Address the #1 Success Factor in SOA Implementations: Effective, Business-Driven Governance Inadequate governance might be the most widespread root cause of SOA failure. In SOA Governance, a team of IBM's leading SOA governance experts share hard-won best practices for governing IT in any service-oriented environment. The authors begin by introducing a comprehensive SOA governance model that has worked in the field. They define what must be governed, identify key stakeholders, and review the relationship of SOA governance to existing governance bodies as well as governance frameworks like COBIT. Next, they walk you through SOA governance assessment and planning, identifying and fixing gaps, setting goals and objectives, and establishing workable roadmaps and governance deliverables. Finally, the authors detail the build-out of the SOA governance model with a case study. The authors illuminate the unique issues associated with applying IT governance to a services model, including the challenges of compliance auditing when service behavior is inherently unpredictable. They also show why services governance requires a more organizational, business-centric focus than "conventional" IT governance. Coverage includes *Understanding the problems SOA governance needs to solve*Establishing and governing service production lines that automate SOA development activities*Identifying reusable elements of your existing IT governance model and prioritizing improvements *Establishing SOA authority chains, roles, responsibilities, policies, standards, mechanisms, procedures, and metrics *Implementing service versioning and granularity *Refining SOA governance frameworks to maintain their vitality as business and IT strategies change Introduction: A Services Approach 1 Benefits of SOA 2 What Goes Right? 4 What Goes Wrong? 6 Conclusion 9 Chapter 1: Introduction to Governance 11 Defining Governance 12 Corporate Governance 14 EnterpriseGovernance 15 IT Governance 15 SOA Governance 16 SOA Governance Paradigm 18 IT Governance Reference Sources 22 ITIL--Information Technology Information Library 23 IT Governance Institute ' (ITGI) version 4.1 of Control Objectives for Information and Related Technology (COBIT) 24 The SOA Governance and Management Model 25 SOA Vision 26 Governance Processes 27 Processes to be Governed and ESB Services Processes 30 Governance Mechanisms 33 Principles, Policies, Standards, and Procedures 33 Monitors and Metrics 34 Skills 35 Organizational Change Management 35 Infrastructure and Tools 35 Case Study Background 36 Company Background 36 Business Goals 38 Conclusion 40 Chapter 2: SOA Governance Assessment and Planning 41 Setting the Vision 42 What Distinguishes the SOA Winners? 43 Antipatterns: Common SOA Pitfalls 46 SOA Governance Capabilities 50 Plan & Organize 50 Program Management Controls 53 Service Development Lifecycle 54 Service Operations 56 Understanding the Patient's History 57 Understanding the Patient's Symptoms and Diagnosing the Root Causes 60 Program Management Controls 64 Service Development Lifecycle 66 Service Operations 67 Determine the Patient's Ability to Accept the Treatment Needed to Effect a Cure 68 Organization Type 69 Suitability Considerations 70 Determining the Governance Priorities and Near-Term Goals 73 Case Study 84 SOA Planning Assessment 84 Conclusion 88 Chapter 3: Building the Service Factory 89 How to Succeed with SOA 90 A Divide-and-Conquer Approach to Managing Complexity 91 The Case for Creating a Service Factory 94 Populating the Service Factory: Roles and Responsibilities 97 The SOA "Plan & Organize" Domain 114 SOA Plan & Organize Domain Work-Product Definitions 121 The SOA Program Management Controls Domain 146 Program Management Controls Domain Work Product Definitions 152 Case Study 161 Service Transformation Planning 161 Conclusion 163 Chapter 4: Governing the Service Factory 165 Essential Competencies for Succeeding with SOA 166 Effective Requirements Collection 166 Competency in Service Design 167 Competency in Service Development 167 Competency in Service Testing and Deployment 168 Competency in Operational Management and Monitoring of Services 168 Service Development Lifecycle Control Points 168 Business Requirements and Service Identification Control Point 172 Solution Architecture Control Point 173 Service Specification Control Point 174 Service Design Control Point 174 Service Vitality Control Point 177 The Service Development Domain 178 Key Capabilities Needed to Govern Service Development 179 Service Development Domain Work Product Definitions 183 The Service Operations Domain 201 Key SOA Governance Tasks Involved in Operating Services 201 Service Operations Domain Work Product Definitions 203 Case Study 209 Service Development Lifecycle Controls 209 Control Gates for Ideation 210 Conclusion 217 Chapter 5: Implementing the SOA Governance Model 219 A Model for SOA Governance 220 SOA Governance Staffing 221 SOA Governance Implementation Timeline 223 