There's a lot of confusion over the term "SOA Governance" and its meaning.
David Linthicum recently took up the banner of defining SOA governance and explaining the difference between run-time and design-time governance. His definition is concise and understandable. You can read it here or you can hear him explain it in a podcast.
If you're confused about SOA governance solutions, you're in good company. It might help you to know you probably already have a popular SOA governance tool installed on your PC right now.
Frank Kenney, a Gartner research analyst, says the number-one registry repository tool today is probably the spreadsheet. That's right -- good old Microsoft Excel:
"It's everywhere; it's ubiquitous in terms of companies and organizations. Many development teams are passing around Excel documents and just logging, OK, this service does this, and it's located here."
Kenney recently co-authored a report on integrated SOA governance solutions, so I interviewed him about the report. I asked him to explain SOA governance tools as if they were cars: What's economy, standard and luxury? Obviously, for most it's standard.
Vendors add on extras from there. For an idea of the type of extras available, you can peruse Gartner's Magic Quadrant report on Integrated SOA Governance Technology.
So, when do you need SOA governance and how do you know what extras to add?
Answering those questions is tricky, since the advice varies.
Robert Meyer, the senior product marketing manager for Tibco, claims companies typically need governance once they've built 50 services.
Linthicum says you don't need to worry about SOA governance until you've actually built your architecture. After that, you can find a governance tool that fits.
Kenney said it's not an issue of how many services you have, but rather how mission-critical those services are.
"In other words, if you have one service that faces all of your customers, and you're relying on that service to have maximum uptime, well, that small set of services to have maximum uptime, and to be absolutely secure because you're taking credit card numbers, then you're going to want to probably bring in that Cadillac or Rolls Royce-class of governance technology, or at least security and management technology."
He added you can have a thousand services, but if they're internal and aren't critical to the business and aren't invoked daily, then a spreadsheet should be fine.
Call me crazy, but I'd start by test driving the economy model and add on.