The Case for Coordinating SOA Design

Coordinating SOA design initiatives for governance is essential in building a service-oriented architecture (SOA). If design-time governance and runtime policy enforcement are not well aligned, SOA governance will fail.

One company learned this lesson when it tried to get on the SOA fast track and divided its SOA-governance design among three, parallel task forces to get to market. Its goal was to get an SOA up and running—and reap SOA benefits such as business agility, lower IT costs, and, ultimately, higher revenues—faster.

Worst Practice: Separating the SOA Design of Security, Management, and Governance

BlueSky Tech, Inc., a designer of wafer-handling systems for semiconductor OEMs, wanted an SOA to facilitate its ability to adapt and improve the computer systems and applications used to order and customize its systems to particular OEMs' specifications. The competition was gaining ground, so the company wanted to build an SOA as quickly as possible.

Based on initial research, senior IT management decided that one of the most critical components to success in moving to an SOA was having a governance plan. To expedite SOA planning, the IT director broke up the problem into its logical, constituent parts—and formed three task forces to solve the resulting smaller problems:

• SOA security: This SOA design group focused on who would have permission to access services, how the services could be used, and what kind of data integrity issues were associated with those services.
• SOA management: Another SOA task force was assigned the job of determining how to manage services in the runtime environment and provide service-level agreements (SLAs) to users.
• SOA governance: The third group focused on capturing the design-time element of the SOA, ensuring that deployed services would adhere to policies governing their use through continuous measurement, monitoring and providing of feedback.

However, splitting up SOA design proved counterproductive. Although it might seem logical to divide responsibilities—especially to save time—these areas can overlap and impact each other in unexpected ways, as BlueSky's experience showed. The governance policy task force had access to corporate policy information and requirements affecting SOA design that the other two task forces lacked. Specifically:

• The company's defense industry clients, because they interact with the Federal government, required more stringent security measures than other companies. By the time the security task force had this knowledge, they had essentially designed the security architecture—and additional work was required to accommodate these clients' needs.
• There were larger fines if the SLAs for certain categories of customer and partner orders were violated during the last week of each quarter. When this policy finally became apparent to the SOA management task force, they had to add standby services and intelligent routing policies in the runtime environment to avoid violating these SLAs—and to order more servers to handle this load.

If the efforts of all of the task forces had been more closely aligned, these setbacks might have been avoided. Built without full policy knowledge, the original SOA governance plan did not accommodate actual business needs. In the end, to create an SOA that accurately served the business, the company ended up spending more, not less, time.

Best Practice: A Top-down, Enterprise-wide SOA Design Approach

To align the efforts of various groups working on SOA-governance:

• Take a top-down approach. Realize that security, privacy and even key business requirements most likely will be connected––and could impact each other when enforced at runtime.
• Take a broad, enterprise view of critical topics such as SOA governance. The point is not to avoid multiple SOA task forces, but to make sure they meet regularly to exchange ideas and remain in synch. In this way, the ultimate governance solution deployed will be a functioning, unified whole.

Progress Actional SOA management products products enable companies to align SOA operations with business requirements and policies. They allow IT to create, test, and validate security strategy and governance rules and monitor their performance and adherence enterprise-wide during runtime. Actional also offers a wide variety of service delivery controls for situational routing and load-balancing as well as content-based routing, to address the requirements of individual companies or subsets of customers and meet SLA targets.

For More Information on SOA Design

To learn more about best practices for SOA design and implementation, download "SOA Worst Practices Volume II: A Look at Governance."