individuals across business and IT ranks, especially given readily available technologies that make it relatively easy to create and consume services including desktop solutions, and it is hard to deny the need to manage these interfaces in a more structured manner. Unless there is a coordinated effort to closely supervise these activities, risk and complexity can unfold, let alone the potential for creating redundancies and wasting valuable resources. Regulatory, competitive, and corporate pressures have notably increased levels of accountability for quality, security, and return on investment. IT and business leaders must understand where and how to best leverage SOA and manage its progress to guarantee successful transitions. Many executives having adopted SOA note that the largest challenges center on instilling change in the way their organizations approach and manage IT with a service-oriented perspective. Most IT organizations often first focus on building out reference architectures and implementing the technical infrastructure for SOA; however, as their initial deployments expand, especially across multiple functions and organizational boundaries, change management and governance issues escalate in priority. Thus it is critical for these leaders to design and implement strong SOA governance programs and teams and provide effective training and incentives to engender appropriate behavior.
SOA Organization and Governance Building Blocks SOA depends on shared methods and practices, thus it is necessary to create a framework that facilitates cooperation and trust, while at the same time enforce oversight and sharing of common semantics, standardized schemas, and protocols.
Enterprises that already possess a well-established IT governance program find that SOA requires additional considerations, including involvement by a broader (and at times unknown) set of participants; service and process interdependencies that are logically, not physically, bound; service interfaces, message formats, and additional artifacts to standardize and manage; and dynamic load management and support challenges. To address these in a realistic fashion requires a balance. Existing systems need to evolve, and allowances for flexibility and autonomy need to be accommodated. This goes well beyond providing guidance on how to build services to ensure they adhere to technical and business principles for consistency, interoperability, and compliance. Service priorities must balance between discrete objectives and the mesh of preexisting and changing operational and technical dependencies. The necessary mechanisms to uniformly classify services for tracking purposes and to help navigate service relationships within composite solutions should also be put in place. This balance ultimately must ensure that the architectural integrity of the environment is not compromised. In an SOA, access rights and security, quality assurance, versioning and maintenance, service monitoring and management, dependency tracking, and supporting service level agreements (SLAs) are pertinent to address at varied and more dynamic levels. Many of these concerns are driving companies to think not only about technology but also about the organizational structure and processes to support SOA for the long haul. Enterprises often develop a central architecture team or SOA center of excellence (COE) to help establish policies, mentor and assist distributed development teams, monitor and manage centralized registries, research business requirements, and prioritize services. In some cases, these COEs also create, own, and maintain foundational services and infrastructure for the enterprise. Even so, many enterprises still rely on a significant amount of manual intervention to capture or enforce protocols, leaving tremendous exposure to error and risk. More strategic moves are warranted, especially when addressing enterprise-scale initiatives and navigating political arenas. It is essential to clearly define roles and responsibilities. Many organizations are modifying their governance structures to address specific domains and processes that cut across departments and applications. As services can be uniquely designed to map to specific business functions, some enterprises opt to tie more direct responsibilities to business entities for decisions rights, policy management, and general ownership across the services life cycle. Some organizations also find they must change how they approach funding projects, especially given the increasing number of centralized and shared resources to develop and maintain. Key to the success of any governance initiative is addressing human factors and the culture and methods of how the organization operates. A strong program promotes communication by providing greater transparency and imparting policies to address service requirements and prioritization. It is human behavior to resist change, especially when information and process ownership are at stake. To create effective collaboration, many organizations build incentives alongside their governance efforts. Delivering metrics is also part of what is required by today's businesses. Therefore, assigning key performance indicators (KPIs) to specific services is a growing phenomenon. These and other mechanisms can be used to help measure and control decisions on service prioritization in an objective manner. From an operational point of view, monitoring and reporting for compliance and communicating status and usage patterns provides much needed visibility to stakeholders across the ecosystem. Most CIOs recognize the need to accommodate incremental SOA adoption yet lay out and follow a welldesigned road map from the onset. They also realize that steps to automate efforts tied to governance should also be taken in stages.
2
#205575
©2007 IDC
Primary Elements of SOA Governance Primary areas of governance to be addressed with SOA in mind include: ! SOA organizational governance structure. To establish roles and responsibilities, create SOA competency centers and service review boards, and design service ownership, accountability, funding, maintenance, and support models ! SOA governance procedures. To provide a framework of activities to follow, from service conception to review and approval checkpoints to conflict resolution (These processes should complement and coordinate with overall IT governance procedures.) ! Service portfolio management. To provide a service road map and framework for prioritization and alignment to business objectives and to document and track services tied to all ongoing project developments (It is essential to outline requirements for common services, track service dependencies, and organize service information and artifacts. Incorporating domain and business process views is also critical.) ! Reference service architecture and standards. To outline standards for service definition, message formats, naming conventions, security policies, and other protocols (This often includes guidelines on specific architectural and service design patterns and the use of technologies to uphold the reference architecture.) ! Service life-cycle management. To define processes and policies and ensure all service life-cycle steps are properly addressed, from requirements gathering through to service retirement (This can include guidelines and standards for creating and publishing services to versioning and change management procedures and controls.) ! Services policy and operational management. To define and enforce service policies, including identity and access management along with security and service management protocols; to help manage and monitor service behaviors to ensure adherence to contracts, such as SLAs or serviceprovider agreements; and to address overall enterprise efficiency and business goals
Tapping into Experience and Technology Frequently, enterprises look to experienced vendors to provide planning, design, assessment, implementation, and support services to assist them in developing an effective SOA governance program. The many service offerings include: defining processes to address specific business and technology requirements; developing road maps for guidance in implementing and evolving their initiatives; formulating communication and collaboration plans to involve and gain support from key business and IT stakeholders; designing and running education and training programs to address the need for continuous learning and development of new skills; assessing organizational structure to help identify and create new (or changing) roles and responsibilities; and developing and implementing tools and technologies to facilitate SOA governance processes. Looking ahead, service vendors are focusing on helping enterprises manage organizational change as part of this new governance and operational model with guidance as they evolve their SOAs and more effectively promote collaboration across multiple functions. There are many tools and automated techniques that can facilitate governance — in particular, the use of service-based registries and repositories, life-cycle automation, and policy and service management engines. These technologies can help organizations manage pertinent metadata used for the discovery,
©2007 IDC
#205575
3
consumption, and management of services, composite solutions and business processes, and varied policies, alongside other critical system artifacts. From an architectural perspective, the integration of these technologies with other IT infrastructure and applied across the overall services life-cycle workflow can create improved compliance and standardization and influence proper behavior and benefits of sharing and reuse. Runtime management and deployment engines that enforce services routing and access policies also often provide critical information for monitoring compliance and performance of services. Another growing consideration is support for federated capabilities to accommodate the needs of highly distributed organizations. The use of technologies that allow for tiered and role-based activities and administration can help drive participation in a shared SOA environment and allow key stakeholders the necessary levels of control for their unique needs, yet adhere to enterprisewide governance policies.
CASE STUDIES IN SO A GOVERNANCE The following case studies provide insights into the path these enterprises are undertaking as they develop and expand the scope of their SOA governance needs.
