Application governance in action: delivering measurable benefits throughout the application lifecycle

Kelly Emo Sr. Manager, Applications Products

HP Software and Solutions

2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

The Business Is Demanding IT to Be a Source of Competitive Advantage

Source of Competitive Advantage* Operational Excellence Customer Intimacy Product & Service Leadership

ENABLERS
Business agility relies on IT agility, which relies on A foundation of architecture and applications
2

*Source: Market Discipline, Dr. Michael Treacy, Professor, MITs Sloan School of Management

The Need Drives You to Modernize

Your business demands faster, better, cheaper You face decades of existing applications and architecture Some legacy, some packaged, some proprietary and pressure to globalize, virtualize and scale You want to respond but what you have limits you..
3

Driven by growing demand for business agility, the monolithic application is and will be rapidly evolving into granular, compose-able and re-useable building blocks.

Kathy Harris Gartner Research, June 16, 2008

4

Modernization Is a Perfect Storm for IT

Powerful technologies available at an accelerating pace

Business expects IT response in Google time

The amount of moving parts, componentized services and actionable metadata explodes.. The promise of agility comes with the price of complexity
5

Modernization Requires Changes Across

PEOPLE
Resources are distributed Across time zones, languages Teams have dependencies, and must learn to share Trust becomes paramount

The IT organization

TECHNOLOGIES
Silos get split up, functionality becomes modular Capabilities delivered as services Rise of the intermediary Metadata is everywhere

PROCESSES

Increasing pace of change drives adoption of Agile Methodology Distributed teams need visibility Collaboration and consistency is key

Dependency management is critical

All Modern Apps Create Similar IT Challenges

What do we have? Where did it come from? What happens when something changes? Can I trust it? Will it work for me?

Who owns it? Who maintains it?

Can I use it?

Where do I go to learn more? To get a handle on this, start with visibility create a way to share information across teams
7

3 June 2010

Support Visibility: You Cant Modernize What You Cant Find

App or Service creator/provider Ive built a Checking Account Service

Service and Application Catalog

Composite App Developer

My eBanking application needs a Checking Account Service

A Governance Repository provides the information that enables Applications and Services to be shared and helps drives the application lifecycle
8

The Application Lifecycle?

Lifecycle Management Lowers Costs & Speeds Time to Service
Change event Business or operations-driven Operations App/Service design

Information flow
Design-time

Business and IT collaboration

Service Development and Quality Management

Service deployment

Architecture team

Service staging

Run-time

Collaboration creates efficiency

9

Go/no-go decision Ready for Deployment/ Consumption

Visibility, collaboration and lifecycle management what are we talking about?

10

Application Governance
ITs Navigation System for Modern Applications

Enable visibility Automate lifecycle

Governance Activities Drive Adoption of Enterprise Standards

Establish control by defining

and enforcing policies

Measurement & Feedback

Collaboration

Collaboration

Foster trust

Measure progress and results

Lifecycle Management
Policy Def &

PolicyEnforcement Def & Enforcement

Consumption/ Contract Management

11

 Subtitle goes here

Application Governance in Action Four Basic Use Cases

12

Use Case #1
Establish Consistent Adoption of Best Practices and Standards

In app dev, how can you be certain what is being built is consistent with your organizations
Best practices? Standards? How can you enforce consistency across the organization in the face of application and people changes?

Guided behavior

Best-practice driven lifecycles

Pre-build Policies

Example: How to enforce development on JDK 1.6 across distributed dev teams?
13

Running Through the Use Case

1. Define and agree on policy to enforce
2. Educate organization to new policy 3. Adopt automated governance software

4. Configure a design-time policy (JDK must be 1.6 or later)

5. Determine point in application lifecycle to check policy (associate policy with stage in governed lifecycle) 6. Guide behavior through automated policy compliance checking and reporting 7. If developers are out of compliance, actions can be taken earlier in the lifecycle
14

Visual interpretation of Use Case

Using slide shots a mini fast-tour Automated Governance software allows technical and business policies to be associated with tasks and lifecycle advancement checks can be automated or manual, reporting aggregated to drive action

15

Use Case #2
Guide the Work of Outsourced Development Teams Desired state Ongoing cost, talent and competitive pressures drive us to build or source virtual or off-shore teams

How can you off-load development to an external org yet maintain compliance to standards and policies?

Shared Services / Composite Apps

Agile Business Capabilities

Example: How to maintain compliance with development policies when you do not directly manage the people doing the work?
16

Running Through the Use Case

(based on an HP public-sector customer in EMEA) 1. Define the role of the outsourced, virtual team (i.e. development of application code) 2. Use automated governance software 3. Define a lifecycle with handoff points driving transition to the virtual team

4. Define and implement explicit, documented standards enforced by policies for how code is constructed/built, published in a repository, and validated against standards
5. Enforce that code and artifacts get validated, published in repository for discovery by downstream teams
17

Guide the virtual team with documented and Define a custom governance lifecycle enforced policies with guided handoffs guiding development to thecode and of virtual team repository publishing

