Is SOA Management Enough?
Even if all of the relevant categories of SOA management are deployed and fully functional, the full potential value of your service-oriented architectures won’t be fully realized until your SOA management is deeply integrated with similar mechanisms that manage and secure the underlying enterprise applications and the supporting IT infrastructure that your services encapsulate.
These enterprise applications and their supporting IT infrastructure represent not only a huge investment, but also the irreplaceable core business processes that drive the business at its most fundamental level. Without them, not a customer will be billed, supplier paid, nor order taken.
The key concern here is that you can not have special management and security policies for your SOA and different ones for the rest of your enterprise applications and supporting IT infrastructure. An effective SOA approach to management and security must also be unified with the rest of the enterprise entities and policies that it encapsulates. In other words, effective management solutions must be aware of two entirely different layers of technology and yet work as one unified whole.
One technology layer, the service-oriented one, is message-centric and focused on services – SOAP-based Web services mostly, but also older service technologies such as Java RMI, non-SOAP XML, CORBA and so on. The truth is, in the real world, there are often good business and technical reasons why some of those older services have to stay, at least for awhile. These reasons extend from greater efficiency, sophisticated and time-tested transactional technology (fairly new to Web services platforms right now), to conversion cost. There may even be strong dependencies on platform specific features like distributed garbage collection. All of these types of services, regardless of protocol and features, must be managed as part of the SOA. Today, there are a large number of vendors focused quite narrowly on Web services and SOA management.
The other layer’s management must similarly provide visibility and control for the existing applications and supporting infrastructure that are wrapped by services – things like J2EE application servers, web servers, SAP, Peoplesoft, and even Microsoft Exchange. These are all part of the application infrastructure that contains the real business functionality of the enterprise. Many vendors manage some of this, as well. But, even more importantly, effective management of SOAs means integrated management with correlation of management events at both these two layers done in a cohesive fashion so that policy is properly reflected in both layers.
These two layers, SOA and application / IT infrastructure, affect each other. Disruptions in one can be caused by problems in the other. Unfortunately, in the rush to jump on the SOA bandwagon, too many new management products are actually blind to the underlying enterprise applications and IT environments that can profoundly affect the SOA. Part of the problem is that they can’t perform true root-cause analysis (problem determination) because to them the entire enterprise below the SOA is a black box. They rely on and hope that the shallow and limited information that they provide (usually simple SNMP traps) to some other vendor’s more comprehensive enterprise management solutions will be sufficient for those broader solutions to correlate events optimally and to save the day.
In truth, such limited scope products are not very appealing and may ultimately lead IT operations and others to have a false sense of security. It is important that any solution be fully functional and deeply integrated at both layers – at the enterprise applications and IT infrastructure level as well as natively at the SOA and Web services level. And that’s why one of the biggest problems with SOA management today is that some products only know SOA management.
Trackback URL for this post: http://www.webservices.org/trackback/id/5749