SOA Governance@work

We are pleased to announce the 11g release of the Oracle Enterprise Repository. The Enterprise Repository is a key component of Oracle's SOA Governance solution, and this release features some exciting new capabilities including...

Highly Automated Closed Loop Governance
In 11gR1, OER harvests assets throughout the entire lifecycle. This saves customers huge amounts of time, provides the visibility that they need to manage their SOA, and ensures that asset information is fresh, which reduces the risk associated with making decisions based on stale data. In addition, a summary of runtime performance metrics is being provided to OER from Enterprise Manager Management Pack Plus for SOA, as well as from third party tools. This allows service providers and service consumers to see whether their services are performing as expected.

Support for SOA Suite 11g
In the 11g release, OER is harvesting more deeply from Oracle's own products, including Oracle Service Bus and SOA Suite. This provides Oracle customers with additional value - 1+1=3. Moreover OER is providing the "glue" to allow service bus and SOA Suite to seamlessly interoperate. OER is a critical part of the solution for customers that want to take advantage of both SOA Suite and OSB.

Support for Oracle Applications
The OER 11gR1 release targets the needs of Application Integration Architecture(AIA) customers. OER is teaming up with Oracle's upcoming Application Integration Architecture 3.0, so the Enterprise repository is now the container through which customers can view their integrations. In addition, OER provides customers with a view of the adapters exposed by enterprise applications such as eBusiness, Siebel, Peoplesoft, JD Edwards, SAP .... OER can also harvest the WSDL services exposed by enterprise applications. Customers can use this information to build out their application integrations. OER provides end-to-end visibility between the customers applications, providing the visibility needed to conduct impact analysis.

Customers can download the new release, and access the new documentation, from the OER OTN site:

http://www.oracle.com/technology/products/soa/repository/index.html

To follow up on my recent post on the new OSR 11g release and Edwin Biemond's excellent blog Using Oracle Service Registry in SOA Suite 11g, I wanted to report on common practices and OSR 11g various install and deployment options. First, it is assumed that you will be using the new Domain deployment option which is described in the docs and in Edwin's blog. You need to choose a directory such as registry111 inside of the Middleware home where you installed WebLogic. The registry home will be a peer to wlserver and JDK directories as shown below. If you do not do this, you will end up will registry installer files that live in the WebLogic home and as they say, results are unpredictable.

WebLogic Directory Sructure
C:\Oracle\Middleware\11gR1PS1                                                <--WebLogic Home
C:\Oracle\Middleware\11gR1PS1\registry111                           <--OSR Home
C:\Oracle\Middleware\11gR1PS1\jdk160_14_R27.6.5-32     <--JDK Home
C:\Oracle\Middleware\11gR1PS1\wlserver_10.3                     <--WebLogic Server home

Other WL directories
C:\Oracle\Middleware\11gR1PS1\logs
C:\Oracle\Middleware\11gR1PS1\modules
C:\Oracle\Middleware\11gR1PS1\oracle_common
C:\Oracle\Middleware\11gR1PS1\.....

Database Install Options
Another area that causes some confusion is the installer database options for which I will describe in detail. The UDDIUSER and UDDINODE names are the defaults and can be substituted for your preferred names.

1) Create New Tablespace Database
This is typically used when installing the first time and the installer knows the database system administrator username and password. It will create the UDDINODE tablespace, UDDIUSER database user and populate the schema. I use this when installing on my own laptop where the database resides.

2) Create Schema
This is typically used when you do not have database administrator's user and password and the UDDINODE tablespace and UDDIUSER have been pre-created for you by a database administrator. This is very common for organizations where a shared database is used and managed by a system administrator. The installer only prompts your for the UDDIUSER username and password and will populate this users schema. Note that all config files and logs do not expose whitespace passwords.

3) Connect to Schema
This is used for when you already have a fully populated database tablespace and user created typically from either one of the 2 options above or from the setup utility. All you have to provide for this option is the UDDIUSER user and password for later use. The installer will check the connection but not populate with seed data as it is assumed it has already been completed.

