It's clear that to leverage the advantages of SOA, it's essential to address new challenges for runtime governance of these loosely coupled systems. And the sooner you address these issues, the better. Organizations that take runtime governance into consideration early in their migration to SOA gain many significant advantages and efficiencies.

That's because every stage of the SOA lifecycle that hosts a running service has a service runtime environment associated with it. And runtime policies govern the behavior of a service in any of its runtime environments and at each stage of the lifecycle—development, staging and production.

Development

During the development phase of the lifecycle, a development team builds new services and discovers existing services that are composed into new business systems. AmberPoint assists in the following:

• Discovery of services and dependencies
• Determining the suitability of a service for re-use
• Evaluating performance and availability early in the lifecycle
• Simulating shared services
• Helping build policies for security constraints, auditing and logging requirements

Staging

During the staging phase of the lifecycle the pre-production team installs the system in a "production-like" environment. The system is then validated to assure it meets standards for installation and operation. Here, AmberPoint helps by:

• Discovery of services and dependencies
• Validating performance, availability, security and auditability
• Evaluating production (operational) suitability
• Establishing and verifying the as-built topology

Production

During this phase of the lifecycle, the operations team installs the system in the production environment and operates it according to the specifications created during development and staging. The operations team is responsible for assuring that both consumers and services meet their contractual commitments and that the systems operate correctly in the dynamically changing production environment. Here, AmberPoint's contributions include:

• Detection of rogue services
• Managing dynamic changes to the service network
• Managing service levels and usage across various consumers
• Managing security, auditing and logging
• Debugging errors and failures

Bootstrapping Governance via Discovery

One of the most pressing SOA issues is making sure that decentralized teams cooperate effectively. How do you coordinate efforts across departments, locations, time zones and priorities? How do you maximize re-use and ensure system-wide compliance with governance policies?

Dynamic discovery has proven to be a crucial capability in solving these issues across the entire SOA lifecycle. AmberPoint's dynamic discovery mechanisms find all the services installed in the environment and the dependencies among those services, based on actual use. Dynamic discovery will also uncover "rogue services"—services that are not recorded in a registry/repository. After all, you need to know about a service in order to reuse it.

Registries and design-time repositories alone do not solve the problem. Even with the best of intentions and the most strongly mandated use, they often end up out of sync with the "real world." There are three reasons why:

1. Human Nature. Developers often don't see the benefit to themselves of keeping the system up to date.

2. Rogue Services. These come from two sources—accidental and intentional circumvention. Accidental circumventions occur during the heat of the moment during system installs and, even more often, during urgent system repairs and restarts. These last-minute changes to the SOA environment fail to get reflected in the registry or repository. Intentional circumventions are potentially more malicious. It's when people choose to ignore the approval process when deploying or using services.

3. Rogue Users. This is when the intended use of service fails to be recorded anywhere in the system. Most of these problems occur on internal systems behind the firewall, where existence of a useful service may have been communicated between colleagues. These "water cooler dependencies" are coded into applications. Later, when it's time to change or remove a service, you can't make an informed decision because you don't know who'd be impacted by the change.

To resolve these issues, automate the system. AmberPoint dynamically discovers services and users across the system—across development, QA and production lifecycles—and automatically adds this information to registries and design-time repositories. It takes human nature out of the equation. It solves the issues of rogue services and rogue users as well, since everything is recorded as it should be.

We've seen many of our customers experience dramatic improvements as a result of dynamic discovery. One such customer, a leading financial institution, increased the number of registered services from a mere handful to more than 100 in the first couple of months of using our runtime governance software. They now enjoy the benefits of greater service reuse, better cooperation across departments, greater business agility and higher ROI.

ROI at Every Stage

Consider the impact on your bottom line at each lifecycle phase.

Development: Runtime governance issues become prevalent at the very outset of SOA projects. In the absence of good runtime governance tools, developers are required to resolve issues manually or through the development of their own tools and utilities. Implementing a runtime governance solution at the outset of development avoids these costs.

• Foregone cost of developing and maintaining tools in-house
• Foregone costs of implementing security capabilities in shared service interfaces and calling services
• Efficiencies related to automated discovery and collection of metadata, automated synchronization with registries, repositories, and/or configuration management systems

Staging: SOA runtime governance can reduce the number of tests required to QA a shared service by incorporating a shared service validation tool into QA/test suite.

Traditional QA and testing tools are geared toward testing complete applications. They can not test shared services as individual components with multiple simultaneous uses, but rather require a full application test for every application that uses a shared service, thereby increasing the load on QA by an order of magnitude. By implementing a validation tool that works in conjunction with the runtime governance system, an organization can simultaneously interleave production data from multiple applications, thereby accomplishing all required QA regression testing in a single test.

Production: The SOA runtime governance solution eliminates the manual labor required to correct processing errors between integrated systems.

Processes that are integrated via loosely-coupled techniques are very flexible and can rapidly change to meet evolving business needs. The price of this flexibility, however, is that loosely-coupled processes are often brittle. When orders fail, analysts are typically required to manually review application logs, to trace the entire path of a given order as it moves from system to system, in order to find and correct the problem. AmberPoint’s exception and log management capabilities eliminate the labor required to collect this data.

Additionally, AmberPoint eliminates costs resulting from reduction of downtime related to system outages. One of the core benefits of runtime governance is that it provides visibility into services and message flows. Without this visibility, it's difficult to determine the reasons for outages and other problems that could disrupt a service in production.

AmberPoint plays a vital role across the software lifecycle. When used consistently across all phases of the software lifecycle, AmberPoint runtime governance solutions raise productivity significantly as policies specified in early phases of the lifecycle can be used in later phases without change. It also improves the accuracy and completeness of system behavioral information that is communicated from one lifecycle phase to the next.