Executive Summary

SOA projects have to normally justify themselves through quantifiable results, one at a time, to get wider internal adoption. SOA Governance could help realize the ROI by defining reliable, quantifiable results for SOA implementations through a regular collection of metrics and mandating changes to improvise implementation. This document describes SOA Governance and the typical stages through which such Governance could be implemented. It briefly discusses the types of Governance and typical Governing bodies that could be formed to deliver a successful SOA project.


SOA or Service Oriented Architecture is:

An approach to implement business processes as a set of predefined services. In a service-oriented approach, a “service” is the smallest building block, which encapsulates the implementation logic and can be executed repeatedly in a given process or across processes.

Typically, a service repository contains the portfolio of services in an organization. The value of SOA is realized through its powerful framework of services built using open standards to promote reuse.

The ROI realized through SOA is a much-debated topic today. Considering the effort it takes to build a SOA, in-terms of the people, training, tools, processes and internal discipline, benefits of reuse would need to be realized early on, to gain confidence. Carefully planned governance could be a critical catalyst in realizing ROI for a SOA project.

Governance is:

  • To define/implement/monitor policies, principles, standards, procedures & processes that enable organizations to direct & conduct business, and enable people in their roles.
  • To establish a chain of responsibilities, decision-making rights & authority, communication & escalation channels that empower people (decision makers).

Governance is a tool that defines organizational roles and empowers individuals conducting these roles. Various technical tools available in the market today help automate a certain aspect of the governance process; however, as would be expected, Governance does involve considerable human intervention.

IT Governance refers to a subset of the organization’s governance that deals with the management and control of its IT systems, processes, people, IT assets, infrastructure and the way IT processes support a business goal. IT governance forms a significant part of the Enterprise governance – considering the horizontal IT spread in any organization.

SOA Governance is an extension of IT governance, which focuses primarily on the lifecycle of services, metadata and composite applications in a typical SOA initiative.

As a specialization of IT governance, SOA governance suggests how an IT governance’s decision rights, policies, procedures and measures need to be modified and augmented for successful SOA adoption.

SOA Life Cycle & Processes

A typical five-stage SOA lifecycle is as shown below:

Identify phase involves gathering business requirements & objectives, identifying the independent business processes in design, which will be translated to achieve the business goal – mapping the requirement to the design and breaking the design down into business processes.

Create phase concerns the creation of the identified business processes or realigning them (through addition/modification/integration) to the business goal.

Test phase addresses the conformance to requirements. Each developed process / service gets evaluated against pre-defined criteria for conformance.

Integrate suggests creating a host environment for composite (service-oriented) applications and their testing. This includes evaluating capacity planning, operational efficiency & performance, integrity, security and other dependencies.

Manage & Improve phase involves the actual deployment and maintenance of the operational system. This includes performance monitoring, service response time, problem log & fix, among others to get the service operational. This would also involve tuning the services to achieve an updated business design.

SOA Governance

As SOA crosses lines of business and IT, there is a greater need for effective SOA governance to ensure success in-terms of ROI. In the initial SOA wave, governance was thought to be a ‘niceto-have’ discipline but with growing maturity and complexity, SOA projects mandate a well-defined SOA governance body.

Quality of project execution & ROI is a mirror reflection of any governance and so it is for SOA

Symptoms of poor SOA governance:

  • Less or no planning and coordination hurdles in project execution
  • Redundant services
  • No metrics to track success
  • Poor non-functional capabilities (security, logging, reliability, transactions, auditing, filtering etc.)
  • Runtime service management issues like performance, scalability, availability etc.
  • Problem in isolating production issues.
  • Change & release management issues.
  • Increased complexity.
  • Blame game among vendors.
  • Poor quality end use experience.

Symptoms of good SOA governance:

  • Well-defined project execution with quantifiable ROI.
  • Sharing and reusable services
  • Less point-to-point connections
  • Secure, reliable and highly available systems
  • Able to recognize potential problems and fix them before impacting business
  • Swift transition & enhancements
  • Growing ROI
  • Accountable team
  • Delighted end user

A typical SOA governance team would need to:

  • Understand the current IT governance, which includes all the business line procedures, policies, principles, measures, decision roles and cultures.
  • Identify the processes/applications that can be reused and the overall impact of SOA adoption.
  • Select the best practices for existing business models.
  • Create a prioritized SOA adoption plan
  • Involve all stakeholders for communication & suggestions.
  • Review and control the transition plan during the course
  • Implement the agreed plan
  • Continuously measure the implemented model and log performance & issues
  • Consider future regulatory needs

Implementing SOA Governance

SOA projects typically require higher governance owing to hidden dependencies & less available standardization. We believe that SOA Governance must be diligently implemented and treated as a full-fledged project, rather than as an overhead.

Hence, we recommend that SOA governance principles be applied in a similar fashion to the 5 stage lifecycle as described in the ‘SOA lifecycle & processes section’ above:

1) Identify

  • Document the SOA benefits & prepare a business case to get an internal buy-in.
  • Access current IT systems to measure the reusability and feasibility for SOA adoption.
  • Evaluate your enterprise goal with SOA adoption to align it for current & future needs.
  • Gather business strategy for SOA adoption i.e. participation plan, funding & compliance necessities.

