Click here to close now.

Welcome!

MICROSERVICES Authors: Jason Bloomberg, Elizabeth White, Liz McMillan, Michael Kanasoot, Carmen Gonzalez

Related Topics: Cloud Expo, MICROSERVICES, Websphere

Cloud Expo: Article

Cloud Governance: Something Old, Something New, Something Borrowed…

How do you apply SOA Governance best practices to Cloud Governance?

As we predicted earlier in the year, Cloud computing is starting to take hold, especially if you believe the marketing literature of vendors and consulting firms. Yet, we are seeing an increasing number of Cloud success stories, ranging from simplistic consumption of utility Services and offloading of compute resources to the sort of application and process clouds we discussed in a previous ZapFlash. Perhaps the reason why usage of the Cloud is still nascent in the enterprise is because of an increasing chorus of concerns being voiced about the usage of Cloud resources:

Cloud availability. Cloud security. Erosion of data integrity. Data replication and consistency issues. Potential loss of privacy. Lack of auditing and logging visibility. Potential for regulatory violations. Application sprawl & dependencies. Inappropriate usage of Services. Difficulty in managing intra-Cloud, inter-Cloud, and Cloud and non-Cloud interactions and resources. And that’s just the short list.

Do any of these issues sound familiar? To address these concerns, we have to return to a topic we’ve hashed over and again on the SOA side of things: governance. The above issues are primarily, if not exclusively, governance concerns. Thankfully, in many ways, we can apply what we’ve already learned, implemented, and invested in SOA Governance directly to issues of Cloud Governance. However, SOA and Cloud, while complementary, are not equivalent concepts. There are a wide range of patterns and usage considerations that are either new to the SOA Governance picture or ones that we were able to gloss over. To make Cloud computing a success, we need to make Cloud governance a success. So, what can we apply from our existing SOA governance knowledge, and what new things do companies need to consider?

Design-Time Cloud Governance
Designing Services to be deployed in the Cloud is much like designing Services for your own SOA infrastructure. In fact, that’s the point – most Cloud infrastructure providers, whether they are third-party Cloud providers like Amazon.com, or self-hosting Cloud infrastructure vendors, pitch the simplicity of Cloud Service development and deployment. However, within this simple mode lurks an insidious beast: if you thought it was hard to get your developers on the same page with regards to Service development when you owned your own SOA infrastructure and registry, try it when you have little visibility into the Service assets built by unknown developers. Like the early days of Web Services-centric SOA development, companies faced developers hacking out a wide array of incompatible “Just a Bunch of Web Services (JBOWS)” style Services thrown willy-nilly on the network, now to face the same issue in the Cloud. Of course, JBOWS doesn’t a SOA make, and neither does it a Cloud make.

Furthermore, with the simplicity of Cloud Service development, deployment, and consumption, developers can use Cloud capabilities undetected by IT management. It’s not unusual for a developer to dabble with an Amazon Machine Image (AMI) image for a project. Simply use a personal Amazon account and credit card and off you go! And to make matters worse, not everyone creating or consuming Cloud Services will even be from within the IT department. In a previous ZapFlash, I admonished IT to become more responsive to the business lest they become disintermediated. Don’t want your sales and marketing folks using Cloud services? Good luck trying to prevent that. I wish you even more luck trying to get visibility into what they are doing. Without adequate design-time Cloud governance, you’re up a croc-infested river without a paddle.

Making matters worse, SOA governance tools are often missing in the Cloud Computing environment. There’s no central point for a Cloud consumer / developer to view the Services and associated policies. Furthermore, design-time policies are easily enforceable when you have control over the development and QA process, but those are notoriously lacking in the Cloud environment. The result is that design-time policies are not consistently enforced on client side, if at all. Clearly, SOA governance vendors and best practices need to step up to the plate here and apply what we already know about SOA registries/repositories and governance processes to give the control that’s needed to avoid chaos and failure. This means that IT needs to provide the enterprise a unified, Service-centric view of IT environment across the corporate data center and the Cloud.

