Oracle SOA Governance for the Business1. © 2016 Capgemini – Proprietary
Oracle SOA Governance
for the Business
Luis Weir
luis.weir@capgemini.com
uk.linkedin.com/in/lweir
@luisw19
soa4u.co.uk/
2. 2
© 2016 Capgemini – Proprietary
§ Why is Governance Needed?
§ Assets vs. Liabilities
§ What is SOA Governance
§ SOA Governance Framework
§ Implementation Roadmap
§ SOA Assessment
§ Design Time vs. Runtime Governance
§ Asset Centric Governance with Oracle
Governance Suite
§ About Me
Agenda
3. 3
© 2016 Capgemini – Proprietary
Without the right level of SOA Governance implementation of technologies suited to support these new trends
may end up being an expensive project that fails to deliver any return on investment therefore not bringing
benefits to the business.
Industry Trends – How can SOA Help?
¡ Social analytics, cloud computing, big data adoption to bring
competitive advantage
New Technology
¡ Demand for large quantities of data must be provided in a
standardized, long-term methodRapid Growth of
Mobile Apps
¡ Opportunities to save costs through automation and optimization
of business processesMaturity in BPM
Technology
¡ Complex security needs are driving greater investment in IT
securityIncreased Need
for Security
¡ Oracle SOA Suite supports and enables adoption of new
technologies
¡ Oracle service orientation and SOA Suite meets this demands and
provides support to service bindings suitable for mobile use
¡ Fusion Middleware provides best of breed security solutions such
as Oracle Access Manager , Identity Manager and API Gateway
¡ BPM suite is a fundamental component of SOA Suite, in facts is a
service engine within SOA Suite itself.
4. 4
© 2016 Capgemini – Proprietary
Assets vs. Liabilities in SOA Terms
Assets are any electronic artifacts
such as API’s, XML documents
(XSD’s, WSDL’s or XSLT’s),
documents (requirements, designs,
etc), systems, and applications that
add measurable value to the
Business.
Liabilities are duplicated,
deprecated, redundant or unused
“Assets” that no longer deliver
benefits but that introduce extra
costs to the business.
5. 5
© 2016 Capgemini – Proprietary
What SOA Governance Isn’t?
• Standards: such as naming conventions, patterns, reference architectures,
standards, amongst other, cannot be considered to be Governance. Although
these are important assets, if not enforce through a process they are often
forgotten and outdated.
• Configuration Management, Version Control or Continuous
Integration: Although these are very important disciplines within software
engineering and contribute greatly towards adopting governance, without
supporting processes, policy enforcements and the right tools, these disciplines
can become an overhead and easily run out of control.
• A Tool: Tools without structured process around it add little value and will likely
end up not being used for its original purpose.
• Review Gates: Having a panel (i.e. Design Authorities) responsible for
approval or rejection of deliverables is an important aspect of Governance
however without some sort of automation, robust traceability, policy
enforcement, and control these can be time consuming, inaccurate and
ultimately unmanageable.
6. 6
© 2016 Capgemini – Proprietary
What is SOA Governance?
Policies
(What)
Reference Architecture
Targets and Objectives
Assets
Standards
Configuration Management, ...
Processes
(How)
Software Development Lifecycle (SDLC)
Design Time and Runtime Governance
Oracle SOA 11g GovernanceSuite
Subversion
...
Decisions
(Who)
Organization Units
Stake Holders
Roles and Responsibilities
...
Governance is the alignment of policies (what), decision makers (who)
and processes (how) to ensure and maximize the benefits that technology
can bring to the business
7. 7
© 2016 Capgemini – Proprietary
Top 5 Governance Challenges
Challenge Consequence
Lack of visibility over existing assets and its
performance
Minimum asset reuse and duplication
introducing extra costs (both in CAPEX and
OPEX). Without a level of analytics it is not
possible to determine ROI.
Tactical Projects over of Strategic Solutions Projects have their own agendas which deliver
short term benefits to the project but that
add no long or mid term Enterprise value.
Poor decision making and Lack of
accountability
No sense of ownership makes decision
making, policy enforcement and accountability
an impossible task.
Low quality of Assets which become difficult
to maintain and change.
Higher complexity and cost of change
introduces Risks to the Business preventing
new and innovative solutions to be introduced.
Poor estimation techniques and inaccurate
planning
Projects cost more than estimated mainly
because of “unknowns”... (i.e. Rework, extra
activities and deliverables, dependencies,
complexity, and others)
8. 8
© 2016 Capgemini – Proprietary
SOA Governance Framework
§ A Governance Framework materialises the Governance concepts and
provides a taxonomy of deliverables suited to support all aspects of it
(what-who-how).
