|
|
This
is the fifth of a six part series of posts on the
Agile SOA life cycle. Here we will at look at IT and SOA Governance. With the
introduction of agile, spiral, and scrum development methodologies, the
traditional waterfall development approach of testing a near-finished app at the end of many Agile development cycles won't be agile at all, as the elements of the application are
constantly changing. Traditional
models of IT governance will also not work.
To
aggravate testing, the service-oriented architecture (SOA) design pattern is
used to make IT more responsive to changes requested by
business. New process tooling has been introduced to specifically assist in the cataloging of service assets, and organization of policies governing SOA.
This
new set of tooling created to support SOA revolves around governance platforms
like HP Systinet / S2, SAG Centrasite, SOA Software, TIBCO ActiveMatrix and
Oracle Fusion. These SOA Governance tools manage the collection and cataloging
of metadata about services, and organize the interdependencies they have with
each other, along with the documentation of SOA Policies to define how combined
services should meet business requirements.
Within
the Governance toolset, SOA Registry/Repositories provide a new platform for
LISA to automate testing and validation.
The traditional system requirement and functional testing will still
occur, but in a SOA there are more opportunities to automate the validation and
enforcement of policies.
The
current thinking around SOA Governance is largely siloed and specialized around
design-time WSDL validation, runtime performance, and security policy
enforcement. As SOA Governance
matures to support robust and widely diverse SOA initiatives, this thinking
must expand dramatically. One of the greatest values a SOA Governance platform
must provide is the proof that policies written in human or business terms are
in fact implemented in the system, on a continuous basis.
Validation
with our LISA solution takes the form of positive and negative tests on the use of these
policies, which are executed continuously at change and runtime, as services
and their underlying technologies and data are constantly changing and evolving.
The validation of the LISA test becomes a demonstrable artifact for exposing
and enforcing SOA Policy, within the changing workflow of the SOA Governance framework.
Example
Scenario of Validating SOA Policies
Let's
look at a sample deployment, a series of web service definitions, as WSDL
files, are loaded into the UDDI registry.
The relationships of the services to each other, and the documentation
of how they can be tied together to create a business process is
documented. For a new employee
introduction, there may be a series of services from the human resources package
to identify the employee's location and managers, there are services that
provision IT resources like computer and e-mail, and services to a external
partner for insurance and benefits enrollment. These services would be documented via their WSDLs and
stored in the UDDI registry. A HR-to-payroll business process will be defined utilizing these assets.
This
all seems simple as long as each participant in the business process provides a
well documented, functioning, reliable, and secure service. The policies around the structural,
behavior, and performance of these individual services are documented the
governance tool. For example, the
business analyst will write policies in a tool like CentraSite ActiveSOA, describing
the behavior of the services.
The
IT service will accept a new employee's name and id number and return an e-mail
address, domain login, and default password. The security service will accept the manager and role and
provision the appropriate access control to systems for the new employee. The
security manager will specify that the services must only run if encrypted and
signed data is sent to them. The
signature must be validated against the companies master certificate provider
to prove that the request is from only authorized HR personnel. Lastly, the IT operations team will
provide policies around how many transactions per second (TPS) the service
should handle, and the maximum response time the service will take, so the component
will be a good participant in a decomposed transaction.
That's far too many steps to carry out if it's a strictly manual validation process. The execution of the tests needs to live within the SOA Governance process. Testing, Validation and Policy Enforcement SolutionsGiven
all of the processes enterprises must employ to manage the design,
construction, integration and management of the IT environment, it makes sense
to have a common, reusable way to apply validation and enforcement across these
processes. SOA Validation becomes ???the long arm of the law??? with reusable and rich
testing that merges into the workflow of each of these processes, and the tools
that support them.
The Validation arm shown above (with our LISA as the "long arm") provides capabilities to run test cases to verify different rules and
policies defined in leading IT process tools. The policing action is
accomplished by tying automatic running of tests to the expected behaviors
and policies in the workflow of the process tool. The invocation of tests from a governance platform to
ensure SOA policy is similar to the policing action done for test management
solutions, the biggest difference is the context and stage in the lifecycle of
the component that needs to be verified.
In a
traditional test of a waterfall development there is a specific point in time
in which the system is tested and deemed ready for production. In today???s services-based applications,
there is no longer one point in time in which we can identify a test run to
ensure quality of the application.
In a
SOA lifecycle, we think of design time, run time, and change time as the three
stages of a service or business process being constructed within these loosely
coupled systems. In the example
above some of the services are interactions with packaged applications (HR
system), some from home grown systems (IT user and security provisioning), and
other from external partners (benefits).
The development and release cycles of these three areas will be
different and will not be coordinated for a single big bang release. One advantage of SOA is the ability to
decouple systems and utilize services created by different parties instead of
building everything yourself.
