SOA Governance Model

Iowa Department ofAdministrative Services

IT Enterprise Service-OrientedArchitecture

SOA Governance Model Version 0.9

This document was prepared by Integrated Software Specialists, Inc. (“ISS”) and is to be considered confidential and proprietary to ISS and Iowa Department of Administrative Services.

IT ENTERPRISE SERVICE-ORIENTED ARCHITECTURESOA GOVERNANCE MODEL

6/28/2006VERSION 0.9

Document Control

DOCUMENT INFORMATION

©

InformationDocument IdDocument Owner Janice HillIssue Date 6/5/2006Last Saved Date 7/3/2006 09:29:00 PMFile Name document.doc

DOCUMENT HISTORY

Version Issue Date Changes0.11 6/5/2006 Initial Draft0.2 6/26/2006 Editorial Review0.3 6/27/2006 ISS Quality Assurance Review0.9 6/30/06 Editorial Review Completed

DOCUMENT APPROVALS

Role Name Signature DateProject Sponsor

Project Review Group

Project Manager

ISS Project Manager

ISS Quality Assurance

CONFIDENTIAL 2023 INTEGRATED SOFTWARE SPECIALISTS, INC. PAGE 2 OF 20


6/28/2006VERSION 0.9

Table of Contents

1 INTRODUCTION..........................................................................................................................4

1.1 Purpose........................................................................................................................................4

1.2 Scope...........................................................................................................................................4

1.3 Definitions, Acronyms and Abbreviations.................................................................................4

1.4 References...................................................................................................................................4

2 SOA GOVERNANCE MODEL OVERVIEW............................................................................5

3 ORGANIZATIONAL STRUCTURE..........................................................................................6

3.1 Statewide Governance Organization...........................................................................................6

3.2 Agency Governance Organization..............................................................................................9

3.3 Project Team Organization.......................................................................................................11

3.4 Key Roles and Responsibilities................................................................................................12

4 GOVERNANCE PROCESSES...................................................................................................13

4.1 Overview of processes..............................................................................................................13

4.2 SOA Program Management Processes.....................................................................................13

4.2.1 Statewide SOA Program Management................................................................................13

4.2.2 Agency SOA Program Management....................................................................................13

4.3 Architecture management processes.........................................................................................14

4.4 Service Life-cycle processes.....................................................................................................14

5 POLICIES.....................................................................................................................................16

5.1 SOA Polices..............................................................................................................................16

5.2 Policy Enforcement Model.......................................................................................................17

6 METRICS FOR SOA...................................................................................................................18

7 INFORMATION TECHNOLOGY............................................................................................19

8 GOVERNANCE MODEL ADOPTION....................................................................................20



6/28/2006VERSION 0.9

1 INTRODUCTION

1.1 PURPOSE

This purpose of this document is to outline the draft EBSOA Governance Model.

1.2 SCOPE

This document covers the initial SOA Governance recommendations for the EBSOA initiative. It is meant to be a living document that may be refined as the State of Iowa’s Executive Branch SOA initiative evolves.

1.3 DEFINITIONS, ACRONYMS AND ABBREVIATIONS

SOA: Service-Oriented Architecture

ESB: Enterprise Service Bus

WS-I: An open industry organization chartered to promote Web Services interoperability across platforms, operating systems, and programming languages.

1.4 REFERENCES

None



6/28/2006VERSION 0.9

2 SOA GOVERNANCE MODEL OVERVIEW

The State of Iowa SOA Governance Model supports the business and technical requirements of the SOA initiative and the portfolio of services that will operate in the SOA over time. The Governance Model includes the following elements:

Organization

Processes

Polices

Metrics

The State of Iowa technical environment must enable governance as defined in the SOA governance model. This includes infrastructure and architecture components that enable governance.

The State of Iowa SOA Governance Model allows for a federated organization, with a combination of agency-based and centralized IT groups using a shared infrastructure supporting the needs of the State. As outlined in Figure 1, a centralized team will provide statewide oversight, service portfolio management, and set some SOA related standards. Setting the technical direction and standards will be shared between the state and the agencies. Finally, each agency will be responsible for setting its own SOA strategy and monitoring adherence to statewide and agency standards.

