Upload
vuongminh
View
216
Download
3
Embed Size (px)
Citation preview
®
IBM Software Group
© 2004 IBM Corporation
Software & Systems Development Governance :An approach to improving Software AssuranceSridhar IyengarIBM Distinguished [email protected] Software Assurance Day : February 15, 2006 : Tampa, Florida
IBM Software Group | Rational software
2
Topics Covered
♣Introduction to Governance – Why do we care
♣What does Software Assurance have to do withGovernance
♣Model driven tools integration across the life cycleEnabling traceability and management of artifacts
♣Model Driven Security – An example
IBM Software Group | Rational software
3
If only we could link Business, Development & Operations
IBM Software Group | Rational software
4
E01-EDI
Data Warehouse(Interfaces to and from theData Warehouse are not
displayed on this diagram)
G02 - GeneralLedger
A05 - AP
S01 - SalesCorrections
I01 POReceiving
I03 Return toVendor
I06 WarehouseManagement
Maininframe
PC/NT apps Unix apps
3rd Party Interface
S06 - Credit App
P15 EES EmployeeChange Notice
OTHER APPS - PCAP - Collections/Credit
TM - Credit Card DB
ACCTS REC APPS - PC990CORBad Debt
Beneficial FeesBeneficial Reconcile
JEAXFJEBFAJEBKAJEDVAJESOAJEVSAJEVSFNSF
TeleCredit Fees
INVENTORY CONTROL APPS - PCCode Alarm
Debit ReceivingsDevo Sales
Display InventoryIn HomeJunkouts
Merchandise WithdrawalPromo CreditsRTV Accrual
ShrinkAP Research - Inv CntrlAP Research-Addl Rpts
Book to Perpetual InventoryClose Out Reporting
Computer Intelligence DataCount Corrections
Cross Ref for VCB DnldsDamage Write OffDebit Receivings
DFI Vendor DatabaseDisplay Inventory ReconcileDisplay Inventory Reporting
INVENTORY CONTROL APPS - PCDPI/CPI
IC BatchingInventory Adj/Count CorrectInventory Control Reports
Inventory LevelsInventory Roll
Merchandise WithdrawalOpen ReceivingsPI Count Results
PI Time Results from InvPrice Protection
Sales Flash ReportingShrink Reporting
SKU Gross MarginSKU Shrink Level Detail
USMVCB Downloads
Journal Entry Tool Kit
Scorecard - HR
L02-ResourceScheduling(Campbell)
P09 - P17Cyborg
M02 - Millennium
M03 - Millennium 3.0
Banks - ACH and Pos toPay
Cobra
B01 - StockStatus
S03-Polling
P14 On-line NewHire Entry
CTS
Plan Administrators(401K, PCS, Life,Unicare, Solomon
Smith Barney)
D01 Post LoadBilling
I04 HomeDeliveries
I02 -Transfers
Arthur Planning
I07 PurchaseOrder
I12 EntertainmentSoftware
I05Inventory Info
E13E3 Interface
S04 - Sales Posting
V01-Price ManagementSystem
I10 Cycle PhysicalInventory
I55 SKUInformation
K02Customer Repair
Tracking I35 Early WarningSystem
B02 MerchandiseAnalysis
I13- AutoReplenishment
U18 - CTO
InterceptI09 Cycle Counts
E02-EmployeePurchase
Texlon 3.5
ACH
Stock Options
I17 Customer PerceivedIn-Stock
U16-Texlon
SiteSeer
C02 - CapitalProjects
F06 - FixedAssets
US Bank ReconFile
Star Repair
EDICoordinator
Mesa Data
NEW SoundscanNPD Group
AIG Warranty Guard
Resumix
Optika
Store BudgetReporting
P16 - Tally Sheet
Cash Receipts/Credit
S05 - HouseCharges
Ad Expense
L01-PromoAnalysis
V02-PriceMarketingSupport
BMP - Busperformance Mngt
StoreScorecard
I11 PriceTesting
Valley Media
P09Bonus/HR
I15 Hand ScanApps
Roadshow
POS
S08 - VertexSalesTax
A04 - CustRefund Chks
Equifax
ICMS Credit
CellularRollover
S09 - DigitalSatelliteSystem
NPD,SoundScan
Sterling VANMailbox (Value)
I18SKU Rep
X92-X96Host to AS400
Communication
S02 -Layaways
Washington,RGIS,
Ntl Bus Systems
V04-SignSystem
I14 Count CorrectionsNARM
P01-EmployeeMasterfile
I06 - CustomerOrder
FrickCo
UAR - Universal AccountReconciliation
DepositoryBanks
S07 - CellPhones
S11 - ISPTracking
AAS
Fringe PO
Cash Over/Short
L60 MDFCoop SKU Selection
Tool
SKUPerformance
SupplierCompliance
1
I35 - CEIASIS
Misc Accounting/Finance Apps - PC/NTCOBA (Corp office Budget Assistant)
PCBS(Profit Center Budget System)Merchandising Budget
AIMSMerch Mngr Approval
Batch ForecastingAd Measurement
AIMS Admin
AIMSReportingAd
Launcher
V03- MktReactions
SpecSource
CTO2.Bestbuy.com
RebateTransfer
SignSystem
CopyWriter'sWorkspace
ELTPowerSuite
StoreMonitor
AIS Calendar
Stores & Mrkts
Due Dates
Smart Plus
InsertionsOrders
BudgetAnalysis Tool
Print CostingInvoice App
AIS Reports
BroadcastFilter
Smart PlusLauncher
GeneralMaintenance
Printer PO
PrinterMaintenance
VendorMaintenance
Vendor Setup
Connect 3
Connect 3Reports
Connect 3PDF Transfer
Spec SourceSKU Tracking
S20-SalesPolling
Prodigy
PSP
In-HomeRepair
WarrantyBillingSystem
Process Servers(Imaging)
Prepared by Michelle Mills
