Hablemos de SOA Governance para hacerlo una realidad

Presentación del tema: "Hablemos de SOA Governance para hacerlo una realidad"— Transcripción de la presentación:

1 Hablemos de SOA Governance para hacerlo una realidad
Madrid, 26 de Madrid 2007

2 Agenda 9:30 SOA Governance: La clave para la integración de negocio y tecnología 10:25 Gestión del ciclo de vida de los servicios de su arquitectura SOA Rational Asset Manager 11:00 Como hacer realidad el potencial de los servicios de su arquitectura SOA (IBM WebSphere Service Registry and Repository) 11:30 Café 12:00 Demo 12:30 Monitorización de los servicios en un entorno SOA 13:15 Servicios de IBM de SOA Governance 13:45 Cocktail

3 SOA Governance: La clave para la integración de negocio y tecnología
Manuel Rodríguez Rodríguez SOA Software IT Architect Leader Barcelona, 20 de Septiembre de 2007

4 Agenda 1 Introducción SOA 2 ¿Que significa Governance? 3
¿Es necesario SOA Governance? 4 SOA Governance: Definición y aplicación 5 SOA Governance and Management Method

5 Agenda 1 Introducción SOA 2 ¿Que significa Governance? 3
¿Es necesario SOA Governance? 4 SOA Governance: Definición y aplicación 5 SOA Governance and Management Method

6 Ventajas esperadas de una arquitectura SOA
Service Oriented Architecture Messaging Backbone Aplicaciones puntuales Tiempo real Procesos automatizados “Event-driven” Conexiones punto-a-punto Simple, conectividad básica Monolíticas- Propósito único No integración No reutilización Flexibilidad Manufactura “Just In Time” Producción masiva. Cadena de ensamblado Artesano Visibilidad y Control en t. real Proceso automatizado Flexible Innovación guiada por el negocio Partes basadas en componentes Proceso de desarrollo “rígido” Cada vehículo es construido por un artesano especializado 6

7 Ventajas esperadas de una arquitectura SOA
Revitalización de los procesos productivos Obtención de nuevo valor a través de la reutilización Mejora en la conectividad entre aplicaciones Mejora del alineamiento IT-Negocio Mayor flexibilidad en el negocio

8 Sin la gestión adecuada …
Esto podría convertirse… … en esto La promesa de SOA Un montón de servicios … los beneficios de SOA podrían desaparecer

9 Agenda 1 Introducción SOA 2 ¿Que significa Governance? 3
¿Es necesario SOA Governance? 4 SOA Governance: Definición y aplicación 5 SOA Governance and Management Method

10 ¿Qué es el Gobierno aplicado a las ciencias políticas?
“The use of institutions, structures of authority and even collaboration to allocate resources and coordinate or control activity in society or the economy. […] Governance […] conveys the administrative and process-oriented elements of governing rather than its antagonistic ones.” (Wikipedia) “Good, effective public governance helps to strengthen democracy and human rights, promote economic prosperity and social cohesion, reduce poverty, enhance environmental protection and the sustainable use of natural resources, and deepen confidence in government and public administration.” (OECD) Gobierno Político Principios y Valores Democracia, libertad, igualdad, redistribucion, propiedad privada (o ausencia de esta), … Pueden aparecer en una Constitución Leyes y regulaciones Anti corrupción, transparencia, delegación de responsabilidades, impuestos, etc. Controles para verificar el cumplimento de las leyes y regulaciones Auditores generales, Parlamento, parlamentos locales, ayuntamientos, etc. Se intenta preservar los intereses de los ciudadanos, votantes y los que pagan impuestos 10

11 ¿Qué significa el gobierno para una empresa?
Valores corporativos y objetivos Equidad en los acionistas, crecimiento, beneficio, contribución al progreso de la sociedad, dar alto valor a los clientes, asegurar el bienestar de los empleados, etc. Reglas y regulaciones que tratan sobre las conductas comerciales La estructura a través de la cual la compañía cumple sus objetivos Procedimientos para la toma de decisiones en asuntos de la compañía Controles Oversight and Controls to para monitorizar el cumplimiento de los objetivos Controles internos, auditorías internas, reguladores de los mercados (CNMV)Internal controls, External audits, … Corporate governance is the system by which business corporations are directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation […], and spells out the rules and procedures for making decisions on corporate affairs. It also provides the structure through which the company objectives are set, and the means of attaining those objectives and monitoring performance (OECD) Gobierno Empresarial Preservar los intereses de los accionistas, dueños y empleados 11