Figure 1-1. Governance in a Federated Organization.


Centralized State-wide Governance

Review and GovernanceShared between State and Agency

Federated - Agency Governance

•SOA Strategic Planning

•Technical Strategies

•SOA Standards and Patterns

•SOA Portfolio

•Technology Apps and Infrastructure

•Design Patterns

•Semantic and Syntax standards

•Oversight and Service Portfolio

•Semantic and Syntactic Standards

•Sponsor SOA Enablement Infrastructure

•Agency SOA Strategy – What Services, How developed and operated

•Define/Manage Service Portfolio

•Sponsor SOA Pilots

•Monitor and govern adherence to State-wide standards and use of infrastructure

Centralized State-wide Governance

Review and GovernanceShared between State and Agency

Federated - Agency Governance

•SOA Strategic Planning

•Technical Strategies

•SOA Standards and Patterns

•SOA Portfolio

•Technology Apps and Infrastructure

•Design Patterns

•Semantic and Syntax standards

•Oversight and Service Portfolio

•Semantic and Syntactic Standards

•Sponsor SOA Enablement Infrastructure

•Agency SOA Strategy – What Services, How developed and operated

•Define/Manage Service Portfolio

•Sponsor SOA Pilots

•Monitor and govern adherence to State-wide standards and use of infrastructure


6/28/2006VERSION 0.9

3 ORGANIZATIONAL STRUCTURE

The organization structure for an effective SOA environment includes:

A Statewide Governance Organization for SOA

Agency Governance Organizations for SOA

SOA Project Teams

3.1 STATEWIDE GOVERNANCE ORGANIZATION

The Statewide governance organization is comprised of several teams: the State Steering Committee, Process Service Team, Architecture Services Team, Enterprise Services Team, and Information/Data Services Team. These statewide teams collaborate with corresponding agency teams (for details, see the ‘Agency Governance Organization’ section) to share standards and best practices, and to ensure that SOA governance is enforced across the state.

Additionally, the SOA Core team is formed initially to shape the SOA strategy, vision, policy, and governance model, but may disband once the formal SOA governance structure and processes are in place.

State Steering Committee (The Technology Governance Board) — Executive team comprised of business and IT leadership. Its responsibilities include:

Review and approve business initiatives, SOA roadmap, project plans, budgets, and so on

Align SOA efforts to business and IT strategic goals

Make sure budgets and funding are in place for SOA infrastructure and initial services rollouts

Process Services Team — Business leaders/process owners and IT staff are part of this team, whose responsibilities are:

Identify, prioritize and develop business initiatives for SOA implementation

Identify opportunities for sharing services within and across agencies, and potentially other entities

Determine ownership for business services, common process services, and budgeting for these initiatives

SOA Core Team — Senior team comprised of senior business and IT leadership.

Develop the initial SOA state-wide strategy, vision, governance model and architecture

Lead the initial services rollout and promote ongoing SOA efforts



6/28/2006VERSION 0.9

Evangelize the SOA benefits to the business organizations and IT

Be SOA coaches for the state and/or agency

Architecture Services Team — Comprised of CIO, chief architects, and IT services leads (enterprise services, information services, and process services). Its responsibilities include:

Chair SOA Architecture Review Board for infrastructure and services proposals.

Contribute to defining SOA governance model (standards, development goals and guidelines, security policies, and business polices)

Ensure all initiatives conform to the SOA governance model

Enterprise Services Team — IT infrastructure services team members. Its responsibilities include:

Implement and manage the enabling infrastructure for the SOA

Includes common infrastructure services for SOA enablement as well as security, messaging, routing, audit, and related functions

Member of the SOA core team and Architecture Review Board

Information/Data Services Team — Data warehousing, analytics, data modules and information delivery team members. Its responsibilities include:

Includes development and ongoing management of the canonical data model (common domain model)

Implement and manage the enabling capabilities for information harvesting and delivery to consuming business units, processes and users

Identify and select enabling infrastructure for information services, such as information metadata repository



6/28/2006VERSION 0.9

JCIO

Process Services Team

Architecture Services Team

TGB(State Steering Committee)

Information/Data Team

Enterprise Services Team

SOA Core Team

JCIO



TGB(State Steering Committee)



SOA Core Team

Figure 3-1. Statewide Oversight Teams

In order to govern a SOA, the statewide governance teams need to be split into domains as depicted in Figure 3-4. Each domain contains a set of services that relate to the same business and share some business context. Each domain manages and owns those services: Services management and availability, business logic, service usage metrics, location independence and service publication, and data and message formats

Figure 3-2. Inter-Agency Domain Organizations


Domain 3

Domain 2

Domain X

Proc

esse

s

Agencies

Agency XAgency 1 Agency 2 Agency 3

Domain 1

……….

