Integrated SOA Governance White Paper

from SOA Software www.soa.com

Many large organizations are reducing costs, improving agility and reducing risk with enterprise SOA programs. In order for SOA initiatives to succeed they need to follow sound Enterprise Architecture practices. Companies realizing the most success are those that have built an Integrated SOA Governance infrastructure that governs a wide range of assets and artifacts through their entire lifecycle.

Integrated SOA Governance helps enterprises:

• Ensure that services they identify, design and build are relevant and consumable across all distributed and mainframe platforms like Microsoft, SAP and IBM.
• Make services they expose from applications running on any platform visible to and compliant with enterprise policies defined, enforced and audited across other platforms
• Promote, ensure and formalize consistent alignment between demand from service consumers and the supply of services through Consumer Contract Provisioning.

In a nutshell SOA Governance is about making sure that the enterprise builds the right things, builds them right, and makes sure that what it has built is behaving right. This breaks down into distinct areas; Planning Governance is about making sure that you are building the right things, Development Governance is about making sure you’re building them right, and Operational Governance is about ensuring that what you’ve built is behaving right.

In the same way that individual platforms could have their own governance solutions, these different governance areas could each have their own policy management solutions. The right approach, however, is to provide a centralized Policy Governance solution that defines, manages, and distributes policies spanning all areas. This ensures consistency of policy across all lifecycle stages and distributed and mainframe platforms.

This whitepaper examines the ideas, objectives and use-cases behind Integrated SOA Governance, and the evolution of the SOA Governance marketplace.

Integrated SOA Governance Defined

Integrated SOA Governance ensures the applicability, integrity and usability of a wide range of assets through all their lifecycle stages from asset identification through deprecation. The full lifecycle is split into planning governance, lifecycle governance, and operational governance.

Planning Governance – Build the Right Things

Planning governance includes the identification analysis and modeling of candidate services, policies, profiles, processes and information. An effective planning governance tool will manage an organization’s SOA portfolio while examining existing and planned applications and determining which capabilities should be exposed as services, and where applications would benefit from consuming shared services.

Planning Governance is a new area for SOA. It will allow companies to build to plan, and build to priority modeling current and desired architecture and identifying and prioritizing candidate services. Planning Governance solutions will maximize the efficiency of investment in SOA, solidifying the role of existing platforms as foundation service providers.

I.T. has always struggled with balancing long term planning with addressing the immediate and short term needs of the business, in most cases the short term requirements take precedent over long range planning. When this is applied to enterprise architecture, organizations end up with a bunch of services that deliver minimal business value, instead of their goal of SOA.

Planning Governance allows organizations to identify potential services in a planned and managed community including enterprise architects, business analysts and portfolio managers. When utilizing planning governance, services can be proactively built to plan rather than simply reacting and building single use services. This approach reduces the risks of service deployment and facilitates Enterprise Architectural goals by avoiding chaotic service sprawl.

Planning Governance solutions will require integration with a wide range of existing enterprise repositories, application portfolio management, and enterprise architecture planning solutions, to harvest current and desired architectures. The output from the Planning Governance process will be a set of candidate services that feed into the Development Governance process, and candidate policies feeding into the Policy Governance process.

Development Governance – Build Things Right

Development governance marshals an asset through the development process that typically spans the design, development, testing and staging phases of its software development lifecycle. It typically includes a workflow mechanism to approve migration, policy compliance validation, and a clear separation (logically, physically, or both) between lifecycle stages. Development governance is the realm traditionally occupied by registry and repository vendors, although it requires much stronger repository capabilities and much broader integrations with development environments (IDEs and SCMs tools), federation with other registries and much stronger service, standards and taxonomy support than most repositories offer.