12 ¿Qué es el Gobierno en IT?
“IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives.” (IT Governance Institute) Objetivos IT alineados con la compañía with the enterprise Unir el los planes de negocio con los de IT Alinear las operaciones de IT con las de la compañía Estructura Organizacional y de procesos Delegación de la autoridad Circulación de la información Definición de valor Mecanismos de medida y de control Medida de valorControl de los procesosControl of processes Gobierno IT Mantener y extender las estrategias y objetivos de la organización empresarial 12

13 Agenda 1 Introducción SOA 2 ¿Que significa Governance? 3
¿Es necesario SOA Governance? 4 SOA Governance: Definición y aplicación 5 SOA Governance and Management Method

14 Importancia de SOA Governance. Scenario: paso 1
Servicio de conversión de moneda Departamento Contabilidad App. 1 App. 2 Important Points On This Slide: Scenario shows that SOA governance is just as much if not more an organizational issue (funding model, ownership, incentives to do the right thing, etc.) than a technical one. However, technical issues like enterprise wide design, proactive monitoring to understand scaling and timing still need to be addressed. This scenario discusses what happens when you don’t have SOA governance and describes the need for SOA governance in an SOA. Step 1. Say you are in the accounting department and you have two applications that require currency conversion and after just reading about web services, you feel like this would be a great candidate for a web service. So, you build your first web service – a currency conversion service. 1. Provee un servicio de cambio de moneda que ayuda a un departamento * Escenario de “Introduction to SOA Governance”, Bobby Woolf.

15 Importancia de SOA Governance. Scenario: paso 2
Order fulfillment Ventas Compras Legal Departamento Contabilidad App. 1 App. 2 Servicio de conversión de moneda Step 2. However, the good news travels fast and not only do a couple of your programs use it, but some of your coworkers in other departments hear about it and start invoking it from their programs. Before long, unbeknownst to you, programs in other departments in your company you've never even heard of are using it. 1. Provee un servicio de cambio de moneda que ayuda a un departamento 2. Otros deps comienzan a usar el servicio

16 Importancia de SOA Governance. Scenario: paso 3
Order fulfillment Ventas Compras Legal Departamento Contabilidad App. 1 App. 2 Servicio de conversión de moneda Step 3. The problem is that the applications in your department and apps from other departments start to use the service more and more. Because you originally just designed this service for just the load that your two applications would produce, the currency converter service is getting run to and above capacity 1. Provee un servicio de cambio de moneda que ayuda a un departamento 2. Otros deps comienzan a usar el servicio 3. Departamentos aumentan el uso de servicios / se impacta la calidad

17 Importancia de SOA Governance. Scenario: paso 3
Order fulfillment Ventas Compras Legal Departamento Contabilidad App. 1 App. 2 x Servicio de conversión de moneda Step 3a. As a result of the increased load placed on the service, the response times are becoming slow and some requests are even getting dropped 1. Provee un servicio de cambio de moneda que ayuda a un departamento 2. Otros deps comienzan a usar el servicio 3. Departamentos aumentan el uso de servicios / se impacta la calidad

18 Importancia de SOA Governance. Scenario: paso 4
Order fulfillment Ventas Compras Legal Departamento Contabilidad App. 1 App. 2 Servicio de conversión de moneda Step 4. So you persuade your manager to buy a more powerful machine to host your service. The manager isn't happy about spending money from his budget for yet another machine that you told him is doing something simple. He is also upset that other LoB’s are “free loading” off of his budget, but he decides to put on his good corporate citizen smile and fund the upgrade for additional instances of the service. 1. Provee un servicio de cambio de moneda que ayuda a un departamento 2. Otros deps comienzan a usar el servicio Departamentos aumentan el uso de servicios / se impacta la calidad 4. El servicio se arregla

19 Importancia de SOA Governance. Scenario: paso 5
Order fulfillment Ventas Compras Legal Departamento Contabilidad App. 1 App. 2 x Servicio de conversión de moneda Step 5. This seems to work well for awhile and all requests seem to be getting serviced in an agreeable way. However, the problem is that the number of requests start to once again grow, and the converter service starts to once again become inundated. The requests get to a point where the service starts to once again become overflooded causing dropped requests and slow response times. One weekend, the machine crashes, and you find out about it because someone from your company that you never heard of calls you at home, asking that you come into the office to get the converter running again. Later, your manager says he's received complaints from another department about your converter not updating to the current exchange rates in a timely enough manner. He wants you to fix it, but doesn't want you to take time away from your real work or burn any more of his budget. How'd you become responsible for all this? You just wanted to build a simple service? 1. Provee un servicio de cambio de moneda que ayuda a un departamento 2. Otros deps comienzan a usar el servicio Departamentos aumentan el uso de servicios / se impacta la calidad 4. El servicio se arregla 5. El problema reaparece