§ A Governance Framework Accelerator is a prebuilt framework that can
acquired and customised to specific customer needs.
SOA Governance Framework
Policies
(What)
Decisions
(Who)
Processes
(How)
9. 9
© 2016 Capgemini – Proprietary
SOA Governance Framework Accelerator
§ Implementing an accelerator dramatically reduces the complexity and
effort required to implement Governance therefore reducing Risk.
Business
Benefits
SOA Governance Framework Accelerator
Business
Objectives &
IT Strategy
Design Time
Governance
•Reference Architectures
•Service Capability Matrix &
Catalogues
•DevelopmentStandards
•Design Standards
•Programming Standards
•Security Standards
•Exception Handling
Standards
Runtime
Governance
•DeploymentFramework
•Exception Handling
Framework
•Continuous Integration
•Testing Framework
•Provisioning Framework
Organization
•Roles & ResponsibilitiesSOA
Strategy
&
Business
Case
10. 10
© 2016 Capgemini – Proprietary
Your Chances of Success...
Elaboration Construction Maintenance Changes
¡ Short term benefits but
higher long term costs
¡ Higher cost of change
¡ Higher support costs
¡ Higher risk
¡ ROI from asset reuse
¡ Lower cost of change
¡ Relatively high risk of
implementation
Costs
OPEX
Tactical
Implementation
Strategic
Implementation
No Accelerator
Strategic
Implementation
With Accelerator
¡ Reduced risk of failure
¡ Accelerated delivery
¡ Quicker ROI
CAPEX
11. 11
© 2016 Capgemini – Proprietary
SOA Governance Implementation Roadmap
Enablement Phase Implementation Phase
SOAMaturity
L1
L3
L2
L4
L5
Time
Projects
As-Is
To-Be
Governan
ce
Objectives
SOA
Assessment
Define and Implement
Design Time Governance
Framework:
Standards, Frameworks,
Tools, etc.
SOA Strategy &
Business case
Define and Implement
Runtime Governance
Framework:
Frameworks, Tools, etc.
Governance
Enabled
Projects &
Lifecycle
12. 12
© 2016 Capgemini – Proprietary
SOA Assessment
Enablement Phase
Business
Objectives &
Strategy
SOA
Governance
Objectives
Maturity
Assessment
SOA
Strategy &
Business
Case
Evaluate As-Is
•Analyse and Quantify
Capabilities on each
Domain:
•Business Goals and
Strategy
•Reference Architectures,
standards and SDLC
•Application
implementation views
•Data Architecture,
Analalitical Reports, BI
•Support and
Administration tasks
•Project Portfolions,
Success Rates,
Estimation Models
•Team Structures,
Organistion Charts
Elaborate To-Be:
•Define and Quantify
Desire Maturity Level:
•Analyse Results and
Identify from As Is
•Define a realistic target
maturity considering a
target completion date of
1 to 2 years max (I.T.
Moves fast so longer
than this is unrealistic)
•Quantify each capability
based upon desired
maturity on target date
Elaborate
Results
•Elaborate
Recommendations and
actions
•Identify key success
factors Based on
Business and IT goals
identify
•Based on Business value
and risk, prioritise actions
and recommendations
and define milestones
• Elaborate a SOA
Strategy
• Elaborate a Business
Case
1 2 3
Phases
13. 13
© 2016 Capgemini – Proprietary
SOA Governance Objectives
§ Objectives should be around ensuring and maximising the benefits that SOA brings
to the business by:
§ Aligning the SOA strategy to the business objectives
§ Delivering a Framework suited for Business Agility and Change
§ Aligning SOA to Enterprise Architecture
§ Providing visibility over existing Assets, its use and operational performance
§ Improving the quality of assets by enforcing policy and standards
§ Increasing the ROI by asset re-use
§ Reducing the cost of change and support
§ Reducing the risk of failure
§ Improving agility and promoting innovation
14. 14
© 2016 Capgemini – Proprietary
Oracle SOA Maturity Model
§ The Oracle SOA Maturity Model is a five level model where each
level represents a particular state of maturity of a SOA
implementation in an enterprise.