Actual Application Architecture
Complexity is Forcing Change
IBM Software Group | Rational software
5
Initiatives Underway at IBM
♣ Outside In Design (OID) – Scenario Driven
♣ Componentization – exploit open source or binary components asneededDrive componentization and SOA standards
♣ End-end life cycle integration
♣ Move to SOA across and within products
♣ Model Driven Development, Deployment, Security, Management…
♣ Standards (UML, SysML, UML Testing Profile, MOF, XMI, RAS,SAML, XACML, WS_Security…)
♣ Patterns, Transformations and RecipesModeling Tools : Abstract modeling levelDevelopment Tools : Code & Artifact level
IBM Software Group | Rational software
6
The world of many of our customers
Project Manager(Bangalore)
Provisioning(Boulder)
Testing(Toronto)
Developer(Warsaw)
Executive(Somers)
Customer(Topeka)
Governing a geographically distributed, service-oriented, open computingenvironment while ensuring regulatory compliance
IBM Software Group | Rational software
7
TRADITIONAL CURRENT REALITY
Co-located teamsTechnology firstVendor lock-inApplication silosProject driven
Geographically distributedComplianceOpen computingModular systems (SOA)Value driven
Right-sourcing
Standards
Solution delivery
Transforming software and systems development
Business Driven DevelopmentEnabling organizations to govern the businessprocess of software and systems development
IBM Software Group | Rational software
8
Governance is the exercise of authority,responsibility and the communication of information
Governance defined
♣ Establishing chain of authority,accountability and responsibility
♣ Measurements and controls to enable peopleto carry out their authority and responsibility
IBM Software Group | Rational software
9
Governance consists of
Establishing chains of responsibility,authority and communication toempower people
Executing measurement and controlmechanisms to enable people to carryout their roles and responsibilities
Manage value• Align business and software• At organizational and project levels - Balance risk and return - Provide clarity and accountability
Develop flexibly• Leverage resources anywhere• Enable agile sourcing choices• Use iterative processes to reduce risk
Control risk and change• Continuously measure to reduce risk• Enable lifecycle change management• Meet internal and external compliance
needs
Governance Governing Development,Deployment & Management
IBM Software Group | Rational software
10
Business Analyst
Modelsbusinessprocesses
DeploymentManager
Deploys thesolutions
IT Operations
Maintains the DataCenter
CSR
Handlescustomerincidentreports
Insurance Adjuster
Handles claimsthat can besettled by phoneor email
Field Adjuster
Handlesrequests thatrequire on-siteinspection
VP of Claims
Reducescost forclaimsprocessing
VP of Development
Reviews forecast vs actual andcompetitive products.Formulates actions to address
Establishes strategic goalsand ensures companyprofitability
CEO
IntegrationDeveloper
Assembles andimplementssolutions
CIO
Responsible forTechnologyInfrastructure
Innovation Insurance Team
Risk Analyst
Analyze, define,and managepolicies
CFO
Responsible foraccounting andfinancial
Manages newdevelopmentprojects
Project ManagerPortfolio Manager
Ensures developmentprojects are aligned withbusiness strategy
IBM Software Group | Rational software
11
Governance across life cycle : Project Flow
IMPLEMENTATION FLOW
AnalyzepolicyPolicy
Change
Identifyrequire-ments
Identifyremediation
plan (w/LOB)
Prioritizeprojects
Estimateproject costs
InitiateProject
Request
GenerateAudit
Package
START
END
Decomposeprojects into
tasks
PROJECT APPROVAL FLOW
sign-off
Develop, TestService
Deploy, ManageService
sign-off
ApproveProject
sign-off
Validate plan &
requirements
ManageServices
Operations
DevelopmentGovernance
sign-off
Data, Security,Strategic, BusinessGovernance
SOA (Service)Governance
SecuringServces IT Governance
Feedback
IBM Software Group | Rational software
12
Governance and processes are the keys to asuccessful transition to SOA
♣Financial transparency♣Business/IT alignment♣Process control♣SOA Governance
Processes
♣Gatherrequirements
♣Model &simulate
♣Design
♣Discover♣Construct & test♣Compose
♣Integrate people♣Integrate processes♣Manage and
integrate information♣Protect information
♣Manage applications& services
♣Manage identity& compliance
♣Monitor business metrics♣Secure Apps & Services
IBM Software Group | Rational software
13
Transforming to an SOA environment : How do weintegrate Custom & COTS software