4) No database
This final option is when you just want to lay down the bits of the installer and use the OSR setup utility to create the database connection later. The setup utility lives in \bin\setup.bat.

Generally, you should use the database driver that ships with WebLogic in the following location.
\wlserver_10.3\server\lib\ojdbc6.jar

As mentioned in Edwin's blog, if you want WebLogic to manage the database connections, you should check both boxes on the Data Sources screen to Use and Create a JDBC data source in WebLogic. This will be done in the post install step where you run the WebLogic configuration utility which lives at \wlserver_10.3\common\bin\config.cmd.

Some WebLogic Deployment Recommendations
OSR can be deployed to either it's own WebLogic managed server or the Admin server. It doesn't matter but make sure that you specify in the OSR installer to use the same port as you plan to use in WebLogic. For example, if you want to deploy to the admin server and it is using the default port of 7001, then make sure you specify port 7001 in the OSR installer. If you want to deploy to a separate WebLogic managed server and it is using the default like 7101, then specifiy port 7101 in the OSR installer. These values can be changed in the OSR setup utility mentioned above if you forget and use the incorrect port.

Finally, we have seen "loader constraint violation" startup errors when installing OSR into the same WebLogic domain as SOA Suite. A couple of workarounds for this are:
1) Put OSR into it's own WebLogic Managed Server and Machine
2) Create a separate WLS domain for deploying OSR to WebLogic until that is resolved.

Since the new OSR domain deployment feature only supports WebLogic 10.3.1(11gR1) and later, you should use the OSR Online Admin server deployment option for deploying alongside OSB 10.3 and 10.3.0. As promised, I'll post some info on clustering strategies and OER co deployment in future blogs.

References
Edwin Biemond: Using Oracle Service Registry in Soa Suite 11g
http://biemond.blogspot.com/2009/12/using-oracle-service-registry-in-soa.html

Bob Rhubart, the Oracle SOA Governance community guru sent around the links below to these discussions about the changes to design time governance in a Cloud Computing environment. I tend to agree with Todd Biske and take issue with Dave Linthicum statements that "cloud computing may eventually kill off ... design-time service governance". While this could be true for some minimal number of use cases generally the need to plan for and manage the deployment of services and security policies to the cloud or "uber container" as I see it will not be significantly impacted. I mean, is David saying that new services being deployed to the cloud do not require sign off by various levels of IT management, QA, business steakholders and developement managers? As an example, now that our kids are in day school (the cloud), we still have to prepare them each day by making sure they are properly clothed and fed in the morning.

References
Yes, we still need design-time governance in the cloud

Governance Needs for Cloud Services

Cloud computing will kill these 3 technologies

The latest version of the Oracle Service UDDI Registry (OSR 11gR1) is available on the OSR OTN page and EDelivery web sites. OSR 11g has new support for WebLogic Server 11g and an updated certification for the latest hardware and software platforms, databases etc... You can see the current platform matrix by visiting the Oracle Fusion Middleware Supported System Configuration OTN page.

We are also working on updated OSR WebLogic cluster deployment doc that will be available soon from OTN. In the mean time, feel free to post any questions to the Oracle SOA Suite forum.

In addition, OSR 10.3 has been certified against the latest iAS 10.1.3.5 release. This requires that you install patch number 9216686 on top of iAS OC4J 10.1.3.5 before you install OSR 10.3. The patch is available for download through My Oracle Support by searching searching on patch number 9216686.

Explore SOA concepts from someone who has worked on SOA projects from across the globe. Oracle SOA expert and author Matt Wright talks with Jyothi Swaroop about his new book - SOA Suite Developer's Guide.

Listen to podcast

Here is an interesting article by Bob Rhubart that talks about collaboration across stakeholders as key for SOA success.

"A service-oriented architecture (SOA) is a busy place, a complex clockwork of interconnected, interdependent, and widely distributed moving parts, including those that enjoy a nice cup of coffee in the morning. As such, SOA demands extraordinary collaboration across a broad spectrum of stakeholders. Getting those stakeholders to behave as a cohesive community can be about as easy as teaching bears to tap dance, but that cohesion is an important objective of SOA governance....."

