Brownfield-friendly SOA Governance

Original publication date: Nov 07, 2007

The time is now!

The real life usage of such governance solutions is evolving even compared to the last year. Until recently most companies that introduced SOA Governance did so in some form of pilot project, which usually represented a "greenfield" environment: service consumers, composite applications and often the services themselves were being developed at the same time. So the key factors on which SOA Governance solutions were evaluated were centered around their design- and run-time capabilities and operational characteristics but did not include the "brownfield" environment friendliness factor. Consequently SOA Governance vendors had little incentive to invest in those capabilities of their products. But all of this is about to change, and the ability to support effective and painless introduction into existing IT environments will soon become one of the key differentiators in the SOA Governance marketplace. We have experienced this first hand during a recent implementation of Sun Service Governance Framework (SGF) at a large European media company, during which it turned out that the majority of issues with development, implementation and rollout of the governance solution were directly related to the "brownfield" category. Specifically they included:

1. The need to reconcile and integrate Service Governance with the SDLC used by the client’s IT organization.
2. Ability to support service governance across multiple development, testing, staging and production environments.
3. The need to provide support for “uncooperative” clients – the ones which are impossible or not feasible to change to accommodate governance-related service changes.
4. The need to quickly and efficiently bring large numbers of existing services under the control of the Governance Solution.
5. The need to support safe and effective sharing and migration of governance data between multiple environments.

It was estimated that without the above capabilities, the total effort required to introduce the Governance solution into the IT SOA landscape would exceed half of a man-year.

State of the union

I have not seen any full-spectrum SOA Governance products or technologies that provide noteworthy "brownfield" environment friendly capabilities described above. There are number of design-time only governance products (Registries) that provide federation capabilities which could be utilized to support some form of migration and reconciliation of governance data across multiple environments. There are also some run-time only governance products which allow import and export of governance data and can be used to ease some of the pains of reconciling Governance with the SDLC. But that’s about it! Existing governance methods and solutions are focused on governing services in the context of established SOA environment complete with underlying governance infrastructure. Let me bring an example: WebMethods in their definitive whitepaper on the subject write: "Ensure that governance capability-related milestones are synchronized with SOA adoption milestones so that you do not end up trying to retro-fit governance after the fact" and "the right time for governance is before you put any services into place" - great advice if you only deal with clients that have never played with SOA before! This situation is most representative for "greenfield" environment and is highly atypical for real-life enterprise IT. This static nature of service governance can become a significant barrier for its introduction (and consequently the success of SOA overall) in "brownfield" environments with its existing sets of services, legacy consumers, third-party composite applications and established software development processes and practices.

The Answer

When we first recognized this problem (and the shortcomings of our own governance solution) we set out to define the list of capabilities and enhancements to SGF that would solve the challenge of [near] painless introduction of SOA Governance into existing SOA-based IT environments. This is what we end up with:

1. Staging-aware SOA Governance which aims to resolve the disconnect between the fact that governance is essentially an oversight activity and thus should happen in (or at least as close as possible to) production with the need to put governance artifacts through the same QA processes as the rest of the IT assets.
2. SDLC support in Governance which addresses the fact that transition from so called monolithic or siloed applications to SOA has in fact, from the SDLC point of view, made the entire IT environment even more monolithic than it was before that transition. In the past at least these applications were independent form one another and could have been taken through SDLC phases one-at-a-time. As companies embrace SOA they are facing potentially infinitely connected mesh of services, consumers and composite applications and the only guaranteed safe option becomes to take through SDLC the entire snapshot of enterprise IT, making it more difficult and costly then ever to introduce new changes required by the business. Extending Governance solution with SDLC capabilities makes it possible to take individual services, consumers and entire composite applications through the lifecycle stages as required by the IT practices and procedures.
3. Transparent Governance Mode which resolves the tension between the need for a Governance platform to transform services and the need to support legacy clients that can not (easily) change to accommodate governance-related changes to service interfaces. For example declaring that a certain service has to be authenticated with WS-Security requires changing the WSDL to reflect the fact that it now needs wsse-compliant header.
4. Bulk operations which would allow to quickly and consistently bring under the umbrella of governance groups of existing services, spread throughout the Enterprise.

I believe that brownfield-friendliness will be a decisive differentiator amongst the SOA Governance products in the coming year so I am planning to talk about each of these capabilities in more detail in future posts.