Significant SOA Federal Leadership Challenges 30 April 2008

© 2008 The MITRE Corporation. All rights reserved

Significant SOA Federal Leadership Challenges30 April 2008

Larry Pizette

MITRE Corporation

[email protected]

Approved for Public Release; Distribution Unlimited 08-0713


2

Theme... it’s about the business and building trust Benefits of SOA Challenges Demonstrating value Governance Acquisitions Security Testing – establishing trust Run time management – establishing trust Cross MITRE SOA Effort


3

Potential Benefits of SOA Enables organizational agility to support changes in

workflow due to changing mission needs Accelerates deployment of new capability Decrease in development and integration time and costs

– But... infrastructure investment is needed before significant ROI can be realized

Provides capability to leverage legacy infrastructure– Allows partial implementations (i.e., wrapping components) to

incrementally deploy an SOA Improves information access and sharing Potential for significant cost savings at

enterprise level

The benefits are often visible at the enterprise level, but may add cost to the programs providing services


4

Challenges and Considerations (1 of 2)

Economics– We’re not structured for shared services implementation; need to

determine right funding model(s) for services Governance

– Lack of mature governance approaches– Interdependent capabilities imply need to limit autonomy in

deciding what service to continue or cease supporting/operating Acquisition/Leadership/Culture

– Traditional acquisition is focused on systems, not services– Balancing program and enterprise objectives is difficult

Portfolio management trade-offs Lack of understanding by (and incentives for)

Program Managers to align with SOA goals

Business process and cultural change will be necessary for SOA success


5

Challenges and Considerations (2 of 2) Security

– Balancing “need to protect” with “need/responsibility to share” Technology

– Technology trade-offs are required in implementation; one size does not fit all

– Some operations may not be well suited for COTS implementation; may require extra effort to make it work

– Some domains not well suited to SOA Hard real time Trusted computing components

Testing and runtime management– Testing and runtime management are necessary

to establish trust

New development processes and infrastructure are a key to SOA implementation


6

Demonstrating the Value of an SOA

Challenges– Competing needs for resources

Technical teams tend toward more infrastructure Users demand capability

– Programs may have difficulty understanding the value to them– Funding model may be inconsistent with value proposition– Vendor marketing may be causing confusion– Difficult to financially quantify ROI

Mitigation steps– Define the value proposition of the SOA in terms

of the business goals– Identify examples of the benefits– Demonstrate value iteratively– Show value through increased usage and customer satisfaction

The benefits of SOA can be significant, but they need to be based on business needs and incrementally achieved


7

Governance (1 of 2) Governance: establish and enforce how DoD Components

agree to provide, use, and operate services (DoD CIO 3/2007) – Identify attributes of providing, using and operating services

that have to be governed and at what level– Establish lines of responsibility, authority, and communication

for making decisions about services across the lifecycle of services

– Establish measurement, policy, and control mechanisms to ensure individuals carry out their responsibilities

Categories of governance*– Construction of services– Operational usage of services– Portfolio management

Aligning IT investments with business goals

Governance determines the community business rules for organizations to work together

* Adapted from Forrester Research, Inc.


8

Governance (2 of 2) Challenges

– SOA Governance is a new concept Organizations may not realize that they need to have governance or

engage in the enterprise activity

– Programs are concerned with the quality of the services they consume

– Uncertain lifecycle of services– Unspecified testing and pedigree of data– Programs may be uncertain of the syntax and semantics of

data– Unspecified technologies and standards may be employed

Mitigation steps– Evangelize the need for SOA governance– Establish a light-weight governance process– Ensure visibility– Collect measurements

Without governance, providers and subscribers will be reluctant to accept the responsibilities of shared services


9

Acquisitions

Challenges– Federal purchasing teams may not be used to buying services– Contractors and Government may look to build before buying

services– May inadvertently shift risk and costs to contractors, resulting

in them giving higher cost proposals to Federal Government– Security issues

Mitigation steps– Performance based service contracting– Perform rigorous analysis to determine if

services can be bought before building– Understand service provider risks and incentives– Consider who will own underlying infrastructure

and data– Consider any special security requirements

Acquisition of services requires a shift in thinking


10

Security Challenges

– It is the nature of distributed systems to have more exposures than closed systems

