14
FEBRUARY, 2005
Ungoverned
SOAs could be dangerous
Governance
gets in everywhere, these days, and service-based architectures are no
different. The trouble with governance, however, is that it is very important
these days for companies to be able to prove that they are well governed
financially and managerially, and that that they are compliant with all
relevant regulations, particularly the financial ones. That means a lot
of controls on the software used to provide the services, and in the coming
world of loosely-coupled, service-based infrastructures, maintaining control
over governance issues will be a real problem, though Systinet feels it
may have an answer.
Systinet
is only a few years old, though its founder, Roman Stanek, has a long
track in the web services related arena, having previously founded NetBeans,
which got swallowed by Sun Microsystems. But it is the issue of Governance
of SOA infrastructures that is now exercising his mind. The fundamental
drive is that the promise of SOA is the provision of more agility in the
way that companies operate. But that with such agility comes some real
issues of control over what is happening within the organisation. Business
services will be created from the breaking down of existing applications,
coupled with new applications and components. But managing this process
is about to become a significant problem.
It
is going to be a direct problem in managing the applications and components
themselves, particularly in terms of which are supposed to interoperate
together under what circumstances. But it is also going to be a growing
problem in terms of the broader issues of governance - compliance with
the growing army of regulations that govern the way businesses operate.
The problem now is that they will not only have to be able to run an audit
on the business itself, but on the applications and data used to provide
those results. This means that they will need to not only manage which
applications - and versions of applications - are used to provide a specific
business service but also be able to prove it. This also has to extend
to the tools and management environments through which the applications
and data operate.
Systinet's
solution is its Business Service Registry, Version 5.5 of which has just
been introduced. This has the objective of managing what the company calls
the metadata for an infrastructure. It is also, in a way, the company's
attempt to make a pitch at creating a Governance mark-up language, for
which Stanek sees a great need now, and for which there are as yet no
formal moves to create. There is, he feels, now a need for companies to
move beyond just thinking about service-oriented architectures and towards
what he calls Compliance Oriented Architectures, for if there is no partnership
with the need for corporate governance then much of what SOA can offer
in terms of agility and flexibility is likely to be wasted, if not downright
counter-productive in business management terms.
What
Registry aims to do is provide a systematic and managed way to find and
re-use existing resources so that the way in which individual business
services are built can be managed properly. In this way, interoperability
stands a much greater chance of being achieved. It also provides tools
to control the provisioning of those services in compliance to both the
policies and a best practice regulations set by the company itself and
any external compliance issues such as regulations associated with Sarbanes-Oxley
or Basel II. In this way, the enablers of a service - both the human element
of architects, developers and Line of Business managers and the technology
elements such as J2EE, .NET, Tibco, Enterprise Application Integration
systems and legacy applications can be published and described in the
registry within the terms of the service policies and classifications
set by the company. This then provides the resources for infrastructure
management systems to work with a wide range of management systems such
as HP's OpenView, IBM's Tivoli, Amberpoint and Actional in a controlled
policy-based environment.
The
Registry is available from Systinet as a free download, from:
www.systinet.com
|