The Development Governance solution will depend heavily on Policy Governance for compliance policy definition, management, and validation. It will use policies to determine the relevance, and suitability of services at each lifecycle stage, and to determine if assets meet enterprise standards and guidelines before they can promoted to the next stage of the lifecycle. For example for a service to move from design to development the enterprise may require that there is a design document in the repository, the service has a WSDL, the services is categorized appropriately, and perhaps even that there are registered consumers waiting for the service.

Operational Governance – Ensure What’s Built Behaves Right

Operational Governance controls the runtime aspects of SOA. It typically includes service monitoring, security and management with a runtime policy system. Most Web Services Management and Web Services Security vendors now position themselves as providing Operational Governance solutions.

The Operational Governance solution relies heavily on the Policy Governance solution for discovery of policies for implementation and enforcement. A well architected Operational Governance solution will fully abstract service consumers and providers from the complexity of policy implementation and enforcement, service endpoint location, transport, standards, message exchange pattern, and other impedances to interoperability. It should provide agents, delegates, and a network resident intermediary for service virtualization.

Policy Governance – Uniform Policy for All Governance Areas

Policy Governance defines and manages policies, associates them with various assets, and validates and reports on policy compliance. It manages a wide range of different policy types from metadata compliance policies applied in Planning and Development Governance processes through security, reliability, and service-level policies applied through an Operational Governance solution.

It is critical that the Policy Governance solution ensures consistent policy definition, implementation, enforcement, validation, and audit through all stages of the lifecycle, and across all distributed and mainframe platforms.

Governance Evolution

SOA Governance has become an overused term, with claimed governance solutions ranging from simple registry products and Web services management products, to comprehensive infrastructure solutions. In some cases ESB vendors are positioning their products as governance tools.

The simple fact is that SOA Governance covers a wide range of technical and organizational areas. An Integrated SOA Governance solution needs to address all the facets of SOA Governance while providing tools that simplify participation in the governance process for developers, architects, business analysts, operations and security teams.

As recently as 2006, many vendors offered standalone products for registry, repository, management, and security. Through 2006 and 2007 the market has evolved and customers now require Integrated SOA Governance solutions that combine products into a single infrastructure solution that provides a unified user experience model for policy-based service governance, asset management, operational security, and operational management.

Enterprise customers are no longer satisfied with web services management products, SOA registry products, asset repositories, and XML security products from separate vendors. Enterprise customers are now looking for a unified solution that combines mature, standards-based infrastructure components into an Integrated SOA Governance platform. This approach mirrors SOA Software’s Integrated SOA Governance reference model, first published in 2005.

Integrated SOA Governance includes compliance policy and service lifecycle governance functions. This ensures that service designs and documentation comply with enterprise design policies and industry standards, and that approvals and workflow support SOA service publishing and discovery. It includes operational governance functions such as run-time policy management, enforcement, and compliance audit. Integrated SOA Governance capabilities deliver high value in the shared surface area between design-time SOA lifecycle governance and run-time SOA operations governance.

Over the last few years, there have been significant changes in the way customers view SOA Governance solutions, and the way vendors deliver products. We have seen the market evolve from one with separate vendors delivering stand-alone registry products, repositories, SOA management solutions and compliance products to one that now expects to see unified product suites that offer a superset of the functions from each of the stand-alone product areas

Integrated SOA Governance Best Practices

Integrated SOA Governance promotes the core SOA governance best practices of:

Governance Automation

Governance Automation ensures scalability of enterprise processes implementing a lifecycle management workflow to implement development approval processes, integrated provisioning and lifecycle management, and inter-departmental contract management and negotiation.

Uniform Policy Management

Uniform Policy Management ensures consistent policy definition, implementation, enforcement, validation, and audit through all stages of the lifecycle, and across all distributed and mainframe platforms. It ensures that services can be leveraged as first-class citizens throughout an enterprise SOA by complying with enterprise policies that are uniform across all platforms.