T-Mobile Germany Background T-Mobile International, a wholly owned subsidiary of the Deutsche Telekom Group, is one of the largest international providers of mobile communications to business and consumers. It services over 103 million customers across the United States and Europe and continues to expand into a number of Eastern European and emerging countries. A primary goal for T-Mobile is to become even more agile to address rapidly changing business demands. Applying an overall corporatewide and technology-independent approach has become imperative to ensuring consistency and efficiency while allowing for enough flexibility to address specific customer and market expectations. Another objective is that T-Mobile provides seamless processing for its expanding network of third-party content providers. T-Mobile has amassed a heterogeneous mix of technologies, including proprietary systems servicing unique requirements. In 1999, T-Mobile Germany, a subsidiary of T-Mobile International, began modularizing its business support systems for customer care, billing, and other critical processes. Most of these were homegrown solutions that mapped to a large consolidated database. In recent years, the organization has been re-architecting and consolidating its integration infrastructure, eliminating unnecessary gateways and components. There is now a companywide SOA initiative that has already produced visible savings and added flexibility to address business opportunities. Web services are being used to help integrate these backend systems and create a portfolio of services. Model-driven development approaches have also been introduced into the environment.
The SOA Governance Initiative T-Mobile IT is organized in a functional matrix, with country-level IT departments responsible for local delivery, projects, and budgets. IT staff are, however, assigned to an overarching structure organized along functional units, called "domains." These work within a governance body for international project delivery, harmonizing applications and ensuring standards are enforced. Major IT governance
4
#205575
©2007 IDC
objectives involve prioritizing and budgeting for the many activities the organization is to pursue. It is run akin to demand management to understand the goals, generate the necessary road maps, and synchronize activities. Florian Mösch, vice president in IT and head of Enterprise Integration & Architecture for T-Mobile, is responsible for all integration strategy, architecture, and delivery for Germany, the United Kingdom, the Netherlands, Austria, and the Czech Republic. According to Mösch, managing this across all five countries is a piece of art. The process of gathering requirements, involving all the right people, implementing a structure, examining dependencies, determining what to handle at a local versus corporate level, and addressing budget allocations — and a myriad of other interrelated tasks — can be complex, thus a good IT governance process is a necessity. The company's overall IT governance structure involves common and local portfolio management committees that make sure requirements are harmonized and implemented appropriately across the entire organization. The SOA governance program now ensures that enterprise architects, including representatives from each country, review all projects to make sure they are soundly designed, meet business objectives, and support the overall architecture. T-Mobile also employs a robust change management system that helps align roles and tasks to specific business processes and associated projects and services. The company's SOA governance program is strongly connected to its overall IT governance structure. Mösch states, "If you don't have IT governance, you can't have SOA governance." SOA, however, adds to and changes what is particularly addressed, impacting T-Mobile especially around the areas of service portfolio management and service life-cycle management. One of the firm's initial SOA governance tasks was to describe new roles and responsibilities and address organizational change dynamics.
Building on Best Practices In the fall of 2006, T-Mobile decided to seek assistance from an external provider that could help the company define the critical steps and necessary procedures to address in its SOA governance program — from an objective view and bringing varied experiences to the table. After speaking with many vendors, the group decided to engage BEA Systems because of its practical approach to SOA governance and the collaborative manner in which BEA would work with the T-Mobile team. For three months, BEA consultants worked with T-Mobile's enterprise integration team and country CIOs to review the current state of its SOA governance program and developed a proposal and road map on how to proceed. T-Mobile found BEA very helpful in structuring best practices by introducing ideas and constructive proposals that mapped to what would be best for T-Mobile. BEA and T-Mobile then developed an SOA governance and policy handbook to document the processes and standards to be addressed. This handbook provides references to other sources for detailed technical specifications. Specific operational management and security policies are addressed at a service contract level versus at an abstracted organizational level. BEA subsequently helped T-Mobile develop and run a series of workshops for country-level CIOs, architectural teams, and IS staff designed to elicit dialogue and tune the details of the SOA governance program. The BEA team referenced real-life examples, bringing very tangible elements to these discussions. The BEA team also worked with T-Mobile to develop an SOA dashboard to provide a central source of information and status for all SOA activities and measurements to assess the effectiveness of its SOA program. Once the SOA dashboard is implemented, metrics will include reuse ratios, staff skills, number of SOA solutions, and service mappings to key performance indicators. The dashboard and reports will allow the IT architecture group to relay important information to the leadership team on a regular basis.
©2007 IDC
#205575
5
Looking Ahead BEA continues to work with T-Mobile IT with its overall change plan to link what was outlined in the handbook to all the necessary elements and drive greater cross-enterprise service use and effectiveness. T-Mobile anticipates that this exercise will help the company reshape how it addresses enterprise integration. This effort should also help the IT group better understand and prepare for the impact SOA will have on its overall resources and outline change processes to be implemented to support the overall environment at the right levels of granularity. In the future, T-Mobile plans to incorporate business process management into the SOA infrastructure and architecture. This will introduce additional technical aspects to the SOA governance structure and will likely prompt many more business stakeholders to engage in the overall process. The company also continues to advance its services "registry," which will soon be available in all five countries to provide what Mösch refers to as "the single point of truth for services including their metadata." It will be used throughout the whole service and solutions life cycle.
Words of Wisdom What would T-Mobile have done differently? It would have started earlier. Mösch believes organizations should not try to solve every angle of the SOA environment and infrastructure before getting their feet wet with SOA projects. Yet he recommends at the onset to understand and plan for addressing all the awaiting complexities. Mösch mentions that obtaining assistance from a vendor such as BEA can help the entire effort go significantly faster versus attempting to research and learn everything on one's own. BEA's advice in creating a proposed structure has had a positive impact on T-Mobile's SOA efforts. One of the biggest challenges to an SOA governance program is getting it rolling and accepted as a common exercise. It takes time to get all parties to buy in and accept that there are certain dependencies and elements of the environment that will no longer be under their direct control. Here, it was not a matter of command but a matter of gaining trust. According to T-Mobile management, instilling an overall architectural and governance structure can at times be difficult, especially if participants view it as too bureaucratic. It is important to provide concrete examples so they can better understand what is entailed and understand the discrete and overall value they will be able to directly glean from the effort. Managing expectations of C-level executives and country-level CIOs was another challenge Mösch cites. He considers the easiest elements to address are the technology concerns, whereas the primary issues are those of people, especially among middle managers who are concerned about effectively running operations with no disruptions and pressured to ensure optimal time to market and financial results. Mösch advises both vendors and users not to promise too much too quickly or rely on generic ROI models. The ideal scenario is to develop a customized business case for SOA that is very specific to the organization. Understanding how to measure the business value based on aspects inherent to one's individual firm is important.
Washington Mutual Card Services Background Washington Mutual Inc. (WaMu) is one of the top retail banking and financial services firms in the United States. Its Card Services division, primarily formed from the acquisition of Providian Financial Corp. in October 2005, provides credit card products and related services to 11 million customers.
6
#205575
©2007 IDC
WaMu focuses on being highly efficient to keep costs low and pass those benefits on to its customers. It also emphasizes first-rate customer service and allows for the required flexibility to address local market demands. Important ingredients to its overall growth strategy are to apply consistent methods across the enterprise and promote cross-selling initiatives. The company also heavily invests in technology, with a large Web presence, effective telemarketing capabilities, strong partner alliance and co-branding activities, and sophisticated direct mail and rewards programs. In 2003, the Card Services division, then Providian, had a very labor-intensive IT environment centered around supporting legacy systems. The company realized it could not sustain this model given all of its expanding business requirements. Porting its highly specialized applications to a new platform would be too costly and a difficult endeavor that would not by itself provide the firm with the levels of reuse and flexibility it desired. The group also wanted to become much more product independent and leverage more of a business process computing approach. This would require building out a more standardized and layered system architecture. As such, the decision to move to an SOA model was borne, and with it the need to create an overall SOA governance structure. Not only did WaMu require that all the technical tenets and policies of this new environment be consistently upheld, but it also had to assure that corporate and divisional business goals were properly addressed on an ongoing basis. It also needed to generate proper behavior and cooperation from all business and IT constituents, which would involve internal staff and external resources.