20 Importancia de SOA Governance. Scenario: paso 6
Order fulfillment Ventas Compras Legal Departamento Contabilidad App. 1 App. 2 x Servicio de conversión de moneda Step 6. Because there is no way for your manager to get recovery from the other LoB’s who are using the service, and he has to fund the whole thing, he decides that it just doesn’t make economical sense and pulls the plug on the service. As a result the consumers of this service now need to scramble to replace this functionality. They are left with broken applications How did all of this happen? Welcome to the world of SOA governance. Or in this case, the lack of any effective governance. The provider and consumer of this service became responsible for a lot more than they bargained for. How do you use services without having them spin out of control like this? This scenario was a result of a lack of: An ownership model that discusses who owns and is responsible for funding throughout the lifecycle of a service. Ideally the funding model will incent providers to produce high quality services and allow them to recover their costs for developing and maintaining services or even generate additional revenue for taking on these challenges. Guarantees (could be contractual) for the consumers that a service would operate as planned with consistent quality to incent them to accept the provider as a formidable dependency. Without such guarantees, consumers are potentially put in harm’s way by depending on distributed functionality that they have no control over. It also shows what happens when you do not take a holistic approach to designing services. You need to have an idea of the amount of load placed on a service and design to that load. Since the accounting dept in our scenario was assuming that they were the only ones to use it, there initial design was probably “good enough”. However, as soon as other consumers started to use it, this should have been a key 1. Provee un servicio de cambio de moneda que ayuda a un departamento 2. Otros deps comienzan a usar el servicio Departamentos aumentan el uso de servicios / se impacta la calidad 4. El servicio se arregla 5. El problema reaparece 6. Los costes de mantenimiento hacen que el servicio se interrumpa see Appendix B

21 ¿Qué es el Gobierno IT? ¿Qué es el Gobierno SOA?
Procesos Personas Tecnología Servicios Establecer los derechos de toma de decisiones asociadas con IT Establecer mecanismos y políticas para medir y controlar la forma en que se toman y se llevan a cabo las decisiones IT ¿Qué es el Gobierno SOA? El Modelo de Gobierno define ¿Qué es lo que hay que hacer? ¿Cómo hay que hacerlo? ¿Quién tiene autoridad para hacerlo? ¿Cómo se miden los resultados? Una extensión del gobierno IT cuyo foco está en el ciclo de vida de los servicios para asegurar el valor de negocio de SOA El Gobierno SOA es un catalizador para mejorar el Gobierno IT global

22 ¿Qué diferencia el Gobierno SOA?
Gestión integral de la infraestructura empresarial y no departamental Gestión estandarizada de todos los elementos IT que conforman nuestra empresa Colaboración real interdepartamental Financiación Dirección de proyectos Desarrollo de Servicios / Ciclo de vida

23 ¿Qué ofrece el Gobierno SOA?
Hace reales los beneficios de SOA Flexibilidad de los procesos de negocio Mejora el “time to market” Mitiga el riesgo y aumenta el control Manteniendo la calidad de servicio Asegurando la consistencia de servicios Aumenta la efectividad de los equipos Tomando las medidas adecuadas Comunicando claramente el negocio con IT

24 Agenda 1 Introducción SOA 2 ¿Que significa Governance? 3
¿Es necesario SOA Governance? 4 SOA Governance: Definición y aplicación 5 SOA Governance and Management Method

