1 / 19

Significant SOA Federal Leadership Challenges 30 April 2008

Significant SOA Federal Leadership Challenges 30 April 2008. Larry Pizette MITRE Corporation lpizette@mitre.org. Approved for Public Release; Distribution Unlimited 08-0713. Theme... it’s about the business and building trust. Benefits of SOA Challenges Demonstrating value Governance

neola
Download Presentation

Significant SOA Federal Leadership Challenges 30 April 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Significant SOA Federal Leadership Challenges30 April 2008 Larry Pizette MITRE Corporation lpizette@mitre.org Approved for Public Release; Distribution Unlimited 08-0713

  2. Theme... it’s about the business and building trust • Benefits of SOA • Challenges • Demonstrating value • Governance • Acquisitions • Security • Testing – establishing trust • Run time management – establishing trust • Cross MITRE SOA Effort

  3. Potential Benefits of SOA • Enables organizational agility to support changes in workflow due to changing mission needs • Accelerates deployment of new capability • Decrease in development and integration time and costs • But... infrastructure investment is needed before significant ROI can be realized • Provides capability to leverage legacy infrastructure • Allows partial implementations (i.e., wrapping components) to incrementally deploy an SOA • Improves information access and sharing • Potential for significant cost savings at enterprise level The benefits are often visible at the enterprise level, but may add cost to the programs providing services

  4. Challenges and Considerations (1 of 2) • Economics • We’re not structured for shared services implementation; need to determine right funding model(s) for services • Governance • Lack of mature governance approaches • Interdependent capabilities imply need to limit autonomy in deciding what service to continue or cease supporting/operating • Acquisition/Leadership/Culture • Traditional acquisition is focused on systems, not services • Balancing program and enterprise objectives is difficult • Portfolio management trade-offs • Lack of understanding by (and incentives for)Program Managers to align with SOA goals Business process and cultural change will be necessary for SOA success

  5. Challenges and Considerations (2 of 2) • Security • Balancing “need to protect” with “need/responsibility to share” • Technology • Technology trade-offs are required in implementation; one size does not fit all • Some operations may not be well suited for COTS implementation; may require extra effort to make it work • Some domains not well suited to SOA • Hard real time • Trusted computing components • Testing and runtime management • Testing and runtime management are necessary to establish trust New development processes and infrastructure are a key to SOA implementation

  6. Demonstrating the Value of an SOA Challenges • Competing needs for resources • Technical teams tend toward more infrastructure • Users demand capability • Programs may have difficulty understanding the value to them • Funding model may be inconsistent with value proposition • Vendor marketing may be causing confusion • Difficult to financially quantify ROI • Mitigation steps • Define the value proposition of the SOA in termsof the business goals • Identify examples of the benefits • Demonstrate value iteratively • Show value through increased usage and customer satisfaction The benefits of SOA can be significant, but they need to be based on business needs and incrementally achieved

  7. Governance (1 of 2) • Governance: establish and enforce how DoD Components agree to provide, use, and operate services (DoD CIO 3/2007) • Identify attributes of providing, using and operating services that have to be governed and at what level • Establish lines of responsibility, authority, and communication for making decisions about services across the lifecycle of services • Establish measurement, policy, and control mechanisms to ensure individuals carry out their responsibilities • Categories of governance* • Construction of services • Operational usage of services • Portfolio management • Aligning IT investments with business goals Governance determines the community business rules for organizations to work together * Adapted from Forrester Research, Inc.

  8. Governance (2 of 2) • Challenges • SOA Governance is a new concept • Organizations may not realize that they need to have governance or engage in the enterprise activity • Programs are concerned with the quality of the services they consume • Uncertain lifecycle of services • Unspecified testing and pedigree of data • Programs may be uncertain of the syntax and semantics of data • Unspecified technologies and standards may be employed • Mitigation steps • Evangelize the need for SOA governance • Establish a light-weight governance process • Ensure visibility • Collect measurements Without governance, providers and subscribers will be reluctant to accept the responsibilities of shared services

  9. Acquisitions • Challenges • Federal purchasing teams may not be used to buying services • Contractors and Government may look to build before buying services • May inadvertently shift risk and costs to contractors, resulting in them giving higher cost proposals to Federal Government • Security issues • Mitigation steps • Performance based service contracting • Perform rigorous analysis to determine ifservices can be bought before building • Understand service provider risks and incentives • Consider who will own underlying infrastructureand data • Consider any special security requirements Acquisition of services requires a shift in thinking