Metadata Federation

Metadata Federation provides seamless, heterogeneous SOA Governance and standards-based support for governance automation (UDDIv3, WS-MEX, WS-Policy) to ensure that governance processes are uniformly applied across all platform investments. When metadata is federated and consistent across multiple governance platforms, the business value of service (cost, usage, production issues) becomes visible and measurable across the enterprise service lifecycle.

Service Virtualization

Service Virtualization provides location-transparency, service mobility, impedance tolerance and reliable service delivery without requiring a re-platforming of existing platforms or introducing yet another service platform to support the required solution architecture.

Trust and Management Mediation

Trust and Management Mediation ensures interoperability across disparate partners and platforms, trust enablement and trust mediation complementing threat prevention systems. It provides provide last-mile security, metric collection and reporting, SLA monitoring and management, to ensure that services are governed, managed, and secured, and policy implementation and mediation to allow consumers to communicate with a wide range of mission critical business services exposed from any platform.

Continuous Compliance and Validation

Continuous Compliance and Validation ensures consistent policy implementation and enforcement across all stages of the lifecycle, preserving the fidelity of the governance models, structures and mechanisms supporting enterprise SOA programs and ensure the relevance, applicability and suitability of services.

Change Impact Mitigation

Change Impact Mitigation provides change management and impact analysis processes integrated with the governance workflow to ensure that changes to services or other assets don’t cause major outages by breaking the consumption model.

Consumer Contract Provisioning

Consumer Contract Provisioning provides offer, request, negotiation and approval workflows for service access, capacity, SLA and policy contracts. It ensures that the service provides know which applications and users are consuming their services and allows them to treat different consumers with different priorities and service levels.

Platform Independent Governance Automation

Much of the benefit of SOA is derived from the promise of seamless interoperability between platforms, with applications built using .NET and WCF consumer services exposed from COTS, Mainframe, or Java applications. One of the core goals of SOA Governance is to ensure that services are relevant and consumable between platforms. As such it makes no sense to leverage governance capabilities built into the platforms themselves, as this simple promotes silos of services within platform domains.

Platform Governance Models

Not all platforms are governable; in fact platforms fall into one of 3 categories:

• Ungoverned Platforms – the purest form of Informal Governance. This often results in “Random SOA” or “Accidental SOA”. This includes any container that doesn’t support policy enforcement natively or with an agent
• Self-Governed Platforms – a mixture of Formal and Informal. Some tasks and activities are governed, some are not. SOA Governance is as weak as the weakest link in the chain. This category includes containers that use their own tooling without policy integration with a centralized enterprise SOA Governance solution.
• Governed Platforms – a real or virtual organization exists that is devoted to the promotion of SOA programs and causes that is accepted as a fundamental part of an SOA culture. Governed Service Platforms have:

• Clear job titles / responsibility support SOA Governance activities
• Supports clear separation between implementation activities and governance activities
• Provides standards-based governance integration interfaces

Integrated SOA Governance solutions integrate seamlessly with the platforms providing varying degrees of configuration, policy implementation and enforcement, message handling, and workflow support, largely depending on the level of sophistication of the platform itself.

We divide governed platforms into two categories:

Governed Service Platforms

All applications that expose and consume services at runtime are service platforms. These include application services like IBM WebSphere, Microsoft IIS, Oracle/BEA WebLogic, JBoss and others; ESBs from vendors including IBM, Microsoft Oracle/BEA, JBoss, TIBCO and others; mainframe applications running in CICS and IMS; COTS applications like CICS; and SaaS environments like Salesforce.com and Amazon.

As described above, Governed Service Platforms offer standards-based governance integration interfaces, and support the concepts of governance by an external enterprise governance system.

Governed Development Platforms

Most platform vendors provide an integrated development environment (IDE), source code management and version control system, defect tracking/change request tooling, and in many cases, a document management and/or asset management repository. An Integrated SOA Governance solution can provide asset lifecycle management and policy compliance capabilities to ensure that developed software assets (such as services, components and applications) are appropriate and relevant to the enterprise, and that they comply with applicable policies.