At design time, a test will be run to
make sure that WSDLs are WS-I compliant, that they follow an RPC or doc-literal
call structure, and that a customer-specific XML tag is used for service
identification. Based the on
passing of a compliance test, the WSDL will then be made available in the
Repository for developers to code the functionality behind it.
Once
the developers have created the necessary code to implement the service and its
underlying technology components, the behavior and security of the service
needs to be validated. The only
way to verify if the code behind a service is working properly, since there are
no hard-coded responses in the real world, and that security is respected, is
to invoke the service, then verify that the underlying systems of record are
updated properly.
Again, a test case is used to invoke and verify that the business requirements and
the behavioral and security policies have been implemented. If the candidate
Service can pass these Policy tests, it can now be published in the registry
for a consumer to use. If these
tests fail, the service should not be promoted for availability to consumers in
the registry.
As a
best practice, the individual services should undergo load testing once they
are made available. Far less risk is introduced if we test for load while the
components are being built, when something can be done to improve performance
issues, rather than waiting until the system is deployed, when issues are much
more costly to repair. Progressive development shops start their load testing
once the service functionality has been verified, so that developers can make
code changes, and optimize logic and data access before consumers start
utilizing the service.
In run time, the service is now promoted
to the Registry, along with a test that demonstrates its functionality,
and made available for consumers to leverage as part of their own application
workflows. These consumers also bear responsibility for validating that their
intended use of the service is actually supportable. The best way to do this is
to create an executable test asset to validate that the structural,
behavioral and performance aspects of the overall consumer???s workflow are
supported when the service is leveraged. This will pay big dividends when the
test is run continuously as part of the governance process.
The
final stage is change time. This is
when the true advantages of SOA and agile development come into play. If a new
service needs to be added, or a modification to a existing service needs to be
made to respond to changing business requirements, the policies for the service
must be re-verified. Not only do
we want to update any behavioral policy with the new expected behavior, but the
regression of existing policies must occur.
Put
yourself in the place of the consumer of a service. How can you trust that
changes will not create unintended consequences (e.g. failures) for a service
you depend upon, and break your existing business processes? Each consumer needs to place their
expected behavior as a policy in the registry, with an accompanying test,
so that it can be automatically validated before that change is made. The automated structural and behavior policies
in the test represent the consumer???s rights ??? and their responsibility for
using the services as defined. When these tests run automatically as part of
SOA Governance, trust between service consumers and producers is achieved. For
more on SOA governance see Joe McKenrick???s posting of the full transcript of a
recent eBizQ SOA governance panel that John Michelsen participated in.
In
our next post, we will provide our conclusions. You can download this complete
series as the "Agile SOA Across the Lifecycle" at our ITKO LISA resources page.
Read the original blog entry...
IoT & Smart Cities Stories By Zakia Bouachraoui  The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get tailored market studies; and more. Feb. 18, 2019 04:00 PM EST | By Zakia Bouachraoui  At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug... Feb. 18, 2019 01:00 PM EST | By Yeshim Deniz  At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug... Feb. 18, 2019 07:45 AM EST | By Pat Romanski  AI and machine learning disruption for Enterprises started happening in the areas such as IT operations management (ITOPs) and Cloud management and SaaS apps.
In 2019 CIOs will see disruptive solutions for Cloud & Devops, AI/ML driven IT Ops and Cloud Ops.
Customers want AI-driven multi-cloud operations for monitoring, detection, prevention of disruptions. Disruptions cause revenue loss, unhappy users, impacts brand reputation etc. Feb. 18, 2019 06:00 AM EST | By Yeshim Deniz  Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha... Feb. 18, 2019 03:45 AM EST | By Zakia Bouachraoui  At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug... Feb. 18, 2019 03:00 AM EST | By Zakia Bouachraoui  As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations.
Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility.
As they do so, IT professionals are also embr... Feb. 17, 2019 05:00 PM EST | By Elizabeth White  In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential.
Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D... Feb. 16, 2019 04:45 PM EST Reads: 14,062 | By Roger Strukhoff  As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations.
Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. Feb. 14, 2019 05:00 PM EST | By Elizabeth White  Today's workforce is trading their cubicles and corporate desktops in favor of an any-location, any-device work style. And as digital natives make up more and more of the modern workforce, the appetite for user-friendly, cloud-based services grows. The center of work is shifting to the user and to the cloud. But managing a proliferation of SaaS, web, and mobile apps running on any number of clouds and devices is unwieldy and increases security risks. Steve Wilson, Citrix Vice President of Cloud,... Feb. 13, 2019 08:15 PM EST |
|
|
|
|
|
|