Link to the article

Oracle is hosting 4 enterprise customers to discuss real-world SOA Governance best practices at Oracle Open World on Monday, 4 PM.

This session outlines the best practices for Architects to achieve maximum returns from SOA Governance initiatives. Hear from industry experts and Oracle customers such as Todd Biske, Mike Knecht, Goutham Nelluthla and Jules De Ruijter as they share their extensive experience and expertise in the area of SOA Governance.

Session time: 4 PM, Monday, October 12, 2009

Venue: Hilton Hotel, Golden Gate 3

Check out other SOA Governance sessions at Oracle Open World here

Streamline your SOA: Risks, Strategies and Payoffs

With growing adoption of SOA taking place across your enterprise, the time is right to replicate some of the early successes on a larger scale. If you want your organization to reach its destination on time and under budget, you need to know exactly where it is headed - while avoiding roadblocks and detours along the way.

Learn how you can chart your roadmap for SOA success in our upcoming live Webcasts.

In addition, you will see how companies are successfully using Oracle SOA technology to:

• Maximize returns on existing investments


• Boost customer satisfaction


• Improve application performance and customer SLAs


• Reduce downtime for new deployments and upgrades


• Shorten your project timelines, while governing your costs and success

Register now for the session that best fits your schedule.

While discussing organizational governance processes in the last entry, I realized that endpoint management, UDDI and service bus is a topic probably best described as a technical governance process and thus really more about tools than people-processes. In contrast, I want to discuss a very important process that focuses more on the people and communications that should be established before even the first service is conceived. Change Management. Those 2 words alone might be enough to make even the most disciplined IT managers scurry back to the comfort of their Linux prompts. Why is it that organizations implementing SOA often minimize the importance of people processes such as change management in favor technical tasks? Undoubtedly for many reasons but maybe because they are easier than organizing a group of stakeholders in a weekly meeting and can be performed in the dead of night without anyone else's input.

So why is change management so important anyway for SOA and isn't that why IT departments create all of these environments to test, stage, retest and deploy to production? As with many things including coding, the majority of time should not be spent managing the things that go right but instead managing the exception cases or errors when things go wrong. Below is a list of questions you should ask yourself when considering the role of change management.

-Do you have a well documented back out procedure when things go wrong with a production deployment?

-Is there an approval chain of command in place to resolve and decide when a back out would be required?

-Are all of the stakeholders aware of the change schedule and understand the full impact of a failed production upgrade or deployment?

-Has the risk to external organizations to which you may have legal and financial obligations been taken into account?

-Do you regularly evaluate all of the risk(s) associated with changes to production systems?

-Have you taken into account the system loads across different time zones of your users?

-Have end users received adequate notification indicating the schedule and benefits of major changes?

-Do external auditors review the procedures and provide feedback on your processes?

This is not an exhaustive list by any means but simply meant to make you think about what people processes you have in place to address unexpected technology issues. For many, a list like this may in fact be the exact reason that you have not engaged in proper change management because it's just seems to be so hard to gain consensus. Maybe it is best to step back and take a higher view of things. I found the following definition of change management on Wikipedia that I think encapsulates the goals of change management very well.

"Change management is the process during which the changes of a system are implemented in a controlled manner by following a pre-defined framework/model with, to some extent, reasonable modifications".

Now granted this is a pretty high level view but wow, it sure says a lot in that 1 sentence. I especially like the highlighted words such as "controlled manner", "pre-defined framework" and "reasonable modifications". An organization could do a lot worse than posting reminders or mission statements in plane view for all stakeholders to see and read it regularly. I'm sure many have implemented fancy operational dashboards on large screens that show real time monitoring of critical systems for all to see. Why not pepper in some organization goals or definitions such as this that foster communications and other people oriented best practices at the same time?

Ultimately, these sorts of critical governance people-processes should be ingrained into the DNA of everyone in your organization much as code reviews (you do code reviews, right?) and extreme programming practices might be. With workers distributed across different geographies, regular change management meetings may pose a bit more of a logistical problem but really, that is just an excuse given the volume of repositories, collaboration and notification tools at your disposal. While they seem unexciting to many, these sorts of governance processes are going to be major contributors to your future SOA successes. I can only imagine some of the horror stories that readers could share on this topic. Please, don't be shy about posting them here and by all means make them anonymous if you need to, but I suspect these stories would be a good validation of why these people-process best practices are so important.

