Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Why Soa Governance Is Critical To Cloud Computing David Linthicum 022510
1. Why SOA Governance is Critical to Cloud
Computing
David S. Linthicum
CTO, Bick Group
dlinthicum@bickgroup.com
www.bickgroup.com
2. The Basic Idea
SOA Cloud
Finance/
Operations
Resources
Sales Order
Update
New
Accounts
Commission
Calculation
Data
Cleaning
Sales
3. SOA and Cloud Computing
• One can consider cloud
computing the extension of
SOA
SOA out to cloud-delivered
Shared
Services
resources, such as storage-
as-a-service, data-as-a- Shared
Informa)on
service, platform-as-a-service Shared
Processes
-- you get the idea. Agility
• The trick is to determine which Integra)on
services, information, and Governance
processes are good Cloud
Compu)ng
candidates to reside in the Services
On-‐Demand
Database
On-‐Demand
clouds, as well as which cloud Applica)ons
On-‐Demand
services should be abstracted Pla;orm
On-‐Demand
within the existing or emerging
SOA.
5. However, Not So Fast
• Not all computing
resources should
exist in the clouds.
• Cloud computing is
not always cost
effective.
• Do your homework
before making the
move.
6. When Cloud Computing may be a Fit
• When the processes,
applications, and data are
largely independent.
• When the points of integration
are well defined.
• When a lower level of security
will work just fine.
• When the core internal
enterprise architecture is
healthy.
• When the Web is the desired
platform.
• When cost is an issue.
• When the applications are new.
7. When Cloud Computing may not a
Fit
• When the processes,
applications, and data are
largely coupled.
• When the points of integration
are not well defined.
• When a high level of security is
required.
• When the core internal
enterprise architecture needs
work.
• When the application requires a
native interface.
• When cost is an issue.
• When the application is legacy.
8. Start with the Architecture
Understand:
• Business drivers
• Information under
management
• Existing services
under management
• Core business
processes
• 8
9. Policies in the Context of SOA, and
Thus Cloud Computing
• Who can access the service.
• What they can do to the service.
• How the changes to the service affects other services.
• How changes to the service affect applications.
• How governance works with security.
• How governance links into service testing.
• How governance works with service discovery.
• How governance works with service delivery.
• How to set and maintain appropriate service levels.
• How to manage errors and exceptions.
• How to enable online upgrades and versioning.
• How to perform service validation.
• How to perform auditing and logging.
11. Governance for the Clouds
• The number of services, as well as the complexities
around using those services within the context of cloud
computing, makes service governance even more
compelling, including:
– Location of the services.
– Service dependencies.
– Service monitoring.
– Service security.
12. Security and Governance
• A few things to consider here in terms of security on the
context of governance:
– First, you need to leverage “good enough” security,
meaning that the security solution you look to
implement is proper for the application and
information you’re protecting.
– Second, create your security approach using use
cases and thus look at how security needs to exist at
every level of the system.
13. Governance Technology
• Runtime service governance typically
includes:
– Service discovery.
– Service delivery.
– Service security.
– Setting and maintaining appropriate
service levels.
– Managing errors and exceptions.
– Enabling online upgrades and
versioning.
– Service validation.
– Auditing and logging.
14. Cloud Governance…Dos and Don’ts
• Dos
– Do select a vendor that provides governance features that are more runtime in nature.
Many governance tools focus on design-time features, which are fine, but the runtime
features provide the most value.
– Do look at governance solutions that are well integrated with testing and performance
management tools. Let's face it; SOA and cloud computing are performance problems
waiting to happen.
– Do make sure to do the upfront planning, and place the proper management processes
around the technology.
• Don'ts
– Don't select a governance vendor only because it's part of a suite of software. It should
have value as a stand-alone product, no matter if it's bundled in a suite of software or not.
– Don't rely upon what works within other companies. Your problem domain is unique; the
governance solution will be as well. Trust me.
– Don't forget that you and your governance solution will be together for a long time; thus
consider the quality of the vendor, support, training, and so on. You'll find that the better
vendors provide holistic value, within and beyond the technology.
– Don't marry standards. If there is a fit, great. Don't wait for standards to mature before you
move into governance ... you'll be waiting for a very long time.
16. Implementing Governance
Create
a
Governance
Model
Process Defined
Policies
Model Define Policies
Policy
Designs
Information
Model Design
Policies
Runtime
Governance
Service Implement
Policies
Model
• 16
17. Thanks!
dlinthicum@bickgroup.com
• Blogs:
– InfoWorld
– Intelligent Enterprise
– eBizq.net
• Weekly Podcasts
– Cloud Computing Podcast
• Columns
– SOA World Magazine
– Cloud Computing Journal
• Follow me on Twitter (DavidLinthicum)