Service Oriented Architecture initiative success requires creating loosely coupled consumer-provider connections, enforcing a separation of concerns between consumer and provider, exposing a set of re-usable, shared services, and gaining service consumer adoption. Many teams find a SOA or REST focus may not improve IT agility, but result in simply swapping out IT toolsets, message formats, and protocols.
SOA Governance mitigates risk in failing to deliver the [A] in SOA.
Many development teams publish services, yet struggle to create a service architecture that is widely shared, re-used, and adopted across internal development teams. Instead of creating consistent service architecture and demonstrating service re-use, teams inadvertently produce Just a Bunch of Web Services (JBOWS) or Just a Bunch of REST Services (JBORS). A single application often consumes a service, and a spaghetti web of One-to-One connections exists between service provider endpoints and consumers.
SOA initiatives often deliver point-to-point integration instead of architecture unless existing governance programs are modified to mitigate risk factors and support SOA principles. Delaying service governance often results in creation of non-reusable services, proliferation of multiple business domain definitions, and increasing portfolio maintenance cost.
SOA governance, API governance, and application governance can stand in the gap and improve architectural coherence.
Defining SOA Governance
An effective SOA governance program controls the development and operation of service oriented systems, and is implemented using policies, processes, metrics, and organization:
- Policies specify the “right” way to do things. They codify laws, regulations, corporate guidelines, and best practices.
- Processes are activities that provide an opportunity to test a project or artifact for compliance with policies, and to make a go/no-go decision. Some processes are automatic and system driven; others require human effort.
- Metrics provide visibility into the governance program, and are required to measure compliance and verify policy enforcement.
- The organization should encourage a culture that supports and rewards good governance practices.
SOA Governance Scope
A SOA governance program should provide guidance for the entire service lifecycle, including creation, testing, provisioning, utilization, management, and versioning.
SOA Governance Infrastructure
SOA governance infrastructure components provide tools and services that support the governance program. They provide mechanisms to manage and maintain governance policies; they provide mechanisms to impose checkpoints during various phases of the software development lifecycle (SDLC) and verify that services, APIs and/or projects comply with these policies; they also provide mechanisms that support manual and automatic approval and exception processes; and they enable integration with traditional SDLC tools and information technology (IT) management and governance systems.
Some SOA governance infrastructure components address development-time governance, and other components address runtime governance. The service registry component bridges the development and runtime components.
The recommended resources material describe additional concrete action items.