Welcome!

Microservices Expo Authors: Jason Bloomberg, Elizabeth White, Liz McMillan, Pat Romanski, Mehdi Daoudi

Related Topics: Microservices Expo

Microservices Expo: Article

SOA Governance: Start Small and Build Incrementally

A simple, pragmatic approach

If governance were a house, you would be left with the options of either building it from the ground-up or attempting to haul a complete house in on a large truck. While the latter is possible, it is fraught with difficulty. The house does not lend itself well to transport. It may become damaged during the move. It may not fit on your lot or connect smoothly to your utilities, requiring modifications to be made on the spot. The former option, building the entire house on site, certainly has its challenges (proper design, accurate implementation, quality assurance), but the risks are much lower and there is opportunity to adapt as it is built (move walls, change windows and doors, etc.). Generally, organizations should choose this option. They should choose to start small and build incrementally.

Incremental Governance
While no formal governance stages have been defined by any industry group, many organizations experience an evolution similar to the one identified in Figure 1.

Phase 1: Provide informal, ad-hoc oversight by Subject Matter Experts (SMEs)
Phase 2: Formalize oversight through workflow, standard documentation, and identification of applicable standards
Phase 3: Establish best practices, select and promote common design patterns around architecture and service layering
Phase 4: Drive enterprise alignment between business and technology teams along end-to-end business processes

 

How these incremental governance phases are manifested will vary from enterprise to enterprise. For some it may emphasize infrastructure investments. Other governance strategies are more focused on techniques and methodologies, while others will involve more committees and organizational changes. Regardless of what form the governance takes, the key is to start small and build incrementally.

Adopting Governance
Governance adoption should follow a simple, pragmatic approach. Overriding goals during the governance adoption process should be risk mitigation and increasing operational predictability to reduce risk. The following simple steps are recommended:

  • Define a governance roadmap with objective, measurable milestones
  • Identify technology and organization changes required for each stage
  • Clearly identify and document business value that is applicable at each stage

That last recommendation is the step that is most often missed. So often organizations will put a plan of action in place without any understanding of what benefit the business will gain from each iteration or each level of maturity. This is crucial to ensuring that your SOA is relevant, your governance is sufficient without being overkill, and ultimately is core to achieving a return on your service-oriented investment.

Less Is More
In the process of adopting governance incrementally, it is important that you avoid the tendency to implement excessive, heavyweight governance. On the opposite extreme, you should take care to also avoid implementing governance that is nothing more than a formality and a rubber stamp of approval. Governance shouldn’t be implemented as one or more powerless committees, or as a heavyweight bureaucracy. I call this balanced approach – “lean governance.”

Lean governance represents a mindset in which governance is applied as needed. Implement only as much governance as is needed and constantly monitor the environment in order to tweak the degree of guidance and oversight. Governance should be focused, lean, and ever-present. Early in the adoption of SOA, governance should be minimal. It could be as simple as a requirement to support certain standards and maintain service contracts for each service. Over time, the governance policies, processes, and procedures, as well as the corresponding infrastructure can be built incrementally along-side the maturing of the service-oriented enterprise. Finally, this governance should be applied throughout the project life cycle. Best practices identify three governance gates: design-time, change-time, and runtime. These three gates serve as check points to ensure that service design, development, and runtime behavior are consistent with enterprise goals and stated best practices.

Summary
In my experience, governance is crucial to any significant organizational change and service orientation is no different. I don’t believe that governance has to be at the extremes (powerless committees vs. heavyweight bureaucracy), but instead can and should be focused, lean, and ever-present. Initially you don’t need very much governance, and it may involve more of an emphasis on infrastructure or techniques and methodologies. Regardless of how it is manifested, governance should be planned from the start, matured incrementally, and it should provide context for the entire project and program life cycle.