The SOA Governance Initiative According to Mannie Heer, VP of Utilities and Services within the IT group at WaMu's Card Services division, the group undertook a rather large transformation effort within an extremely short period of time — defining a new architecture, selecting products, and delivering solutions against this new construct. The firm's overall organizational structure emphasizes a centralized management and operational model, and in Heer's opinion, this was a large factor in WaMu's ability to successfully implement SOA while many aspects of the environment were still being formulated. Most SOA-specific governance processes and policies were initially handled manually, which only such a contained environment could permit. WaMu expects to employ more automated means in the future to enforce explicit design and operational policies. The Card Services IT team had developed a technical infrastructure road map in early 2005 and by midyear selected many of BEA's software offerings to underpin much of its SOA infrastructure along with other technology. Over the following six to nine months, the team implemented this infrastructure and developed a set of core technical and business services. Seeking to gain from the experiences of others and leverage an outside vendor with strong SOA experience, the WaMu team engaged BEA to supply guidance and assist with defining an appropriate SOA governance model, reference framework, and services road map. For three months, a small, dedicated team of BEA consultants worked closely with the Card Services architecture team through a series of onsite work sessions. They outlined desired processes along with service design and operational policies to be enforced. An explicit road map was created, specifying governance requirements and procedures to follow as well advice on what to avoid. The inclusion of these insights has provided WaMu with guidance to follow as it evolves and enhances its overall SOA framework.
Building on Best Practices A primary objective for most SOA governance efforts is to institute a process to determine whether a particular project appears to be a good SOA technical fit and business investment. WaMu wanted to create a mechanism to enforce governance at the earliest stages of an individual project and make
©2007 IDC
#205575
7
available a baseline of core services to ensure that a proper footprint for its SOA (upholding its standards blueprint) be developed during the crucial first stages of its overall initiative. This objective was achieved by ensuring that all projects go through an architectural assessment at project initiation and an additional review during the development life cycle by an SOA governance body. WaMu has a clear corporate and IT governance methodology and standardized approach to evaluating and prioritizing technology projects. Its general IT governance model already handled basic review and escalation processes; however, the SOA governance initiative needed to incorporate specific characteristics and detailed elements to address a services-based environment including roles and processes along with key interoperability standards and common messaging schema. In WaMu's opinion, these standards are essential to setting contracts between service consumers and providers. Communication of standards along with instructions on building interfaces and a listing of available services were posted to a collaborative developer portal site. This is used as an important checkpoint as new services are formulated. In Heer's view, an SOA environment needs to address multiple iterations and versions of services. And what is designed must also take into consideration the growing volume, variety, and complexity of services and applications. A key early governance activity was to develop a service versioning strategy, which allowed for life-cycle management. The potential to create redundant or slightly modified services is another key concern. Therefore, a more structured approach to prioritizing and identifying services opportunities within concurrent development initiatives is being developed.
Looking Ahead The Card Services division built its own service registry and repository but is looking to implement a more robust industry solution. It also expects to install a more "industrial-strength" enterprise service bus and Web services management solution, coordinating with the overall corporate SOA road map. More formalized and automated testing, monitoring, and management to support SLAs will also be addressed. It is imperative that the Card Services division influence and align with the overall corporate SOA strategy. WaMu ideally seeks to employ a federated model, especially to support cross-division services. Already there are some business lines sharing services, therefore reinforcing development standards is critical but not the entire picture. Also, in Heer's opinion, adopting SOA will allow WaMu much more resource flexibility in that the older legacy application world necessitates employing individuals who have specialized skills, whereas with SOA there will be less need for such technical domain expertise by leveraging services versus always directly tying into the underlying infrastructure and data sources.
Words of Wisdom A big challenge for WaMu has been transforming a primarily legacy application–oriented IT force into a new services development business. Shifting the application development teams away from coding functionality directly into the application to creating and encapsulating logic in services is an evolving proposition. According to Heer, this required an assessment of staffing and skill sets along with revising many IT procedures, including what to review as each service, application, or system is delivered. He also emphatically advises companies to look for specialized resources with proven SOA expertise versus expect all that is to be learned and addressed to be effectively gleaned out of existing internal or external staff.
8
#205575
©2007 IDC
Speaking from experience, Heer recommends that organizations not attempt to build out an entire SOA framework and concurrently commit to too many services development projects within a compressed period of time. Not only are there many interdependencies and decision points to consider, but when a more robust infrastructure is employed early on, there is less groundwork to make up to ensure what has already been implemented is documented and in compliance with the established policies and procedures. Josie Roberts, who oversees SOA governance activities for the Card Services organization at WaMu, notes that ideally the group should have introduced a more robust service registry and repository much earlier. Creating the service life-cycle processes leveraging such tools can introduce much-needed discipline. It also helps provide a comprehensive service inventory, which at the very beginning stages of a development project can facilitate service discovery and prioritization. Heer also notes that upfront costs can be higher to develop services and adhere to standardized policies than implementing a discrete change to a preexisting application. He emphasizes the importance of taking a long-term view and the necessity of building the confidence of all key stakeholders regarding SOA's overall benefits. They require a good understanding of the overall business impacts and need to have proper expectations as to their individual levels of control and influence on outcomes. Another key to success has been senior management reinforcing the criticality of the SOA initiative by aligning divisional goals and metrics with delivery on specific SOA objectives and using these monitory incentives to foster employee participation. IDC believes that WaMu's preexisting IT governance and life-cycle models contributed to its SOA governance initiative getting up and running so smoothly in such a small time frame. Clarity on terms and related expectations (i.e., what is a policy, a standard, a guideline, a procedure) and a mechanism to communicate among stakeholders were already in place to build upon — and strong communications is indeed a critical key to success.
BE A SYSTEMS' APPRO ACH TO SO A ORG ANIZ ATIONAL CHANGE AND GOVERNANCE BEA Systems Inc. is a major $1.2 billion infrastructure software company, providing standards-based technology designed to help customers successfully deploy and manage applications and SOA environments. The company has a rich history of experience in the market, providing technology and services to large institutions across a variety of sectors. SOA is indeed the core strategic focus for the company's current and future product and go-to-market strategy. BEA Systems conveys a holistic SOA adoption strategy via its SOA Domain Model based on six major dimensions, one of those being Organization and Governance (O&G). BEA has also developed its own SOA Governance Framework to assist clients in developing and designing their own SOA governance decisions and accountability frameworks. This framework focuses on four major factors that affect SOA governance: structure, process, communication, and tools (see Figure 1).
©2007 IDC
#205575
9
FIGURE 1 BEA's SOA Governance Framework
Source: BEA, 2007
BEA works with clients to apply techniques that complement their existing environments to pragmatically and incrementally drive change. The company focuses on providing technologies and services that can work in harmony with other vendors' offerings, which is critical given today's complex IT environments and customer demands. BEA frequently teams up with other services vendors that fulfill much of the implementation phases of a governance project while BEA concentrates on laying the initial groundwork, such as: assessing needs and identifying a future vision and road map; reviewing and educating on best practices; determining staffing (e.g., roles and responsibilities) and organizational changes to address; and developing a training and communications plan addressing skill gap. From a technology perspective, BEA continues to adhere to and contribute to many key industry standards, promoting and helping define interoperability across many dimensions of the SOA-based computing landscape. To note, BEA has been an active member of the Open Group's SOA Working Group to help generate a reference framework for SOA, including a standard definition for SOA governance and a common language for communicating aspects of a governance program.