Run-Time Cloud Governance
Making matters worse are a collection of run-time and policy issues that are complicated by the fog of Cloud computing infrastructure. Data reside on systems you don’t control, which may be in other countries or legal jurisdictions. Furthermore, systems are unlikely to have the same security standards as you have internally. This means that your security policies need to be that much more granular. You can’t count on using perimeter-based approaches to secure your data or Service access. Every message needs to be scrutinized and you need to separate Service and data policy definition from enforcement. The Cloud doesn’t simplify security issues – it complicates and exacerbates them. However, there’s nothing new here. Solid SOA security approaches, such as those we espouse in our LZA Boot Camps have always pushed the “trust no one” approach, and the Cloud is simply another infrastructure for enforcing these already stringent security policies.

In addition, Cloud reliability is pretty much out of your hands. What happens if the Cloud Service is not available? What happens if the whole Cloud is unavailable? Now you don’t only need to think about Service failure, but whole Cloud failover. Will you have an internal SOA infrastructure ready to handle requests if the Cloud is unavailable? If you do, doesn’t that entirely kill the economic benefit of Cloud in the first place? An effective Cloud governance approach must provide the means to control, monitor, and adapt Services, both with on-premises and Cloud-based implementations, and needs to provide consistency across internal SOA & cloud SOA. You should not keep your business (or IT) Service consumers guessing as to whether a Service they are consuming is inside the network or in the Cloud. The whole point of loose coupling and the Cloud is location independence. To make this concept a reality, you need management and governance that spans SOA infrastructure boundaries.

Yet, there’s more to the runtime Cloud governance picture than management and policy enforcement. Data and compliance issues can be the most perplexing. Most third-party Cloud providers provide little, if any, means to do the sort of auditing and logging that’s demanded from most compliance and regulatory requirements, let alone your internal auditing needs. Companies need to intentionally compose all Cloud Services with internal auditing and logging Services deployed on the Cloud (or preferably) local network, negotiate better access to logging data from the Cloud provider, and implement policies for Cloud Service use to control leakage of private information to the Cloud. Furthermore, companies need to implement usage policies to control the excessive, and potentially expensive, use of Cloud Services in unauthorized ways.

One way to solve this problem is through the use of network intermediaries and gateways that keep a close eye on traffic between the corporate network and the Cloud. Intermediaries can scan cloud-bound data for leakage of private or company-sensitive data, filter traffic sent up to cloud platforms, apply access policies to Cloud Services, provide visibility into authorized and unauthorized usage of Cloud Services, and prevent unsanctioned use of Cloud Services by internal staff, among other benefits. Of course, these benefits do not extend to intra-Cloud Service consumption, but can provide a lowest common denominator of runtime governance required by the organization.

Change Management and Cloud Governance
Finally, the last major Cloud governance issue is one of change management. How do you prevent versioning of Cloud Services or even Cloud infrastructure from having significant repercussions? Proper Cloud governance techniques need to lift a page from the SOA governance book and deal with versioning at all levels: Service implementation, contract, process, infrastructure, policy, data, and schema. If you can deal with these inside the network and in the Cloud, you’re golden. If you have any gaps, you’re just itching for trouble.

But the biggest bugaboo here is testing. There simply aren’t many good approaches for testing a Cloud-implemented Service other than to do it in the live, Cloud “production” environment. Indeed, we usually get rotten tomatoes thrown at us when we teach in our LZA boot camps that it is increasingly ineffective to test SOA implementations in a QA environment as the SOA implementation becomes more mature, but now we just get blank stares when we ask if there’s such thing as a Cloud “QA” environment. Of course not. The same approach applies to SOA testing as Cloud testing: test your Services in a live environment by making sure that failures are self-contained and that automated fall-back mechanisms exist. If it can work in your own SOA environment, it can work in the Cloud… and vice-versa.

