Policy and governance issues are rising to the fore for those managing service-oriented architectures. A recent
survey from Aberdeen Group in Boston found that 80% of respondents had some type of SOA, and 78% are either using SOA governance or services management tools or will be within the next two years.
To meet that demand, vendors are rolling out new products to address these management needs at both design time and runtime.
"The number of moving parts and services people are managing has grown significantly; managing one at a time gets taxing," said Ed Horst, vice president of marketing at AmberPoint Inc. in Oakland, Calif. In addition, he said, customers are requesting visibility into what Horst calls the "supporting cast members" of an SOA --client applications, various application servers, Web pages, Web applications, middleware, legacy systems and back-end databases.
The AmberPoint 5.0 runtime management product, announced last week, adds a comprehensive policy management system, prebuilt agents that extend support for all the major SOA platforms and components for SOA-wide visibility and control, along with new security and exception management capabilities.
According to William A. Mougayar, a vice president and service director at Aberdeen, AmberPoint 5.0 has two unique features.
"One is the automatic policy provisioning based on specific conditions," he said. "For example, you apply independent policies for an entire group of services in a 'logical' grouping and you can monitor that accordingly," he said. Also, he cited the ability to create predefined/preapproved sets of libraries of policy.
In addition, AmberPoint 5.0 automatically discovers the services recorded in a UDDI registry and the associated policies. It then automatically assigns and enforces those policies.
"What's interesting about AmberPoint is the coexistence with Systinet," Mougayar said. "Systinet has the registry, but they have to be reliant on other partners to contribute the policies they are good at. This will be a new era of coopetition."
AmberPoint is one of several partners in Systinet Corp.'s Governance Interoperability Framework. GIF partners can publish services and associated policies to the Systinet Registry, in a standardized way, and be alerted to changes within the registry when they happen.
Systinet last week announced the delivery of SOA policy interoperability using GIF. According to Systinet, this will allow organizations to create, discover and manage policies at design time and runtime.
"GIF is supporting WS-PolicyAttachment as a standard way to map policies in an independent fashion," said David Butler, vice president of marketing at Systinet in Burlington, Mass. "AmberPoint and Actional [Corp., both GIF partners] are publishing information using that standard. GIF allows policies to be discovered and reported on from the business service registry. It provides more of an end-to-end solution."
Services represent just one element of an organization's business processes, however, said Aruna Endabetla, founder and chief technology officer of startup TrueBaseline Corp. in Pittsburgh. Organizations need to manage the consequences once SOA is deployed, he said. "If your Web service is up and running, it doesn't mean the business process is intact or is meeting business policies. You have to make sure you have bandwidth available and the end points participating in this business process are in a desired state."
TrueBaseline last month made its debut as a company and introduced SOAComply, a tool for planning, modeling, monitoring and controlling distributed environments that implement SOA principles. With SOAComply, organizations can define baseline requirements for their SOAs and track what TrueBaseline calls "All-Dimensional Compliance," including regulatory, competitive and operational requirements. SOAComply is based on technology the founders had developed while at Westinghouse Electric Co. to deal with the computer systems at nuclear power plants.
"AmberPoint [and others] manage the SOA environment from a purely SOA perspective," said Stan Kramer, TrueBaseline CEO. "We can take input from an AmberPoint or a Systinet and include it in our model. We combine it into an 'operationalization' tool for a comprehensive look at the application network."
TrueBaseline is offering a "hybrid" between management and governance, said Ron Schmelzer, senior analyst at ZapThink LLC in Waltham, Mass. The multidimensional compliance is unique, he said. "There are a whole bunch of compliance tools, but most are focused on one task," Schmelzer said.
TrueBaseline fills a hole in SOA management, he said, "but a lot of people haven't realized they have a hole yet. If you do governance at design time, there are quite a few solutions out there, but for governance from runtime there is a smaller selection of tooling. As companies try to figure out runtime governance, they will evaluate TrueBaseline."