BEA Professional Services Offerings to Support SOA O&G SOA governance is a specialty area for BEA's Organization and Governance services team, which in turn provides a wide range of professional consulting and training services. BEA's main offerings here include: ! Education and training, including classroom-based and self-paced courses on SOA organization and governance, targeting IT executives and their direct reports
10
#205575
©2007 IDC
! Communication and collaboration plan to create buy-in and support from key stakeholders from both the business side and the IT side of the organization, with a focus on team building and team leadership (BEA also offers a two-day Executive Forum to help IT management identify SOA priorities, assign roles and responsibilities, and determine how to maximize business value from SOA initiatives.) ! Assessment of a client's maturity profile from an SOA perspective vis-à-vis BEA's SOA Maturity Matrix and industry best practices ! Review of the current state of a client's governance structure, practices, policies, and procedures and need for change of certain roles and responsibilities ! Road map to guide the organization toward its future vision as a services-enabled enterprise With these and other offerings, BEA is able to help clients move to the next levels of SOA adoption, focusing on steps to be taken that can be implemented in an accelerated fashion, from initial awareness and readiness assessment to the more pragmatic design and planning stages. In particular, BEA differentiates itself by offering a modular and low-cost delivery model of services to enable enterprises to undertake tailored projects that do not require large teams of consultants and significant upfront involvement before benefits can be realized.
BEA Software Offerings to Support SOA O&G BEA's primary product lines include application development and deployment technology, including an expansive set of middleware such as integration, application server, and portal software. BEA's growing AquaLogic family of service infrastructure is specifically designed to support the creation and ongoing management of SOA-based systems. Key technologies to note that particularly enhance an SOA governance program include: ! BEA AquaLogic Enterprise Repository. A metadata repository to capture and manage definitional and instructional information on services and associated artifacts (The repository is positioned as a key element of the SOA environment and a shared resource to other technologies. It can facilitate processes such as service, asset, architecture, and policy compliance; dependency tracking and impact analysis; and service life-cycle management.) ! BEA AquaLogic Service Registry. An UDDI-based services registry to associate primary protocols for discovery and instruction on engagement policies (It complements AquaLogic Enterprise Repository to provide service life-cycle governance support.) Other enablers that play a role in SOA governance, especially from the runtime and policy perspectives, include BEA AquaLogic Service Bus, BEA AquaLogic Enterprise Security, and BEA AquaLogic Data Services Platform. BEA WorkSpace 360 Vision
As part of BEA's SOA 360 initiative to unify the technology underpinning its entire product suite, BEA WorkSpace 360 is slated to provide a collaborative tooling environment for business and IT stakeholders that engage in the SOA environment and services life cycle. It is designed to support business analysts, architects, developers, and operations staff tailored for their individual roles while coordinating their specific tasks with shared metadata in a common repository and leveraging common infrastructure, workflow, and event triggering. Monitoring and reporting mechanisms will provide metrics on architectural and standards compliance; visibility for business and operations into performance, reliability, and quality of services and configurations; and status of procedures and services to help guide and assess the state of the environment and governance plan.
©2007 IDC
#205575
11
CHALLENGES AND OPPORTUNITIES Not only does the term SOA still have much ambiguity in the market at large, but so does the term "governance." Combine these two architectural and management paradigms and the difficulties in understanding magnify. An ongoing challenge for vendors is to help individuals grasp all the various technology and business issues involved in developing a service-oriented environment, especially when many of the benefits to investing in such an environment will need to evolve and bear fruit over a period of time. From both a technical and a governance design perspective, the overall functions of quality assurance and testing, change management, and SLA monitoring and management need to be further addressed by the market at large, including BEA. It is essential to also address many tasks from a holistic composite application view versus solely from a discrete service asset perspective. Users and vendors alike must pay closer attention to how dependencies are managed and cut across the varied levels and combinations of processes. BEA's SOA 360 initiative is certainly a step in the right direction from a technology perspective. Supporting these goals will be not only guidance and training on best practices but also automated integrated workflow capabilities along with increased levels of visibility and collaborative tooling BEA is developing. This will also need to integrate with other industry solutions. Vendors, such as BEA, should also work to create programs that offer guidance to help IT organizations transition from traditional roles and procedures to embrace the more orthogonal cross-cutting dimensions demanded by SOA environments. Clients may need assistance in managing organizational change, and it behooves BEA to further strengthen its capabilities to support these endeavors. The company maintains a positive reputation for delivering enterprise-caliber software and is a leader in the SOA infrastructure arena. Although BEA has recently made a concerted effort to reach beyond development and operations professionals to engage upper tiers of IT management and an expanding business audience, it must do so to an even greater extent. Establishing a deep level of rapport and recognition with these critical stakeholders in the SOA governance process will further BEA's efforts and its overall program value.
Keeping Complexity Under Control More than just an advancement in distributed, network-based architecture, SOA presents a whole new paradigm in the way enterprises approach technology. Greater levels of clarity, transparency, and coordination are required to assure the architectural integrity of such an open and collaborative systems environment. Enterprises that have taken steps to implement SOA and address governance concerns offer these additional words of wisdom: ! View SOA as part of an evolving enterprise architecture program, not a dedicated project; leverage the existing IT governance structure and amend as needed. ! Establish an SOA governance program early on and then continuously monitor and assess progress to make necessary modifications; do not assume adherence just because a guideline has been communicated. ! Establish an SOA COE with representation from multiple departments; these teams are usually staffed with enterprise architects who typically take on responsibility for determining crossenterprise priorities along with reference architecture and standards.
12
#205575
©2007 IDC
! Adapt one's governance structure and organization to accommodate business process or domain views; instill a consumer-centric and enterprise-scale mindset to focus services and support on the design of the business and not the preexisting IT landscape. ! Create stakeholder incentives to support a shared and trusted environment, promote achievement of specific business goals and technology milestones associated with the architecture road map, and reuse ambitions. ! Provide tools that facilitate visibility and communications to help garner acceptance and promote collaboration and ease the use and adoption of shared services; address both IT and business perspectives within documentation, IT and analyst portals and workbenches, registry and repository efforts, and analysis and reporting. ! Recognize that standards compliance for service interoperability and identity management are critical to realizing the ultimate vision of SOA. Typically, the further a deployment evolves and extends, the more adherence to industry standards is required. ! Acknowledge that commitment from all senior executives is a must for success.
Copyright Notice External Publication of IDC Information and Data — Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason. Copyright 2007 IDC. Reproduction without written permission is completely forbidden.
