Service-oriented architecture is the shape of distributed computing in the Internet Age. At the heart, SOA is a set of practical approaches for designing shareable, reusable services. It lets enterprise IT groups treat a decentralized, multiplatform environment as a unified computing fabric. But SOA also is a mess waiting to happen.
By encouraging widespread reuse of scattered software components, SOA threatens to transform the enterprise network into a complex, sprawling unmanageable mesh. Left ungoverned, SOA could allow anyone anywhere to deploy a new service at any time, and invoke and orchestrate that service - and thousands of others - into ever more convoluted messaging patterns. In such an environment, coordinated application planning and optimization become fiendishly difficult. In addition, rogue services could spring up everywhere, passing themselves off as legitimate nodes and wreaking havoc on the delicate trust that underlies production SOA.
SOA governance refers to the industry's efforts to establish practices and tools for managing this mesh and enforcing consistent security, performance and other policies across the service life cycle. SOA governance tools let organizations continuously model, map, monitor and take control of their distributed environments. Effective governance ensures that the enterprise SOA complies with all applicable regulatory, competitive, operational and other baseline requirements.
Vendors of SOA governance tools are forming industry associations to popularize approaches for design-time and run-time governance. Last month, many pure-play vendors of SOA governance tools formed SOA Link, an alliance under which they pledge to improve interoperability among their products. Founding partners include AmberPoint, Composite Software, Forum Systems, Infravio, Intalio, Iona, JBoss, Layer 7 Technologies, LogicBlaze, NetIQ, ParaSoft, Reactivity, SOA Software, SymphonySoft, webMethods and WS02.
Organizational process changes are critical to SOA governance, says Miko Matsumura, vice president of marketing and technology standards at Infravio, an SOA governance tool vendor. "SOA governance depends on IT governance processes, under which SOA projects are built to adhere to business policies," Matsumura says. In addition, he says, SOA project governance requires governing boards in which there is a "clear conversational basis between business and IT personnel, focusing on business considerations."
Enterprise IT groups, especially at large companies with distributed development teams, also should implement internal centers of excellence. These would spread SOA governance best practices and application design patterns among developers, Matsumura says.
From a technological standpoint, SOA governance demands a comprehensive management infrastructure that spans the service life cycle from planning through design, development, deployment, operation and optimization. SOA governance vendors will often characterize their tools as appropriate for design-time vs deploy-time vs run-time usage (or all three).
Across the complete SOA life cycle, governance tools assist enterprise IT in planning, developing, deploying, monitoring, optimizing and controlling their distributed, heterogeneous application environments. SOA governance infrastructure also helps organizations ensure the continued performance, reliability, availability and security of end-to-end business interactions within their SOAs.
The principal technological components of the SOA governance infrastructure are visual service modelling and administration tools; service registries and repositories; and service-level management infrastructures.