SlideShare a Scribd company logo

Soa Runtime Governance Practices

M
Michiel.Kemperman

The document discusses SOA (Service-Oriented Architecture) runtime governance practices, emphasizing the importance of managing service quality and business transactions.

TechnologyBusiness
1 of 26
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
SOA Runtime Governance Practices Paul Butterworth Chief Technology Officer AmberPoint, Inc October 2008
Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes Based on experiences with ~200 users
Typical Service Network Topology Shared Services External Services firewall Order Entry Accounting Partner Internal Services Credit Services not applications Shared Dynamic Federated
Typical Service Network Infrastructure Java Service Mainframe Application Web Service DBMS Biz Application Biz Application Appliance In all but the newest of environments, “SOA” ≠ “Just Web Services & XML” Network Service Bus
Keys to Successful Governance and Management of SOA Applications Continuous SOA Discovery Service Management & Security
Keys to Successful Governance and Management of SOA Applications Business System Validation Closed Loop Governance Continuous SOA Discovery Service Management & Security Business Transaction Management  Business Architects & Development Operations
Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes Based on experiences with ~200 users
Discovery and Application Mapping Dynamic Discovery of your SOA environment… Application Flow & Transactions Dependencies Services Consumers Runtime Policies & Metadata … across Heterogeneous Infrastructure Containers ESBs & Process Engines Appliances Registries / Repositories No application, message or header modifications Closes the loop with design time governance A complete accounting of your SOA application environment Intended Design Running Reality Repositories Service Registries Home-grown Databases Messaging
Hybrid Discovery Model Approved Services Intended Usage Policies Runtime Repository Policies Data / Results service contract Services (discovered, changes) Scorecard Information Policies (new, changes) Discovers Publishes Publishes Changes to services, endpoints and policies Scorecard metrics – availability, performance, etc. Dependencies Detects discrepancy between intentions (design/dev) and reality (runtime) Reality Design vs. Service Management Xact Management System Validation Closed Loop Governance Ensures Closed Loop Governance Software Development Tools Development Tools Repositories/ Registries Home-grown Databases Enterprise Service Bus ? ? ?
Detailed Metadata of Your SOA Environment Operational Info: When service was discovered Availability Type of service Type of container Link to WSDL Business Info: Business owner Division Version Etc. Custom: Chargeback info Risk assessment Links to URL’s Etc. Operational Info Business Info
Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes
Service Quality Management Monitor Performance & Availability Trends, thresholds, varying intervals, etc. Isolate areas of interest Recent additions “ Rogue” services Problem areas Specific application groups Filters Detail Graphical View Table View Monitor Security Respond to anomalies
Service Level Management Service- and Business-level Visibility Enforce agreements based on business criteria Flexible calendars, multiple objectives Granular visibility – groups, users, services, operations Preventative and corrective actions Service View Alerts User Summary and Objectives Historical Reporting
Security First- and Last-Mile Enforcement Firewall Identity Management Systems First Mile Security Client-side agent Automatic enforcement of out-bound security Last Mile Security Plug-ins provide endpoint protection No ability to circumvent Extensive Integration Identity Management Systems Security Appliances App Server / ESB / OS Security <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> </PaymentInfo> Complete Policy Library Authentication Authorization Credential Mapping Censorship Crypto <Name> <Encrypted Type='http <CipherDa <Cipher </Ciphe
Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes
Business Transaction Management Managing Individual Services is Not Enough Real business value is associated with complete, end-to-end transactions Order management Claims processing Sales lead qualification On-line reservations Common Issues... No overall view into transaction status Minimal business visibility Slow end-to-end response times Transactions &quot;disappear&quot; Business Impact Internal fire drills and finger pointing Unhappy customers Lost revenue Process Engine Service Bus End-to-End Technical Challenges Transactions flow through both service and non-service based components Services Applications ESBs Process Engines Databases Variety of architectures Synchronous and asynchronous messaging Long running transactions – hours, days, ...
Business Transaction Management Monitoring Performance, Availability & Service Level Agreements Enforces agreements in real time Enables preventative and corrective actions Not just reporting violations after its too late Transaction Performance & Availability Service Level Violations Consumer SLA’s Historical Reporting Business Groups Platinum, Gold, etc. Accounting, Shipping, etc. Process Engine Service Bus End-to-End
Business Transaction Management Business Instrumentation Consumer SLA’s Business Groups Business Instrumentation Track business value flowing through the system Track revenue, total orders, etc. Can customize instrumentation and dashboards
Business Transaction Management Real-time Detection of Exceptions Handles Technical and Business Exceptions Stalled transactions, missing steps, error messages Incorrect data values, boundry conditions, etc. User-defined Exception Policies What to look for – leverage message content Action to take – notify, intervene, etc Rejected Order Alert
Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes
Runtime Policy Enforcement: Service Virtualization Abstracts service changes and versions behind a published ‘façade’ (a ‘virtual’ service) Enables endpoint routing, load-balancing, failover, transformations etc. Sees simpler interface Service changes don’t show through. Before After Virtual Svc (PEP) Load balance Route Transform Version Service B OrderLookup ChangeDate ChangeQty ScheduleShip ChangePrior LookupETA Service B OrderLookup ChangeDate ChangeQty ScheduleShip ChangePrior LookupETA Service A Service A
Automatic Policy Provisioning Policies with a “where clause” Automatically applies policies based on dynamic attributes and message content . All production services All services in Accounting application All services deployed in WebLogic containers User-defined attributes for services, containers & policies Assignments are reevaluated as attributes change s1 s5 s4 s2 s6 s3 where “ Accounting” Security Encryption all services One-at-a-Time Approach where deployed on .NET app servers Logging Profile Based Approach s1 p1 s2 s3 s100 p1 p1 p50 100 svcs x 50 policies 5,000 policy points Load-Bal Weighted Can manage system on “autopilot” where policies are automatically assigned as appropriate. Eliminates production mistakes by reducing manual steps.
Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes
Business System Validation Distributed Components and Reuse Puts Business Systems at Risk Impact of any changes ripple throughout the system Real impact of planned changes is hard to predict Impact of unplanned or unannounced changes can be devastating Yet, most SOA environments find it impossible to setup and replicate all dependent systems for testing elsewhere And, new use and reuse creates blind spots in preproduction procedures “ Approved” Design Development QA Development Staging Production Process Engine Service Bus Need to Validate Integrity of the Entire System Before Installing Changes
Validate Impact on Dependent Systems Development Staging Production Process Engine Service Bus The “Preflight Check” for SOA Systems Acceptance testing of pending changes to SOA environment New Versions of Services Policy Changes Bug Fixes Infrastructure Patches, etc. Uses knowledge of dependencies and observed interactions Simulates services that can’t be replicated in pre-production environments External services Fee-based services Gives Staging and Operations a final check before deploying changes  : Security Policies Functioning Unexpected Deviation for B2B Partner Usage  : WS-I Compliant  : Capacity Adequate Validation Checklist
Q&A Paul Butterworth [email_address] www.amberpoint.com 510.663.6300