Domain 3

Domain 2

Domain X

Proc

esse

s

Agencies

Agency XAgency 1 Agency 2 Agency 3

Domain 1

……….


6/28/2006VERSION 0.9

3.2 AGENCY GOVERNANCE ORGANIZATION

Each agency within the State of Iowa will have a governance organization that is comprised of several teams: the Agency Steering Committee, Agency Process Service Team, Agency Architecture Services Team, Agency Enterprise Services Team, and the Agency Information/Data Services Team. These agency teams will collaborate with their corresponding statewide team to share standards and best practices, and to ensure that SOA governance is enforced at the agency level.

Agency Steering Committee — Executive team comprised of business and IT leadership. Its responsibilities include:

Review and approve business initiatives, SOA roadmap, project plans, budgets, and so on

Align SOA efforts to agency business and IT strategic goals

Make sure budgets and funding are in place for SOA infrastructure and initial services rollouts

Agency Process Services Team — Business leaders/process owners and IT staff are part of this team, whose responsibilities are:

Identify, prioritize and develop business initiatives for SOA implementation

Identify opportunities for sharing services within and across business units, and potentially other entities

Determine ownership for business services, common process services, and budgeting for these initiatives

Agency Architecture Services Team — Comprised of CIO, chief architects, and IT services leads (enterprise services, information services, and process services). Its responsibilities include:

Contribute to defining SOA governance model (standards, development goals and guidelines, security policies, and business polices)

Ensure all initiatives conform to the SOA governance model



6/28/2006VERSION 0.9

Agency Enterprise Services Team — IT infrastructure services team members. Its responsibilities include:

Implement and manage the enabling infrastructure for the SOA

Includes common infrastructure services for SOA enablement as well as security, messaging, routing, audit, and related functions

Member of the Architecture Review Board

Agency Information/Data Services Team — Data warehousing, analytics, data modules and information delivery team members. Its responsibilities include:

Includes development and ongoing management of the canonical data model (common domain model)

Implement and manage the enabling capabilities for information harvesting and delivery to consuming business units, processes and users

Identify and select enabling infrastructure for information services, such as information metadata repository

Each agency will have these teams, however the composition of the teams may differ for each agency.

Figure 3-3. Agency Oversight Teams


CIO



Agency Steering Committee



CIO



Agency Steering Committee




6/28/2006VERSION 0.9

In order to govern a SOA, the agency governance teams need to be split into domains as depicted in Figure 3-4. Each domain contains a set of services that relate to the same business and share some business context. Each domain team manages and owns those services: Services management and availability, business logic, service usage metrics, location independence and service publication, and data and message formats.

Figure3-4. Intra-agency Domains

3.3 PROJECT TEAM ORGANIZATION

Once a service project have been approved by the State Steering Committee(i.e. the TGB), the project teams may form. The following project team structure facilitates proper governance within projects:

Steering Committee — Responsible for defining the vision, setting priorities, assigning the appropriate resources and determining the metrics needed to measure success

Business Architecture Team — In charge of gathering requirements, carrying out domain analysis and matching business components to IT components as services.

Technical Architecture Team — Works closely with the Business Architecture Team to ensure the alignment of business and IT. It is responsible for defining the “architecture blueprint”

Design and Development Team — Designs, develops and test SOA services and processes.

Operations Center — Ensures the correct functioning of the services operational aspects such as service-level agreements (SLAs), security, etc.



6/28/2006VERSION 0.9

Keep in mind, that on some projects an individual may play a role on multiple teams.

3.4 KEY ROLES AND RESPONSIBILITIES

This section summarizes some of the key governance responsibilities based on the type of service.