ServiceJustification
ServiceOwnership& Funding
ServiceModeling
ServiceLifecycle
Management
ServiceOperations
Management
1.0 Identify Services
2.0 Identify ServiceOwners
3.0 Fund Services
4.0 Specify Services
5.0 Realize Services
10.0 ManageServices
Performance
11.0 ManageService Level
6.0 Develop& Test Services
7.0 Deploy Services
8.0 ManageServices
9.0 MaintainServices
Continuous Process Measurement and Management
DecomposeDecomposebusiness processbusiness process
and identifyand identifyservices requiredservices required
EstablishEstablishfunding, projectfunding, project
plans andplans andresourcesresources
CodifyCodifybusinessbusiness
process andprocess andenforceenforce
standardsstandards
DevelopDevelopiteratively, testiteratively, test
to improveto improvepredictability,predictability,
manage changemanage changeto ensureto ensure
traceability andtraceability andauditabilityauditability
MonitorMonitorcompositecompositeapplicationapplication
performanceperformanceand adjustand adjust
Measure progress, manage change andMeasure progress, manage change andadjustadjust
IBM Software Group | Rational software
14
Model Driven Development & Deployment
BusinessModeling
(BPD,UML)
IT Modeling(UML, SQL, XSD)
J2EE/Web ServicesDevelopment
WrappingOrchestration
(J2EE))
DeploymentJ2EE App SvrWeb Services
Management
ComponentMgmt
App Mgmt
Design/Build Run/Manage
WSDL SCAXML
SPEM
BPEL
SQLJ2EE
EMF SQL
UML2BPEL
Java
CIMUML2BPM
BizRules
C++
J2EE
TraceabilityLinks and
Transformations(profiles, metamodels,Code Gen Templates)
Specific metadataModels
Serve up models, Components, processes
On Demand
UML2J2EE
DCMSAM
IBM Software Group | Rational software
15
Application Life Cycle Integration PlatformA call to action to the Eclipse Community
End to End Application Lifecycle Tooling (End to End Application Lifecycle Tooling (Eclipse.orgEclipse.org member value add tools) member value add tools)
Language ToolingLanguage Tooling(J2EE, Web Services,(J2EE, Web Services,
Deployment)Deployment)
Data ToolsData Tools(RDBMS, XML(RDBMS, XML……))
DomainDomainSpecificSpecific
Tools/AppsTools/Apps……
MDD ToolsMDD Tools(Object, Data Modeling,(Object, Data Modeling,
Code generatorsCode generators……))
Code/Artifact Repositories, Management Tools (Code/Artifact Repositories, Management Tools (Eclipse.orgEclipse.org member value add tools) member value add tools)
Eclipse Tools Integration platform (Models, APIs, XML formats…)
Eclipse CoreEclipse Core
GEFGEF JDT/CDTJDT/CDT
TestingTestingTPTPTPTP
EMFEMF RCPRCP ETC.ETC.
MDD/MDAMDD/MDA(UML2,U2TP(UML2,U2TP……))
J2EEJ2EE(EJB, JSP(EJB, JSP……))
Web ToolsWeb Tools(WTP(WTP……))
SAM*.SAM*.
IBM Software Group | Rational software
16
Model Driven Security – Life Cycle
IBM Software Group | Rational software
17
Security Roles in an Organization
Security Administrator, System/ApplicationAdministrator, Operator
Operations andAdministration
Business analyst, Application programmer,Identity/Security developer
Development
Chief Security Officer, Security Policy Officer,Security Architect, Security Auditor
Business Strategyand decision making
RolesOrganization
IBM Software Group | Rational software
18
Security Definitions at the Business Process Level
IBM Software Group | Rational software
19
Security Constraints captured in UML
Figure 5 Applying constraints to UML sequence diagram
IBM Software Group | Rational software
20
Sample XACML generated from Annotated Model
IBM Software Group | Rational software
21
Software Assurance : Some Relevant OMG Standards
♣ UML 2.0 : Architecture, Design & Requirements Capture
♣ UML Testing Profile : Test automation
♣ KDM : Metadata about existing systems
♣ MOF & XMI : Metadata Infrastructure
♣ SysML : System design, Requirements
IBM Software Group | Rational software
22
Governance consists of
Establishing chains of responsibility,authority and communication toempower people
Executing measurement and controlmechanisms to enable people to carryout their roles and responsibilities
Manage value• Align business and software• At organizational and project levels - Balance risk and return - Provide clarity and accountability
Develop flexibly• Leverage resources anywhere• Enable agile sourcing choices• Use iterative processes to reduce risk
Control risk and change• Continuously measure to reduce risk• Enable lifecycle change management• Meet internal and external compliance
needs
Governance Governing Development,Deployment & Management