SOA Governance

Automated validation of SOA policies at design time, change time and runtime

Service-oriented architectures (SOA) are intended to make IT more flexible and responsive to changing business needs. The underlying reusable services that provide the foundation for flexibility in an SOA must also adhere to testing and governance principles to provide the necessary management and control.

A key element to an SOA's governance infrastructure is a UDDI registry/repository to manage the metadata and publication of these services. Most SOA-based development platforms now include a registry/repository, and although they can manage service metadata, dependencies, and other useful information, how can we ensure that services are actually meeting business policy requirements in production? How can we proactively and consistently identify service quality and performance problems before services are released and identified in production?

SOA Governance challenges include:

• Inability to consistently ensure services will meet policy requirements before publishing
• Constant change occurring across interdependent services, causing unintended consequences and service disruptions
• Inability to directly verify that deployed services, and their underlying systems, are meeting requirements on a continuous or ongoing basis
• Lack of access to incomplete and/or production services that are unavailable for necessary testing and development activities.

The Solution

To deliver the reliability, scalability and performance expected of SOA-based applications, governance methods must expand beyond design-time validation and into change-time and run-time policy enforcement. LISA is integrated into leading SOA platform governance infrastructures so that it can be invoked for automated testing and validation of services on an event-driven or continuously scheduled basis, enhancing SOA governance in a variety of ways:

• Policy validation takes the form of positive or negative tests on the implementation of SOA Policies, which are executed and tested at change-time and runtime. These LISA test validation results become a demonstrable artifact for enforcing SOA policies
• Continuous verification lets teams "trust but verify" that their business requirements and Service Level Agreements are being met. LISA automated test execution can be scheduled on a continuous basis, or any time a change or other event is reported, such as the request to publish a new service from the SOA governance platform.
• Collaboration between service providers and consumers is simplified through a no-code, declarative test creation process in LISA, which allows these parties to model the expected behaviors in an intuitive, workflow-based fashion. LISA allows test artifacts to be reused flexibly and assembled into multi-function tests for greater federation of test responsibilities across teams.
• LISA's service virtualization capabilities compliment existing hardware/server virtualization and policy-based selection of SOA endpoint in the Registry/Repository. LISA can capture, model and simulate the behavioral and data aspects of incomplete or inaccessible services that teams are dependent upon, allowing them to test and develop earlier in the lifecycle against the virtual service on demand, without impacting critical live systems.

To ensure the success of their SOA initiatives, organizations need continuous validation of services and policies to complement their SOA governance infrastructures. LISA is integrated with leading SOA platforms and registry/repositories to provide automated test, validation and virtualization capabilities to ensure reliability and performance, enforce policies at change-time and runtime, and better support broader business goals.