What
is SOA? One can say that the synthesis of Enterprise Application
Integration (EAI) platforms with middleware tools and concepts evolved
into what we know today as Service Oriented Architecture.
SOA then represents a standards based architectural blueprint with an emphasis on business centric services and transactions rather than that of technology oriented objectives: In other words an architectural style which businesses can use to execute and align services with their business model to achieve their business strategy, goals and objectives.
For instance, an end-user request a particular IT service per specified requirements defining capacity and quality levels, in response to this, the requirements will then be delivered when specified in a service based delivery methodology which is process aware and which allows auditing.
According to Thomas Erl, we can define Service Oriented Architecture (SOA) as" a standards based architectural approach for building applications by using a set of loosely coupled reusable, standards-based, and well-defined service."
Traditionally most IT personnel dealing with SOA has at some point in time encountered roadblocks affecting decision structures as well as building a SOA roadmap. This was especially evident if there was a persistent gap between IT and business.
We have also seen that an increasing demand on speed and flexibility with regard to SOA implementations, more so with business applications which are augmenting the requirements to get value out of applications as they are implemented. This dynamic drive and necessity makes SOA an ideal model to implement a cloud computing service.
However, while I believe that following guidelines set out by a SOA is essential to the success of this service oriented environment, an important aspect of any SOA implementation is its governance. Nevertheless there are shortcomings within the traditional SOA model in terms of its governance that can impact the full maximization of a cloud service.
Luo, Zang & Lei (2010) stated that, "management or governance is not always implemented that well with SOA." The opinion presented was that if Cloud Computing services and delivery is appropriately designed and implemented, the integrity of data be it at rest or in transition can be exposed to risk by the manner in which "transactions are initiated, executed and recorded potentially through infrastructures and application systems distributed in many locations in the cloud."
In addition to affecting operational costs and the possibility of revenue loss, such a scenario can lead to unwanted legal concerns.
With the cloud being an area of diversity, in order to take full advantage of an SOA execution, there must be protocols in place to ensure that :
1. Governance procedures are adequately mapped
2. The SOA roadmap is clearly defined and
3. SOA processes involved are effectively documented
In light of this an architect needs to ensure a clear understanding of business process requirements that are collected and interpreted to ensure an accurate implementation that aligns to business goals, objectives and long term strategies.
SOA then represents a standards based architectural blueprint with an emphasis on business centric services and transactions rather than that of technology oriented objectives: In other words an architectural style which businesses can use to execute and align services with their business model to achieve their business strategy, goals and objectives.
For instance, an end-user request a particular IT service per specified requirements defining capacity and quality levels, in response to this, the requirements will then be delivered when specified in a service based delivery methodology which is process aware and which allows auditing.
According to Thomas Erl, we can define Service Oriented Architecture (SOA) as" a standards based architectural approach for building applications by using a set of loosely coupled reusable, standards-based, and well-defined service."
Traditionally most IT personnel dealing with SOA has at some point in time encountered roadblocks affecting decision structures as well as building a SOA roadmap. This was especially evident if there was a persistent gap between IT and business.
We have also seen that an increasing demand on speed and flexibility with regard to SOA implementations, more so with business applications which are augmenting the requirements to get value out of applications as they are implemented. This dynamic drive and necessity makes SOA an ideal model to implement a cloud computing service.
However, while I believe that following guidelines set out by a SOA is essential to the success of this service oriented environment, an important aspect of any SOA implementation is its governance. Nevertheless there are shortcomings within the traditional SOA model in terms of its governance that can impact the full maximization of a cloud service.
Luo, Zang & Lei (2010) stated that, "management or governance is not always implemented that well with SOA." The opinion presented was that if Cloud Computing services and delivery is appropriately designed and implemented, the integrity of data be it at rest or in transition can be exposed to risk by the manner in which "transactions are initiated, executed and recorded potentially through infrastructures and application systems distributed in many locations in the cloud."
In addition to affecting operational costs and the possibility of revenue loss, such a scenario can lead to unwanted legal concerns.
With the cloud being an area of diversity, in order to take full advantage of an SOA execution, there must be protocols in place to ensure that :
1. Governance procedures are adequately mapped
2. The SOA roadmap is clearly defined and
3. SOA processes involved are effectively documented
In light of this an architect needs to ensure a clear understanding of business process requirements that are collected and interpreted to ensure an accurate implementation that aligns to business goals, objectives and long term strategies.
Bear in mind that in this dynamic ecosystem of cloud computing, one has to account for all possible variations of process activity by understanding how a process could and will respond to an unexpected or abnormal condition, rather than simply focusing on what could go wrong.
In order to implement and manage an effective cloud computing deployment governance framework, additional policies and processes need to be implemented to overcome the shortcoming in current SOA management and governance practise.
Some of these shortcomings were addressed in a study "A Comprehensive SOA Governance Framework Based on COBIT", presented at the 2010 6th World Congress on Services in Miami.
Investigators presented data demonstrating the merit of a governance framework addressing shortcomings that can be encountered within a traditional implementation of a SOA. Their proposal suggested a model which would lead to a proliferation in management's ability to improve decision making, manage complexity and develop control and enforcement mechanisms; ideally improving governance.
In addition to other areas, the study also identified Service Portfolio Management and Monitoring and Evaluation processes as two areas that needed more attention.
The researchers solution to these shortcomings was to integrate governance aspects and main characteristics of the Control Objectives for Information and related Technology (COBIT).
Accordingly they used these characteristics of COBIT to develop "a manageable, measurable and more expressive SOA governance framework in which all processes descriptions, activity goals, control objectives, activities and metrics have been entirely documented as processes management aspects".
With the uncertainty and hesitancy by some to adopt a cloud service despite the pitched or perceived advantages, I believe that the implementation of a SOA model as proposed by these researchers can alleviate some of the major concerns associated with adoption of a cloud computing service.
By ensuring that processes and protocols are in place which are manageable, measurable, clearly defined and controlled - concerns such as security, identity and access control together with compliance and audit can be suitably mediated.
No comments:
Post a Comment