25 SOA Governance: Definición y Aplicación
Ciclo de vida de SOA Governance El proceso en el cual el SOA Governance es definido Ciclo de vida de SOA Service Los procesos Gobernados Los procesos en los cuales SOA Governance es aplicado The Governance Lifecycle (from the SGMM RMC plug-in): The Plan Phase. Good IT and SOA governance results in better alignment of the IT organization and the needs of the business. It is in the plan phase that the needs and priorities of the business are documented along with the role of the IT organization in meeting these needs. Also, the state and maturity of the current IT organization governance is assessed, and gaps are identified. From all this analysis, the governance vision and strategy -- as well as the roadmap and plan -- are documented. In the plan, the governance measures are put in place. These measures are used to assess how well the IT organization is aligned with the business and the business needs are met. In the define phase, the detailed governance plan is put in place for the current cycle. In particular, the processes to be governed are specified and prioritized, and the decision rights, policies, and measures for these processes are defined. In preparation for the next phase, detailed deployment plans are set. In some cases, these plans may include specifying or updating the structure and staffing of the SOA Governance Center of Excellence (CoE). The enable phase is when the defined solution is rolled out to the organization. In this phase, roles are assigned, staff are trained, the decision rights many be automated in workflow tools, and the metrics collection and report mechanisms are put in place. In the measure phase, the governance approach is executed and tuned. The governance metrics, those that that show alignment with the business, are gathered. These metrics are used in the next cycle to revise the governance approach. The SOA Lifecycle (from the SOA Foundation Whitepaper): The model phase includes the process of capturing your business design -- from an understanding of business requirements and objectives -- and translating that into a specification of business processes, goals, and assumptions, creating an encoded model of your business. The assemble phase concerns assembling the information system artifacts that will implement the business design. The enterprise architect -- working with the business analyst -- can begin to convert the business design into a set of business process definitions and activities, deriving the required services from the activity definitions. The deploy phase includes a combination of creating the hosting environment for service-based (composite) applications, and the actual deployment of those applications. This includes resolving the application's resource dependencies, operational conditions, capacity requirements, and integrity and access constraints. The manage phase addresses the maintenance of the operational environment, and the policies realized by the deployed SOA applications. This phase includes monitoring the performance of service requests and the timeliness of service responses, maintaining problem logs to detect failures in various system components, detecting and localizing those failures, routing work around them, recovering work affected by those failures, correcting problems, and restoring the operational state of the system. The manage phase also includes managing the business model, tuning the operational environment to meet updated business design.

26 Ciclo de vida de SOA Governance,donde Governance es definido
Determinar, definir, poner en funcionamiento, monitorizar y medir la solución de SOA Governance Cadenas de responsabilidad Medidas Políticas Mecanismos de control Comunicación Estándares Process a ser gobernados, artefactos y herramientas Proceso que seguimos The SOA Governance Lifecycle is the process in which we define the Governance solution. We use the wording “Define Governance” as a shortcut, meaning “Assess, define, rollout, monitor and measure the SOA Governance Solution, following a defined method”. The first list consist of the “elements” upon which the Governance solution is built. The second list explains how we identify those elements and we do with them. The process we follow for defining Governance is the IBM SOA Governance and Management Method (SGMM), the phases of which are shown in the picture. Determinar las necesides de estos en una organización Definirlos para que sean aceptados por todos Implementarlos y darles cuerpo con la ayuda de herramientas Medirlos mediante métricas que refuercen los objetivos iniciales

27 Ciclo de vida de SOA Service, donde el Governance es aplicado
Identificar, diseñar, implementar, probar, desplegar y gestionar la Solución SOA Procesos de negocio Servicios Componentes Información Interación y Colaboración Arquitectura Ejemplos de procesos que queremos gobernar The SOA Lifecycle is the set of processes in which we enforce the Governance solution. We use the wording “Enforce Governance” as a shortcut, meaning “Identify, design, implement, test, deploy and manage a SOA Solution following a set of well-governed processes”. The first list consist of the “elements” upon which the SOA solution is built. The second list gives an example of some of the processes that we could decide to govern. Their number and type depends on the scope of the governance solution. Definir el foco del servicio, dueños y presupuesto Identificar, especificar e implementar servicios Diseñar, ensamblar, probar y desplegar servicios Gestionar la calidad, niveles de servicio, cambios y seguridad de los servicios

28 Agenda 1 Introducción SOA 2 ¿Que significa Governance? 3
¿Es necesario SOA Governance? 4 SOA Governance: Definición y aplicación 5 SOA Governance and Management Method