Governed Development Platform status means that the development platform integrates with an Integrated SOA Governance solution to make and share decisions about assets and artifacts.

Integrated SOA Governance Use Cases

This section examines some common SOA Governance use-cases ranging from simple service publishing and discovery, through consumer contract negotiation, lifecycle management workflow, contextual collaboration, and folksonomy creation.

Service Publishing (Approvals Workflow)

The act of publishing a service to a registry so that it can be found by a broad audience of interested parties may seem like a simple enough task. In fact, this is one of the most basic, and yet most important functions of an SOA Governance solution.

The essence of governance can be easily captured in the phrase “encouraging desired behavior.” This simple concept provides a backdrop to help understand what a governance solution should be focusing on, and the capabilities it should provide. Essentially it is not enough to merely provide a stick with which to beat developers and architects, we must also provide a carrot to encourage people to participate in governance processes.

With this in mind, we need to think about what is the desired behavior for the participants in an SOA. For many organizations, one of the most important aspects of SOA Governance is the process of ensuring that the services that are published are appropriate. “Appropriate” in this context is another word a little like “desired.” It can mean many things, but the reality is that an “appropriate” service is a service that meets a set of criteria defined by the enterprise, often including the following:

• Is not a duplicate of, or similar to an existing service
• Meets design criteria for transport, operation type, schema, etc
• Is at an appropriate level of business functionality granularity (e.g. a ‘top-down’ design rather than ‘bottoms-up’)
• Is of broad interest and therefore likely to be reused
• Complies with appropriate industry standards and recommendation (e.g. WS-I basic profile)

Some of these criteria can be readily automated like WS-I basic profile compliance, other will likely require manual steps. To this end, before a service can be published it should pass through a workflow process that will verify the automatable criteria before requiring a manual approval step. A well designed SOA Governance solution will manage this workflow as a series of customizable, automatable defined process steps and will allow developers and approvers to see services at appropriate phases of this process.

Service Discovery

Service discovery is a slightly overloaded term. It can mean different things:

Deployed Service Discovery

The governance, security and management infrastructure should be able to identify services that are deployed in managed containers. This will ensure that any deployed service will at the very least be a known quantity. Ideally all services should be identified at an early stage in the development lifecycle to avoid any deployment “surprises.” However realistically, some services may not be identified. Therefore, it is important to be aware of all deployed services, and if necessary, automatically register, manage and secure these services while notifying administrators of their discovery.

Developer Service Discovery

An important facet of a governance solution is the ability to provide mechanisms for potential users of services (developers) to search for and find services they would like to use. It is this discovery process that led simple UDDI registry providers to classify themselves as governance vendors.

The importance of true governance in this service discovery process is in ensuring that only authorized users can discover services. This can apply to services in certain taxonomies, organizations, states of lifecycle stages as well as other customized criteria.

Service Lifecycle Management

Services, like all other development assets and applications have their own lifecycle and as such need to be managed through their lifecycle state transitions. Service lifecycle generally models a typical SDLC with stages including design, development, test, QA, production, and deprecation. Many organizations will add versioning into the process between production and deprecation, although in reality each new version of a service will have its own lifecycle.

An SOA Governance product must be able to manage the lifecycle stage of a service and should provide a workflow-based process for migrating services between stages. Often this process will closely mirror the original publication process described above. It will include a set of policies that define criteria a service must meet before it can be migrated. It will also in many cases include manual approval steps.

The lifecycle stage of a service should be used to determine who can discover the service in the registry and who can access the service at run-time. It should also define which policy set is used to determine the run-time capabilities and requirements for accessing the service.