BusinessValue
Time
1 Opportunistic
• SOA Focused on
Quick Wins
Projects
• Get Experience
Building,
Deploying and
Consuming
Services
2 Systematic
• SOA Applied to
Existing Portfolio
• Focus on Standards
and Management
3 Enterprise
• Strong Focused in SOA
Governance and
Enterprise Architecture
• SOA to Enable Business
Processess, Process
Automation and
Improvement
• Extend SOA to the rest
of the Enterprise
4 Measured
• Strong Focused on
Qualitative Management
and Monitoring
• Process owners drive
Processess and Process
Optimization
• Use of BAM, BTM, OEM
and OER to Measure
Operational performance
and ROI
5 Industrialized
• Agile SOA able to
Support Business
Rapidely and Cost
Effectively
• Event-Drivent
technolgies such as
CEP and EDN's
Enabled Self-
Optimised Processess
and Applications
15. 15
© 2016 Capgemini – Proprietary
Maturity Assessment
§ A MaturityAssessment evaluates the current state of a SOA
Implementation within an organization. the Oracle SOA Maturity Model
along with the Oracle Capabilities domain can be used to conduct the
assessment.
16. 16
© 2016 Capgemini – Proprietary
Strategy & Business Case
§ An SOA Strategy should define a Vision and a Roadmap describing the projects,
activities and iterations needed to realise such a vision. The Vision is a long term
view of the future whereas the Roadmap should be based on achievable timeframes.
§ A Business Case should be created on the back of the strategy to secure the funding
needed to implement SOA Governance. A good Business Case should express in
business words:
§ How SOA Governance will help the Business achieve its goals.
§ What benefits will be delivered to the business (i.e. lower TCO, Cost Savings in both OPEX
and CAPEX by xx%, Agility, etc).
§ How SOA benefits will be measured
§ ROI
Estimated time
required to build an
asset for single use
Estimated time
required to use an
existing asset
Predicted net hours
saved by the
consumer
17. 17
© 2016 Capgemini – Proprietary
Design Time Governance
§ Design Time Governance can be defined as the combination of processes, tools and
people needed to support the analysis, design and build phases of a SOA implementation.
Analysis
Requirements
Design
Build & Unit Test
Deploy
Test
(i.e. SIT, UAT, NFR, etc)
Support
Service Discovery
Service Cataloguing
Service Design
Service
Implementation
Service
Testing
Service Retirement
Service
Improvement
Service
Deployment Service
Monitor
ing
ProjectPhases SOAAssetLifecycle
Design Time
Governance
•ReferenceArchitectures
•Service Capability Matrix
& Catalogues
•Development Standards
•Design Standards
•Programming Standards
•Security Standards
•Exception Handling
Standards
Runtime
Governance
•Deployment Framework
•Exception Handling
Framework
•Continuous Integration
•Testing Framework
•Provisioning Framework
•SLAManagement
•BAM
SOAGovernance Framework
Supports
18. 18
© 2016 Capgemini – Proprietary
Runtime Governance
§ Runtime Governance can be defined as the combination of processes, tools and people
needed to support the deployment, testing and production support phases of a SOA
implementation project.
Analysis
Requirements
Design
Build & Unit Test
Deploy
Test
(i.e. SIT, UAT, NFR,
etc)
Support
Service Discovery
Service Cataloguing
Service Design
Service
Implementation
Service
Testing
Service Retirement
Service
Improvement
Service
Deployment Service
Monitor
ing
ProjectPhases SOAAssetLifecycle
Design Time
Governance
•ReferenceArchitectures
•Service Capability Matrix
& Catalogues
•Development Standards
•Design Standards
•Programming Standards
•Security Standards
•Exception Handling
Standards
Runtime
Governance
•Deployment Framework
•Exception Handling
Framework
•Continuous Integration
•Testing Framework
•Provisioning Framework
•SLAManagement
•BAM
SOAGovernance Framework
Supports
19. 19
© 2016 Capgemini – Proprietary
Roles in SOA
§ Clear understanding of the Roles and Responsibilities is fundamental in any SOA
Adoption. Governance is as much about people as it is about tools and
processes.
