SOA and Governance
August 13th, 2006 by Lou
In Enterprise 2.0 Think Tank Deepak states
One of the recurring topics that kept popping up is Governance. And this is really key, because it is a very important aspect that we need to address in Enterprise 2.0. A couple of months ago, I attended the Gartner conference on SOA/Web Services where one of the analysts said something like - If you are doing SOA, you better be addressing governance. No governance, no SOA, no nada. And that is right on.
I couldn’t agree more. SOA is impossible if the IT perspective of service is entirely from the viewpoint of the server. The ability for an organization to rally around the delivery of services rather than hosting applications depends upon the development of business models within organizations that can enable IT departments and business organizations to succeed.
The sense of this can be readily approached from at least these several practical angles:
- Service Management and Monitoring - If you can’t monitor it you can’t manage it; enabling operations to monitor and secure interactions between services is way beyond the technical and operational capabilities of most data centers without new business models. Organizations that have limited capabilities to monitor simple server hardware failures or less are particularly in need of assistance that must be negotiated, not just developed and deployed.
- Standards - The typical IT capabilities around standards and standards enforcement are likely to be outstripped by complex requirements for SOA. Many operations are sorely tested by enforcement of network security standards, network protocol standards, firewall and proxy standards, network appliance, web and application tier interaction standards (e.g. stickiness and statefulness), identity, authorization and authentication standards, web application deployment standards, web application configuration and filesystem security standards to name just a few. SOA will require enforceable standards in these areas as an underpinning to enforceable and monitorable semantic standards for SOA interactions themselves.
Which IT organizations have this level of understanding and control of the applications they support now? I’ll assert they are the ones that have working and healthy governance mechanisms in place. The benign chaos that is tolerable for independently hosted and isolated applications is likely unacceptable for anything but the most rudimentary SOA implementation.
it service management, it standards, soa
Couldn’t agree with you and co-worker Deepak more. I am nowhere near technically savvy as Dee, but as it has been explained to me it makes perfect sense. Hopefully that will be the same for others so as to mitigate debate and move faster towards robust Enterprise 2.0 apps.
Cheers