Consumer Contract Negotiation

The idea of a consumer contract for SOA closely models the idea of a business contract. It defines the terms of a relationship between a consumer, or group of consumers, and a service, or set of services. These terms should include:

• The policies the consumer(s) agree to comply with
• The access rights the service(s) will provide the consumer(s)
• The service levels the provider commits to delivering to the consumer(s)
• Any mediation the provider(s) and consumer(s) agree to and require

The SOA Governance solution has two important roles to play in the contract process:

• 1. Contract negotiation – the Governance solution should provide a workflow model allowing potential consumers to interact with service providers to request and negotiate access to, and specific service levels for, a service or set of services.
  2. Contract enforcement – the Governance solution should enforce the contract at run-time. It should seamlessly ensure that the provider meets agreed upon service levels, that any required mediations are delivered, that the consumer(s) are complying with required policies and that the access rights and times are enforced and complied with.

Compliance policy validation

One of the important decision points in the lifecycle workflow is an asset’s compliance with defined enterprise policies. For example, an organization might require that a service have a design document, a description, be properly categorized, and have a defined business case before it can be promoted from the design stage to the development stage of the lifecycle. The SOA lifecycle governance automation system needs to provide an easy way to define and manage compliance policies and associate these policies with lifecycle stages, categories, and other taxonomy or folksonomy structures and types.

Change management notification

Change management notification addresses several different issues. Clearly any complete lifecycle governance has to include a notification model so that submitters and approvers know that action is required, or that a state change has occurred. Also, in SOA governance, there is likely to be a varied constituency interested in the state and stages changes of assets. A simple example is that the group of consumers using a service in production will want to know that there is a new version of the service available and that the current version will be deprecated within a defined timeframe.

Lifecycle stage isolation

Depending on the nature of the process and the requirements of the various lifecycle stages there are different ways of isolating the stages. Some organizations will want to leverage a single registry/repository instance using object-based security to ensure that only users in authorized roles can see assets at various stages of their lifecycle. Other organizations will want to ensure physical isolation between assets in different lifecycle stages. The emerging best practice is a mixed-mode approach. It uses a single registry/repository instance for early lifecycle stages where there is considerable fluidity in lifecycle stage, with physically separate instances for later lifecycle stages to mirror the physical environment.

Contextual Collaboration

If publishing approvals, lifecycle policy, and contract enforcement are the sticks in SOA Governance, then contextual collaboration is one of the carrots.

As architects, developers and other SOA program constituents engage in the communication, promotion and transformation that come with SOA, they will have many questions about the various processes and policies in place. Contextual collaboration capabilities within an Integrated SOA Governance solution allow users to ask questions in the context of a specific asset (service, policy, schema, contract, etc.) and engage others in an ad-hoc collaboration model. It provides a searchable resource for users to quickly ramp-up the requisite subject matter expertise they need to participate effectively in the enterprise SOA program.

Folksonomy Management

A folksonomy is a socially-created tagging model, like del.ico.us, or YouTube. In the SOA context this means providing a model that allows users to tag services and assets with their own keywords and then pivot the search model around these tags, i.e. follow a tag to see which other services and assets are similarly tagged.

This idea may seem very “web 2.0”, and it is. It offers enormous value, essentially allowing the SOA community within the enterprise to add value to the governance framework creating a social network for SOA.

Integrated SOA Governance Solutions

The discussion above provides a high-level, abstract definition of Integrated SOA Governance. Here we take a more practical look at what constitutes actual deployed SOA Governance solutions, and perhaps more importantly the solutions that categorize themselves as SOA Governance and fall short.

Registry/Repository SOA Governance

In the early days of SOA Governance, the UDDI registry vendors classified themselves as SOA Governance solutions. Often they added weak, email-based migration capabilities to their products to claim approvals workflow to partially deliver one of the use-cases described above.

Over time the registry vendors have added repository capabilities to their products and have begun to offer more governance features.

The main challenge facing the registry players is that they have minimal run-time enforcement capabilities. (See the closed-loop governance discussion below.)