  10. Security • Challenges • It is the nature of distributed systems to have more exposures than closed systems • Legitimate, but unanticipated users require new security tools and techniques • Performance degradation may come with additional security • Increased administrative overhead may come with additional security • Mitigation steps • Security and SOA are not mutually exclusive • COTS tools and standards provide increasedsecurity capabilities • Security governance and SLAs necessary toestablish trust • Ease of integration is dependent on the enterprisecommonality of the security approach Without consistent enterprise security, consumers and providers will be reluctant to utilize shared services

  11. Testing – Establishing Trust • Challenges • Lack of ability to measure and control test environment • Network performance in testing may not be consistent with uncertain, real world network performance • Inability to perform code coverage testing or validate robustness of dependent services • Mitigation steps • Ensure SLAs are in place to establishquality of service • Test services individually duringconstruction and on network • Instrument and monitor production systems Testing by providers is essential to consumers of services to have trust in the quality of the service

  12. Runtime Management – Establishing Trust (1 of 2) • Challenges • An organization trusting mission critical capability to another organization will require visibility into dependent services to establish trust • Services may not behave as anticipated under load • Service level agreements (SLAs) may not be satisfied • Metrics are dependent on location in network measured • The incentives to provider for maintainingperformance to the SLA standards may not besufficient in the federal domain • There may not be sufficient data to understandthe cause of QoS problems • Without runtime management visibility, subscribers will be reluctant to trust their mission critical applications to autonomous providers

  13. Runtime Management – Establishing Trust (2 of 2) • Migration steps • Providers should strive to measure performance for each customer • Consider default enterprise SLAs for low volume/low priority usage • Minimize the number of SLAs to the truly important business relationships • Require measureable SLAs for all missioncritical or high volume usage • Capture SLAs metrics at agreed locationswith full visibility to all stakeholders • SLAs and measurements are the keys to successful runtime management

  14. Cross-MITRE SOA Effort • MITRE Corporate Chief Engineer, Director of Integration for Data and Control, and Command and Control Technical Center coordinating Cross-MITRE SOA effort • Develop knowledge resources for customers and MITRE • White papers • Presentations • Customer and industry outreach • Materials available • Emerging Industry SOA Best Practices white paper • Leveraging Federal IT with SOA white paper • SOA materials in the pipeline • SOA Information Assurance white paper • Seven Greatest SOA Challenges for a Federal Leader white paper • Acquisition white paper • Interconnect Methodologies white paper

  15. MITRE’s Perspective on Emerging Industry SOA Best Practices Key Messages Determine whether a SOA is the correct solution A SOA can be part of a successful Net Centric Solution (NC), but does not make it NC by itself (e.g., exposing data) Focus on solving business/operational problems Start small and evolve, but don’t lose sight of the big picture Establish governance as a key component of SOA Ensure the right security for the right services Don’t expect all SOAs to save money in the near-term SOA does not solve your data problems, it will likely expose them (reference: Gartner) Applying SOA to the right problems, establishing governance, and proceeding incrementally are essential attributes of successful SOAs 15 15

  16. Leveraging Federal IT Investments Using SOA Key Messages SOA is a means of leveraging existing Federal IT systems and past IT investment SOA allows service interfaces to be decoupled from legacy applications Software service reuse – not code reuse Commercial web service standards are best suited for robust networks; substantial engineering is required for limited networks The enterprise is a new beneficiary; a program providing a service on the network will incur additional costs SOA should be used to incrementally improve portfolios, leveraging legacy systems 16

  17. SOA Materials in the Pipeline Information Assurance Key Messages SOA paradigm (e.g., legitimate unanticipated user, distributed system) poses particular challenges for security SOA-specific approaches do provide some advanced capabilities Security must be applied in proportion to the sensitivity of the system; need to carefully balance security with business needs Seven Greatest Challenges for a Federal Leader Key Message: Demonstrating value and establishing governance and trust are essential to successful SOA implementations in the Federal domain Interconnect Methodologies Trade space white paper 17

  18. Future: SOA Trade Space Establishing a successful SOA will require the right tools and techniques to be employed. The business, not the technology should be the driver 18

  19. Backup 19

More Related