SOA Architecture, Governance, and Industry Standards in the Enterprise

Paul Lipton

Subscribe to Paul Lipton: eMailAlertsEmail Alerts
Get Paul Lipton: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Java EE Journal, SOA & WOA Magazine, ERP Journal on Ulitzer, VITO Report

Article

The Well-Spoken SOA - How Well Is Your SOA Running?

Understanding the elements of an SOA in the context of management, security, governance, and the power of words

SOA management and security systems can add value to governance systems by providing relevant historical information about service levels, security, quality of service, and fault detection to the governance system. Since governance systems are about development artifacts, this allows developers to understand the long-term performance and reliability of their artifacts. In short, they can more easily ask questions such as which of my services is actually managed, which has the slowest response time, which has had the most security violations, or which matches certain service-level requirements that I need.

From the architecture perspective, the SOA management and security solution provides a centralized repository and mechanism for defining management and security policy for the entire SOA, across all service platforms. Governance platforms may potentially refer to and track changes to these management and security policies, which would be particularly useful to enterprise architects and designers already using these governance tools on a daily basis. However these policies still need to be stored and optimized for the use of the SOA management and security systems that are managing the environment in real time. Therefore, these policies will be most often stored within the management system's own repository. Similarly, because the SOA does not exist in isolation from other enterprise entities, these policies should be considered specialized cases of more general enterprise policies that already secure and manage the entire enterprise through existing enterprise systems.

Governance solutions, particularly UDDI-based repositories, can help management and security systems discover new or changed services, but there is nothing actually forcing service providers to publish WSDL descriptions of their services in a registry, so management and security systems must also be able to discover services based on message traffic, as well. Over time, management and security solutions will increasingly leverage information about development artifact changes provided by governance products in order to more effectively monitor the impact of these life-cycle events on the performance and reliability of the SOA at runtime.

Conclusion
Henry David Thoreau once said that "If you have built castles in the air, your work needs not be lost; that is where they should be. Now put the foundations under them." Similarly, many IT people have been focused on building their castles in the air by creating the beginnings of an SOA through the creation of carefully designed, loosely coupled services, often deployed on multiple service platforms. Many are starting to consider the role of dynamic service discovery through a registry, as well. This is all fine. But, as Thoreau said, now is the time to make sure you don't lose those castles. Be sure to build the needed foundations with effective SOA management and security. Even better, if you really don't want those castles to fall, make your foundations deep and strong by carefully considering the relationship and level of integration between your SOA management and security solution and the rest of your enterprise management and security systems. When you have a plan for complete, end-to-end management, and security covering every important aspect of your business processes and every supporting IT system, then your service-oriented castles are truly reliable, safe, and ready to add value to your business.

More Stories By Paul Lipton

Paul Lipton is VP of Industry Standards and Open Source at CA Technologies. He coordinates CA Technologies’ strategy and participation in those areas while also functioning as part of CA Labs. He is co-chair of the OASIS TOSCA Technical Committee, and also serves on the Board of Directors of the open source Eclipse Foundation, as well as both the Object Management Group and the Distributed Management Task Force in addition to other significant technical and leadership roles in many leading industry organizations such as the OASIS, W3C and INCITS.

Lipton is also an approved US delegate to the international standards organization ISO, as a member of the subcommittee focused on international cloud standards. He is a founding member of the CA Council for Technical Excellence where he leads a team focused on emerging technologies, a Java Champion, and Microsoft MVP.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
Paul Lipton 04/18/06 02:32:28 PM EDT

No, UDDI is not fated for the dustbin of history, but neither is it the only way to share or distribute policy information. The notion that UDDI must the the center of the universe and holder of all policy is equally absurd. It simply won't happen for practical and historical reasons. Policy will be distributed all over the place; in legacy, identity management, and operations management policy repositories, to name a few. Each of these repositories is optimized to support certain types of policy best at runtime (where it counts). We had best learn to live with that and plan for it.

SOA Web Services Journal 09/01/05 10:23:38 AM EDT

The Well-Spoken SOA Web Services - How Well Is Your SOA Running? The American comedian and actor Steven Wright once said, 'It doesn't make a difference what temperature a room is, it's always room temperature.' Words are wonderful that way. They can give you a little blast of pleasure when used cleverly, but like everything else they are subject to fashion. For example, I was speaking at a technical conference recently when I overheard a person whom I know, who is well-respected in this field, say something along these lines: 'You have to know how well your SOA is running. Knowing the overall health and responsiveness of your SOA is very important. You've got to get a handle on your governance.' The goal was laudable, but the wording was off target.