SOA Management ≠ SOA Governance

As SOA Governance has gained popularity and enterprise customers identify SOA Governance projects and budgets, the SOA Management vendors have begun to try to compete in this space. Many of these vendors have attempted to position their run-time monitoring solutions as SOA Governance solutions. Most of these offerings do not begin to qualify as SOA Governance solutions. They do not offer complete standards-based registry and repository capabilities, unified management of policy, or any advanced governance use-cases such as those described above.

ESB ≠ SOA Governance

Following the same market dynamic as the SOA Management vendors, the ESB vendors are also jumping on the SOA Governance bandwagon. In addition to the lack of design-time governance capabilities they share with the SOA Management vendors, the ESB vendors drive their customers to re-platform their SOA onto the ESB and their associated application server environment. Consequently, they have the problem of being proprietary, closed environments with no ability to monitor, secure, or manage a complex, heterogeneous, enterprise SOA.

Closed-loop SOA Governance System = Integrated SOA Governance Automation

Integrated solutions bring together registry, repository, security, management and mediation capabilities to deliver true enterprise SOA governance.

The following section of this document expands on the ideas of Integrated SOA Governance Automation.

Integrated SOA Governance Automation

The diagram below shows the relationships between SOA registry/repository, security and management, demonstrating how SOA Policy Management forms a closed-loop of policy, metrics, and audit.

The alternative to a closed-loop solution is a set of stand-alone applications for governance, management and security. These solutions may offer loose integration, but we have yet to identify a single organization that has successfully integrated stand-alone solutions in a production environment.

A standalone SOA Governance product can define and enforce policies for design-time compliance, ensuring that services meet policies describing static attributes (typically directly associated with the WSDL or the registry taxonomies). It can also define run-time policies but it has no way of knowing if these policies are being enforced by a run-time platform, or even if these policies are visible to any run-time platform. This is a “define and hope” model of governance, where an administrator defines a policy in a governance product and then hopes that this policy is enforced.

Similarly, a standalone SOA run-time security and management solution will enforce policies at run-time, but these policies will be locally defined and will not be subject to centralized governance. This is the “ready, fire, aim” model of policy enforcement, where the enterprise has no understanding of the policies that are being enforced.

In the rare instances where a standalone SOA Governance solution is integrated with a standalone SOA run-time security and management solution, the run-time system may be able to discover policies from a policy governance solution. However, it will not have any mechanism to report the actual enforcement of these policies to the governance system. In this case, the policy governance system still has no knowledge of whether its policies are being enforced, and no information about how the services themselves are actually behaving.

Integrated SOA Governance Value Add

Stand-alone run-time solutions don't deliver higher value design-time, or governance capabilities. They require their own policy management, don’t offer developer or architect services, and have no understanding of the relationship between a provider and a consumer.

On the other hand, governance solutions can only deliver value when they are built on a run-time foundation. They require a run-time solution to enforce policies; they need the run-time to provide statistics and metrics for demand, capacity, and value monitoring; and they also need the run-time to provide an audit trail to ensure that messages comply with defined policies.

Integrated means:

• Defining and managing actionable policies in a policy governance solution throughout the lifecycle
• Enforcing these policies via deep integration with an operational governance solution at run-time
• Auditing that these policies are being enforced
• Using industry standards (WS-Policy, WS-MEX) where appropriate for information exchange

Integrated Closed-loop SOA Governance solutions enable demand and value management. Because the governance system has real-world information about how services are actually being used it allows organizations to:

• Use live, audited information to drive value-based decisions about the effectiveness of different services and organizations
• Provide developers with up to the minute information about a service in run-time to inform their decisions about which services to use
• Manage supply and demand to ensure maximum efficiency and benefit from SOA

SOA Infrastructure Reference Model

SOA Infrastructure is the set of tools and technologies that an organization deploys to secure and manage services and service-oriented business applications. It provides the delivery mechanism for a comprehensive governance solution including Registry, Repository, Management, and Security services, and intermediaries to ensure the application and use of these services.