©2007 IDC
#205575
13
Marianne Hedin
March 2007
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA
P.508.872.8200
F.508.935.4015
www.idc.com
SO A GOVERNANCE: CRE ATING A FOUNDATION FOR MAN AGEMENT AND CHANGE SOA Happens: Prepare to Enable Value and Minimize Risk Service Oriented Architecture (SOA) has generated a groundswell of activity across the IT market. Most organizations seek to adopt SOA for efficiency by leveraging reusable services for consistency and savings and to create systems that can rapidly be configured and modified to support dynamically changing business requirements — the operative word here being "change." Enterprises typically begin their SOA efforts at a tactical application or departmental level and then progressively expand to build more pervasive enterprise foundations. Each new effort is ideally designed to take advantage of previous ones, reaping value from earlier investments and avoiding the creation of yet another generation of solution silos. However, as the number of services and engaged systems increases, SOAs can quickly get out of hand. Along with core development efforts, one must consider the growing amount of services in packaged applications and other IT components, combined with the intensifying pressure to exchange services with partners and customers. Add to this the random activities of individuals across business and IT ranks, especially given readily available technologies that make it relatively easy to create and consume services including desktop solutions, and it is hard to deny the need to manage these interfaces in a more structured manner. Unless there is a coordinated effort to closely supervise these activities, risk and complexity can unfold, let alone the potential for creating redundancies and wasting valuable resources. Regulatory, competitive, and corporate pressures have notably increased levels of accountability for quality, security, and return on investment. IT and business leaders must understand where and how to best leverage SOA and manage its progress to guarantee successful transitions. Many executives having adopted SOA note that the largest challenges center on instilling change in the way their organizations approach and manage IT with a service-oriented perspective. Most IT organizations often first focus on building out reference architectures and implementing the technical infrastructure for SOA; however, as their initial deployments expand, especially across multiple functions and organizational boundaries, change management and governance issues escalate in priority. Thus it is critical for these leaders to design and implement strong SOA governance programs and teams and provide effective training and incentives to engender appropriate behavior.
SOA Organization and Governance Building Blocks SOA depends on shared methods and practices, thus it is necessary to create a framework that facilitates cooperation and trust, while at the same time enforce oversight and sharing of common semantics, standardized schemas, and protocols.
Enterprises that already possess a well-established IT governance program find that SOA requires additional considerations, including involvement by a broader (and at times unknown) set of participants; service and process interdependencies that are logically, not physically, bound; service interfaces, message formats, and additional artifacts to standardize and manage; and dynamic load management and support challenges. To address these in a realistic fashion requires a balance. Existing systems need to evolve, and allowances for flexibility and autonomy need to be accommodated. This goes well beyond providing guidance on how to build services to ensure they adhere to technical and business principles for consistency, interoperability, and compliance. Service priorities must balance between discrete objectives and the mesh of preexisting and changing operational and technical dependencies. The necessary mechanisms to uniformly classify services for tracking purposes and to help navigate service relationships within composite solutions should also be put in place. This balance ultimately must ensure that the architectural integrity of the environment is not compromised. In an SOA, access rights and security, quality assurance, versioning and maintenance, service monitoring and management, dependency tracking, and supporting service level agreements (SLAs) are pertinent to address at varied and more dynamic levels. Many of these concerns are driving companies to think not only about technology but also about the organizational structure and processes to support SOA for the long haul. Enterprises often develop a central architecture team or SOA center of excellence (COE) to help establish policies, mentor and assist distributed development teams, monitor and manage centralized registries, research business requirements, and prioritize services. In some cases, these COEs also create, own, and maintain foundational services and infrastructure for the enterprise. Even so, many enterprises still rely on a significant amount of manual intervention to capture or enforce protocols, leaving tremendous exposure to error and risk. More strategic moves are warranted, especially when addressing enterprise-scale initiatives and navigating political arenas. It is essential to clearly define roles and responsibilities. Many organizations are modifying their governance structures to address specific domains and processes that cut across departments and applications. As services can be uniquely designed to map to specific business functions, some enterprises opt to tie more direct responsibilities to business entities for decisions rights, policy management, and general ownership across the services life cycle. Some organizations also find they must change how they approach funding projects, especially given the increasing number of centralized and shared resources to develop and maintain. Key to the success of any governance initiative is addressing human factors and the culture and methods of how the organization operates. A strong program promotes communication by providing greater transparency and imparting policies to address service requirements and prioritization. It is human behavior to resist change, especially when information and process ownership are at stake. To create effective collaboration, many organizations build incentives alongside their governance efforts. Delivering metrics is also part of what is required by today's businesses. Therefore, assigning key performance indicators (KPIs) to specific services is a growing phenomenon. These and other mechanisms can be used to help measure and control decisions on service prioritization in an objective manner. From an operational point of view, monitoring and reporting for compliance and communicating status and usage patterns provides much needed visibility to stakeholders across the ecosystem. Most CIOs recognize the need to accommodate incremental SOA adoption yet lay out and follow a welldesigned road map from the onset. They also realize that steps to automate efforts tied to governance should also be taken in stages.
2
#205575
©2007 IDC
Primary Elements of SOA Governance Primary areas of governance to be addressed with SOA in mind include: ! SOA organizational governance structure. To establish roles and responsibilities, create SOA competency centers and service review boards, and design service ownership, accountability, funding, maintenance, and support models ! SOA governance procedures. To provide a framework of activities to follow, from service conception to review and approval checkpoints to conflict resolution (These processes should complement and coordinate with overall IT governance procedures.) ! Service portfolio management. To provide a service road map and framework for prioritization and alignment to business objectives and to document and track services tied to all ongoing project developments (It is essential to outline requirements for common services, track service dependencies, and organize service information and artifacts. Incorporating domain and business process views is also critical.) ! Reference service architecture and standards. To outline standards for service definition, message formats, naming conventions, security policies, and other protocols (This often includes guidelines on specific architectural and service design patterns and the use of technologies to uphold the reference architecture.) ! Service life-cycle management. To define processes and policies and ensure all service life-cycle steps are properly addressed, from requirements gathering through to service retirement (This can include guidelines and standards for creating and publishing services to versioning and change management procedures and controls.) ! Services policy and operational management. To define and enforce service policies, including identity and access management along with security and service management protocols; to help manage and monitor service behaviors to ensure adherence to contracts, such as SLAs or serviceprovider agreements; and to address overall enterprise efficiency and business goals
Tapping into Experience and Technology Frequently, enterprises look to experienced vendors to provide planning, design, assessment, implementation, and support services to assist them in developing an effective SOA governance program. The many service offerings include: defining processes to address specific business and technology requirements; developing road maps for guidance in implementing and evolving their initiatives; formulating communication and collaboration plans to involve and gain support from key business and IT stakeholders; designing and running education and training programs to address the need for continuous learning and development of new skills; assessing organizational structure to help identify and create new (or changing) roles and responsibilities; and developing and implementing tools and technologies to facilitate SOA governance processes. Looking ahead, service vendors are focusing on helping enterprises manage organizational change as part of this new governance and operational model with guidance as they evolve their SOAs and more effectively promote collaboration across multiple functions. There are many tools and automated techniques that can facilitate governance — in particular, the use of service-based registries and repositories, life-cycle automation, and policy and service management engines. These technologies can help organizations manage pertinent metadata used for the discovery,
©2007 IDC
#205575
3
consumption, and management of services, composite solutions and business processes, and varied policies, alongside other critical system artifacts. From an architectural perspective, the integration of these technologies with other IT infrastructure and applied across the overall services life-cycle workflow can create improved compliance and standardization and influence proper behavior and benefits of sharing and reuse. Runtime management and deployment engines that enforce services routing and access policies also often provide critical information for monitoring compliance and performance of services. Another growing consideration is support for federated capabilities to accommodate the needs of highly distributed organizations. The use of technologies that allow for tiered and role-based activities and administration can help drive participation in a shared SOA environment and allow key stakeholders the necessary levels of control for their unique needs, yet adhere to enterprisewide governance policies.
CASE STUDIES IN SO A GOVERNANCE The following case studies provide insights into the path these enterprises are undertaking as they develop and expand the scope of their SOA governance needs.