More Stories By Kyle Gabhart

Kyle Gabhart is a subject matter expert specializing in strategic planning and tactical delivery of enterprise technology solutions, blending EA, BPM, SOA, Cloud Computing, and other emerging technologies. Kyle currently serves as a director for Web Age Solutions, a premier provider of technology education and mentoring. Since 2001 he has contributed extensively to the IT community as an author, speaker, consultant, and open source contributor.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
In his session at @DevOpsSummit at 20th Cloud Expo, Kelly Looney, director of DevOps consulting for Skytap, showed how an incremental approach to introducing containers into complex, distributed applications results in modernization with less risk and more reward. He also shared the story of how Skytap used Docker to get out of the business of managing infrastructure, and into the business of delivering innovation and business value. Attendees learned how up-front planning allows for a clean sep...
In IT, we sometimes coin terms for things before we know exactly what they are and how they’ll be used. The resulting terms may capture a common set of aspirations and goals – as “cloud” did broadly for on-demand, self-service, and flexible computing. But such a term can also lump together diverse and even competing practices, technologies, and priorities to the point where important distinctions are glossed over and lost.
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
"At the keynote this morning we spoke about the value proposition of Nutanix, of having a DevOps culture and a mindset, and the business outcomes of achieving agility and scale, which everybody here is trying to accomplish," noted Mark Lavi, DevOps Solution Architect at Nutanix, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
We have already established the importance of APIs in today’s digital world (read about it here). With APIs playing such an important role in keeping us connected, it’s necessary to maintain the API’s performance as well as availability. There are multiple aspects to consider when monitoring APIs, from integration to performance issues, therefore a general monitoring strategy that only accounts for up-time is not ideal.
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
When you focus on a journey from up-close, you look at your own technical and cultural history and how you changed it for the benefit of the customer. This was our starting point: too many integration issues, 13 SWP days and very long cycles. It was evident that in this fast-paced industry we could no longer afford this reality. We needed something that would take us beyond reducing the development lifecycles, CI and Agile methodologies. We made a fundamental difference, even changed our culture...
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that’s no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, will explore how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He wi...
Docker is sweeping across startups and enterprises alike, changing the way we build and ship applications. It's the most prominent and widely known software container platform, and it's particularly useful for eliminating common challenges when collaborating on code (like the "it works on my machine" phenomenon that most devs know all too well). With Docker, you can run and manage apps side-by-side - in isolated containers - resulting in better compute density. It's something that many developer...
These days, change is the only constant. In order to adapt and thrive in an ever-advancing and sometimes chaotic workforce, companies must leverage intelligent tools to streamline operations. While we're only at the dawn of machine intelligence, using a workflow manager will benefit your company in both the short and long term. Think: reduced errors, improved efficiency and more empowered employees-and that's just the start. Here are five other reasons workflow automation is leading a revolution...
We have Continuous Integration and we have Continuous Deployment, but what’s continuous across all of what we do is people. Even when tasks are automated, someone wrote the automation. So, Jayne Groll evangelizes about Continuous Everyone. Jayne is the CEO of the DevOps Institute and the author of Agile Service Management Guide. She talked about Continuous Everyone at the 2016 All Day DevOps conference. She describes it as "about people, culture, and collaboration mapped into your value streams....
Cloud adoption is often driven by a desire to increase efficiency, boost agility and save money. All too often, however, the reality involves unpredictable cost spikes and lack of oversight due to resource limitations. In his session at 20th Cloud Expo, Joe Kinsella, CTO and Founder of CloudHealth Technologies, tackled the question: “How do you build a fully optimized cloud?” He will examine: Why TCO is critical to achieving cloud success – and why attendees should be thinking holistically ab...
Docker is on a roll. In the last few years, this container management service has become immensely popular in development, especially given the great fit with agile-based projects and continuous delivery. In this article, I want to take a brief look at how you can use Docker to accelerate and streamline the software development lifecycle (SDLC) process.
We define Hybrid IT as a management approach in which organizations create a workload-centric and value-driven integrated technology stack that may include legacy infrastructure, web-scale architectures, private cloud implementations along with public cloud platforms ranging from Infrastructure-as-a-Service to Software-as-a-Service.
Did you know that you can develop for mainframes in Java? Or that the testing and deployment can be automated across mobile to mainframe? In his session and demo at @DevOpsSummit at 21st Cloud Expo, Dana Boudreau, a Senior Director at CA Technologies, will discuss how increasingly teams are developing with agile methodologies, using modern development environments, and automating testing and deployments, mobile to mainframe.
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single-threaded, you can effectively identify hot spots in your serverless code. In his session at @DevOpsSummit at 21st Cloud Expo, Dave Martin, Product owner at CA Technologies, will give a live demonstration and code walkthrough, showing how ...
There are several reasons why businesses migrate their operations to the cloud. Scalability and price are among the most important factors determining this transition. Unlike legacy systems, cloud based businesses can scale on demand. The database and applications in the cloud are not rendered simply from one server located in your headquarters, but is instead distributed across several servers across the world. Such CDNs also bring about greater control in times of uncertainty. A database hack ...
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
API Security is complex! Vendors like Forum Systems, IBM, CA and Axway have invested almost 2 decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is a building block for rapidly locking down APIs. The four fundamental pillars of API Security - SSL, Identity, Content Validation and deployment architecture - are discussed in detail below.