By Thomas J. Cozzolino, Director in LiquidHub’s Management Consulting Practice
As more Enterprises undertake initial deployment of Web Services and other SOA-related initiatives, many are finding that without even a lightweight governance orientation, they are lacking visibility into the current state of their SOA efforts. Furthermore, as more services are deployed, this can lead to considerable variations in service levels, duplication of development efforts, and increased development and maintenance costs (the very opposite of the benefits promised by the adoption of SOA). In order to reduce the risk of initial SOA failure, companies should move aggressively in the following Governance dimensions:
Technology: Deploy Tool-Based Repository and Registration
No matter what the near or long-term SOA technology strategies are, it is critical that an initial automated tool for Service Registration and discovery be implemented. Even if only a small number of Services are initially developed and deployed, such a tool will prove invaluable for the following reasons:
· Enforces Lifecycle discipline in registration, version control, and discovery – development teams immediately plan for basic Registry-based operations within their Lifecycle, with no need to retrofit “after SOA has matured”.
· Provides a view (Workgroup-wide or Enterprise-wide) for Management to see which services are truly in play – early stages of an SOA deployment will be highly visible to both Business and IT management. A Registry that can be tapped for usage data is a critical tool in showing early return on investment as well as Service reuse.
· Enables a baseline to gauge usage profiles and characteristic workloads – A looming challenge in the SOA lifecycle is the need for effective capacity planning and impact management. Early metrics regarding usage (and the associated linkages to traditional capacity planning and measurement tools) are critical to avoid unplanned resource shortages.
While many of the design-time / deploy-time, and change-time Repository / Registry tools of today still lack some essential features, all support simplistic functions for the required minimum baseline.
Process: Include Quality Assurance and Production Change Control as key Governance “Hammers”
Ultimately, a key part of the Governance function is to ensure that resources are spent shrewdly to provide the highest overall value. The role of Gatekeeper in this function is a critical one, especially as more and more services (and the applications that are constructed from them) assume a more critical role within the Enterprise. As the SOA Process Models for Design and Development mature, it is critical that Organizations not forget Quality Assurance and Change Control as “last miles” in the Software Development Lifecycle. These functions must be infused with SOA thinking so that, when Services are deployed, they perform according to acceptable service levels and with predictable consumption of machine resources. Furthermore, as newer versions of Services are deployed, Production Change control needs to be effectively employed to minimize disruption and ensure manageable back-out procedures as required.
Organization: Expand Existing IT Standards Bodies and Processes for Lightweight Governance
Many companies are concerned that SOA and “Governance” need be a set of heavyweight processes that will slow down their adoption of SOA. On the contrary, an effective lightweight Governance model and process will instead channel the efforts of the various development and business teams and focus them on the right set of tasks.
A key suggestion in this area is to leverage the most (historical) effective Business / IT partnership model. Most companies employ multiple forums to foster communication between Business and IT. Executive Leadership should review the current channels in place, and choose a particularly effective one to be expanded to include the SOA and associated Governance efforts. If required, this forum should charter a smaller working group to regularly report on status and updates. In this manner, a strong partnership becomes even stronger.
As the SOA strategy is implemented across the Enterprise, key accomplishments (backed up by true usage data) can be presented to the Governance body. This feedback loops enables continual fine tuning to the overall execution of the strategy, and ensures that neither IT nor the Business is getting too far off track.
The LiquidHub Takeaway:
Governance in the SOA world is a multi-dimensional challenge whose importance cannot be overemphasized. And if any of the elements is overlooked, the long-term risks can be considerable. As an overall timetable, the following steps should be considered:
· Immediate: Ensure that tooling is place to support the registration, lookup, and versioning of Services –this needs to happen before a critical mass of Services are developed and deployed.
· Near-Term: Build Governance of QA and Production Change Control into the SDLC, as Service development is ramping up – this will provide invaluable learning and experience to the Development, QA, and Production Services teams from initial deployment (and provide huge payoff as the SOA efforts mature)
· Near-Term+: Continue to forge relationships based on effective Business / IT teaming – this promotes SOA as another Enterprise-wide success, instead of a risky new venture.
As Organizations adopt SOA as a set of key Business and IT initiatives, a fully-realized Governance Model will be the single most important factor between success and failure.