December 3, 2010

SAIF Governance Framework A Brief Update on work to date

Purpose

• Provide a brief update on work completed so far on the Governance Framework of SAIF Implementation Guide

2

SOA Governance - Context for NCI - CBIIT

• CBIIT has embarked on the implementation of Service Oriented Architecture across the Enterprise and adopted Services Aware Interoperability Framework (SAIF)

• This will span all workspaces and domains such as Clinical Trial Management Systems, Life Sciences (Integrative Cancer Research,

Tissue Banks and Pathology Tools, Imaging) and Core/Infrastructure

• A robust SOA Governance will need to be established to ensure

success in delivering on the strategy and goals – Match the needs and capabilities across the enterprise– Guide the Service Identification, Prioritization and Funding– Establish standards, policies, procedures and metrics to cover all aspects of SOA

development– Monitor compliance and effectiveness

3

SAIF GF - Design Goals

• Portfolio Management– Guide the process of selecting the “right” set of services and capabilities for

development– Assign resources for service development– Ensure optimum utilization of developed services

• Design and Development– Ensure services are specified using the Enterprise Conformance and

Compliance Framework (ECCF), supporting common models to achieve interoperability across domains

– Enforce service composition and reuse through standard design patterns– Enable easier maintenance of individual components

• Run-Time and Operational Standards– Enhance the visibility of available assets through the use of service registry

and standardized service metadata repository– Facilitate robust change management for deployed services– Define and enforce policies related to availability and security of deployed

services

4

SAIF GF – Desired End Results

• An effective Governance Framework will result in a solid portfolio

of interoperable, maintainable, reusable and visible Services – ultimately helping an Enterprise accomplish its goals such as

reducing the time taken to implement new capabilities

• This will mean – Faster fulfillment of the bioinformatics needs of cancer researchers

through the ability to quickly roll out new capabilities

– Reduced long-term cost of creation of new capabilities as well as maintenance

– Simplified design of applications as the core functionality is shifted to services

5

SAIF GF – Key Components• Governance provides a systematic way for organizations

to make decisions. A governance system is implemented using:

• Precepts – Define the rules that govern decision-making– Codified using principles, policies, standards and

guidelines

• People – Make decisions in accordance to and within the

constraints stipulated by Precepts

• Processes – Coordinate decision-making activities– Provide the means and opportunities to control decisions,

enforce policies and take corrective action6

SAIF GF – Key Components – contd.

• Metrics – Measure compliance with Precepts– Provide visibility into the progress and effectiveness of the

governance system

Reference – SOA Governance – Thomas Erl - Copyright © 2010 by Prentice Hall

7

SAIF GF – Work completed so far

• Defined an approach to design the Governance Framework adapted from SOA Governance by Thomas Erl and others

• Identified risks associated with the following Service Development Lifecycle stages– Service Inventory Analysis– Service Oriented Analysis and Modeling– Service Oriented Design (Contract Design)– Service Logic Design– Service Development– Service Testing– Service Deployment and Maintenance– Service Discovery– Service Versioning

88

SAIF GF – Work completed so far – contd.

• Identified Precepts to address the risks associated with each Service Development Lifecycle stage (see definition of Precept in earlier slides)

• Prioritized the Precepts to elaborate and implement in the first phase of SAIF Governance Framework

• Elaborated each prioritized Precepts to identify – Objectives – Policies– Standards – Guidelines and Patterns– Associated Roles– Processes and Metrics – Required SAIF Artifacts

99

SAIF GF – Work completed so far – contd.

• Example

Precept - Service Candidate Versioning Standards

https://wiki.nci.nih.gov/display/SAIF/3.4.4.5+Precept+5+-+Service+Candidate+Versioning+Standards

1010

SAIF GF – Work completed so far – contd.

Service Identification

Planning and Portfolio Management

• High-level Service Scope Identification

• Service Dependency Identification

• Service Prioritization & Service Assignment

Service Design & Development

Design and Development Standards

• Service Specification Reviews and Approvals √

• Architectural Patterns, Development Guidelines, Checklists

• Service Conformance Validation √

Service Deployment

Run-time and Operational Standards

• Service Registration

• Service Deployment √

• Service Change Management √

• Dispensation (Appeals & Exceptions) √

Process Deliverables by Service Development Stage

Note: √ indicates draft of the process has been completed. These drafts have not been published on SAIF IG Wiki yet.

11

SAIF GF - Proposed Governance Structure

NEARBNCI’s Enterprise Architecture Review Board

ESGTEnterprise Service Governance Team

ESSRTEnterprise Service

Standards and Review Team

CS-CATClinical Sciences

Composite Architecture Team

LS-CATLife Sciences Composite

Architecture Team

CorePlatform, Security,

Semantic Infrastructure

SOMTService Operations

Monitoring team

12

SAIF GF - Proposed Governance Structure

NEARB (NCI Enterprise Architecture Review Board)

• Meets every month • Representation from C-team, ESGT and ESSRT• Establishes policies, standards, processes• Approves and Prioritize NES• Reviews Compliance and Conformance metrics• Communicates with the C-team• Decides on appeals related to ESGT decisions

ESGT (Enterprise Service Governance Team)

• Meets every two weeks• Representation from CS-CAT, LS-CAT, Core teams

(Platform, Security, Semantic Infrastructure) and ESSRT

• Enforces policies, standards, processes• Makes recommendations on scope and priority of NES

to NEARB• Approves change requests for all NES13

SAIF GF - Proposed Governance Structure

ESSRT (Enterprise Service Standards & Review Team)

• Participates in Domain CAT, ESGT and NEARB meetings

• Acts as a custodian of the NES Governance• Creates Templates, Standards, Guidelines• Reviews service artifacts• Generates compliance metrics and reports to ESGT,

NEARB

SOMT (Service Operations & Monitoring Team)

• Operationalizes “run-time” policies• Monitors service performance against SLAs• Generates metrics related service operations such as

discovery, availability, performance• Answers questions from and supports Service

Consumers

14

Governance – In Action today

CS-CAT, LS-CAT currently govern the following aspects of Service Development Lifecycle with support from ESSRT

• High-level Service Scope and Dependency Identification

• Service Prioritization and Assignment

• Service Scope & Specifications ECCF Artifact Templates ECCF Artifact Review Checklists ECCF Artifact Reviews and Approvals

• Service Change Management

15

Governance – In Action today - contd.

Service Scope & Specification Governance

16

SAIF IG GF – Remaining Work

1. Review and Comment on existing GF content

2. Provide disposition on comments/suggestions

3. Incorporate final dispositions on all suggested changes in the GF

4. Review existing Process drafts and update to synch up with GF and proposed Governance Structure (Orgs and Roles)

5. Review detailed Percepts to identify all processes that still need to be defined

6. Create drafts for remaining processes

7. Create artifact templates for newly defined processes

17