More Related Content

Similar to Soa Runtime Governance Practices (20)

PPT
Policy Based Approach To Runtime Governace
Michiel.Kemperman
 
PDF
Paul Butterworth S O A Runtime Governance Practices
SOA Symposium
 
PPT
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
PPT
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
PPT
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
PPT
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
PPT
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
PPT
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
PDF
CMAD Group Workbook 6 SOA
Alexander Doré
 
PPT
Keys To Successful Governance with SOA
Nathaniel Palmer
 
PPT
Layer 7: Identity Enabled SOA Governance
CA API Management
 
PPTX
Unit 4-SOA governance
ssuser3a47cb
 
PDF
Service Oriented Architecture (SOA) [4/5] : SOA Governance
IMC Institute
 
PPT
Saul Cunningham - Oracle - Best Practices for Scaling your SOA Infrastructure...
Saul Cunningham
 
PPTX
No SOA ROI - SOA is Dead? Getting SOA Value
Akiva Marks
 
PDF
SOA governance
Software Park Thailand
 
PPT
Soa4 Smb Ci
✪Computants✪IBM_BP
 
PPT
SOA in banking issues and remedies
Debajani Mohanty
 
PPTX
05 Service Oriented Architecture Series - Preparing for SOA
Pouria Ghatrenabi
 
PPT
Soa Taking Theory Into Real World Application
David Linthicum
 
Policy Based Approach To Runtime Governace
Michiel.Kemperman
 
Paul Butterworth S O A Runtime Governance Practices
SOA Symposium
 
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
Soa Business And Technical Overview Presentation (Reed003707)
miteshisheth
 