Design Time
Governance
•ReferenceArchitectures
•Service Capability Matrix
& Catalogues
•Development Standards
•Design Standards
•Programming Standards
•Security Standards
•Exception Handling
Standards
Functional / Business
Analyst
SOA
Designer
SOADesign
Authority
SOA Testers
SOA
Architect
Requirements
Service Discovery
Service Cataloguing
Service Design
Service
Implementation
Service
Testing
Service Retirement
Service
Improvement
Service
Deployment Service
Monitor
ing
SOAAssetLifecycle
Runtime
Governance
•Deployment Framework
•Exception Handling
Framework
•Continuous Integration
•Testing Framework
•Provisioning Framework
•SLAManagement
•BAM
SOAGovernance Framework
SOA
Developer
SOASupport
Specialist
Owner Of
Contributes To
20. 20
© 2016 Capgemini – Proprietary
Asset Centric Governance with Oracle
Governance Suite
• Service Visibility
& Discovery
• Automated Harvesting
• Dependency
Management
• Human Worklow
• Design Policy
Enforcement
• IDE Integration
• Runtime Operational
Metrics Integration
• Analytics
• Service Catalogue
• Endpoint Virtualisation
• WS-Policy & WS Security
• Policy Enforcement Point and
External Gateway
• DMZ
• Native REST/JSON Support
ideal to expose API’s and
support mobile
• Robust security layer
• Runtime Performance
• SLA Management
• End-to-End Transaction
Monitoring with BTM
• Operational Metrics
• SOA Infrastructure
Management
21. 21
© 2016 Capgemini – Proprietary
Asset Centric Governance
SOA Lifecycle
Functional /Business Analyst
SOA
Developer
IDE Code
Deployment Framework
& Continuous Integration
1. Requirement
Elaboration
2. Service Discovery and
Cataloguing
Service
Catalogue
Service
Capabilities
3. Service
Implementation
4. Service Deploy
and Test
SOA
Designer
2. Service Design
SOA Architect
SOADesign-TimeGovernance
Process Models
Use Cases Business Rules
Catalogue
Service Detail Design
SOAHigh Level
Design
Production
SOA Systems
Harvest / Ops Metrics
SOA Quality Tester
& Support
Specialist
Dev, CI, Test
SOASystems
Discover
Submit
Consume
Harvest
22. 22
© 2016 Capgemini – Proprietary
Asset Centric Governance
SOA Governance Framework Modelled in OER
23. 23
© 2016 Capgemini – Proprietary
Asset Centric Governance
Logical Architecture
SOA/BPM Development ServerSOA Governance Server
OBPM 10g Domain
OER Domain
DB Server
SOA Domain
Weblogic
(10.3.6)
Admin Server 1
Weblogic
(10.3.6)
Managed
Server
Administration
Console
Oracle 11g DB
(11.2.0.x)
Enterprise
Manager
SOA / BPM
Suite
(11.1.1.6.x)
SOAINFRA
OSB Schema
MDS
OER_DATA
OER_INDEX
UDDINODE
Weblogic
(10.3.6)
Managed
Server
OWSM
Policy
Manager
MDS
Weblogic
(10.3.6)
Managed Server
Weblogic (10.3.6)
Admin Server
Administration
Console
Weblogic (10.3.3)
Admin Server
Weblogic (10.3.3)
Managed Server
OBPM 10g
(10.3.2)
OER Asset
Registration
Workflows
Weblogic (10.3.6)
Managed Server
OER
(11.1.1.6.x)
Administration
Console
Weblogic
(10.3.6)
Managed
Server
BAM
Weblogic
(10.3.6)
Managed
Server
OSB
(11.1.1.6.x)
SOA/BPM Test Server(s) SOA/BPM
Preproduction Servers
SOA/BPM
Production Servers
OSR
Standalone
(11.1.1.6.x)
OAS 10.1.3.4.1
OC4J
OER Publisher
Enterprise
24. 24
© 2016 Capgemini – Proprietary
About me
Latest Media:
§Oracle Magazine May/June 2016
(http://bit.ly/1RTCAU3)
§Systematic Approach for Migrating to
Oracle Cloud SaaS (http://bit.ly/1Xr6acs)
§Oracle Magazine Jan/Feb 2016
(http://ora.cl/Vhh)
§API Management Implementation
(http://ora.cl/Gcw)
§A Word About Microservices and SOA
(http://bit.ly/25Dk5go)
Luis Weir
Oracle Ace Director – Principal Architect
assisting organisations define and implement solutions and strategies that can help them realise the
benefits that such technologies have to offer.
I am very passionate about technology. I have be the lead authored of two books (Oracle SOA Governance 11g
Implementation and Oracle API Management 12c Implementation), I am a regular blogger and speaker in major
conferences and events. A well-known industry expert especially when it comes to Oracle middleware
technologies I am also an OTN certified SOA black belt.
I am an Oracle Ace Director, principal architect and a thought leader specialised in
Oracle Fusion Middleware & Oracle PaaS technologies. With more than 15 years of experience
implementing IT solutions across the globe, I have been exposed to a wide wide variety of
business problems many of which I’ve helped solved by adopting SOA architectural styles
such as traditional SOA, API management and now Microservices. My current focus is in
2nd Place
1st OTN
Cloud
Hackathon
June, 2016
Cloud
Contribution
Award
SOA Community
March, 2016