Good governance is the foundation for building a successful Service Oriented Architecture (SOA). SOA governance is what enables diverse business unit and IT stakeholders to ensure that the SOA they collectively design is truly cross-enterprise. A lack of appropriate governance makes it very difficult to gain the business process agility and time-to-market advantages that maximize the business value of SOAs.
SOA initiatives that lack appropriate governance will almost certainly fail to deliver long-term business benefits. Moreover, by failing to account for the needs of disparate organizations within the enterprise, SOA without governance becomes yet another stovepipe application. Many IT analysts are saying that SOA governance is more critical to SOA success than is SOA technology. In fact, as Danny Sabbah, general manager of IBM Rational, put it recently, "SOA is 1 percent services and 99 percent governance."1
Service Lifecycle Management is the application of SOA governance to the actual construction of your SOA and SOA Services. Whereas governance belongs to the business stakeholders, management is the purview of the technical staff, the team responsible for "making it real." Service Lifecycle Management is by necessity closely aligned with SOA governance, as it is critical at every step of software delivery, from the business analysts to the architects to the developers to the testers to operations, to validate that what is being built is in alignment with the stated business needs of the enterprise.
SOA Quality Management is one aspect of Service Lifecycle Management -- a discipline that cuts through all stages of the delivery lifecycle. IBM defines SOA Quality Management as the process by which to assure services meet business requirements by validating service functionality and operations throughout the SOA Lifecycle.
This article explains how SOA governance, SOA Service Lifecycle Management, and SOA Quality Management relate, and how IBM Rational tools and best practices support them. The focus is on SOA Service Lifecycle Management -- the implementation of SOA governance2 -- in general and SOA Quality Management in particular.
SOA governance: The foundation of Service Lifecycle Management
Effective governance serves an integrative function across people, processes, and technology. At IBM we see the essential governance activities that relate to the SOA lifecycle in terms of four phases (Plan, Define, Enable, and Measure), which are linked by an iterative process flow as illustrated in Figure 1:
Figure 1: The SOA governance foundation
In many ways, the most challenging aspect of an SOA initiative can be the first step: getting all the stakeholders on board to work together in the initial Plan phase. Preliminary efforts to define the scope of the initiative, empower the various organizations involved, and determine how success will be measured require cooperation from many different departments and organizations.
The goal of the iterative, four-phase SOA governance process is to refine and enhance governance effectiveness and optimize business value for the SOA initiative. The four phases are:
- Plan: In the initial Plan phase, stakeholders collaborate to establish and commit to the need for SOA governance and its overall scope, as well as to plan project scope, ownership, and funding; and perhaps to establish a center of excellence to oversee the SOA project. In subsequent iterations, planning will identify areas where SOA governance can be improved or new areas where it should be implemented, while applying these changes to the governance plan.
- Define: Having identified opportunities for improved governance, business and IT stakeholders then collaborate to define new governance policies and processes. During this phase organizations delineate additional SOA capabilities, agree on policies for service reuse across lines of business, establish processes to guarantee service levels, and so forth.
- Enable: In this phase, policies defined in the previous phase are rolled out to the various stakeholders across the enterprise. During this phase organizations communicate their policies to the decision-making community, enabling them to ensure that their needs are being met, and that their organizations are poised to benefit from the SOA.
- Measure: In this phase governance policies and processes (e.g., Service Level Agreements (SLAs), reuse levels, or change policies) are established. These are evaluated against success/effectiveness criteria (established in the Define phase) and a new iteration of SOA governance activities is initiated on the basis of those discussions.
Service Lifecycle Management: SOA governance applied to software delivery
Once an organization has established SOA governance by moving through multiple iterations of Plan, Define, Enable, and Measure activities, a solid foundation of best practices is established that greatly facilitates the actual construction of the SOA implementation. Improved policies yield better metrics, which empower stronger planning, and so on.
It is important to note that the SOA governance process is never left behind. Successful service implementation requires constant validation and updates based on the original SOA governance framework. Services must be built according to plan; plans that cannot be met must be modified. SOA governance supports and guides the iterative SOA implementation cycle of Service Lifecycle Management.
One could think of the SOA governance phases as embodying the business requirements, and the corresponding Service Lifecycle Management phases as guiding the technical "building out" of those requirements. For example, an SOA governance requirement like "We want order entry to take no more than five minutes" might lead to Service Lifecycle Management metrics like "The system must respond to Input X in 100 milliseconds or less." In both cases, however, activities are managed in relation to the original business plan.
Like SOA governance, SOA Service Lifecycle Management is an iterative process as illustrated in Figure 2. This process is ongoing for the duration of the SOA lifecycle.
Figure 2: SOA Service Lifecycle Management
Although they support implementation rather than governance per se, the phases of Service Lifecycle Management are very much analogous to the SOA governance phases:
- Model: validate against Plan. At this step architects collaborate to review the current SOA governance plan and use it as a basis for modeling the SOA implementation.
- Assemble: validate against Definition. At this step developers assemble the reusable service assets that the architects have modeled, to create service-oriented applications that automate and integrate business processes.
- Deploy: validate against Enablement. Here Testing and Release Management functions deploy the services.
- Manage: validate against Measurement, whereby Operations manages the services in production.
Within each of the four SOA Service Lifecycle Management phases, practitioners continuously validate their activities and outcomes against the original business requirements. In this way, governance ensures that business requirements drive all aspects of the service delivery lifecycle, and that the implementation remains constantly aligned with business objectives. For example, during a Deploy phase the Testing team would validate that the deployed service works as expected for its intended user community, based on metrics agreed upon as part of the governance process. Naturally, requirements can be modified based on what the implementation team is actually encountering as they deliver the services.