CMAD Group Workbook 6 SOA
Alexander Doré
 
Keys To Successful Governance with SOA
Nathaniel Palmer
 
Layer 7: Identity Enabled SOA Governance
CA API Management
 
Unit 4-SOA governance
ssuser3a47cb
 
Service Oriented Architecture (SOA) [4/5] : SOA Governance
IMC Institute
 
Saul Cunningham - Oracle - Best Practices for Scaling your SOA Infrastructure...
Saul Cunningham
 
No SOA ROI - SOA is Dead? Getting SOA Value
Akiva Marks
 
SOA governance
Software Park Thailand
 
Soa4 Smb Ci
✪Computants✪IBM_BP
 
SOA in banking issues and remedies
Debajani Mohanty
 
05 Service Oriented Architecture Series - Preparing for SOA
Pouria Ghatrenabi
 
Soa Taking Theory Into Real World Application
David Linthicum
 

Recently uploaded (20)

PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
Python basic programing language for automation
DanialHabibi2
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PPT
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
Python basic programing language for automation
DanialHabibi2
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Ad

Soa Runtime Governance Practices

  • 1. SOA Runtime Governance Practices Paul Butterworth Chief Technology Officer AmberPoint, Inc October 2008
  • 2. Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes Based on experiences with ~200 users
  • 3. Typical Service Network Topology Shared Services External Services firewall Order Entry Accounting Partner Internal Services Credit Services not applications Shared Dynamic Federated
  • 4. Typical Service Network Infrastructure Java Service Mainframe Application Web Service DBMS Biz Application Biz Application Appliance In all but the newest of environments, “SOA” ≠ “Just Web Services & XML” Network Service Bus
  • 5. Keys to Successful Governance and Management of SOA Applications Continuous SOA Discovery Service Management & Security
  • 6. Keys to Successful Governance and Management of SOA Applications Business System Validation Closed Loop Governance Continuous SOA Discovery Service Management & Security Business Transaction Management  Business Architects & Development Operations
  • 7. Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes Based on experiences with ~200 users
  • 8. Discovery and Application Mapping Dynamic Discovery of your SOA environment… Application Flow & Transactions Dependencies Services Consumers Runtime Policies & Metadata … across Heterogeneous Infrastructure Containers ESBs & Process Engines Appliances Registries / Repositories No application, message or header modifications Closes the loop with design time governance A complete accounting of your SOA application environment Intended Design Running Reality Repositories Service Registries Home-grown Databases Messaging
  • 9. Hybrid Discovery Model Approved Services Intended Usage Policies Runtime Repository Policies Data / Results service contract Services (discovered, changes) Scorecard Information Policies (new, changes) Discovers Publishes Publishes Changes to services, endpoints and policies Scorecard metrics – availability, performance, etc. Dependencies Detects discrepancy between intentions (design/dev) and reality (runtime) Reality Design vs. Service Management Xact Management System Validation Closed Loop Governance Ensures Closed Loop Governance Software Development Tools Development Tools Repositories/ Registries Home-grown Databases Enterprise Service Bus ? ? ?
  • 10. Detailed Metadata of Your SOA Environment Operational Info: When service was discovered Availability Type of service Type of container Link to WSDL Business Info: Business owner Division Version Etc. Custom: Chargeback info Risk assessment Links to URL’s Etc. Operational Info Business Info
  • 11. Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes
  • 12. Service Quality Management Monitor Performance & Availability Trends, thresholds, varying intervals, etc. Isolate areas of interest Recent additions “ Rogue” services Problem areas Specific application groups Filters Detail Graphical View Table View Monitor Security Respond to anomalies
  • 13. Service Level Management Service- and Business-level Visibility Enforce agreements based on business criteria Flexible calendars, multiple objectives Granular visibility – groups, users, services, operations Preventative and corrective actions Service View Alerts User Summary and Objectives Historical Reporting
  • 14. Security First- and Last-Mile Enforcement Firewall Identity Management Systems First Mile Security Client-side agent Automatic enforcement of out-bound security Last Mile Security Plug-ins provide endpoint protection No ability to circumvent Extensive Integration Identity Management Systems Security Appliances App Server / ESB / OS Security <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> </PaymentInfo> Complete Policy Library Authentication Authorization Credential Mapping Censorship Crypto <Name> <Encrypted Type='http <CipherDa <Cipher </Ciphe
