ArchitecturePlusSeminar 2006 12 19Mabry

ArchitecturePlus Seminar December 19, 2006    (3CKH)

• 4.Governance:    (3CLD)
  • a. Why do we need SOA governance?    (3CLE)
    • We need to “connect the dots”    (3CLF)
    • Information Technology has grown up in the wild. We have stove pipes and islands of information that are not useful to a larger community.    (3CLG)
    • Without SOA governance we wind up with more of the same.    (3CLH)
    • To paraphrase someone: “If you keep on doing what you have always done then you will get what you’ve always gotten.”    (3CLI)
    • This is a new time, we need to share information; we need to be agile as a nation in response to threats to our national security and internal well being.    (3CLJ)
    • This calls for improved agility, speed of response, flexibility and range of response    (3CLK)
  • b. What are some governance approaches?    (3CLL)
    • Status Quo with the existing organization governing SOA implementation.    (3CLM)
      • This is the organization that brought us the legacy environment of today, which protects parochial interests, resists change, and which changes the name of the existing process to the current “buzz” words, but keeps on doing business the same old way. This is the approach that makes it impossible to connect the dots.    (3CLN)
    • Standard planning, defining, enabling and measuring approach    (3CLO)
      • This approach looks locally and focuses on successes of individual projects. This approach turns it over to a contractor and says make SOA happen for this business activity or LOB. This is a viable approach for acting locally but without thinking first globally. Without us Feds thinking about enterprise first and then our own piece of the whole and the contribution that we make globally, then the dots won’t get connected. We will still have the same old thing because we have done the same old thing.    (3CLP)
      • There is not one government contractor to which we could just say to “go do it”. The government is going to have to work this from the inside out and thus we need an approach that will consistently govern the change within the context of the larger whole.    (3CLQ)
    • Organizational Behavior approach to Governance    (3CLR)
      • Operational Definition: Governance refers to the organization (1), processes (2), policies (3), technology (4), and metrics (5) required to manage SOA, to include organizational cultural (6) change and behavior (7). This is a holistic view of the enterprise with the enterprise being government at large.    (3CLS)
      • This approach takes a process perspective (8) and builds the organization around that. It clearly articulates what governance does (9) and identifies the policies, processes and technology that must be governed from an enterprise perspective. It sets in place an SOA governance model and an SOA metrics model.    (3CLT)
      • Lastly, this approach sets the vision and articulates the values (10) that defines the culture and puts in place the incentives necessary to reward desired behavior.    (3CLU)
  • c. Who is succeeding at SOA governance?    (3CLV)
    • Many success stories may be found on the web. You just have to search for them. Most however are presented from a vendor solutions point of view. Also in government you can find initiatives and prototypes to prove the promises of SOA but I don’t know of any large scale success that we can report regarding SOA governance. That is one of the reasons for this Town Hall - to stimulate the dialogue with those who may know of SOA governance successes for a large scale enterprise and that can identify its successful contributing governing attributes.    (3CLW)
    • DoD is a large scale enterprise, but we don’t have the organization in place to govern SOA nor have we developed the critical mass in DoD to put in place an organization necessary to bring it about on such a large scale, but we are working on it. We have the SOA Foundation at DISA and our policies are undergoing a major overhall.    (3CLX)
  • d. Is there a role for Enterprise Process Improvement?    (3CLY)
    • Sure there is always a role for Enterprise Process Improvement. Take for example in the Federal government. The President recently approved the Information Sharing Environment Implementation Plan. The “business” is sharing terrorist information across key cabinet level departments and agencies. SOA is the means of doing this but what is the critical data to be shared? This can only be determined by understanding the data produced by common processes. For example the process for producing the “Suspicious Activity Report”. Currently 12 or so Cabinet department and agencies have relevant data but the process is internal to their own stove pipe or island of information. This process will have to be improved to reflect the enterprise view, otherwise we probably once again won’t be able to connect the dots.    (3CM0)
  • e. What is the AIC Governance Subcommittee planning to do?    (3CM1)
    • With IAC’s help, plan to prepare a report that recommends a SOA Governance model that creates an SOA organizational behavior and culture for the Government.    (3CM2)
    • Highlighted in the report will be a key point -- the interplay between SOA Governance model and the metrics model will determine the effectiveness of SOA governance and the overall culture and behavior that will determine SOA success.    (3CM3)
  • Footnotes:    (3CM4)
    • (1) Organization Structure and Functions: (a) IT Organization, (b) IT Governance, (c) Liaisons to LOB owners, (d) Software Development, (e) Enterprise Architecture, (f) Impacts on other Enterprise processes such as resource allocation and implementation.    (3CM5)
    • (2) Processes to Govern: (a) Design-Time, (b) Publishing, (c) Discovery, (d) Run-time.    (3CM6)
    • (3) Types of Policies: (a) Enterprise, (b) Business, (c) Process, (d) Compliance, (e) Technology standards, (4) Security.    (3CM7)
    • (4) Enabling Technology: (a) Policy Engines, (b) Enforcement Models, (c) Architecture (d) Standards, (e) Integration and Interoperability, (f) Battle for Control.    (3CM8)
    • (5) Metrics: (a) SLAs, (b) Conformance reporting and policy breaches, (c) Enforcing reuse of existing services vs. development of new services, (d) Enforcing reuse of sanctioned services vs. rogue services, (e) Enforcing service design best practices enterprise-wide vs. one-time design practices.    (3CM9)
    • (6) Culture: (a) Value reuse of services over developing new services, (b) Values reuse of components and other IT assets, (c) Requires conformance to SOA Guidelines, principles and standards and overall policies, (d) Achieving IT productivity through reuse, (e) Reusing fundamental services available within the SOA to develop business solutions faster, cheaper, and better, (f) Achieving faster time for IT services to the business.    (3CMA)
    • (7) Incentives & Sanctions for SOA Culture: (a) reward positive behaviors, (i) Services reuse, (ii) SOA conformance, (iii) Governance, (iv) Metrics; (b) do not reward behaviors that are not positive    (3CMB)
    • (8) Steps to set-up the organization: (a) Define the overall SOA governance model, organization and processes, ( b) Define the SOA policies to be enforced, (c) Implement SOA governance policy and enforcement.    (3CMC)
    • (9) What does governance do? (a) Oversight, (b) Policies, (c) Funding models, (d) Implements governance process, (c) Services definition, creation and publishing, (d) Policies and processes QoS/SLA management..    (3CMD)
    • (10) Values: (a) SOA vision, goals, and guidelines, (b) SOA governance model, (b) SOA metrics and model, (c) SOA organization and structure, (f) SOA processes, (g) SOA roles and responsibilities, (h) Corporate culture and organizational behavior.    (3CME)
  • Source: Eric A. Marks and Michael Bell, Service-Oriented Architecture (SOA): A Planning and Implementation Guide for Business and Technology    (3CMG)