A business-focused approach in SOA design, governance
- 04 August, 2011 04:28
If you listen to industry discussion of service-oriented architecture (SOA), you are likely to get the impression that SOA is best thought of as a technical approach for application integration. The reality is that SOA is much more. According to Forrester's Q1 2011 Global Application Architecture, Design, And Portfolios - SOA And Beyond Online Survey, organisations that use SOA for strategic business transformation must be on to something because they are much more satisfied with SOA than those that do not use SOA for strategic business transformation. According to the survey, all 16 respondents who reported strategic business use of SOA are satisfied enough to expand their use of SOA. By contrast, 7 of 27 respondents without a strategic business focus with SOA are struggling or cutting back on SOA.
A business-focused approach begins with SOA business services, which embody major business units of work - transactions and queries such as submit order, retrieve customer lifetime value, or schedule production run - inside clearly-defined software interfaces that are accessible when and where needed by any employee, process, customer, or business partner.
Why is this important? Because when it's time to do business through a mobile channel; when it's time to directly connect your processes with your customers' processes; when you need business transaction insight; or with any number of other business changes, your SOA business services provide business building blocks for changing your business. By contrast, an integration-focused approach to SOA, while useful and good, provides only technical building blocks. Technical building blocks are good, but they only indirectly provide agility for ongoing business optimisation and transformation.
Survey results also reveal that SOA governance, combined with a business-focused approach to SOA, provides a solid foundation for SOA success and satisfaction. Your SOA governance initiative may start with general practices, such as architectural reviews or an SOA steering committee, and then mature to include specific governance practices and mechanisms such as the following (presented in order of Forrester - general guidance for a prioritised sequence of specific SOA design and governance mechanisms):
1. Service interface design review and approval
Forrester prioritises this first because it builds a foundation for other SOA governance practices. As the fulcrum of SOA, well-designed business service interfaces establish a strong foundation for business success with SOA. Poorly designed interfaces set you up for many challenges. Build service interface reviews into project plans whenever services are created (or updated). At review meetings, include staff members who can ensure that each SOA business service makes sense as a complete business unit of work (or technical unit of work, for SOA application services and SOA infrastructure services).
2. SOA service portfolio management
SOA business services embody your important business transactions and queries. Since you know what business you are in, you can plan for and (over time) build toward the coherent portfolio of business services that you need in order to do business (as opposed to a haphazard library built by project whims). All of our survey respondents doing SOA portfolio management were satisfied with SOA, even if they create only a "lightweight view of what services [they] eventually want." For example, one way to start is to gather five or six staff members who understand a given business domain and have the group spend an afternoon or a day answering the question, "What are the major business transactions and queries in this business domain?" Each of these is a candidate SOA business service. To shepherd your portfolio of candidate services going forward, identify an ongoing working team to periodically review existing and candidate services within each domain.
3. Application road maps and SOA opportunity reviews
Although sometimes you can prove SOA value within the context of a single project (e.g., a multichannel solution in which more than one user interface accesses the same functions), SOA more commonly delivers value across a portfolio of projects. Understanding your application road map provides a foundation for identifying how each project will contribute to your overall progress toward SOA maturity. Building an SOA opportunity review into your project planning, wherein SOA-qualified staff identify how (and how much) SOA to use on each project, can ensure that a strong architecture is built into your projects from the start, before the project budget is set.
4. SOA management as input to business insight
Because SOA business services embody business transactions, the data flowing in and out of your business services is interesting business data from which businesspeople may be able to gain important insights. As a business-focused addition to your SOA efforts, you can keep asking the question, "Would it be valuable for businesspeople to understand something from the flow of data in and out of this service?" If so, SOA infrastructure can siphon off business data from your service flows and use it for business analysis. However, this is a more advanced use of SOA that takes a bit more experience and expertise with SOA than the three practices listed above, as well as greater planning and design in your use of SOA infrastructure. So, you must assess more carefully when your SOA maturity is strong enough for it.
5. SOA policy for business control
Certain types of business policy decisions touch closely on the processing that your SOA business services do. For example, a service - behavior might change according to the monetary amounts in the service request. In such cases, encoding the decision as an SOA policy can make it easier and faster for businesspeople to change the decision criteria based on changing business dynamics. However, SOA policy management is an advanced area of architecture design, and policy-based control of services is the business-focused SOA practice that takes the greatest amount of SOA experience and expertise. Forrester first published its vision for SOA policy management three years ago, knowing it would take a while to mature in the industry, and indications are that interest in SOA policy increased significantly this year over previous years. In any case, you should approach this area carefully and plan to evolve your approach over time.
Randy Heffner is a vice president and principal analyst at Forrester Research, where he serves Enterprise Architect professionals. He is a leading expert on architectures and design approaches for building enterprise applications that are secure and resilient in the face of continuous business and technology change.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Solving the skills conundrum – part 1
"How many of the Fortune 500 companies have access to PRISM? https://en.wikipedia.org/wiki/Industrial_espionage ..."Australia suspected to have PRISM data: Ludlam
Australia Post’s mail business to lose $200 million this year
Australia Post’s mail business to lose $200 million this year
Microsoft's ambivalence about Office on the Web gives Apple shot with iWork on iCloud
Staying Ahead of the Data Explosion
The total volume of data being processed and stored by businesses is rising exponentially. IDC has estimated that the size of the "digital universe" will increase 29 fold between 2010 and 2020. Data storage technology has undergone a steady increase in capacity, along with a steady decline in the cost per unit to store information. Unfortunately, data storage capacity is not keeping pace with data growth and necessitating greater intelligence in the storage infrastructure. Read more.
Building a Better Mousetrap in Anti-Malware
This story is becoming frustratingly old. Cyber threats are continuously advancing in their adaptability speed, sophistication, and degree of stealthiness. At the same time, the exposed footprint is expanding. More business operations are moving online and end-user devices—corporate-issued and user-owned—are expanding in number and variety. A reasonable question asked by executives responsible for making decisions on their organisations’ security budgets is whether their money and resources are being spent wisely. Are their businesses buying and using the best mix of security technologies to meet their needs and obligations? Read on.
New Demands for Real-time Threat Management
Many organisations are evaluating a new security model based upon IT risk management best practices. This is a good idea, but not enough for today’s dynamic and malevolent threat landscape. To keep up with IT changes and external threats, large organisations need to embrace two new security practices: real-time risk management for day-to-day security adjustments and real-time threat management to detect and remediate sophisticated, stealthy, and damaging security breaches (i.e., advanced persistent threats, or APTs). Learn more.