Upload
neola
View
34
Download
0
Embed Size (px)
DESCRIPTION
Significant SOA Federal Leadership Challenges 30 April 2008. Larry Pizette MITRE Corporation [email protected]. Approved for Public Release; Distribution Unlimited 08-0713. Theme... it’s about the business and building trust. Benefits of SOA Challenges Demonstrating value Governance - PowerPoint PPT Presentation
Citation preview
© 2008 The MITRE Corporation. All rights reserved
Significant SOA Federal Leadership Challenges30 April 2008
Larry Pizette
MITRE Corporation
Approved for Public Release; Distribution Unlimited 08-0713
© 2008 The MITRE Corporation. All rights reserved
2
Theme... it’s about the business and building trust Benefits of SOA Challenges Demonstrating value Governance Acquisitions Security Testing – establishing trust Run time management – establishing trust Cross MITRE SOA Effort
© 2008 The MITRE Corporation. All rights reserved
3
Potential Benefits of SOA Enables organizational agility to support changes in
workflow due to changing mission needs Accelerates deployment of new capability Decrease in development and integration time and costs
– But... infrastructure investment is needed before significant ROI can be realized
Provides capability to leverage legacy infrastructure– Allows partial implementations (i.e., wrapping components) to
incrementally deploy an SOA Improves information access and sharing Potential for significant cost savings at
enterprise level
The benefits are often visible at the enterprise level, but may add cost to the programs providing services
© 2008 The MITRE Corporation. All rights reserved
4
Challenges and Considerations (1 of 2)
Economics– We’re not structured for shared services implementation; need to
determine right funding model(s) for services Governance
– Lack of mature governance approaches– Interdependent capabilities imply need to limit autonomy in
deciding what service to continue or cease supporting/operating Acquisition/Leadership/Culture
– Traditional acquisition is focused on systems, not services– Balancing program and enterprise objectives is difficult
Portfolio management trade-offs Lack of understanding by (and incentives for)
Program Managers to align with SOA goals
Business process and cultural change will be necessary for SOA success
© 2008 The MITRE Corporation. All rights reserved
5
Challenges and Considerations (2 of 2) Security
– Balancing “need to protect” with “need/responsibility to share” Technology
– Technology trade-offs are required in implementation; one size does not fit all
– Some operations may not be well suited for COTS implementation; may require extra effort to make it work
– Some domains not well suited to SOA Hard real time Trusted computing components
Testing and runtime management– Testing and runtime management are necessary
to establish trust
New development processes and infrastructure are a key to SOA implementation
© 2008 The MITRE Corporation. All rights reserved
6
Demonstrating the Value of an SOA
Challenges– Competing needs for resources
Technical teams tend toward more infrastructure Users demand capability
– Programs may have difficulty understanding the value to them– Funding model may be inconsistent with value proposition– Vendor marketing may be causing confusion– Difficult to financially quantify ROI
Mitigation steps– Define the value proposition of the SOA in terms
of the business goals– Identify examples of the benefits– Demonstrate value iteratively– Show value through increased usage and customer satisfaction
The benefits of SOA can be significant, but they need to be based on business needs and incrementally achieved
© 2008 The MITRE Corporation. All rights reserved
7
Governance (1 of 2) Governance: establish and enforce how DoD Components
agree to provide, use, and operate services (DoD CIO 3/2007) – Identify attributes of providing, using and operating services
that have to be governed and at what level– Establish lines of responsibility, authority, and communication
for making decisions about services across the lifecycle of services
– Establish measurement, policy, and control mechanisms to ensure individuals carry out their responsibilities
Categories of governance*– Construction of services– Operational usage of services– Portfolio management
Aligning IT investments with business goals
Governance determines the community business rules for organizations to work together
* Adapted from Forrester Research, Inc.