  • 15. Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes
  • 16. Business Transaction Management Managing Individual Services is Not Enough Real business value is associated with complete, end-to-end transactions Order management Claims processing Sales lead qualification On-line reservations Common Issues... No overall view into transaction status Minimal business visibility Slow end-to-end response times Transactions &quot;disappear&quot; Business Impact Internal fire drills and finger pointing Unhappy customers Lost revenue Process Engine Service Bus End-to-End Technical Challenges Transactions flow through both service and non-service based components Services Applications ESBs Process Engines Databases Variety of architectures Synchronous and asynchronous messaging Long running transactions – hours, days, ...
  • 17. Business Transaction Management Monitoring Performance, Availability & Service Level Agreements Enforces agreements in real time Enables preventative and corrective actions Not just reporting violations after its too late Transaction Performance & Availability Service Level Violations Consumer SLA’s Historical Reporting Business Groups Platinum, Gold, etc. Accounting, Shipping, etc. Process Engine Service Bus End-to-End
  • 18. Business Transaction Management Business Instrumentation Consumer SLA’s Business Groups Business Instrumentation Track business value flowing through the system Track revenue, total orders, etc. Can customize instrumentation and dashboards
  • 19. Business Transaction Management Real-time Detection of Exceptions Handles Technical and Business Exceptions Stalled transactions, missing steps, error messages Incorrect data values, boundry conditions, etc. User-defined Exception Policies What to look for – leverage message content Action to take – notify, intervene, etc Rejected Order Alert
  • 20. Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes
  • 21. Runtime Policy Enforcement: Service Virtualization Abstracts service changes and versions behind a published ‘façade’ (a ‘virtual’ service) Enables endpoint routing, load-balancing, failover, transformations etc. Sees simpler interface Service changes don’t show through. Before After Virtual Svc (PEP) Load balance Route Transform Version Service B OrderLookup ChangeDate ChangeQty ScheduleShip ChangePrior LookupETA Service B OrderLookup ChangeDate ChangeQty ScheduleShip ChangePrior LookupETA Service A Service A
  • 22. Automatic Policy Provisioning Policies with a “where clause” Automatically applies policies based on dynamic attributes and message content . All production services All services in Accounting application All services deployed in WebLogic containers User-defined attributes for services, containers & policies Assignments are reevaluated as attributes change s1 s5 s4 s2 s6 s3 where “ Accounting” Security Encryption all services One-at-a-Time Approach where deployed on .NET app servers Logging Profile Based Approach s1 p1 s2 s3 s100 p1 p1 p50 100 svcs x 50 policies 5,000 policy points Load-Bal Weighted Can manage system on “autopilot” where policies are automatically assigned as appropriate. Eliminates production mistakes by reducing manual steps.
  • 23. Agenda SOA Topologies SOA Runtime Governance Practices Discover Manage Service Quality Manage Business Transactions Prepare for greater scale Validate changes
  • 24. Business System Validation Distributed Components and Reuse Puts Business Systems at Risk Impact of any changes ripple throughout the system Real impact of planned changes is hard to predict Impact of unplanned or unannounced changes can be devastating Yet, most SOA environments find it impossible to setup and replicate all dependent systems for testing elsewhere And, new use and reuse creates blind spots in preproduction procedures “ Approved” Design Development QA Development Staging Production Process Engine Service Bus Need to Validate Integrity of the Entire System Before Installing Changes
  • 25. Validate Impact on Dependent Systems Development Staging Production Process Engine Service Bus The “Preflight Check” for SOA Systems Acceptance testing of pending changes to SOA environment New Versions of Services Policy Changes Bug Fixes Infrastructure Patches, etc. Uses knowledge of dependencies and observed interactions Simulates services that can’t be replicated in pre-production environments External services Fee-based services Gives Staging and Operations a final check before deploying changes  : Security Policies Functioning Unexpected Deviation for B2B Partner Usage  : WS-I Compliant  : Capacity Adequate Validation Checklist
  • 26. Q&A Paul Butterworth [email_address] www.amberpoint.com 510.663.6300