I was discussing with a solutions consultant recently the perceived complexity of putting in place an initial governance solution. In following up on Mike van Alst’s recent blog on SOA governance processes, I wondered what tactical processes would be approachable for an organization trying to get a handle on SOA asset management. A couple things came to mind that I’ve heard from customers such as loading assets into their repository to discover dependencies with the benefit being more granular deployment bundles and reduced deployment time. But an even more mundane and common process every customer has some processes in place for is the management of endpoints in different environments. I’ll admit up front that this may not be a simple task but it is one that almost every organization has some practical experience with and thus a good starting point.

The basic use case is fairly straightforward and well known. SOA projects checked into source control systems contain files such as WSDL, XSD and BPEL deployment descriptors. These assets import URL’s pointing to hard coded hostnames and ports specific to a particular environment such as dev.company.com, qa.company.com, stage, prod etc. The environments are typically separated from each other using a firewall or physically isolated network to make sure there isn’t any accidental sharing of data across environments. This is a great example by the way of a business requirement driving a data quality and assurance governance process. Anyway, managing these assets as they are deployed to their respective environments and assuring they only interact with other services, assets or infrastructure servers within that environments is not a trivial task. In the JCA adapter world, JNDI is used to create consistent names across different environments for database, JMS connectors and connection pools but this technique is generally not applicable for web service based assets. A service bus proxy service or service registry providing a normalized UDDI serviceKey can help fill this gap.

For this discussion, we will focus on a specific type of URL associated with the location of the web services runtime implementation also known as the WSDL Service Port SOAP location as shown below from an example at http://www.w3.org/TR/wsdl#_soap-e.

<service name="StockQuoteService"\>
   <documentation>My first service</documentation>
   <port name="StockQuotePort" binding="tns:StockQuoteBinding">
     <soap:address location="http://example.com/stockquote"/>
   </port>
</service>

Assuming the external service has an location for each environment, then logically each business process or composite application referring to it needs to ensure it is only calling the service located in the correct environment such as shown below

Location=http://dev.example.com or
Location=http://qa.example.com

Endpoint management methodologies seem to come under 2 main camps, automated or manual and I think this also matches customer’s size and SOA adoption maturity level. Customers using a manual process might not be as large or sophisticated enough to worry about using an IDE to manually change the project and redeploy in each environment. Larger more mature shops with more specialized IT operations groups and a much larger service portfolio are looking to automate this process at every stage. They likely make use of Apache Ant deployment scripts with substitution variables to handle WSDL and XSD files that include or import dependent assets using hard coded host and port names. Automation scripts do help a lot but usually do not solve the often-requested request for the ability to change the endpoint location without redeploying the business process or application. This type of solution provides more flexibility and overall IT agility for responding to unpredictable changes in the business.

Two approaches for advanced endpoint management are
1) Virtualize the external endpoints using a service bus proxy service
2) Integrated lookup mechanism such as UDDI in the SOA infrastructure or fabric layer.

Both of these solutions externalize the management of endpoints from the SOA application and can support multiple endpoints for load balancing or high availability failover situations. A service bus implementation provides a true virtualization solution making use of content or context based routing and document transformations in the event an endpoint schema changes. It should also allow for managing and changing endpoint locations in an operations management console. The UDDI lookup mechanism is purely for endpoint management and less robust than a service bus virtualization solution but still effectively enables IT operations to change or add endpoint locations. It should achieve this without affecting runtime performance or redeploying the consuming applications such as business processes or composite applications.

Often customers want a single location to manage all service endpoint locations. To meet this requirement, a service bus should allow it’s own endpoints to be externally managed at runtime without redeployment by using service registry’s UDDI serviceKeys. This is a topic for a future discussion but hopefully it has provided fuel for thought on how to break down seemingly complex governance problems into smaller manageable processes to jump start your overall governance strategy.