SOA Governance@work

Neil Macehiter recently blogged on the relation between SOA governance and data governance in response to a post by Joe McKendrick.  Neil states that he disagrees with the notion that

data governance and SOA governance are separate disciplines. 

Neil goes on to emphasize his point by saying 

SOA governance must encompass data governance...policies are the lingua franca of SOA governance and policies apply as much to the data flowing in a service network as they do to the services themselves

I couldn't agree more with Neil's statements.  I think it's important to remember that governance, regardless of what 'specialty' you are talking about, is a series of activities associated with influencing actions and behavior of an environment.  In this regard, SOA governance, data, governance, process governance, application governance, etc are all related to, but not dependent on, one another.  It's not that one encompasses the other, but rather the activities associated with each should work in conjunction with the rest of the governance discipline.  Data governance, for example, provides value regardless of whether your organization is doing SOA or not.

David Buckholz from Sony put it best last week - SOA governance is not considered a separate discipline within their organization but rather an extension to their existing governance disciplines.  They simply identified new processes, activities, and policies that should augment existing governance to take SOA issues into consideration. 

Using Sony as an example, this is how all governance 'specialties' should be handled.  It helps in the adoption by the governance community as it leverages processes they are already familiar with.  As a side effect to this, your SOA and data governance will take on the characteristics of your existing governance.  If your existing governance is highly effective, so too will SOA and data governance, but the converse will also be true. 

Oracle recently released a new resource library for SOA Governance that contains a collection of governance materials accessible within a single download.  All of the white papers, product information sheets, documented best practices, case studies, etc are all contained within this single packaged library. 

To check it out, go here and download it.

To keep up to date on SOA Governance through Oracle's blogs, podcasts, mix groups, etc, check out the SOA Governance Architect Center. 

A post on Joe McKendrick's SOA in Action Blog includes a transcript of Gartner analyst Frank Kenney's remarks during a keynote address at last month's virtual SOA Governance conference presented by ebizQ.  Among Kenney's observations: 

• "If you are moving towards an SOA initiative, if you are embarking on an SOA project, that project will fail without governance."
  
• "SOA...is evolving from a technical architecture to a governing framework. It is not so much about the applications that you build, or the services you compose, or the processes that you orchestrate and coordinate...It’s really about understanding the lifecycle [of] the artifacts that make up your service-oriented architecture."
  
• "Runtime and design time [don't] mean anything when it comes to SOA. It's not runtime or design time, it's all the time."
  
• "At the center of any good SOA governance technology is going to be a registry repository."

According to the transcript, Kenney pointed out that the lifecycle of a SOA artifact includes overlapping creation, usage, deployment, and governance cycles. He advised against focusing on what he described as the "artificial distinction between design time and runtime," and stressed the importance of focusing on the overlapping lifecycles, and on how those lifecycles affect each other.

Little of what Kenney talked about is all that new, especially given where we are in the evolution of SOA. But the ideas he presented are nevertheless critical and worth repeating until they are fully absorbed by every stakeholder in any SOA initiative.

Read the entire post: Transcript: No SOA Governance Strategy? No Problem- Prepare For Failure!

ebizQ analyst Dennis Byron published an article not too long ago asking

What is business process management (BPM) software's role in IT and SOA governance?

In his article, Dennis quotes Forrester's Larry Fulton as stating

IT and SOA design-time governance solutions provide more than just storage and cataloging of service information; they also automate the process of service life-cycle management (SLM). Automating the process of service life-cycle management is the job of technologies like SOA design-time repositories.

Dennis goes on to make the argument that BPM could be used for this kind of automation

because the combination of an explosion in unstructured data and the coming exponential growth in services...means IT could lose control of its mission

The rest of the article goes on to cover various BPM vendor products and how they could be used.  However, Dennis never really fully answers the question he stated up front on what BPM's role in SOA Governance was other than to state it could be important if BPM is important to the overall business strategy.  I don't disagree with Dennis, but I think he's approaching this from a BPM angle, not a SOA governance angle.

Technology offerings aligned with SOA governance, such as those referenced by Larry Fulton, are there for the purpose of automating, and providing visibility into, the governance process.  Governance doesn't happen simply by harvesting assets from the SOA environment and providing visibility.  It's what you do to those assets once you have that visibility that really defines governance.  Effective governance is essentially the application of business and IT policies and procedures to influence behavior and outcome.  It's for this reason that I think BPM can, and does, play an essential role in SOA governance as it provides a means to structure the governance process and automate enforcement of policies and procedures to ensure business/IT alignment and compliance.

What I find surprising in Dennis's article is that Oracle is not mentioned alongside the other BPM vendors.  Why I find this surprising is not because Oracle has a BPM offering but because the Oracle SOA Governance solution has BPM embedded.  Oracle uses a lightweight version of Oracle BPM workflow under the covers for automation of the lifecycle, from planning through retirement.  These workflows can either be configured and used as is, or you are provided with all the tooling necessary to modify those BPM processes to fit your methodology and needs.   

So when it comes to the question of what BPM's role in SOA Governance is, Oracle believes it's so essential that they've embedded it within the governance solution offering itself.  BPM doesn't need to be strategic to the rest of the enterprise to be applied to the automation of your governance processes, but governance is a poster child for how BPM can be properly leveraged for internal processes.

The rest of Dennis's article can be found here.