These days, Web services management is evolving into a broader category called SOA management. SOA management products vary, but they typically extend traditional Web services management to include additional capabilities that are useful in a SOA such as the ability to monitor and control services based on the business content of messages. For this reason, I have taken the liberty of slightly modifying the question so that the two facets of a SOA that are discussed, management and governance, both pertain to the same sort of entity. Therefore, let us assume the question to be: "What's the difference between SOA governance and SOA management?"
The simple answer to this question is that SOA governance is primarily focused on the development process while SOA management is focused on the runtime aspects of the SOA. The management system must insure that that the business services in the SOA remain reliable and live up to the expectations of the business's partners, customers, suppliers, internal users and regulators.
Although important new Web services management standards such as OASIS WSDM will eventually advance the state-of-art in Web services and SOA management in exciting new ways, most management products today offer two basic approaches. They may provide separate proxy servers that monitor and control message traffic for services. Or they provide agents that instrument Web services platforms directly to perform similar functions. Many management systems offer both capabilities. The first approach tends to be more flexible, but offers more points of failure. The second approach tends to be much more efficient since it leverages XML processing that has already been done in the Web services platform, but does require installation of an agent in the Web services platforms.
Just to make sure we're all on the same page, what do I mean by the Web services platforms? Whether you call them ESB (enterprise service buses) or you prefer a different name, Web services platforms are the foundation for building and deploying Web services today. These platforms expose either custom or packaged application functionality as Web services. As products, they most often have their roots in application servers and messaging middleware.
In my opinion, in order to manage their SOA effectively, enterprise architects should understand that management systems must maintain visibility and control at a conceptual and architectural level higher than any individual Web services platform. This is because Web services platforms tend to operate as if they were the center of the universe, the only platform needed to develop and deploy services. But in the real world, a SOA is likely to contain many Web service platforms all chosen for their unique abilities and characteristics. While each platform may provide some rudimentary management capability for itself, it is still necessary to provide a higher level and more business-centric viewpoint across all the Web service platforms. This is an important requirement for effective SOA management.
As I said earlier, governance is primarily focused on the tracking and control of development artifacts. They must integrate themselves into the way that development works in a fairly non-intrusive manner while overseeing the entire development process including human aspects such as human manager approvals for migrating something from one stage (like test) into another stage (like production), controlling access and even the visibility of artifacts, and much more.
Governance products must also integrate themselves into the tools that developers use in order to ensure that the artifacts that are created or deployed at all stages of development conform to enterprise-wide as well as project-level standards for that type of artifact. They often must do this for multiple Web service platforms and for multiple, independent development projects, tracking the location of artifacts across multiple locations such as databases, change configuration systems, management/security repositories and so on. Some governance systems also provide their own repository allowing development artifacts to be centrally stored. The ability to provide governance at all levels of the IT technology stack and not just at the level of Web services can also be vitally important. Think of all those CICS mainframe applications and older C programs running on UNIX, for example.
The bottom line is that management and governance can fit together like peas in a pod. Increasingly, they will work together to form a complete link across the entire lifecycle of development and production deployment in a SOA in terms of enforcing and sharing enterprise and business policy. For example, management systems can help governance products enable developers to make informed decisions as to how applications and services are behaving based on historical data and the management policy that management systems can provide to them. Similarly, governance products can provide additional information to management systems about changes in code and interfaces so that management systems can more do more effective event correlation and problem determination.
This was first published in August 2005