Microservices Expo Authors: Liz McMillan, Pat Romanski, Carmen Gonzalez, Elizabeth White, Jason Bloomberg

Related Topics: Microservices Expo, Industrial IoT

Microservices Expo: Article

Building Blocks of SOA Governance

Establishing demand and supply centers is a reliable approach for SOA governance

SOA initiatives have gathered momentum in the past year with more enterprises either implementing SOA or considering implementing in the near future. The implementations we studied reveal that one of the critical challenges in SOA is designing an effective governance mechanism. A good understanding of governance concepts is essential to implementing and operating a successful SOA. Reliable governance for SOA leads to a manifold increase in an enterprise's ability to achieve the goal of business agility through SOA.

Defining IT Governance
The IT Governance Institute defines IT governance as "a structure of relationships and processes to control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes." Another definition by Peter Weill describes IT governance as "specifying the framework for decision rights and accountabilities to encourage desirable behavior in the use of IT." The objective of IT governance is to assist enterprises in leveraging IT to achieve business goals, while governance is essentially the structure, the roles, and the responsibilities that help deliver IT services effectively and efficiently. Successful governance mechanisms that help enterprises meet their business goals typically consist of simple and transparent mechanisms. Half of the managers in the top 50 percent of governance performers could explain governance, while fewer than 30 percent of managers could do so among weaker performers (see second reference in the References section)!

Governance Guidelines for SOA
The IT organizations today are dominated by a central IT function. The IT function has a near-unilateral responsibility for governance. However many business units have established in-house IT functions that work in tandem with the central IT function to cater to specialized needs. This bifurcation of roles and responsibilities between in-house and central IT functions is easy since most applications are "owned" by a business unit that controls budget for design, development, and support for specific applications. This is the first point of departure in the service-oriented architecture (SOA) context where multiple business units "own" and "use" the same set of services. This implies that the aggregation of requirements for services now comes from multiple business units while the budgets for design, development, and support for specific applications have to be apportioned among multiple business units. In such a case the delivery of services will necessarily have to come in from a central IT function rather than from in-house IT functions in business units, and the central IT function will enter into service-level agreements (SLA) with multiple business functions for provisioning the same services.

The following are typical scenarios that we have come across in large enterprises that are adopting SOA:

  • A large bank where the IT function developed a proof of concept of SOA architecture and was contemplating next steps. The challenges for the bank were: How to obtain a buy-in from business functions on moving to the SOA architecture? What will be an ideal governance mechanism in the steady state with SOA?
  • A health insurer was in a legacy modernization program across the enterprise with SOA and introduced a new organization between IT function and business functions to own the services.
  • In another large bank's migration to SOA, a business division with senior executive commitment pilots the migration helped get budget commitment for the enterprise SOA initiative.

We believe that governing SOA is more centralized than traditional shared services for IT applications, and this requires tweaking existing governance models to provide guidelines to address the challenges posed in the SOA context. The following are typical challenges in designing practical SOA and their solutions.

Challenge of single ownership
Proxy for single ownership that is managed by a new organization layer between central IT and business functions. Establish SOA governance committee with representatives from business units and central IT function.

Challenge of managing multiple owners
Map services to business processes/projects/cost and profit centers to apportion investment and operating costs. Usage-based funding appears elegant but may be arduous to implement enterprise-wide and works best in a high-trust environment. An SOA governance committee/SOA management organization decides on investment and running costs based on previously agreed upon cost-apportionment rules. Prioritization of enhancements and new development is determined yearly/semiannually by the SOA governance committee/SOA management organization.

Challenge of aligning SOA with enterprise IT architecture
SOA needs to be consistent and aligned with enterprise-wide IT architecture policies with a representation from the enterprise architecture group part of the SOA management organization/SOA governance committee. The same team should set IT policies, deliver and maintain SOA infra/development/maintenance, manage vendors, and ensure quality of service (QoS). A significant part of this alignment would be deployment of appropriate IT infrastructures like policy registries, policy repositories, and policy management infrastructures to enable this alignment.

Challenge for small enterprises that cannot afford costly governance mechanisms
Heads of the business units decide on governance mechanism for ownership and funding at periodic meetings, while day-to-day operations reside with IT managers in the function/unit.

