View
870
Download
1
Category
Tags:
Preview:
DESCRIPTION
Citation preview
Iowa Department ofAdministrative Services
IT Enterprise Service-OrientedArchitecture
SOA Governance Model Version 0.9
This document was prepared by Integrated Software Specialists, Inc. (“ISS”) and is to be considered confidential and proprietary to ISS and Iowa Department of Administrative Services.
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
Document Control
DOCUMENT INFORMATION
©
InformationDocument IdDocument Owner Janice HillIssue Date 6/5/2006Last Saved Date 7/3/2006 09:29:00 PMFile Name document.doc
DOCUMENT HISTORY
Version Issue Date Changes0.11 6/5/2006 Initial Draft0.2 6/26/2006 Editorial Review0.3 6/27/2006 ISS Quality Assurance Review0.9 6/30/06 Editorial Review Completed
DOCUMENT APPROVALS
Role Name Signature DateProject Sponsor
Project Review Group
Project Manager
ISS Project Manager
ISS Quality Assurance
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 2 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
Table of Contents
1 INTRODUCTION..........................................................................................................................4
1.1 Purpose........................................................................................................................................4
1.2 Scope...........................................................................................................................................4
1.3 Definitions, Acronyms and Abbreviations.................................................................................4
1.4 References...................................................................................................................................4
2 SOA GOVERNANCE MODEL OVERVIEW............................................................................5
3 ORGANIZATIONAL STRUCTURE..........................................................................................6
3.1 Statewide Governance Organization...........................................................................................6
3.2 Agency Governance Organization..............................................................................................9
3.3 Project Team Organization.......................................................................................................11
3.4 Key Roles and Responsibilities................................................................................................12
4 GOVERNANCE PROCESSES...................................................................................................13
4.1 Overview of processes..............................................................................................................13
4.2 SOA Program Management Processes.....................................................................................13
4.2.1 Statewide SOA Program Management................................................................................13
4.2.2 Agency SOA Program Management....................................................................................13
4.3 Architecture management processes.........................................................................................14
4.4 Service Life-cycle processes.....................................................................................................14
5 POLICIES.....................................................................................................................................16
5.1 SOA Polices..............................................................................................................................16
5.2 Policy Enforcement Model.......................................................................................................17
6 METRICS FOR SOA...................................................................................................................18
7 INFORMATION TECHNOLOGY............................................................................................19
8 GOVERNANCE MODEL ADOPTION....................................................................................20
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 3 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
1 INTRODUCTION
1.1 PURPOSE
This purpose of this document is to outline the draft EBSOA Governance Model.
1.2 SCOPE
This document covers the initial SOA Governance recommendations for the EBSOA initiative. It is meant to be a living document that may be refined as the State of Iowa’s Executive Branch SOA initiative evolves.
1.3 DEFINITIONS, ACRONYMS AND ABBREVIATIONS
SOA: Service-Oriented Architecture
ESB: Enterprise Service Bus
WS-I: An open industry organization chartered to promote Web Services interoperability across platforms, operating systems, and programming languages.
1.4 REFERENCES
None
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 4 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
2 SOA GOVERNANCE MODEL OVERVIEW
The State of Iowa SOA Governance Model supports the business and technical requirements of the SOA initiative and the portfolio of services that will operate in the SOA over time. The Governance Model includes the following elements:
Organization
Processes
Polices
Metrics
The State of Iowa technical environment must enable governance as defined in the SOA governance model. This includes infrastructure and architecture components that enable governance.
The State of Iowa SOA Governance Model allows for a federated organization, with a combination of agency-based and centralized IT groups using a shared infrastructure supporting the needs of the State. As outlined in Figure 1, a centralized team will provide statewide oversight, service portfolio management, and set some SOA related standards. Setting the technical direction and standards will be shared between the state and the agencies. Finally, each agency will be responsible for setting its own SOA strategy and monitoring adherence to statewide and agency standards.
Figure 1-1. Governance in a Federated Organization.
