Product Review

Many enterprises are currently reorganizing their people, processes, and technology around services. A few are holistically revamping their enterprise architectures around SOA and embarking on roadmaps to achieve grandiose business goals.

Far more enterprises are trying to deal with the unexpected emergence of services and service integration requirements resulting from platform upgrades, portal mashups, ESBs, and service-oriented business requirements such as external partner federation. No matter how they come to SOA, enterprises quickly realize that they need to manage and govern services.
When these enterprises look out over the SOA governance landscape they see a jungle of registries, ESBs, Web services management systems, XML gateways, legacy identity and access management systems, ever-extending platforms, governance interoperability standards, and raw management standards. Knowing that "governance" is an almost primal need for IT management, technology marketing regimes have tried to fill the void with their brands. The result has been a great deal of confusion. It was with this state of affairs in mind that I recently had a chance to take a close look at SOA Software's Service Manager 5.0 and Workbench 5.0. I approached the run through of the product from the perspective of an enterprise architect tasked with governing and managing a Web services integration environment. This is a very common use case in my experience and falls squarely into the second type of services adoption pattern mentioned above that focuses more on the "nuts and bolts" of governance. Before proceeding, I think it is essential to state a set of "nuts and bolts" governance requirements:

• Cradle-to-grave management of the service lifecycle
  - Making sure the right service is available at the right time with a compliant interface description and with the right governance policies
  - Management of the approvals processes for each stage of the service lifecycle with custom workflow
  - Service/schema versioning support
  - Service development artifact repository and traceability
  - Collaboration environment for service stakeholders
• Seamless registry/repository integration
  - Intuitive user interface
  Customizable roles/responsibilities, organizations, and views
• Discovery and value governance
  - Registry, search, and reuse enablement
  - Client collaboration and demand management
• End-to-end security policy and trust management
  - Authentication, authorization, encryption, non-repudiation
  - Access control policy via legacy I&AM system integration, as well as integration with emerging fine-grained access control systems
  - Integration with XML firewalls
  - First-mile and last-mile security policy enforcement
  - Audit logging
  - Integrated PKI management to support federation
• Runtime management, monitoring, and SLA enforcement
  - Monitoring, metrics collection and storage, alerting, problem root cause analysis
  - Custom dashboard creation
  - Unknown service discovery and management
  - Seamless SLA and contract management, intelligent routing and rejection based on SLAs
• Mediation
  - Semantic mediation policies
  - Technical mediation of transport protocols, message styles and exchange patterns, security token formats, reliable messaging styles

I have purposely left out other aspects that are sometimes included in the broader sense of SOA governance, e.g., business process analysis/modeling, asset management, portfolio management, information modeling, etc. Instead, the focus is on "nuts and bolts" governance: a set of functions that are common to almost every conceivable SOA, but nowhere near enough for some. I was glad to get a chance to put SOA Software's integrated registry/repository/management tool through its paces and found its value proposition to be quite compelling against this "nuts and bolts" governance requirements set.

Background on SOA Software
I started tracking SOA Software last year when it acquired Blue Titan and its mediation technology to go along with an established runtime governance and management tool. At that point it was apparent that they had a roadmap to get to an interesting point in the space. Then they announced Workbench at the end of 2006, which is a design-time governance tool that completes the end-to-end governance and management cycle. Workbench and Service Manager are licensed separately; both include a registry/metadata-repository that they share when working in concert to provide a single participant experience. But the best part of SOA Software's vision, in my opinion, is that they are platform independent in that they include management/enforcement agents for every platform you can think of, every identity and access management system you might own, and both .NET and Java (for policy delegation out of code), and stand-alone mediation points for virtualization. For anyone doing governance on an enterprise, line-of-business, and likely even a departmental scale, this is a must. Governance must be adaptive and cannot entail re-platforming services. With this in mind, you might want to take a close look at SOA Software as you move down your own governance path.

Architecture and Installation
Service Manager and Workbench share a common administration server, which comprises a set of five individual processes working in concert with redundancy for fail-over. The admin server comprises the registry, repository, Web admin interface, and enforcement network management server. You can also reuse any existing UDDIv3 registry. Then there is a network of management points in the form of agents and stand-alone intermediaries. As previously mentioned, agents are available for virtually every conceivable platform service container, including all the app servers, ESBs I am aware of (except the open source ones), and the Microsoft stack as well. Installation was a snap and entailed little more than identifying an instance of one of the supported databases (Oracle 9i and above, MS-SQLServer 2000 and above, or DB2 v8.2) and supplying an admin username and password.

Initial Configuration and Workbench View
Figure 1 illustrates the management console browser app, which is a standard portal interface. Like any portal, the management console is personalized to each role and each organization. Notice the activity tabs across the top of the console. These switch the focus between the major focal points in the tool. The "Workbench" tab reflects the design view of the tool (separately licensed as mentioned earlier) and is where developers and administrators who collaborate on service life cycle, versioning, and workflow spend the majority of their time. Speaking of collaboration, one neat feature of the tool is its collaboration space associated with each service. Each service has its own forum in which developers, administrators, and architects can collaborate on service details. Coupled with the ability to attach unstructured data like design docs, UML diagrams, test plans, and the like, along with workflow history, traceability and process adherence is automated to a large degree. This can really be looked at as a CMMI enabler and streamlining vehicle.