The ZapThink Take
SOA is an architectural approach and philosophy guiding the development and management of applications. Cloud is a deployment and operational model suited to host certain types of Services within an existing SOA initiative. The Cloud concept within the SOA context is one of Service infrastructure, implementation, composition, and consumption. The SOA concept within the Cloud context is one of application-level abstraction of Cloud resources. Therefore, think of Cloud Governance as evolved SOA governance.

Companies with a proper SOA governance hat on should have few problems as they move to increasingly utilize Cloud services, but those who have failed to take either an architectural perspective on Cloud or have glossed over SOA governance issues will be forced to quickly get a SOA perspective to get things right. In order for these both to work together, companies need to have a consistent SOA and Cloud Governance strategy. To address these issues, ZapThink recently launched our SOA and Cloud Governance training & certification workshops. By addressing each of the issues and potential solutions discussed above, we plan to dive deeper than anyone else has into this topic. We hope to see you there and continue the conversation and movement to SOA and Cloud success!

More Stories By Jason Bloomberg

Jason Bloomberg is the leading expert on architecting agility for the enterprise. As president of Intellyx, Mr. Bloomberg brings his years of thought leadership in the areas of Cloud Computing, Enterprise Architecture, and Service-Oriented Architecture to a global clientele of business executives, architects, software vendors, and Cloud service providers looking to achieve technology-enabled business agility across their organizations and for their customers. His latest book, The Agile Architecture Revolution (John Wiley & Sons, 2013), sets the stage for Mr. Bloomberg’s groundbreaking Agile Architecture vision.

Mr. Bloomberg is perhaps best known for his twelve years at ZapThink, where he created and delivered the Licensed ZapThink Architect (LZA) SOA course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovel Technologies in 2011. He now runs the successor to the LZA program, the Bloomberg Agile Architecture Course, around the world.

Mr. Bloomberg is a frequent conference speaker and prolific writer. He has published over 500 articles, spoken at over 300 conferences, Webinars, and other events, and has been quoted in the press over 1,400 times as the leading expert on agile approaches to architecture in the enterprise.

Mr. Bloomberg’s previous book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation. He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting).