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 5 OF 20
Centralized State-wide Governance
Review and GovernanceShared between State and Agency
Federated - Agency Governance
•SOA Strategic Planning
•Technical Strategies
•SOA Standards and Patterns
•SOA Portfolio
•Technology Apps and Infrastructure
•Design Patterns
•Semantic and Syntax standards
•Oversight and Service Portfolio
•Semantic and Syntactic Standards
•Sponsor SOA Enablement Infrastructure
•Agency SOA Strategy – What Services, How developed and operated
•Define/Manage Service Portfolio
•Sponsor SOA Pilots
•Monitor and govern adherence to State-wide standards and use of infrastructure
Centralized State-wide Governance
Review and GovernanceShared between State and Agency
Federated - Agency Governance
•SOA Strategic Planning
•Technical Strategies
•SOA Standards and Patterns
•SOA Portfolio
•Technology Apps and Infrastructure
•Design Patterns
•Semantic and Syntax standards
•Oversight and Service Portfolio
•Semantic and Syntactic Standards
•Sponsor SOA Enablement Infrastructure
•Agency SOA Strategy – What Services, How developed and operated
•Define/Manage Service Portfolio
•Sponsor SOA Pilots
•Monitor and govern adherence to State-wide standards and use of infrastructure
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
3 ORGANIZATIONAL STRUCTURE
The organization structure for an effective SOA environment includes:
A Statewide Governance Organization for SOA
Agency Governance Organizations for SOA
SOA Project Teams
3.1 STATEWIDE GOVERNANCE ORGANIZATION
The Statewide governance organization is comprised of several teams: the State Steering Committee, Process Service Team, Architecture Services Team, Enterprise Services Team, and Information/Data Services Team. These statewide teams collaborate with corresponding agency teams (for details, see the ‘Agency Governance Organization’ section) to share standards and best practices, and to ensure that SOA governance is enforced across the state.
Additionally, the SOA Core team is formed initially to shape the SOA strategy, vision, policy, and governance model, but may disband once the formal SOA governance structure and processes are in place.
State Steering Committee (The Technology Governance Board) — Executive team comprised of business and IT leadership. Its responsibilities include:
Review and approve business initiatives, SOA roadmap, project plans, budgets, and so on
Align SOA efforts to business and IT strategic goals
Make sure budgets and funding are in place for SOA infrastructure and initial services rollouts
Process Services Team — Business leaders/process owners and IT staff are part of this team, whose responsibilities are:
Identify, prioritize and develop business initiatives for SOA implementation
Identify opportunities for sharing services within and across agencies, and potentially other entities
Determine ownership for business services, common process services, and budgeting for these initiatives
SOA Core Team — Senior team comprised of senior business and IT leadership.
Develop the initial SOA state-wide strategy, vision, governance model and architecture
Lead the initial services rollout and promote ongoing SOA efforts
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 6 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
Evangelize the SOA benefits to the business organizations and IT
Be SOA coaches for the state and/or agency
Architecture Services Team — Comprised of CIO, chief architects, and IT services leads (enterprise services, information services, and process services). Its responsibilities include:
Chair SOA Architecture Review Board for infrastructure and services proposals.
Contribute to defining SOA governance model (standards, development goals and guidelines, security policies, and business polices)
Ensure all initiatives conform to the SOA governance model
Enterprise Services Team — IT infrastructure services team members. Its responsibilities include:
Implement and manage the enabling infrastructure for the SOA
Includes common infrastructure services for SOA enablement as well as security, messaging, routing, audit, and related functions
Member of the SOA core team and Architecture Review Board
Information/Data Services Team — Data warehousing, analytics, data modules and information delivery team members. Its responsibilities include:
Includes development and ongoing management of the canonical data model (common domain model)
Implement and manage the enabling capabilities for information harvesting and delivery to consuming business units, processes and users
Identify and select enabling infrastructure for information services, such as information metadata repository
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 7 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
JCIO
Process Services Team
Architecture Services Team
TGB(State Steering Committee)
Information/Data Team
Enterprise Services Team
SOA Core Team
JCIO
Process Services Team
Architecture Services Team
TGB(State Steering Committee)
Information/Data Team
Enterprise Services Team
SOA Core Team
Figure 3-1. Statewide Oversight Teams
In order to govern a SOA, the statewide governance teams need to be split into domains as depicted in Figure 3-4. Each domain contains a set of services that relate to the same business and share some business context. Each domain manages and owns those services: Services management and availability, business logic, service usage metrics, location independence and service publication, and data and message formats
Figure 3-2. Inter-Agency Domain Organizations
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 8 OF 20
Domain 3
Domain 2
Domain X
Proc
esse
s
Agencies
Agency XAgency 1 Agency 2 Agency 3
Domain 1
……….