The SOA Infrastructure reference model shown above is published by SOA Software, the leading provider of SOA Infrastructure software products. It provides a product and vendor agnostic view of the concepts, components and standards that make up a successful SOA Infrastructure. For more information see SOA Software’s whitepaper – “The SOA Infrastructure Reference Model,” published in May 2006.

Integrated SOA Governance System Elements:

The core elements of the Integrated SOA Governance system are the Registry, Repository, Policy Management System, Virtualization System, Management and Security System, and their associated intermediaries. Also, as described above, governance products and systems not having deep integration between these elements would offer minimal value to an SOA implementation.

SOA Repository

The SOA Repository provides a solution for the governance of development assets and artifacts. Governance in this context includes registration, lifecycle management, run-time and design-time policy management, and business value visibility. The repository implements registry standards for metadata exchange. It is the main source of SOA information for end users and applications.

SOA Policy Management System

The SOA Policy Management System provides a framework for defining and managing policies that are enforced throughout the planning, lifecycle, and operational governance processes. It ensures that policies are applied uniformly across all governed and governable platforms.

SOA Registry

The SOA Registry supports the categorization, classification, tagging, and publication of services. It provides browse and search interfaces for service discovery, a publication interface for service registration, and a subscription interface for synchronization with other registries and repositories.

SOA Management System

An SOA Management solution monitors and manages the reliability, availability and performance of services.

System

An SOA Security solution provides service and message security capabilities including authentication (identity assertion and token exchange), authorization, privacy, non-repudiation and audit.

SOA Intermediaries

SOA intermediaries exist in a number of forms, the most important of which are stand-alone (proxy/router), and agent (embedded in container). Intermediaries enforce and implement policy for Management and Security solutions. The primary role of the agent intermediary is to ensure last-mile policy enforcement, while the primary role of the stand-alone intermediary is to provide service virtualization to isolate consumers from service location, policy, implementation, and change.

SOA Software’s Integrated SOA Governance Solution

SOA Software builds its Integrated SOA Governance solution around its Policy Manager™, Repository Manager™, and Service Manager™ products for SOA Policy Governance, Development Governance, and Operational Governance.

SOA Software’s Repository Manager™, Policy Manager™, and Service Manager™ combine to form a comprehensive Integrated SOA Governance Automation solution.

Repository Manager provides a platform-independent SOA asset management and metadata federation solution. It governs leading development platforms, ensuring consistent definition and management of services and other assets across all development environments.

Policy Manager provides a comprehensive SOA Policy Governance solution, and extends it adding powerful governance automation capabilities. Governance automation minimizes the overhead associated with governance processes, and turns governance from a painful workload into a productivity tool.

Service Manager automatically implements and enforces policies from Policy Manager for Services in Repository Manager. It generates usage, performance and policy compliance metrics that it reports to Policy Manager so that it can audit that policies are being enforced through a closed-loop process.

Using this solution architects, developers, security administrators, and operations managers can define and govern policies that are applied to services throughout the appropriate stages of their lifecycle.

About SOA Software

The world’s largest companies including Merrill Lynch, Verizon, and Pfizer use SOA Software to quickly and safely realize the value of SOA. SOA Software’s platform-independent Integrated SOA Governance and Mainframe SOA products process over 500 million mission critical transactions per month, ensuring the relevance, security, reliability, and performance of services and applications. For more information, please visit http://www.soa.com

SOA Software, Policy Manager, Repository Manager, Service Manager, and SOLA are trademarks of SOA Software, Inc. All other product and company names herein may be trademarks and/or registered trademarks of their registered owners.

SOA Software, Inc.

12100 Wilshire Blvd, Suite 1800

Los Angeles, CA 90025

866-SOA-9876

www.soa.com

This e-mail address is being protected from spambots, you need JavaScript enabled to view it

Copyright © 2007 by SOA Software, Inc.