T-Mobile Germany Background T-Mobile International, a wholly owned subsidiary of the Deutsche Telekom Group, is one of the largest international providers of mobile communications to business and consumers. It services over 103 million customers across the United States and Europe and continues to expand into a number of Eastern European and emerging countries. A primary goal for T-Mobile is to become even more agile to address rapidly changing business demands. Applying an overall corporatewide and technology-independent approach has become imperative to ensuring consistency and efficiency while allowing for enough flexibility to address specific customer and market expectations. Another objective is that T-Mobile provides seamless processing for its expanding network of third-party content providers. T-Mobile has amassed a heterogeneous mix of technologies, including proprietary systems servicing unique requirements. In 1999, T-Mobile Germany, a subsidiary of T-Mobile International, began modularizing its business support systems for customer care, billing, and other critical processes. Most of these were homegrown solutions that mapped to a large consolidated database. In recent years, the organization has been re-architecting and consolidating its integration infrastructure, eliminating unnecessary gateways and components. There is now a companywide SOA initiative that has already produced visible savings and added flexibility to address business opportunities. Web services are being used to help integrate these backend systems and create a portfolio of services. Model-driven development approaches have also been introduced into the environment.
The SOA Governance Initiative T-Mobile IT is organized in a functional matrix, with country-level IT departments responsible for local delivery, projects, and budgets. IT staff are, however, assigned to an overarching structure organized along functional units, called "domains." These work within a governance body for international project delivery, harmonizing applications and ensuring standards are enforced. Major IT governance
4
#205575
©2007 IDC
objectives involve prioritizing and budgeting for the many activities the organization is to pursue. It is run akin to demand management to understand the goals, generate the necessary road maps, and synchronize activities. Florian Mösch, vice president in IT and head of Enterprise Integration & Architecture for T-Mobile, is responsible for all integration strategy, architecture, and delivery for Germany, the United Kingdom, the Netherlands, Austria, and the Czech Republic. According to Mösch, managing this across all five countries is a piece of art. The process of gathering requirements, involving all the right people, implementing a structure, examining dependencies, determining what to handle at a local versus corporate level, and addressing budget allocations — and a myriad of other interrelated tasks — can be complex, thus a good IT governance process is a necessity. The company's overall IT governance structure involves common and local portfolio management committees that make sure requirements are harmonized and implemented appropriately across the entire organization. The SOA governance program now ensures that enterprise architects, including representatives from each country, review all projects to make sure they are soundly designed, meet business objectives, and support the overall architecture. T-Mobile also employs a robust change management system that helps align roles and tasks to specific business processes and associated projects and services. The company's SOA governance program is strongly connected to its overall IT governance structure. Mösch states, "If you don't have IT governance, you can't have SOA governance." SOA, however, adds to and changes what is particularly addressed, impacting T-Mobile especially around the areas of service portfolio management and service life-cycle management. One of the firm's initial SOA governance tasks was to describe new roles and responsibilities and address organizational change dynamics.
Building on Best Practices In the fall of 2006, T-Mobile decided to seek assistance from an external provider that could help the company define the critical steps and necessary procedures to address in its SOA governance program — from an objective view and bringing varied experiences to the table. After speaking with many vendors, the group decided to engage BEA Systems because of its practical approach to SOA governance and the collaborative manner in which BEA would work with the T-Mobile team. For three months, BEA consultants worked with T-Mobile's enterprise integration team and country CIOs to review the current state of its SOA governance program and developed a proposal and road map on how to proceed. T-Mobile found BEA very helpful in structuring best practices by introducing ideas and constructive proposals that mapped to what would be best for T-Mobile. BEA and T-Mobile then developed an SOA governance and policy handbook to document the processes and standards to be addressed. This handbook provides references to other sources for detailed technical specifications. Specific operational management and security policies are addressed at a service contract level versus at an abstracted organizational level. BEA subsequently helped T-Mobile develop and run a series of workshops for country-level CIOs, architectural teams, and IS staff designed to elicit dialogue and tune the details of the SOA governance program. The BEA team referenced real-life examples, bringing very tangible elements to these discussions. The BEA team also worked with T-Mobile to develop an SOA dashboard to provide a central source of information and status for all SOA activities and measurements to assess the effectiveness of its SOA program. Once the SOA dashboard is implemented, metrics will include reuse ratios, staff skills, number of SOA solutions, and service mappings to key performance indicators. The dashboard and reports will allow the IT architecture group to relay important information to the leadership team on a regular basis.
©2007 IDC
#205575
5
Looking Ahead BEA continues to work with T-Mobile IT with its overall change plan to link what was outlined in the handbook to all the necessary elements and drive greater cross-enterprise service use and effectiveness. T-Mobile anticipates that this exercise will help the company reshape how it addresses enterprise integration. This effort should also help the IT group better understand and prepare for the impact SOA will have on its overall resources and outline change processes to be implemented to support the overall environment at the right levels of granularity. In the future, T-Mobile plans to incorporate business process management into the SOA infrastructure and architecture. This will introduce additional technical aspects to the SOA governance structure and will likely prompt many more business stakeholders to engage in the overall process. The company also continues to advance its services "registry," which will soon be available in all five countries to provide what Mösch refers to as "the single point of truth for services including their metadata." It will be used throughout the whole service and solutions life cycle.
Words of Wisdom What would T-Mobile have done differently? It would have started earlier. Mösch believes organizations should not try to solve every angle of the SOA environment and infrastructure before getting their feet wet with SOA projects. Yet he recommends at the onset to understand and plan for addressing all the awaiting complexities. Mösch mentions that obtaining assistance from a vendor such as BEA can help the entire effort go significantly faster versus attempting to research and learn everything on one's own. BEA's advice in creating a proposed structure has had a positive impact on T-Mobile's SOA efforts. One of the biggest challenges to an SOA governance program is getting it rolling and accepted as a common exercise. It takes time to get all parties to buy in and accept that there are certain dependencies and elements of the environment that will no longer be under their direct control. Here, it was not a matter of command but a matter of gaining trust. According to T-Mobile management, instilling an overall architectural and governance structure can at times be difficult, especially if participants view it as too bureaucratic. It is important to provide concrete examples so they can better understand what is entailed and understand the discrete and overall value they will be able to directly glean from the effort. Managing expectations of C-level executives and country-level CIOs was another challenge Mösch cites. He considers the easiest elements to address are the technology concerns, whereas the primary issues are those of people, especially among middle managers who are concerned about effectively running operations with no disruptions and pressured to ensure optimal time to market and financial results. Mösch advises both vendors and users not to promise too much too quickly or rely on generic ROI models. The ideal scenario is to develop a customized business case for SOA that is very specific to the organization. Understanding how to measure the business value based on aspects inherent to one's individual firm is important.
Washington Mutual Card Services Background Washington Mutual Inc. (WaMu) is one of the top retail banking and financial services firms in the United States. Its Card Services division, primarily formed from the acquisition of Providian Financial Corp. in October 2005, provides credit card products and related services to 11 million customers.