Domain 3
Domain 2
Domain X
Proc
esse
s
Agencies
Agency XAgency 1 Agency 2 Agency 3
Domain 1
……….
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
3.2 AGENCY GOVERNANCE ORGANIZATION
Each agency within the State of Iowa will have a governance organization that is comprised of several teams: the Agency Steering Committee, Agency Process Service Team, Agency Architecture Services Team, Agency Enterprise Services Team, and the Agency Information/Data Services Team. These agency teams will collaborate with their corresponding statewide team to share standards and best practices, and to ensure that SOA governance is enforced at the agency level.
Agency Steering Committee — Executive team comprised of business and IT leadership. Its responsibilities include:
Review and approve business initiatives, SOA roadmap, project plans, budgets, and so on
Align SOA efforts to agency business and IT strategic goals
Make sure budgets and funding are in place for SOA infrastructure and initial services rollouts
Agency Process Services Team — Business leaders/process owners and IT staff are part of this team, whose responsibilities are:
Identify, prioritize and develop business initiatives for SOA implementation
Identify opportunities for sharing services within and across business units, and potentially other entities
Determine ownership for business services, common process services, and budgeting for these initiatives
Agency Architecture Services Team — Comprised of CIO, chief architects, and IT services leads (enterprise services, information services, and process services). Its responsibilities include:
Contribute to defining SOA governance model (standards, development goals and guidelines, security policies, and business polices)
Ensure all initiatives conform to the SOA governance model
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 9 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
Agency Enterprise Services Team — IT infrastructure services team members. Its responsibilities include:
Implement and manage the enabling infrastructure for the SOA
Includes common infrastructure services for SOA enablement as well as security, messaging, routing, audit, and related functions
Member of the Architecture Review Board
Agency Information/Data Services Team — Data warehousing, analytics, data modules and information delivery team members. Its responsibilities include:
Includes development and ongoing management of the canonical data model (common domain model)
Implement and manage the enabling capabilities for information harvesting and delivery to consuming business units, processes and users
Identify and select enabling infrastructure for information services, such as information metadata repository
Each agency will have these teams, however the composition of the teams may differ for each agency.
Figure 3-3. Agency Oversight Teams
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 10 OF 20
CIO
Process Services Team
Architecture Services Team
Agency Steering Committee
Information/Data Team
Enterprise Services Team
CIO
Process Services Team
Architecture Services Team
Agency Steering Committee
Information/Data Team
Enterprise Services Team
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
In order to govern a SOA, the agency governance teams need to be split into domains as depicted in Figure 3-4. Each domain contains a set of services that relate to the same business and share some business context. Each domain team manages and owns those services: Services management and availability, business logic, service usage metrics, location independence and service publication, and data and message formats.
Figure3-4. Intra-agency Domains
3.3 PROJECT TEAM ORGANIZATION
Once a service project have been approved by the State Steering Committee(i.e. the TGB), the project teams may form. The following project team structure facilitates proper governance within projects:
Steering Committee — Responsible for defining the vision, setting priorities, assigning the appropriate resources and determining the metrics needed to measure success
Business Architecture Team — In charge of gathering requirements, carrying out domain analysis and matching business components to IT components as services.
Technical Architecture Team — Works closely with the Business Architecture Team to ensure the alignment of business and IT. It is responsible for defining the “architecture blueprint”
Design and Development Team — Designs, develops and test SOA services and processes.
Operations Center — Ensures the correct functioning of the services operational aspects such as service-level agreements (SLAs), security, etc.
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 11 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
Keep in mind, that on some projects an individual may play a role on multiple teams.
3.4 KEY ROLES AND RESPONSIBILITIES
This section summarizes some of the key governance responsibilities based on the type of service.
