Sarnataro on Governance
<<When you place applications and services on a public cloud, you give up some control. You may be left open to new security, integration and financial risks. To cope with cloud challenges, as with earlier SOA challenges, you will probably consider implementing some form of cloud governance.
There are both differences and similarities between the governance environment in SOA and in cloud computing architectures. Viewers say the runtime side of governance takes some precedence when cloud applications go live. Will people moving up to the cloud dismiss SOA governance as yesterday’s news? That would be a bad step, according to Scott Morrison, CTO of Layer 7 Technologies.
“In reality, what you should be doing is looking at what worked with SOA governance, because there were a lot of good basic ideas there and a lot of good technology,” said Morrison. “Build on that as you go up in the cloud.”
There is a ''holy trinity of issues in the cloud,'' said Paul Muller, Vice President, Strategic Marketing, Software Products, HP. These include: security, integration and cost management – all areas that governance can address. This becomes increasingly important as distributed clouds face the challenge of keeping track of who’s consuming individual but related services and which business processes.
“As vendors are changing their application interfaces and you are changing your application, you want to make sure the appropriate change management and governance [capabilities are] there,” said Muller. “And from there, we can start to do things just as we do in the SOA world, to apply automated policy.”
Similar to SOA governance, which can be broken down into two major types, design time and runtime, cloud services governance can be distinguished by the same categories. Though design time governance, the designing of policies that will exist around service access control, was much more prevalent on premise traditional computing, runtime governance takes first priority in cloud, according to David S. Linthicum, CTO and Founder of Blue Mountain Labs.
“All services need to be put under the same sort of governance framework,” said Linthicum. “And typically that’s going to be a runtime framework that is able to control access to those services, define those services and how they mature, figure out if those services change, which is important since you don’t control them, and figure out how your governance systemmeshes with security.”
Linthicum emphasizes that the enforcement of government on a day to day basis and creating a unified governance structure are key issues in cloud, especially when you choose to blend services from separate clouds – for example, Amazon and Sales Force – and connect those to separate internal networks and private clouds within your own enterprise.
"When you move into cloud the same patterns exist [as in SOA], however, it is on a much more runtime environment,'' said Linthicum. ''Governance becomes much more important because we are mixing and matching services from a variety of different places to form our solutions.''
Gartner's Daryl Plummer also emphasizes the importance of runtime governance in cloud environments. He stresses that governing cloud services is about governing a business, rather than software components, as providers experienced with SOA.
“In the cloud world, some responsible party has to be there to make sure the service is running every minute of every day,” said Plummer. “It’s not about writing the service and putting it in a repository, and letting a developer figure out how to use it later. It’s a living, breathing service that’s running every day.”>>