6
#205575
©2007 IDC
WaMu focuses on being highly efficient to keep costs low and pass those benefits on to its customers. It also emphasizes first-rate customer service and allows for the required flexibility to address local market demands. Important ingredients to its overall growth strategy are to apply consistent methods across the enterprise and promote cross-selling initiatives. The company also heavily invests in technology, with a large Web presence, effective telemarketing capabilities, strong partner alliance and co-branding activities, and sophisticated direct mail and rewards programs. In 2003, the Card Services division, then Providian, had a very labor-intensive IT environment centered around supporting legacy systems. The company realized it could not sustain this model given all of its expanding business requirements. Porting its highly specialized applications to a new platform would be too costly and a difficult endeavor that would not by itself provide the firm with the levels of reuse and flexibility it desired. The group also wanted to become much more product independent and leverage more of a business process computing approach. This would require building out a more standardized and layered system architecture. As such, the decision to move to an SOA model was borne, and with it the need to create an overall SOA governance structure. Not only did WaMu require that all the technical tenets and policies of this new environment be consistently upheld, but it also had to assure that corporate and divisional business goals were properly addressed on an ongoing basis. It also needed to generate proper behavior and cooperation from all business and IT constituents, which would involve internal staff and external resources.
The SOA Governance Initiative According to Mannie Heer, VP of Utilities and Services within the IT group at WaMu's Card Services division, the group undertook a rather large transformation effort within an extremely short period of time — defining a new architecture, selecting products, and delivering solutions against this new construct. The firm's overall organizational structure emphasizes a centralized management and operational model, and in Heer's opinion, this was a large factor in WaMu's ability to successfully implement SOA while many aspects of the environment were still being formulated. Most SOA-specific governance processes and policies were initially handled manually, which only such a contained environment could permit. WaMu expects to employ more automated means in the future to enforce explicit design and operational policies. The Card Services IT team had developed a technical infrastructure road map in early 2005 and by midyear selected many of BEA's software offerings to underpin much of its SOA infrastructure along with other technology. Over the following six to nine months, the team implemented this infrastructure and developed a set of core technical and business services. Seeking to gain from the experiences of others and leverage an outside vendor with strong SOA experience, the WaMu team engaged BEA to supply guidance and assist with defining an appropriate SOA governance model, reference framework, and services road map. For three months, a small, dedicated team of BEA consultants worked closely with the Card Services architecture team through a series of onsite work sessions. They outlined desired processes along with service design and operational policies to be enforced. An explicit road map was created, specifying governance requirements and procedures to follow as well advice on what to avoid. The inclusion of these insights has provided WaMu with guidance to follow as it evolves and enhances its overall SOA framework.
Building on Best Practices A primary objective for most SOA governance efforts is to institute a process to determine whether a particular project appears to be a good SOA technical fit and business investment. WaMu wanted to create a mechanism to enforce governance at the earliest stages of an individual project and make
©2007 IDC
#205575
7
available a baseline of core services to ensure that a proper footprint for its SOA (upholding its standards blueprint) be developed during the crucial first stages of its overall initiative. This objective was achieved by ensuring that all projects go through an architectural assessment at project initiation and an additional review during the development life cycle by an SOA governance body. WaMu has a clear corporate and IT governance methodology and standardized approach to evaluating and prioritizing technology projects. Its general IT governance model already handled basic review and escalation processes; however, the SOA governance initiative needed to incorporate specific characteristics and detailed elements to address a services-based environment including roles and processes along with key interoperability standards and common messaging schema. In WaMu's opinion, these standards are essential to setting contracts between service consumers and providers. Communication of standards along with instructions on building interfaces and a listing of available services were posted to a collaborative developer portal site. This is used as an important checkpoint as new services are formulated. In Heer's view, an SOA environment needs to address multiple iterations and versions of services. And what is designed must also take into consideration the growing volume, variety, and complexity of services and applications. A key early governance activity was to develop a service versioning strategy, which allowed for life-cycle management. The potential to create redundant or slightly modified services is another key concern. Therefore, a more structured approach to prioritizing and identifying services opportunities within concurrent development initiatives is being developed.
Looking Ahead The Card Services division built its own service registry and repository but is looking to implement a more robust industry solution. It also expects to install a more "industrial-strength" enterprise service bus and Web services management solution, coordinating with the overall corporate SOA road map. More formalized and automated testing, monitoring, and management to support SLAs will also be addressed. It is imperative that the Card Services division influence and align with the overall corporate SOA strategy. WaMu ideally seeks to employ a federated model, especially to support cross-division services. Already there are some business lines sharing services, therefore reinforcing development standards is critical but not the entire picture. Also, in Heer's opinion, adopting SOA will allow WaMu much more resource flexibility in that the older legacy application world necessitates employing individuals who have specialized skills, whereas with SOA there will be less need for such technical domain expertise by leveraging services versus always directly tying into the underlying infrastructure and data sources.
Words of Wisdom A big challenge for WaMu has been transforming a primarily legacy application–oriented IT force into a new services development business. Shifting the application development teams away from coding functionality directly into the application to creating and encapsulating logic in services is an evolving proposition. According to Heer, this required an assessment of staffing and skill sets along with revising many IT procedures, including what to review as each service, application, or system is delivered. He also emphatically advises companies to look for specialized resources with proven SOA expertise versus expect all that is to be learned and addressed to be effectively gleaned out of existing internal or external staff.
8
#205575
©2007 IDC
Speaking from experience, Heer recommends that organizations not attempt to build out an entire SOA framework and concurrently commit to too many services development projects within a compressed period of time. Not only are there many interdependencies and decision points to consider, but when a more robust infrastructure is employed early on, there is less groundwork to make up to ensure what has already been implemented is documented and in compliance with the established policies and procedures. Josie Roberts, who oversees SOA governance activities for the Card Services organization at WaMu, notes that ideally the group should have introduced a more robust service registry and repository much earlier. Creating the service life-cycle processes leveraging such tools can introduce much-needed discipline. It also helps provide a comprehensive service inventory, which at the very beginning stages of a development project can facilitate service discovery and prioritization. Heer also notes that upfront costs can be higher to develop services and adhere to standardized policies than implementing a discrete change to a preexisting application. He emphasizes the importance of taking a long-term view and the necessity of building the confidence of all key stakeholders regarding SOA's overall benefits. They require a good understanding of the overall business impacts and need to have proper expectations as to their individual levels of control and influence on outcomes. Another key to success has been senior management reinforcing the criticality of the SOA initiative by aligning divisional goals and metrics with delivery on specific SOA objectives and using these monitory incentives to foster employee participation. IDC believes that WaMu's preexisting IT governance and life-cycle models contributed to its SOA governance initiative getting up and running so smoothly in such a small time frame. Clarity on terms and related expectations (i.e., what is a policy, a standard, a guideline, a procedure) and a mechanism to communicate among stakeholders were already in place to build upon — and strong communications is indeed a critical key to success.
BE A SYSTEMS' APPRO ACH TO SO A ORG ANIZ ATIONAL CHANGE AND GOVERNANCE BEA Systems Inc. is a major $1.2 billion infrastructure software company, providing standards-based technology designed to help customers successfully deploy and manage applications and SOA environments. The company has a rich history of experience in the market, providing technology and services to large institutions across a variety of sectors. SOA is indeed the core strategic focus for the company's current and future product and go-to-market strategy. BEA Systems conveys a holistic SOA adoption strategy via its SOA Domain Model based on six major dimensions, one of those being Organization and Governance (O&G). BEA has also developed its own SOA Governance Framework to assist clients in developing and designing their own SOA governance decisions and accountability frameworks. This framework focuses on four major factors that affect SOA governance: structure, process, communication, and tools (see Figure 1).