Type of Service Governance Ownership
Agency Specific Services Funding: Agency and State Steering Committees
Architecture: Agency Architecture Services Team
Development:
Statewide Shared (Domain) Services Funding: State Steering Committee
Architecture: Statewide Architecture Services Team
Development: Inter-agency development teams
Statewide Shared (Infrastructure) Services
o Common Messaging and Brokering Services
o Common Portal Serviceso Shared Application Serviceso Shared Infrastructure and Technical
Service
Funding: Agency and State Steering Committees, negotiated….
Architecture: Statewide Architecture Services Team
Development: Inter-agency development teams
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 12 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
4 GOVERNANCE PROCESSES
4.1 OVERVIEW OF PROCESSES
SOA Governance processes include:
SOA Program Management Processes
Architect Management Processes
Service Life-Cycle Processes
4.2 SOA PROGRAM MANAGEMENT PROCESSES
4.2.1 Statewide SOA Program Management
The State Steering Committee, for SOA, is the central entity for statewide program management and service portfolio management. The State Steering Committee provides the mechanisms to ensure adequate communication and coordination between the various projects, as well as, resolve conflicts between the various projects. In addition to communication coordination and conflict resolution, the Steering Committee will be responsible for the following:
Facilitating various project team requirements for State of Iowa / Partner resources (i.e. subject matter expertise, hardware, software, infrastructure, etc.).
Selecting State of Iowa SOA projects
Setting priorities
Organizing for multiple SOA projects
Allocating Resources for SOA projects
Developing business and technology roadmaps based on the State of Iowa vision, and strategy
Assessing and reviewing the State service portfolio
Ensure that major projects have business cases with financial analysis
Track all results in a standard manner within teams and across the state on a regular basis.
Terminating SOA projects
4.2.2 Agency SOA Program Management
The Agency Steering Committees, for SOA, are the central entities for agency program and service portfolio management. Each Agency Steering Committee provides the mechanisms to ensure adequate communication and coordination between the various projects, as well as, resolve conflicts
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 13 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
between the various projects at the agency level. In addition to communication coordination and conflict resolution, the Agency Steering Committees will be responsible for the following:
Facilitating various project team requirements for the agency / Partner resources (i.e. subject matter expertise, hardware, software, infrastructure, etc.).
Selecting agency SOA projects
Setting priorities
Organizing for multiple SOA projects
Allocating Resources for SOA projects
Developing business and technology roadmaps based on agency vision, and strategy
Assessing and reviewing the agency service portfolio
Ensure that major projects have business cases with financial analysis
Track all results in a standard manner within teams and across the agency on a regular basis.
Terminating SOA projects
4.3 ARCHITECTURE MANAGEMENT PROCESSES
The technical direction for SOA needs to be defined at both the state and agency level. The State Architecture Services team is responsible for setting technical direction at the state level. The State Architecture Service teams are responsible for setting technical direction at the agency level. Architecture services teams perform architecture management processes that include:
Defining reference architecture, principles and standards
Architecture change management
Defining service catalog, evaluation criteria
Approving and classifying new services, as well as changes to existing services
4.4 SERVICE LIFE-CYCLE PROCESSES
The agency and project teams are responsible for ensuring compliance to the governance model on service projects. Service life-cycle governance includes design-time processes, publishing and discovery processes, and run-time processes.
Design-Time Governance. The first step in service life-cycle governance is design-time governance. Define design-time processes and activities to ensure adherence to the SOA governance model. These design-time processes and activities include:
Processes to ensure reuse polices are followed at design time
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 14 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
Design reviews to ensure business requirements are being met and governance polices are being addressed
Code reviews to ensure that business requirements are being met and governance polices are being addressed
Release procedures that ensure proper versioning and signoff
Publishing and Discovery Governance. After the service has been developed and unit tested it may be published to a registry and discovered by clients. Define Publishing and Discovery governance processes to ensure compliance to the SOA governance model. These Publishing and Discovery processes or activities include:
Activities to check that the service conforms to the governance model
Processes that ensure that user has authorization to publish the service
Discovery processes that enforce polices during design-time and run-time discovery
Run-time Governance. When a service receives a request from a client run-time governance and policy enforcement is essential. Define Run-time governance processes that ensure that service adhere to the governance model. These run-time processes include:
Processes to ensure adherence to internal polices during service consumption
Processes to enforce policies related to accept criteria for external services
Processes to monitor service adherence to polices and escalation procedures that outline how to deal with non-conformance
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 15 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
5 POLICIES
An SOA governance model must monitor and enforce state and agency polices. Policies are derived from the business and technical requirements of the SOA initiative and the portfolio of services that will operate in the SOA over time.