© 2008 The MITRE Corporation. All rights reserved
8
Governance (2 of 2) Challenges
– SOA Governance is a new concept Organizations may not realize that they need to have governance or
engage in the enterprise activity
– Programs are concerned with the quality of the services they consume
– Uncertain lifecycle of services– Unspecified testing and pedigree of data– Programs may be uncertain of the syntax and semantics of
data– Unspecified technologies and standards may be employed
Mitigation steps– Evangelize the need for SOA governance– Establish a light-weight governance process– Ensure visibility– Collect measurements
Without governance, providers and subscribers will be reluctant to accept the responsibilities of shared services
© 2008 The MITRE Corporation. All rights reserved
9
Acquisitions
Challenges– Federal purchasing teams may not be used to buying services– Contractors and Government may look to build before buying
services– May inadvertently shift risk and costs to contractors, resulting
in them giving higher cost proposals to Federal Government– Security issues
Mitigation steps– Performance based service contracting– Perform rigorous analysis to determine if
services can be bought before building– Understand service provider risks and incentives– Consider who will own underlying infrastructure
and data– Consider any special security requirements
Acquisition of services requires a shift in thinking
© 2008 The MITRE Corporation. All rights reserved
10
Security Challenges
– It is the nature of distributed systems to have more exposures than closed systems
– Legitimate, but unanticipated users require new security tools and techniques
– Performance degradation may come with additional security– Increased administrative overhead may come with additional
security Mitigation steps
– Security and SOA are not mutually exclusive– COTS tools and standards provide increased
security capabilities– Security governance and SLAs necessary to
establish trust– Ease of integration is dependent on the enterprise
commonality of the security approach
Without consistent enterprise security, consumers and providers will be reluctant to utilize shared services
© 2008 The MITRE Corporation. All rights reserved
11
Testing – Establishing Trust
Challenges– Lack of ability to measure and control test environment– Network performance in testing may not be consistent with
uncertain, real world network performance– Inability to perform code coverage testing or validate
robustness of dependent services Mitigation steps
– Ensure SLAs are in place to establishquality of service
– Test services individually duringconstruction and on network
– Instrument and monitor production systems
Testing by providers is essential to consumers of services to have trust in the quality of the service
© 2008 The MITRE Corporation. All rights reserved
12
Runtime Management – Establishing Trust (1 of 2) Challenges
– An organization trusting mission critical capability to another organization will require visibility into dependent services to establish trust
– Services may not behave as anticipated under load– Service level agreements (SLAs) may not be satisfied – Metrics are dependent on location in
network measured– The incentives to provider for maintaining
performance to the SLA standards may not besufficient in the federal domain
– There may not be sufficient data to understandthe cause of QoS problems
Without runtime management visibility, subscribers will be reluctant to trust their mission critical applications to
autonomous providers
© 2008 The MITRE Corporation. All rights reserved
13
Runtime Management – Establishing Trust (2 of 2) Migration steps
– Providers should strive to measure performance for each customer
– Consider default enterprise SLAs for low volume/low priority usage
Minimize the number of SLAs to the truly important business relationships
– Require measureable SLAs for all missioncritical or high volume usage
– Capture SLAs metrics at agreed locationswith full visibility to all stakeholders
SLAs and measurements are the keys to successful runtime management
© 2008 The MITRE Corporation. All rights reserved
14
Cross-MITRE SOA Effort MITRE Corporate Chief Engineer, Director of Integration for
Data and Control, and Command and Control Technical Center coordinating Cross-MITRE SOA effort– Develop knowledge resources for customers and MITRE – White papers– Presentations– Customer and industry outreach
Materials available– Emerging Industry SOA Best Practices white paper – Leveraging Federal IT with SOA white paper
SOA materials in the pipeline– SOA Information Assurance white paper– Seven Greatest SOA Challenges for a Federal Leader white paper– Acquisition white paper– Interconnect Methodologies white paper
© 2008 The MITRE Corporation. All rights reserved
151515
MITRE’s Perspective on Emerging Industry SOA Best PracticesKey Messages
– Determine whether a SOA is the correct solution– A SOA can be part of a successful Net Centric Solution (NC),
but does not make it NC by itself (e.g., exposing data)– Focus on solving business/operational problems– Start small and evolve, but don’t lose sight of the big picture– Establish governance as a key component of SOA– Ensure the right security for the right services– Don’t expect all SOAs to save money in the near-term– SOA does not solve your data problems, it will likely expose
them (reference: Gartner)
Applying SOA to the right problems, establishing governance, and proceeding incrementally are essential attributes of successful SOAs
© 2008 The MITRE Corporation. All rights reserved
1616
Leveraging Federal IT Investments Using SOA
Key Messages– SOA is a means of leveraging existing Federal IT systems and
past IT investment SOA allows service interfaces to be decoupled from legacy
applications
– Software service reuse – not code reuse– Commercial web service standards are best suited for robust
networks; substantial engineering is required for limited networks
– The enterprise is a new beneficiary; a program providing a service on the network will incur additional costs
SOA should be used to incrementally improve portfolios, leveraging legacy systems
© 2008 The MITRE Corporation. All rights reserved
1717
SOA Materials in the Pipeline
Information Assurance– Key Messages
SOA paradigm (e.g., legitimate unanticipated user, distributed system) poses particular challenges for security
SOA-specific approaches do provide some advanced capabilities Security must be applied in proportion to the sensitivity of the
system; need to carefully balance security with business needs
Seven Greatest Challenges for a Federal Leader– Key Message: Demonstrating value and establishing
governance and trust are essential to successful SOA implementations in the Federal domain
Interconnect Methodologies Trade space white paper
© 2008 The MITRE Corporation. All rights reserved
1818
Establishing a successful SOA will require the right tools and techniques to be employed. The business, not the technology should be the driver
Future: SOA Trade Space
© 2008 The MITRE Corporation. All rights reserved
1919
Backup