©2007 IDC
#205575
9
FIGURE 1 BEA's SOA Governance Framework
Source: BEA, 2007
BEA works with clients to apply techniques that complement their existing environments to pragmatically and incrementally drive change. The company focuses on providing technologies and services that can work in harmony with other vendors' offerings, which is critical given today's complex IT environments and customer demands. BEA frequently teams up with other services vendors that fulfill much of the implementation phases of a governance project while BEA concentrates on laying the initial groundwork, such as: assessing needs and identifying a future vision and road map; reviewing and educating on best practices; determining staffing (e.g., roles and responsibilities) and organizational changes to address; and developing a training and communications plan addressing skill gap. From a technology perspective, BEA continues to adhere to and contribute to many key industry standards, promoting and helping define interoperability across many dimensions of the SOA-based computing landscape. To note, BEA has been an active member of the Open Group's SOA Working Group to help generate a reference framework for SOA, including a standard definition for SOA governance and a common language for communicating aspects of a governance program.
BEA Professional Services Offerings to Support SOA O&G SOA governance is a specialty area for BEA's Organization and Governance services team, which in turn provides a wide range of professional consulting and training services. BEA's main offerings here include: ! Education and training, including classroom-based and self-paced courses on SOA organization and governance, targeting IT executives and their direct reports
10
#205575
©2007 IDC
! Communication and collaboration plan to create buy-in and support from key stakeholders from both the business side and the IT side of the organization, with a focus on team building and team leadership (BEA also offers a two-day Executive Forum to help IT management identify SOA priorities, assign roles and responsibilities, and determine how to maximize business value from SOA initiatives.) ! Assessment of a client's maturity profile from an SOA perspective vis-à-vis BEA's SOA Maturity Matrix and industry best practices ! Review of the current state of a client's governance structure, practices, policies, and procedures and need for change of certain roles and responsibilities ! Road map to guide the organization toward its future vision as a services-enabled enterprise With these and other offerings, BEA is able to help clients move to the next levels of SOA adoption, focusing on steps to be taken that can be implemented in an accelerated fashion, from initial awareness and readiness assessment to the more pragmatic design and planning stages. In particular, BEA differentiates itself by offering a modular and low-cost delivery model of services to enable enterprises to undertake tailored projects that do not require large teams of consultants and significant upfront involvement before benefits can be realized.
BEA Software Offerings to Support SOA O&G BEA's primary product lines include application development and deployment technology, including an expansive set of middleware such as integration, application server, and portal software. BEA's growing AquaLogic family of service infrastructure is specifically designed to support the creation and ongoing management of SOA-based systems. Key technologies to note that particularly enhance an SOA governance program include: ! BEA AquaLogic Enterprise Repository. A metadata repository to capture and manage definitional and instructional information on services and associated artifacts (The repository is positioned as a key element of the SOA environment and a shared resource to other technologies. It can facilitate processes such as service, asset, architecture, and policy compliance; dependency tracking and impact analysis; and service life-cycle management.) ! BEA AquaLogic Service Registry. An UDDI-based services registry to associate primary protocols for discovery and instruction on engagement policies (It complements AquaLogic Enterprise Repository to provide service life-cycle governance support.) Other enablers that play a role in SOA governance, especially from the runtime and policy perspectives, include BEA AquaLogic Service Bus, BEA AquaLogic Enterprise Security, and BEA AquaLogic Data Services Platform. BEA WorkSpace 360 Vision
As part of BEA's SOA 360 initiative to unify the technology underpinning its entire product suite, BEA WorkSpace 360 is slated to provide a collaborative tooling environment for business and IT stakeholders that engage in the SOA environment and services life cycle. It is designed to support business analysts, architects, developers, and operations staff tailored for their individual roles while coordinating their specific tasks with shared metadata in a common repository and leveraging common infrastructure, workflow, and event triggering. Monitoring and reporting mechanisms will provide metrics on architectural and standards compliance; visibility for business and operations into performance, reliability, and quality of services and configurations; and status of procedures and services to help guide and assess the state of the environment and governance plan.
©2007 IDC
#205575
11
CHALLENGES AND OPPORTUNITIES Not only does the term SOA still have much ambiguity in the market at large, but so does the term "governance." Combine these two architectural and management paradigms and the difficulties in understanding magnify. An ongoing challenge for vendors is to help individuals grasp all the various technology and business issues involved in developing a service-oriented environment, especially when many of the benefits to investing in such an environment will need to evolve and bear fruit over a period of time. From both a technical and a governance design perspective, the overall functions of quality assurance and testing, change management, and SLA monitoring and management need to be further addressed by the market at large, including BEA. It is essential to also address many tasks from a holistic composite application view versus solely from a discrete service asset perspective. Users and vendors alike must pay closer attention to how dependencies are managed and cut across the varied levels and combinations of processes. BEA's SOA 360 initiative is certainly a step in the right direction from a technology perspective. Supporting these goals will be not only guidance and training on best practices but also automated integrated workflow capabilities along with increased levels of visibility and collaborative tooling BEA is developing. This will also need to integrate with other industry solutions. Vendors, such as BEA, should also work to create programs that offer guidance to help IT organizations transition from traditional roles and procedures to embrace the more orthogonal cross-cutting dimensions demanded by SOA environments. Clients may need assistance in managing organizational change, and it behooves BEA to further strengthen its capabilities to support these endeavors. The company maintains a positive reputation for delivering enterprise-caliber software and is a leader in the SOA infrastructure arena. Although BEA has recently made a concerted effort to reach beyond development and operations professionals to engage upper tiers of IT management and an expanding business audience, it must do so to an even greater extent. Establishing a deep level of rapport and recognition with these critical stakeholders in the SOA governance process will further BEA's efforts and its overall program value.
Keeping Complexity Under Control More than just an advancement in distributed, network-based architecture, SOA presents a whole new paradigm in the way enterprises approach technology. Greater levels of clarity, transparency, and coordination are required to assure the architectural integrity of such an open and collaborative systems environment. Enterprises that have taken steps to implement SOA and address governance concerns offer these additional words of wisdom: ! View SOA as part of an evolving enterprise architecture program, not a dedicated project; leverage the existing IT governance structure and amend as needed. ! Establish an SOA governance program early on and then continuously monitor and assess progress to make necessary modifications; do not assume adherence just because a guideline has been communicated. ! Establish an SOA COE with representation from multiple departments; these teams are usually staffed with enterprise architects who typically take on responsibility for determining crossenterprise priorities along with reference architecture and standards.
12
#205575
©2007 IDC
! Adapt one's governance structure and organization to accommodate business process or domain views; instill a consumer-centric and enterprise-scale mindset to focus services and support on the design of the business and not the preexisting IT landscape. ! Create stakeholder incentives to support a shared and trusted environment, promote achievement of specific business goals and technology milestones associated with the architecture road map, and reuse ambitions. ! Provide tools that facilitate visibility and communications to help garner acceptance and promote collaboration and ease the use and adoption of shared services; address both IT and business perspectives within documentation, IT and analyst portals and workbenches, registry and repository efforts, and analysis and reporting. ! Recognize that standards compliance for service interoperability and identity management are critical to realizing the ultimate vision of SOA. Typically, the further a deployment evolves and extends, the more adherence to industry standards is required. ! Acknowledge that commitment from all senior executives is a must for success.
Copyright Notice External Publication of IDC Information and Data — Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason. Copyright 2007 IDC. Reproduction without written permission is completely forbidden.
©2007 IDC
#205575
13
Related Documents
Bea Idc Orggov Wp
November 2019 16
Bea Micro Service Architecture Wp
November 2019 13
Bea Soa Lifecycle Governance Wp
November 2019 17
Idc
July 2020 6
Bea Wl Server 81 Overview Wp
October 2019 12