2) Create

  • Formulate a SOA strategy i.e. document the critical roles, responsibilities & engagement model.
  • Understand the current governance structure and document the proposed structure for SOA adoption.
  • Review the proposed SOA governance plan.
  • Layout the new policies & structures.
  • Identify new/modify authority roles & responsibilities.
  • Highlight success factors and metrics.
  • Identify funding model & owners.
  • Define a SOA centre of excellence.
  • Identify & approve the required SOA infrastructure during course.

3) Test

  • Review the plan and start a vendor engagement.
  • Implement the approved governance model & infrastructure.
  • Educate and assign the identified roles and responsibilities.
  • Deploy policies.
  • Identify any additional process/training required.
  • Align new roles with vendor and its engagement model.

4) Integrate

  • Kick-off the SOA planned initiative
  • Monitor the project progress.
  • Organize meetings and report metrics.

5) Measure & Control

  • Measure the governance stated compliance.
  • Measure and review the effectiveness / metrics.
  • Review and suggest improvements.
  • Alter or define new policies & roles.
  • Measure and report ROI & lessons learnt.

Types of SOA Governance implementations

SOA governance can be logically divided into design time and runtime governance.

1) Design Time SOA Governance:

Design time SOA governance addresses the concerns of policy management, information management, lifecycle management and quality management for services.

2) Run Time SOA Governance:

Run time SOA governance relates to contract management, service administration, service monitoring, and service mediation.

In practice, design and run time governance overlap in several places. Following are the specific areas to be addressed during governance:

Design Time SOA Governance:

  1. Service registration
  2. Service versioning
  3. Service ownership
  4. Service funding
  5. Service monitoring
  6. Service auditing
  7. Service diagnostics
  8. Service modeling
  9. Service identification
  10. Service publishing
  11. Service discovery
  12. Service development
  13. Service consumption
  14. Service provisioning
  15. Service access
  16. Service binding to form a composite application

Runtime SOA governance:

  1. Service maturity
  2. Capacity planning
  3. Performance & problem logs
  4. Education & training
  5. Organizational changes.
  6. Service policy enforcement.

THBS recommendations

We recommend the following teams to form a governing body for a typical SOA initiative across design time and run time:

1) SOA Centre of Excellence (COE)

SOA COE will be responsible to align the different teams involved, with the enterprise SOA goal. The COE will research and recommend the industry best practices, procedures & policies. COE will also play an important role in identifying, understanding & deciding a SOA solution or product or technology for a SOA project. It will create and gain agreement for a framework for estimating SOA benefits and for tracking achievements, manage the community of interest and act as an SOA mentor for the organization.

2) SOA Infrastructure Team

The SOA infrastructure team will be responsible to ensure the availability of the required infrastructure for development, testing & production environments. Infrastructure team will also participate in post implementations activities for monitoring and improvements.

3) Service Portfolio Management Team

SPM will assist COE in service categorization and management. SPM will align services as per their priority, line of business & service behavior. SPM team will also identify the policy enforcement for each service or group of services.

4) Service Life Cycle Management Team

SLCM team will define the procedure and compliance requirements for a service life cycle. SLCM will suggest the contract & quality management rules for each service. SLCM team will assist COE for the required procedure for a service retirement and new service version release.

5) SOA IT-Executive Team

SOA IT-Executive team should be a mixture of IT & business executives. This team will be responsible to ensure that the technical implementation and artifacts conform to the business requirements through rigorous quality assurance and validation. SOA IT-Executive team will ensure business interacts closely with the development & testing teams and will apprise the SOA Funding Team of project progress and status.

6) SOA Funding Team

The SOA funding team will keep an eye on ROI and examine frequently the project progress. This team will examine and recommend the project status and suggest the financial gains or losses. SOA funding team will plan the funding proposals i.e. when and where a central funding is required compare to separate department funding for their exclusive services.

7) SOA Service Factory

SOA service factory refers to the service development & testing team including onshore and offshore resources. This team will be responsible to understand the business requirements and provision the required services. SOA Service Factory team will closely interact with other teams to understand the business needs & provide end-to-end application (services) management.

SOA governance does not consist of a set of rigid bureaucratic policies and procedures. It involves regular collection of metrics and mandating changes to improvise the implementation. Policies would change as per business and enterprise needs. Consistent waivers are regularly identified and examined.

An example RACI matrix is as below (which of course would differ from enterprise to enterprise):

SOA Service Life Cycle Management

SOA service life cycle management is an integral part of any SOA governance.

SOA service life cycle management addresses the processes, procedures, patterns, tools, best practices, configuration management & repositories involved. The diagram below provides an overview of the repositories in a typical SOA project:

Service Life Cycle Management consists of an array of topics that would need to be dealt with individually and is outside the scope of this document.

Torry Harris SOA engagement