– Legitimate, but unanticipated users require new security tools and techniques

– Performance degradation may come with additional security– Increased administrative overhead may come with additional

security Mitigation steps

– Security and SOA are not mutually exclusive– COTS tools and standards provide increased

security capabilities– Security governance and SLAs necessary to

establish trust– Ease of integration is dependent on the enterprise

commonality of the security approach

Without consistent enterprise security, consumers and providers will be reluctant to utilize shared services


11

Testing – Establishing Trust

Challenges– Lack of ability to measure and control test environment– Network performance in testing may not be consistent with

uncertain, real world network performance– Inability to perform code coverage testing or validate

robustness of dependent services Mitigation steps

– Ensure SLAs are in place to establishquality of service

– Test services individually duringconstruction and on network

– Instrument and monitor production systems

Testing by providers is essential to consumers of services to have trust in the quality of the service


12

Runtime Management – Establishing Trust (1 of 2) Challenges

– An organization trusting mission critical capability to another organization will require visibility into dependent services to establish trust

– Services may not behave as anticipated under load– Service level agreements (SLAs) may not be satisfied – Metrics are dependent on location in

network measured– The incentives to provider for maintaining

performance to the SLA standards may not besufficient in the federal domain

– There may not be sufficient data to understandthe cause of QoS problems

Without runtime management visibility, subscribers will be reluctant to trust their mission critical applications to

autonomous providers


13

Runtime Management – Establishing Trust (2 of 2) Migration steps

– Providers should strive to measure performance for each customer

– Consider default enterprise SLAs for low volume/low priority usage

Minimize the number of SLAs to the truly important business relationships

– Require measureable SLAs for all missioncritical or high volume usage

– Capture SLAs metrics at agreed locationswith full visibility to all stakeholders

SLAs and measurements are the keys to successful runtime management


14

Cross-MITRE SOA Effort MITRE Corporate Chief Engineer, Director of Integration for

Data and Control, and Command and Control Technical Center coordinating Cross-MITRE SOA effort– Develop knowledge resources for customers and MITRE – White papers– Presentations– Customer and industry outreach

Materials available– Emerging Industry SOA Best Practices white paper – Leveraging Federal IT with SOA white paper

SOA materials in the pipeline– SOA Information Assurance white paper– Seven Greatest SOA Challenges for a Federal Leader white paper– Acquisition white paper– Interconnect Methodologies white paper


151515

MITRE’s Perspective on Emerging Industry SOA Best PracticesKey Messages

– Determine whether a SOA is the correct solution– A SOA can be part of a successful Net Centric Solution (NC),

but does not make it NC by itself (e.g., exposing data)– Focus on solving business/operational problems– Start small and evolve, but don’t lose sight of the big picture– Establish governance as a key component of SOA– Ensure the right security for the right services– Don’t expect all SOAs to save money in the near-term– SOA does not solve your data problems, it will likely expose

them (reference: Gartner)

Applying SOA to the right problems, establishing governance, and proceeding incrementally are essential attributes of successful SOAs


1616

Leveraging Federal IT Investments Using SOA

Key Messages– SOA is a means of leveraging existing Federal IT systems and

past IT investment SOA allows service interfaces to be decoupled from legacy

applications

– Software service reuse – not code reuse– Commercial web service standards are best suited for robust

networks; substantial engineering is required for limited networks

– The enterprise is a new beneficiary; a program providing a service on the network will incur additional costs

SOA should be used to incrementally improve portfolios, leveraging legacy systems


1717

SOA Materials in the Pipeline

Information Assurance– Key Messages

SOA paradigm (e.g., legitimate unanticipated user, distributed system) poses particular challenges for security

SOA-specific approaches do provide some advanced capabilities Security must be applied in proportion to the sensitivity of the

system; need to carefully balance security with business needs

Seven Greatest Challenges for a Federal Leader– Key Message: Demonstrating value and establishing

governance and trust are essential to successful SOA implementations in the Federal domain

Interconnect Methodologies Trade space white paper


1818

Establishing a successful SOA will require the right tools and techniques to be employed. The business, not the technology should be the driver

Future: SOA Trade Space


1919

Backup

Date post:	15-Jan-2016
Category:	Documents
Upload:	neola
View:	33 times
Download:	0 times

Significant SOA Federal Leadership Challenges 30 April 2008

Documents