Type of Service Governance Ownership

Agency Specific Services Funding: Agency and State Steering Committees

Architecture: Agency Architecture Services Team

Development:

Statewide Shared (Domain) Services Funding: State Steering Committee

Architecture: Statewide Architecture Services Team

Development: Inter-agency development teams

Statewide Shared (Infrastructure) Services

o Common Messaging and Brokering Services

o Common Portal Serviceso Shared Application Serviceso Shared Infrastructure and Technical

Service

Funding: Agency and State Steering Committees, negotiated….

Architecture: Statewide Architecture Services Team

Development: Inter-agency development teams



6/28/2006VERSION 0.9

4 GOVERNANCE PROCESSES

4.1 OVERVIEW OF PROCESSES

SOA Governance processes include:

SOA Program Management Processes

Architect Management Processes

Service Life-Cycle Processes

4.2 SOA PROGRAM MANAGEMENT PROCESSES

4.2.1 Statewide SOA Program Management

The State Steering Committee, for SOA, is the central entity for statewide program management and service portfolio management. The State Steering Committee provides the mechanisms to ensure adequate communication and coordination between the various projects, as well as, resolve conflicts between the various projects. In addition to communication coordination and conflict resolution, the Steering Committee will be responsible for the following:

Facilitating various project team requirements for State of Iowa / Partner resources (i.e. subject matter expertise, hardware, software, infrastructure, etc.).

Selecting State of Iowa SOA projects

Setting priorities

Organizing for multiple SOA projects

Allocating Resources for SOA projects

Developing business and technology roadmaps based on the State of Iowa vision, and strategy

Assessing and reviewing the State service portfolio

Ensure that major projects have business cases with financial analysis

Track all results in a standard manner within teams and across the state on a regular basis.

Terminating SOA projects

4.2.2 Agency SOA Program Management

The Agency Steering Committees, for SOA, are the central entities for agency program and service portfolio management. Each Agency Steering Committee provides the mechanisms to ensure adequate communication and coordination between the various projects, as well as, resolve conflicts



6/28/2006VERSION 0.9

between the various projects at the agency level. In addition to communication coordination and conflict resolution, the Agency Steering Committees will be responsible for the following:

Facilitating various project team requirements for the agency / Partner resources (i.e. subject matter expertise, hardware, software, infrastructure, etc.).

Selecting agency SOA projects

Setting priorities

Organizing for multiple SOA projects

Allocating Resources for SOA projects

Developing business and technology roadmaps based on agency vision, and strategy

Assessing and reviewing the agency service portfolio

Ensure that major projects have business cases with financial analysis

Track all results in a standard manner within teams and across the agency on a regular basis.

Terminating SOA projects

4.3 ARCHITECTURE MANAGEMENT PROCESSES

The technical direction for SOA needs to be defined at both the state and agency level. The State Architecture Services team is responsible for setting technical direction at the state level. The State Architecture Service teams are responsible for setting technical direction at the agency level. Architecture services teams perform architecture management processes that include:

Defining reference architecture, principles and standards

Architecture change management

Defining service catalog, evaluation criteria

Approving and classifying new services, as well as changes to existing services

4.4 SERVICE LIFE-CYCLE PROCESSES

The agency and project teams are responsible for ensuring compliance to the governance model on service projects. Service life-cycle governance includes design-time processes, publishing and discovery processes, and run-time processes.

Design-Time Governance. The first step in service life-cycle governance is design-time governance. Define design-time processes and activities to ensure adherence to the SOA governance model. These design-time processes and activities include:

Processes to ensure reuse polices are followed at design time



6/28/2006VERSION 0.9

Design reviews to ensure business requirements are being met and governance polices are being addressed

Code reviews to ensure that business requirements are being met and governance polices are being addressed

Release procedures that ensure proper versioning and signoff

Publishing and Discovery Governance. After the service has been developed and unit tested it may be published to a registry and discovered by clients. Define Publishing and Discovery governance processes to ensure compliance to the SOA governance model. These Publishing and Discovery processes or activities include:

Activities to check that the service conforms to the governance model

Processes that ensure that user has authorization to publish the service

Discovery processes that enforce polices during design-time and run-time discovery

Run-time Governance. When a service receives a request from a client run-time governance and policy enforcement is essential. Define Run-time governance processes that ensure that service adhere to the governance model. These run-time processes include:

Processes to ensure adherence to internal polices during service consumption

Processes to enforce policies related to accept criteria for external services

Processes to monitor service adherence to polices and escalation procedures that outline how to deal with non-conformance



6/28/2006VERSION 0.9

5 POLICIES

An SOA governance model must monitor and enforce state and agency polices. Policies are derived from the business and technical requirements of the SOA initiative and the portfolio of services that will operate in the SOA over time.