The road to SOA Quality Management
Service reuse is the one of the key factors driving cost savings and business agility in SOA implementations. However, if a service is being consumed by a number of composite business applications, the requirements for high quality and performance of that service will be significantly greater than for many of today's vertically integrated applications. In addition, the promise of reuse is highly charged with potential risks: services that violate security or compliance policies, services that can interfere with the operation of other services, etc. There is a need to balance the risk and the value of service reuse, and that process is known as SOA Quality Management.
Once upon a time, testing was the final phase of a waterfall-style release plan, undertaken at the end of the software development process. The high quality demands of SOA now requires that teams must validate what they're architecting, building, deploying, and managing against business requirements for performance, reuse, regulatory compliance, security, and more -- at every phase of the SOA implementation lifecycle. Validating SOAs means testing components at the service level as well as at the level of composite applications. It also means addressing the control issues inherent in working together with teams that are spread out in different departments, different practices, or perhaps distributed globally.
SOA initiatives have thus served to drive the evolution of quality management within the software development process, as illustrated in Figure 3.
Figure 3: From software testing to Business-Driven Quality Management
This accelerating trend from traditional software testing to business-driven Quality Management is the next step forward in business/IT cooperation. Software testing is still critically important in this context, but it is just one component of managing quality across the entire SOA environment to optimize business flexibility and cut overall costs.
SOA Quality Management: an aspect of Service Lifecycle Management
SOA Quality Management is an important aspect of Service Lifecycle Management -- one that reflects the need to address multiple aspects of service quality across multiple SOA service implementations. IBM is focused on delivering SOA Quality Management end-to-end, from Model through Assemble, Deploy, and Manage. SOA Quality Management concerns far more than just conventional software development and testing. It encompasses all the ways in which the business and IT organizations collaborate on services, as well as the lifecycle from concept to retirement of services and composite business applications.
The key capabilities that IBM SOA Quality Management delivers include:
- Enabling through tools and best practices a quality management focus throughout the SOA lifecycle
- Ensuring business agility by enabling the functional and performance testing of business services for compliance with business and regulatory requirements
- Optimization and automation of workflows across business processes by streamlining and eliminating process redundancies.
Figure 4 illustrates how SOA Quality Management activities inform SOA Service Lifecycle Management.
Figure 4: SOA Quality Management informs SOA Service Lifecycle Management
The cyclic arrows within each Service Lifecycle Management phase indicate that SOA Quality Management activities iterate within each phase -- diving down to the SOA governance foundation to validate that business requirements are being addressed at every step of the SOA lifecycle. The SOA Quality Management processes within each Service Lifecycle Management phase include the following activities:
- Validate business requirements
- Discover and assess against current services
- Model service requirements
- Create service update plan
- Create or modify the service to meet the business requirements
- Assess service against governance rules
- Quality assure the services
- Function testing
- Performance testing
- Compliance testing
- Approve service deployment
- Manage and monitor the service throughout its lifecycle
- Track the service in the registry
- Report on the service against SLAs
The role of IBM Rational in SOA Quality Management
The fundamental value proposition of the IBM Rational brand is end-to-end software delivery lifecycle management among distributed teams and across distributed environments. So it's not surprising that IBM Rational tools and best practices are an important part of IBM's SOA Quality Management vision. As Figure 5 illustrates, quality management products represent one of the four key segments of the IBM Rational Software Delivery Platform.
Figure 5: Emphasis on quality management within the IBM Rational brand
IBM Rational helps companies implement a business-driven -- that is, quality-driven -- management environment for SOA by providing proven tools and process guidance that simplify and accelerate business process modeling and the assembly, deployment, and management of SOAs.
Integrated with the IBM Rational Software Delivery Platform, Rational's ongoing enhancement of SOA governance capabilities helps companies to:
- Ensure quality by ensuring that business requirements drive the modeling and assembly of services that automate and integrate business processes
- Repurpose existing assets as services to extend their utility and assemble them into new solutions
- Deliver high-quality, services-based solutions on time and on budget
Among the IBM Rational products that enable SOA Quality Management are several new tools and products. These include IBM Rational Tester for SOA Quality, which provides automated regression and functional testing for GUI-less Web services; and IBM Rational Performance Extension for SOA Quality, which supports performance testing for Web service-based applications. These new products feature a host of SOA-centric features, such as a visual test editor delivering both high-level and detailed test views; support for testing of non-GUI services; flexible modeling and emulation of service consumers; collection and visualization of server resource data; automated test generation from WS-BPEL business processes; and much more.
It follows that SOA Quality Management entails process change as well as new technology. IBM Rational aims to provide teams with the necessary best practice support as well as tools, to effectively manage quality throughout the SOA lifecycle. This capability is essential not only to ensure integrity for composite applications, but also for reasons of cost reduction, investment protection, and alignment of the SOA with business strategy.
For more information on IBM's SOA vision, visit http://www.ibm.com/soa.
For more background on SOA governance, visit http://www.ibm.com/software/solutions/soa/gov/index.html.
To learn more about IBM Rational products for SOA Quality Management, visit http://www.ibm.com/software/rational/offerings/testing.html.
For more on IBM Rational's strategy for supporting SOA initiatives, visit http://www.ibm.com/software/info/developer/solutions/soadev/index.jsp.
1 Danny Sabbah, "The Future of Software Delivery," White paper, February, 2007.
2 For more information on SOA governance as it relates to the overall topic of SOA, please visit http://www.ibm.com/software/solutions/soa/gov/index.html.