@MicroservicesExpo Stories
Our guest on the podcast this week is Jason Bloomberg, President at Intellyx. When we build services we want them to be lightweight, stateless and scalable while doing one thing really well. In today’s cloud world, we’re revisiting what to takes to make a good service in the first place.microservices Listen in to learn why following “the book” doesn’t necessarily mean that you’re solving key business problems.
Hosted PaaS providers have given independent developers and startups huge advantages in efficiency and reduced time-to-market over their more process-bound counterparts in enterprises. Software frameworks are now available that allow enterprise IT departments to provide these same advantages for developers in their own organization. In his workshop session at DevOps Summit, Troy Topnik, ActiveState’s Technical Product Manager, will show how on-prem or cloud-hosted Private PaaS can enable organ...
SYS-CON Events announced today that Cisco, the worldwide leader in IT that transforms how people connect, communicate and collaborate, has been named “Gold Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Cisco makes amazing things happen by connecting the unconnected. Cisco has shaped the future of the Internet by becoming the worldwide leader in transforming how people connect, communicate and collaborat...
SYS-CON Events announced today that Akana, formerly SOA Software, has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Akana’s comprehensive suite of API Management, API Security, Integrated SOA Governance, and Cloud Integration solutions helps businesses accelerate digital transformation by securely extending their reach across multiple channels – mobile, cloud and Internet of Thi...
Cloud computing is changing the way we look at IT costs, according to industry experts on a recent Cloud Luminary Fireside Chat panel discussion. Enterprise IT, traditionally viewed as a cost center, now plays a central role in the delivery of software-driven goods and services. Therefore, companies need to understand their cloud utilization and resulting costs in order to ensure profitability on their business offerings. Led by Bernard Golden, this fireside chat offers valuable insights on ho...
Exelon Corporation employs technology and process improvements to optimize their IT operations, manage a merger and acquisition transition, and to bring outsourced IT operations back in-house. To learn more about how this leading energy provider in the US, with a family of companies having $23.5 billion in annual revenue, accomplishes these goals we're joined by Jason Thomas, Manager of Service, Asset and Release Management at Exelon. The discussion is moderated by me, Dana Gardner, Principal A...
SYS-CON Events announced today that Solgenia will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between Personal and Professional S...
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and eas...
Modern Systems announced completion of a successful project with its new Rapid Program Modernization (eavRPMa"c) software. The eavRPMa"c technology architecturally transforms legacy applications, enabling faster feature development and reducing time-to-market for critical software updates. Working with Modern Systems, the University of California at Santa Barbara (UCSB) leveraged eavRPMa"c to transform its Student Information System from Software AG's Natural syntax to a modern application lev...
SYS-CON Events announced today Sematext Group, Inc., a Brooklyn-based Performance Monitoring and Log Management solution provider, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Sematext is a globally distributed organization that builds innovative Cloud and On Premises solutions for performance monitoring, alerting and anomaly detection (SPM), log management and analytics (Logsene), search analytics (S...
In the midst of the widespread popularity and adoption of cloud computing, it seems like everything is being offered “as a Service” these days: Infrastructure? Check. Platform? You bet. Software? Absolutely. Toaster? It’s only a matter of time. With service providers positioning vastly differing offerings under a generic “cloud” umbrella, it’s all too easy to get confused about what’s actually being offered. In his session at 16th Cloud Expo, Kevin Hazard, Director of Digital Content for SoftL...
When it comes to microservices there are myths and uncertainty about the journey ahead. Deploying a “Hello World” app on Docker is a long way from making microservices work in real enterprises with large applications, complex environments and existing organizational structures. February 19, 2015 10:00am PT / 1:00pm ET → 45 Minutes Join our four experts: Special host Gene Kim, Gary Gruver, Randy Shoup and XebiaLabs’ Andrew Phillips as they explore the realities of microservices in today’s IT worl...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on T...
SYS-CON Media announced that IBM, which offers the world’s deepest portfolio of technologies and expertise that are transforming the future of work, has launched ad campaigns on SYS-CON’s numerous online magazines such as Cloud Computing Journal, Virtualization Journal, SOA World Magazine, and IoT Journal. IBM’s campaigns focus on vendors in the technology marketplace, the future of testing, Big Data and analytics, and mobile platforms.
For those of us that have been practicing SOA for over a decade, it's surprising that there's so much interest in microservices. In fairness microservices don't look like the vendor play that was early SOA in the early noughties. But experienced SOA practitioners everywhere will be wondering if microservices is actually a good thing. You see microservices is basically an SOA pattern that inherits all the well-known SOA principles and adds characteristics that address the use of SOA for distribut...
Microservice architectures are the new hotness, even though they aren't really all that different (in principle) from the paradigm described by SOA (which is dead, or not dead, depending on whom you ask). One of the things this decompositional approach to application architecture does is encourage developers and operations (some might even say DevOps) to re-evaluate scaling strategies. In particular, the notion is forwarded that an application should be built to scale and then infrastructure sho...
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Ras...
Microservices are the result of decomposing applications. That may sound a lot like SOA, but SOA was based on an object-oriented (noun) premise; that is, services were built around an object - like a customer - with all the necessary operations (functions) that go along with it. SOA was also founded on a variety of standards (most of them coming out of OASIS) like SOAP, WSDL, XML and UDDI. Microservices have no standards (at least none deriving from a standards body or organization) and can be b...
Our guest on the podcast this week is Jason Bloomberg, President at Intellyx. When we build services we want them to be lightweight, stateless and scalable while doing one thing really well. In today's cloud world, we're revisiting what to takes to make a good service in the first place. Listen in to learn why following "the book" doesn't necessarily mean that you're solving key business problems.
Right off the bat, Newman advises that we should "think of microservices as a specific approach for SOA in the same way that XP or Scrum are specific approaches for Agile Software development". These analogies are very interesting because my expectation was that microservices is a pattern. So I might infer that microservices is a set of process techniques as opposed to an architectural approach. Yet in the book, Newman clearly includes some elements of concept model and architecture as well as p...