The Plan Phase 223 Activity 1.1 : Project Startup 224 Activity 1.2: SOA Business Discovery 227 Activity 1.3: Determine IT Governance Environment Readiness 229 Activity 1.4: Define Scope of SOA Governance and Management Model 231 The Define Phase 235 Activity 2.1: Refine SOA Principles 236 Activity 2.2: Modify the Existing Governance Organizational Model and Create the SOA CoE 237 Activity 2.3 Define or Modify Governance Processes 240 Activity 2.4: Define Processes to Be Governed and Close SOA Governance Capability Gaps 242 Activity 2.5: Define SOA Governance Infrastructure and Tools 245 Activity 2.6: Create SOA Governance Plans 247 Enable Phase 249 Task 3.1: Execute Enable 250 Measure Phase 256 Activity 4.1 : Execute Measurement 257 Case Study 260 Service Processes, Organizations, Roles, and Responsibilities 260 Service Ownership and Funding 263 Conclusion 264 Chapter 6: Managing the Service Lifecycle 265 Preparing for the Requirements Capture and Service Identification Control Point 267 Capturing Requirements "Top Down" 267 Capturing Business Requirements "Bottom Up" 270 Service Identification 271 Preparing for the Solution Architecture Control Point 277 Preparing for the Service Specification Control Point 278 Preparing for the Service Design Control Point 279 Preparing for the Service Realization Control Point 281 Preparing for the Service Testing Control Point 282 Preparing for the Service Certification and Deployment Control Point 283 Preparing for the Service Vitality Control Point 285 Service and Process Lifecycles: Overview 285 Regulating Service Granularity 287 Step 1. Are the Candidate Operations Tasks or Services? 288 Step 2. Can the Candidate Operations Be Automated? 294 Step 3. Are the Candidate Operations Really Reusable? 295 Step 4. Are the Scopes of Each Candidate Operation Realistic? 297 Step 5. Does Each Candidate Operation Have Visible Business Value? 299 Notes on Granularity of Data-Related Services 299 Managing Service Versioning 301 Designing Future-Proof Services 302 Communicating with Service Consumers 303 Case Study 304 Service Certification 304 Conclusion 307 Chapter 7: Governance Vitality 309 Goals and Measurements 310 Governance Reporting 318 Feedback for Continuous Improvement 321 Case Study 325 Service Governance Vitality 325 Case Study Conclusion 328 Conclusion 328 Chapter 8: SOA Governance Case Study 329 Introduction: Case Study Background 330 SOA Governance Assessment and Planning 333 SOA Planning Assessment 334 Building the Service Factory 337 Service Transformation Planning 337 Governing the Service Factory 340 Service Development Lifecycle Controls 340 Control Gates for Ideation 341 Implementing the SOA Governance Model 348 Service Processes, Organizations, Roles, and Responsibilities 349 Service Ownership and Funding 351 Managing the Service Lifecycle 353 Service Certification 353 Governance Vitality 356 Service Governance Vitality 357 Conclusion 360 Appendix A: Glossary 361 Appendix B: References 371 Index 373

Table of Contents

Introduction: A Services Approach 1 Benefits of SOA 2 What Goes Right? 4 What Goes Wrong? 6 Conclusion 9 Chapter 1: Introduction to Governance 11 Defining Governance 12 Corporate Governance 14 EnterpriseGovernance 15 IT Governance 15 SOA Governance 16 SOA Governance Paradigm 18 IT Governance Reference Sources 22 ITIL--Information Technology Information Library 23 IT Governance Institute ' (ITGI) version 4.1 of Control Objectives for Information and Related Technology (COBIT) 24 The SOA Governance and Management Model 25 SOA Vision 26 Governance Processes 27 Processes to be Governed and ESB Services Processes 30 Governance Mechanisms 33 Principles, Policies, Standards, and Procedures 33 Monitors and Metrics 34 Skills 35 Organizational Change Management 35 Infrastructure and Tools 35 Case Study Background 36 Company Background 36 Business Goals 38 Conclusion 40 Chapter 2: SOA Governance Assessment and Planning 41 Setting the Vision 42 What Distinguishes the SOA Winners? 43 Antipatterns: Common SOA Pitfalls 46 SOA Governance Capabilities 50 Plan & Organize 50 Program Management Controls 53 Service Development Lifecycle 54 Service Operations 56 Understanding the Patient's History 57 Understanding the Patient's Symptoms and Diagnosing the Root Causes 60 Program Management Controls 64 Service Development Lifecycle 66 Service Operations 67 Determine the Patient's Ability to Accept the Treatment Needed to Effect a Cure 68 Organization Type 69 Suitability Considerations 70 Determining the Governance Priorities and Near-Term Goals 73 Case Study 84 SOA Planning Assessment 84 Conclusion 88 Chapter 3: Building the Service Factory 89 How to Succeed with SOA 90 A Divide-and-Conquer Approach to Managing Complexity 91 The Case for Creating a Service Factory 94 Populating the Service Factory: Roles and Responsibilities 97 The SOA "Plan & Organize" Domain 114 SOA Plan & Organize Domain Work-Product Definitions 121 The SOA Program Management Controls Domain 