5.1 SOA POLICES
Governance polices may be grouped into several categories: Statewide, Business Polices, Process, Compliance, Technology Standards, and Security.
Statewide Policies — The State domain teams will need to identify/define statewide policies that apply to all services and processes, which are used by multiple agencies. Statewide polices affect all agencies, processes (domains), and roles such as reuse, security policies, design best practices and standards.
Agency Policies — Both State and agency domain teams will need to identify/define business policies that apply to a service or process. Business policies address business issues, including process policies, SLAs and performance criteria, approval levels, spending limits for external services, and more.
Process Policies — Both State and agency domain teams will need identify/define polices that address stewardship of services. Who is allowed to publish a service? What minimal standards must be adhered to for a service to be published to a registry? How will versioning of services be managed? How many versions will be allowed? How will new versions of services be advertised to consumers? How will depreciation of older services be handled?
Compliance Policies — Both state and agency domain teams will need to identify/define policies that implement regulatory compliance standards and other industry specific standards, such as HIPAA for healthcare, and ACORD for insurance.
Technology Standards Compliance — A combination of state and agency teams will need to identify/define web services standards such as compliance to WS-I, appropriate versions of SOAP, WSDL, and UDDI as well as internal standards for service modeling, data, and platform/infrastructure.
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 16 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
Security Policies — A combination of State and agency teams will need to define policies that outline the state and/or agency security models.
5.2 POLICY ENFORCEMENT MODEL
Also, the state and/or agency will need to define a policy enforcement model that addresses:
Where will various policies be enforced?
How polices will be enforced?
By whom (project team, process, organization) and what (e.g. policy enforcement points such as ESB, switches/routers, brokers/interceptors?
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 17 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
6 METRICS FOR SOA
A State of Iowa SOA governance model includes support for SOA metrics. SOA metrics include the following types of metrics: Business Process, Return on Investment, Service level, and SOA Conformance.
Business Process Metrics — Define business process metrics. Metrics may include: customer satisfaction metrics, metrics that measure internal work processes, and profitability metrics.
Return on Investment Metrics — Define metrics for return on investment. Metrics may include metrics defined in the SOA business case, and metrics defined in the business case for a particular service.
Service Level Agreements — Define Service Level Agreements for each service and/or business process. Metrics may include: allowed down time, etc.
SOA Conformance — Identify SOA related metrics that are important to the state or agency. These metrics may include metrics that measure service reuse, process efficiency, and business agility.
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 18 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
7 INFORMATION TECHNOLOGY
The state, agency and project teams are responsible for ensuring that the infrastructure supports governance. The infrastructure must allow the definition, management and enforcement of polices in a holistic SOA governance and policy enforcement model. The following enabling technology solutions are part of an SOA governance infrastructure:
Policy Enforcement engine
Service Registry
Metadata repository (development and run-time)
Web Service Management solution (to provide intermediary services)
ESB (if no Web Service Management solution is installed, this will provide intermediary services)
SOA run-time solutions
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 19 OF 20
IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL
6/28/2006VERSION 0.9
8 GOVERNANCE MODEL ADOPTION
The State of Iowa SOA Governance Model supports the business and technical requirements of the SOA initiative and the portfolio of services that will operate in the SOA over time. The “Iowa DAS IT Enterprise Service Oriented Architecture Adoption Roadmap” addresses how to approach technology, organization and governance to become a mature Service Oriented Organization.
In general, the State of Iowa must start implementing its governance model by setting some core governance processes in place to support its core business operation. Next build the necessary organization structures, processes, and tools for governance. Finally, optimize the governance model across the state.
CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 20 OF 20
Recommended