Have you ever wondered what -- exactly -- SOA governance means and how it differs from, say, managing SOA?
I have. But, I just thought it had to do with managing services plus defining (probably in a committee) and applying business policies to SOA, which is generally what people seem to mean when they say governance. And then I moved on.
But blogger and Nastel Technologies CTO Albert Mavashev wasn't so easily put off the question. Just back from SOA World 2007, he writes that much of the discussion there centered on SOA governance as it applies to deployment, policy management, version control and essentially managing Web services. What's missing from this, he notes, are performance and transactional monitoring, management of ESB, brokers and environments that aren't Web Services based.
Then he addresses what many have probably pondered, but not bothered to ask:
It is interesting to see a new term like "governance" replacing a good old term like "management." In fact, what is the difference between SOA governance and SOA management? I don't see any difference.
Consultant and blogger Joe McKendrick takes up the gauntlet for answering Mavashev's question on ZDNet's SOA blog. McKendrick agrees that governance equals management, but says it does have meaning above "just" management when it comes to SOA. To define governance, he references a post by Miko Matsumura, who co-created the Middleware Company's SOA Blueprints, a vendor-neutral specification for SOA applications. You might recognize the name from Sun Microsystems, where Matsumura was Java Evangelist.
It's the creation, communication, enforcement, maintenance and adaptation of policies across the SOA lifecycle of design time, run time and change time.
Matsumura writes that SOA governance is needed because of SOA's complexities. Without governance, it's too easy for individuals to breach business or technical policies -- or both.
Read Matsumura's original post. He defines the term "policies," the importance of business and IT policies, who participates, how the technologies support those policies, and so on. It's a good walk-through of the big SOA picture and the terms. As an aside, you might also want to read the coverage of Matsumura's keynote speech at SOA World 2007.
Despite Matsumura's thoroughness, I actually prefer the explanation of governance found in a August 2005 IBM document titled, "A Case for SOA Governance."
That document defines IT governance as "a decision and accountability framework to encourage desirable behavior in IT," a definition written by Peter Weill and Joanne Ross.
Governance requires a governance body to create the policies, which really define the roles within an organization. According to the IBM paper, the IT governance council determines three questions:
The governing body answers those questions, but management actually makes sure the answers are carried out.
So, it turns out governance does equal management plus policies. Or, to use a metaphor, IT governance is like the Constitution is to the U.S. Government. The Constitution defines the roles and how decisions are made, plus puts some general restrictions on matters -- the key business rules, if you will. But the government carries it out, or manages it.
For once, it seems IT wasn't engaging in language-bloat. Apparently, there really is a need for a word beyond simple "management."