146 Program Management Controls Domain Work Product Definitions 152 Case Study 161 Service Transformation Planning 161 Conclusion 163 Chapter 4: Governing the Service Factory 165 Essential Competencies for Succeeding with SOA 166 Effective Requirements Collection 166 Competency in Service Design 167 Competency in Service Development 167 Competency in Service Testing and Deployment 168 Competency in Operational Management and Monitoring of Services 168 Service Development Lifecycle Control Points 168 Business Requirements and Service Identification Control Point 172 Solution Architecture Control Point 173 Service Specification Control Point 174 Service Design Control Point 174 Service Vitality Control Point 177 The Service Development Domain 178 Key Capabilities Needed to Govern Service Development 179 Service Development Domain Work Product Definitions 183 The Service Operations Domain 201 Key SOA Governance Tasks Involved in Operating Services 201 Service Operations Domain Work Product Definitions 203 Case Study 209 Service Development Lifecycle Controls 209 Control Gates for Ideation 210 Conclusion 217 Chapter 5: Implementing the SOA Governance Model 219 A Model for SOA Governance 220 SOA Governance Staffing 221 SOA Governance Implementation Timeline 223 The Plan Phase 223 Activity 1.1: Project Startup 224 Activity 1.2: SOA Business Discovery 227 Activity 1.3: Determine IT Governance Environment Readiness 229 Activity 1.4: Define Scope of SOA Governance and Management Model 231 The Define Phase 235 Activity 2.1: Refine SOA Principles 236 Activity 2.2: Modify the Existing Governance Organizational Model and Create the SOA CoE 237 Activity 2.3 Define or Modify Governance Processes 240 Activity 2.4: Define Processes to Be Governed and Close SOA Governance Capability Gaps 242 Activity 2.5: Define SOA Governance Infrastructure and Tools 245 Activity 2.6: Create SOA Governance Plans 247 Enable Phase 249 Task 3.1: Execute Enable 250 Measure Phase 256 Activity 4.1: Execute Measurement 257 Case Study 260 Service Processes, Organizations, Roles, and Responsibilities 260 Service Ownership and Funding 263 Conclusion 264 Chapter 6: Managing the Service Lifecycle 265 Preparing for the Requirements Capture and Service Identification Control Point 267 Capturing Requirements "Top Down" 267 Capturing Business Requirements "Bottom Up" 270 Service Identification 271 Preparing for the Solution Architecture Control Point 277 Preparing for the Service Specification Control Point 278 Preparing for the Service Design Control Point 279 Preparing for the Service Realization Control Point 281 Preparing for the Service Testing Control Point 282 Preparing for the Service Certification and Deployment Control Point 283 Preparing for the Service Vitality Control Point 285 Service and Process Lifecycles: Overview 285 Regulating Service Granularity 287 Step 1. Are the Candidate Operations Tasks or Services? 288 Step 2. Can the Candidate Operations Be Automated? 294 Step 3. Are the Candidate Operations Really Reusable? 295 Step 4. Are the Scopes of Each Candidate Operation Realistic? 297 Step 5. Does Each Candidate Operation Have Visible Business Value? 299 Notes on Granularity of Data-Related Services 299 Managing Service Versioning 301 Designing Future-Proof Services 302 Communicating with Service Consumers 303 Case Study 304 Service Certification 304 Conclusion 307 Chapter 7: Governance Vitality 309 Goals and Measurements 310 Governance Reporting 318 Feedback for Continuous Improvement 321 Case Study 325 Service Governance Vitality 325 Case Study Conclusion 328 Conclusion 328 Chapter 8: SOA Governance Case Study 329 Introduction: Case Study Background 330 SOA Governance Assessment and Planning 333 SOA Planning Assessment 334 Building the Service Factory 337 Service Transformation Planning 337 Governing the Service Factory 340 Service Development Lifecycle Controls 340 Control Gates for Ideation 341 Implementing the SOA Governance Model 348 Service Processes, Organizations, Roles, and Responsibilities 349 Service Ownership and Funding 351 Managing the Service Lifecycle 353 Service Certification 353 Governance Vitality 356 Service Governance Vitality 357 Conclusion 360 Appendix A: Glossary 361 Appendix B: References 371 Index 373

Author Biography

William A. Brown (Raleigh, NC) is a Master Certified Executive Architect with IBM Global Business Services Enterprise Architecture and Technology Center of Excellence and the SOA Center of Excellence. Clive Gee (UK), Senior Solution Architect at IBM Enterprise Integration Services group, has designed and deployed solutions involving technologies such as XML, XSLT, SMS, Web Services, and SOA. Bob Laird (UK) is responsible for supporting and leading SOA governance and architecture engagements for worldwide IBM customers. Tilak Mitra (Coconut Creek, FL) is a Senior IT Architect Certified Executive I/T Architect with IBM Global Business Services in the Enterprise Application Development group.