29 IBM SOA Governance and Management Method
Establecer las necesidades de Gobierno Definir la aprox. Al Gobierno Método Método de Gobierno y Gestión SOA probado en múltiples clientes Guía detallada de procesos de Gobierno Framework y procesos para todo el ciclo de vida del Gobierno SOA La metodología ayuda a los clientes a establecer los Centros de Excelencia SOA Monitorizar y gestionar los procesos de Gobierno Implantación incremental del modelo de Gobierno Workproducts Valor para el Cliente Principios sobre Gobierno SOA e IT Procesos adaptados al cliente Organización del Centro de Excelencia Roles y responsabilidades Métricas definidas Plan de Transición de Gobierno SOA IBM provides a comprehensive set of Services offerings for SOA as described by our SOA Transformation Roadmap. These full-lifecycle offerings start with Business Enablement Services and continue through Design, Implementation and Management Services. During the Business Enablement phase we work with clients to assess their current level of SOA adoption and define a strategy and roadmap to achieve their desired level. We’ve learned through experience that putting the proper SOA skills and Governance in place at this stage prevents costly missteps in the future, and we have the capabilities to address those needs. Fundamentos para trasladar al negocio los beneficios de SOA Aprovechar las estructuras de Gobierno existentes Metodologías y herramientas basadas en las mejores prácticas y en los estándares del mercado IBM proporciona su experiencia y conocimiento obtenidos en múltiples proyectos con nuestros clientes Un catalizador para alinear las estrategias de negocio-IT

30 Estrategia Operaciones
¿Qué es SGMM? SOA Governance and Management Method es una aproximación de principio a fin para diseñar, implementar y mejorar Governance en SOA SGMM provee de una aproximación para la transformación del Governance, desde inicio a fin, despliegue y post-implementación a traves de mejoras continuas, incorporando los siguientes aspectos: Cambio organizacional Transformación IT Estrategia Operaciones Estrategia de Negocio El método es intencionalmente muy amplio, para grances cambios organizativos, pero es configurable y escalable para habilitar a IBM la personalización para cada necesidad de cada cliente, tanto para IT como para negocio. Incorporando e integrando aspectos como cambio organizacional, transformación de IT, etc. el método facilita la alineación de negocio e IT a traves de mecanismos de gobierno así como procesos

31 IBM SOA Governance and Management Method
Plan Define Enable Measure Project Start Up Refine SOA Principles and Standards Create SOA Governance Framework Execute Enablement Execute Measurement SOA Business Discovery SOA Center of Excellence Define Development and Operational Aspects Determine IT Environment Readiness Governance Tools and Infrastructure Create SOA Governance Plans Exit Review

32 Los procesos a ser governados
Service Planning Service Modeling Service Implementation Service Management Define Service Focus Process Identify Services Process Design Services Process Manage Quality of Service Process Identify Service Owners Process Specify Services Process Assemble Services Process Manage Service Levels Process Define Service Funding Process Realize Services Process Test Services Process Manage Service Change Process The Diagram below presents the 14 SOA Processes “to be governed”. These processes have been identified as those processes that are most significantly impacted/altered by the adoption of an SOA. Each of the 14 SOA Affected Processes are associated with 4 distinct categories Service Planning – more business and strategy aligned. Service Modeling – these represent the SOMA related processes associated with “Macro Design” Service Implementation – these processes model the Micro Design, Coding, Testing and Deployment aspects of a service. Service Management – these processes model the run time and monitoring aspects of the Services environment. These processes are based on the ITIL (IT Infrastructure Library) framework A brief description of each process follows: Define Service Focus This process models the desired degree of service orientation and compliance to it. Identify Service Owners This process identifies service domains and service owners and establishes governance for ownership. Define Service Funding This process establishes the rules for service funding for new and enhanced services and how this is governed. Identify Services Governance for this process models how services are identified and ensures compliance with business needs and principles and that technical components have been specified. Specify Services Governance of service specification ensures that services adhere to architectural principles, non functional requirements, standards and service deployment requirements. Make Service Realization Decisions Governance deals with ensuring that services have been assigned to appropriate component containers for realization of functionality and that required prototypes have been completed. Design Services Governance of service design addresses the design time considerations that are bounded by the stated SOA principles and guidelines. Compliance processes must be implemented to monitor the creation, maintenance and adherence to the modeled SOA design process Assemble Services Service assembly allows developers to create new services that follow predefined rules and processes to ensure that the services being assembled will be in compliance with stated SOA standards. Test Services Services must be tested at multiple levels to ensure they meet the stated functional and non functional objectives and comply with the service contract criteria. Deploy Services Governance of the service deployment process includes the registration of the service and ongoing measurement; to include the physical location of the service, information about the service’s provider, its owner, usage terms and conditions, technical constraints, security requirements, service levels, and versioning. Manage Quality of Service This process is used to govern the delivered quality of service on an ongoing basis. Manage Services Levels This process manages the day to day service operations and the ability to meet IT and business needs. Manage Services Change This process monitors the adherence to polices and standards associated with the implementation of new or modified services. Manage Service Security This process covers the lifecycle of security concerns, including planning, operational measures, evaluation and audit. Deploy Services Process Manage Service Security Process