5.1 SOA POLICES

Governance polices may be grouped into several categories: Statewide, Business Polices, Process, Compliance, Technology Standards, and Security.

Statewide Policies — The State domain teams will need to identify/define statewide policies that apply to all services and processes, which are used by multiple agencies. Statewide polices affect all agencies, processes (domains), and roles such as reuse, security policies, design best practices and standards.

Agency Policies — Both State and agency domain teams will need to identify/define business policies that apply to a service or process. Business policies address business issues, including process policies, SLAs and performance criteria, approval levels, spending limits for external services, and more.

Process Policies — Both State and agency domain teams will need identify/define polices that address stewardship of services. Who is allowed to publish a service? What minimal standards must be adhered to for a service to be published to a registry? How will versioning of services be managed? How many versions will be allowed? How will new versions of services be advertised to consumers? How will depreciation of older services be handled?

Compliance Policies — Both state and agency domain teams will need to identify/define policies that implement regulatory compliance standards and other industry specific standards, such as HIPAA for healthcare, and ACORD for insurance.

Technology Standards Compliance — A combination of state and agency teams will need to identify/define web services standards such as compliance to WS-I, appropriate versions of SOAP, WSDL, and UDDI as well as internal standards for service modeling, data, and platform/infrastructure.



6/28/2006VERSION 0.9

Security Policies — A combination of State and agency teams will need to define policies that outline the state and/or agency security models.

5.2 POLICY ENFORCEMENT MODEL

Also, the state and/or agency will need to define a policy enforcement model that addresses:

Where will various policies be enforced?

How polices will be enforced?

By whom (project team, process, organization) and what (e.g. policy enforcement points such as ESB, switches/routers, brokers/interceptors?



6/28/2006VERSION 0.9

6 METRICS FOR SOA

A State of Iowa SOA governance model includes support for SOA metrics. SOA metrics include the following types of metrics: Business Process, Return on Investment, Service level, and SOA Conformance.

Business Process Metrics — Define business process metrics. Metrics may include: customer satisfaction metrics, metrics that measure internal work processes, and profitability metrics.

Return on Investment Metrics — Define metrics for return on investment. Metrics may include metrics defined in the SOA business case, and metrics defined in the business case for a particular service.

Service Level Agreements — Define Service Level Agreements for each service and/or business process. Metrics may include: allowed down time, etc.

SOA Conformance — Identify SOA related metrics that are important to the state or agency. These metrics may include metrics that measure service reuse, process efficiency, and business agility.



6/28/2006VERSION 0.9

7 INFORMATION TECHNOLOGY

The state, agency and project teams are responsible for ensuring that the infrastructure supports governance. The infrastructure must allow the definition, management and enforcement of polices in a holistic SOA governance and policy enforcement model. The following enabling technology solutions are part of an SOA governance infrastructure:

Policy Enforcement engine

Service Registry

Metadata repository (development and run-time)

Web Service Management solution (to provide intermediary services)

ESB (if no Web Service Management solution is installed, this will provide intermediary services)

SOA run-time solutions



6/28/2006VERSION 0.9

8 GOVERNANCE MODEL ADOPTION

The State of Iowa SOA Governance Model supports the business and technical requirements of the SOA initiative and the portfolio of services that will operate in the SOA over time. The “Iowa DAS IT Enterprise Service Oriented Architecture Adoption Roadmap” addresses how to approach technology, organization and governance to become a mature Service Oriented Organization.

In general, the State of Iowa must start implementing its governance model by setting some core governance processes in place to support its core business operation. Next build the necessary organization structures, processes, and tools for governance. Finally, optimize the governance model across the state.