These guidelines determine the SOA governance model an enterprise desires to establish based on a bifurcation of demand (to mitigate ownership challenges) and supply (for provisioning enterprise-wide, shareable, standardized services). The governance guidelines are based on the INDIGO (Infosys Design for IT Organization Governance) research program.

Demand and Supply Centers Are the Cornerstones of the Governance Model
One of the key guidelines in INDIGO revolves around bifurcation of responsibilities in services provisioning between demand and supply centers. The rationale for bifurcating the IT function into demand and supply centers is based on the premise that it enhances accountability to the business unit, leverages scale and scope economies for delivering services, and prescribes clear roles and responsibilities, which are illustrated in Figure 1.

The role of the demand center is to advise business units on business-IT alignment in the context of SOA. The analysts in the demand center understand the language of business and bring SOA closer to the business users; additionally, they usually come from the business units (seen as "one of us" by the business users) and have a good appreciation for IT. The demand center focuses on a business case-driven approach to how SOA can increase the effectiveness and efficiency of business processes. Once the demand center has identified the services required by the business users, it passes on the requirements to the supply center that delivers the services.

The aim of the supply center is to deliver best-in-class services that are cost competitive, of high quality, and on time. The supply center has a world-class SOA infrastructure to provide these services to the business users. The SOA infrastructure can be either in-house or, as increasingly is the case, outsourced to best-of-breed IT services vendors. The supply center does not need to be collocated with the demand center, but it can be based in geographies that have the best competitively priced delivery capabilities. The supply center is accountable to business users and this is governed by SLAs.

The supply center is typically the existing central IT function and is headed by the CIO of the enterprise. The supply center is responsible for delivering new SOA-based services, supporting existing systems, and running the SOA infrastructure. The supply center usually needs three divisions that:

  • Establish enterprise-wide SOA infrastructure standards and provide associated infrastructure services
  • Manage design and delivery teams for providing SOA-based services for business units in collaboration with the respective demand centers
  • Perform vendor management, SLA management, quality management, and internal control activities that ensure smooth delivery of services

More Stories By Dr. Srinivas Padmanabhuni

Dr. Srinivas Padmanabhuni is a principal researcher with the Web Services Centre of Excellence in SETLabs, Infosys Technologies, and specializes in Web Services, service-oriented architecture, and grid technologies alongside pursuing interests in Semantic Web, intelligent agents, and enterprise architecture. He has authored several papers in international conferences. Dr. Padmanabhuni holds a PhD degree in computing science from University of Alberta, Edmonton, Canada.

More Stories By Sriram Anand

Dr. Sriram Anand is a principal researcher at Infosys Technologies, Bangalore. Prior to joining Infosys he worked in IT consulting as well as product engineering in the US for over 12 years. His interests include enterprise architecture, service-oriented architecture, and legacy integration and software engineering methodologies. Dr. Anand is experienced in designing enterprise architectural strategy for leading U.S. companies in the financial services, retail, and pharmaceutical domains. He holds a Bachelor?s degree from IIT-Madras with a PhD from SUNY-Buffalo, USA.

More Stories By N. Dayasindhu

N. Dayasindhu, PhD, is a senior research associate at the Software Engineering Technology Labs, Infosys Technologies. His research helps IT organizations align better with business functions. He has published in peer-reviewed journals and conferences and has consulted for Fortune 500 enterprises.

Comments (2)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Microservices Articles
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
"NetApp's vision is how we help organizations manage data - delivering the right data in the right place, in the right time, to the people who need it, and doing it agnostic to what the platform is," explained Josh Atwell, Developer Advocate for NetApp, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, will discuss why containers should be paired with new architectural practices such as microservices ra...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin, ...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In their Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, and Mark Lav...
Many organizations are now looking to DevOps maturity models to gauge their DevOps adoption and compare their maturity to their peers. However, as enterprise organizations rush to adopt DevOps, moving past experimentation to embrace it at scale, they are in danger of falling into the trap that they have fallen into time and time again. Unfortunately, we've seen this movie before, and we know how it ends: badly.
TCP (Transmission Control Protocol) is a common and reliable transmission protocol on the Internet. TCP was introduced in the 70s by Stanford University for US Defense to establish connectivity between distributed systems to maintain a backup of defense information. At the time, TCP was introduced to communicate amongst a selected set of devices for a smaller dataset over shorter distances. As the Internet evolved, however, the number of applications and users, and the types of data accessed and...