18

Use Case #3

Minding the Gap Between Application and Operations

Example: How to automate the Development-to-Operations application hand-off

19

Running Through the Use Case

(based on an HP Telecommunications customer use case)
1. Define a Governance Lifecycle process for applications or services that ensures key runtime metadata is captured during the design/develop phases 2. Capture the metadata in a usable form in the governance repository 3. Define the lifecycle point in which ownership is passed from the applications teams to the operations teams

MIND THE GAP

4. At that point, ensure the metadata flows to the operations teams in the form of detailed requirements for deployment 5. Use the performance, availability and run-time policy data to automate SLA management at run-time
20

This Metadata can be made available the Service or to Ensure automatically Operations through lifecycle Application has associated transition notification. Then, the metadata in the form of metadata can drive the set up documented run-time and on-going management of requirements/SLAs business-motivated SLAs

21

Use Case #4
Provide Adoption of Enterprise Architecture Requirements Across All Development Teams How can you maintain desired architectural compliance?

Internal team
Europe

Over time?
Across distributed development teams?

Outsourced team
South Amer

Virtual team
Asia

How can you prove that new and improved architectural approaches are followed when code and apps are actually Designed to developed?

Internal team
North America

The Challenge Distributed, shared, agile and virtual teams

22

Requiring Foster collaboration Example: Howpractices Assimilate best to enforce that no modules will make direct, point-to-point calls to databases? Optimize costs through globalization

Running Through the Use Case

(Based on HPs Own Systinet R&D Team) 1. Document desired Architectural Pattern 2. Communicate broadly across Application teams 3. Determine point in development lifecycle to validate architectural policy 4. Adopt Automated Governance software 5. Develop policy to check architectural pattern compliance 6. Associate policy with lifecycle stage progress to build 7. Check compliance before build system accepts a completed package 8. Communicate results of policy check to development and architecture teams
23

 Using slide shots a mini fast-tour

Associate architecture policy check with a business service or application in development phase

24

True enterprise-level agility requires the architectural coherency that comes with an architecture vision realized through conscientious governance.

Avoid The EA Governance Versus Agility Trap Altering Your View Of EA Governance Wont Result In Chaos by Henry Peyret with Gene Leganza and Mimi An Forrester Research, September 24, 2008
25

Adopting Enterprise Architecture Standards: The SOA Scenario enabled by TIBCO ActiveMatrix
Dan Enache Sr Manager Engineering TIBCO Software Inc denache@tibco.com

2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

Top Reasons for Adopting SOA

Business:

Eliminate/Reduce Vendor Lock-in Increase ROI with Re-use Shorten time-to-market

Technical: Avoid Proprietary APIs Normalize Operations and Management of Services

Organization: Governance

27

2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

What do customers want from a SOA platform?

Rapid Service Enablement

Rapid exposure of their application via Web Services Ability to compose new applications with existing services

Choices of:
Implementation Technologies Where to deploy and run

Flexibility and Agility

Make ad-hoc changes post deployment

Visibility and Control

Operational and Lifecycle Governance

SLA management

28

2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

TIBCOs Vision for a Unified Application Platform

Integrated BPM, SOA & Optimization Unified Design time Framework Unified Runtime Platform

Unified Process Engines SOA & Governance Enabled Technologies

29
2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

Challenges with Traditional SOA Applications

SOAP-Service-http () { registerProcessOrder(); } OnMsg::ProcessOrder () { invokePartner(); } SOAP-Reference-http () { call.setEndPtAddr(); call.setOpsName(); call.invoke(); }

Transport is embedded to provide services

Transport is embedded to consume services

Difficult to reuse the business logic outside of the application Difficult to scale the business logic independently Difficult to version the business logic w/o major disruption Difficult to re-implement with a different technology

30

2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

Challenges with Traditional Orchestration Projects

Transport is embedded to provide services

Transport is embedded to consume services

Difficult to reuse the business logic outside of the application Difficult to scale the business logic independently Difficult to version the business logic w/o major disruption Difficult to re-implement with a different technology

31

2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

Solution: Componentization and Virtualization

Componentization

is about breaking down complex applications into smaller components with the opportunity to reuse

Virtualization

is about abstracting components so they can be assembled into new composite applications
the components are built following industry standards (WS-*, OSGI, SCA, etc)

All

32

2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

Componentizing the Application Logic

Composite Application
SOAP-Service-http () { registerProcessOrder(); }
OnMsg::ProcessOrder () { invokePartner(); } GetCarModel SOAP-Reference-http () GetCarModel { call.setEndPtAddr(); call.setOpsName(); call.invoke(); }

Traditional SOAP embedded app

ReserveCar_HTTP

GetPrice_Partner

Service Provider transport is decoupled

Service Consumer transport is decoupled

Virtualized business logic becomes reusable

Virtualization presents a choice of other implementation types
33
2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

Componentizing the Orchestration Logic

Composite Application

ReserveCar_HTTP

GetCarModel

GetPrice_Partner

GetCarModel

Service Provider transport is decoupled

Service Consumer transport is decoupled

Virtualized business logic becomes reusable Virtualization presents a choice of other implementation types

34

2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

What is the problem? What experts have to say ?

In 2010, a lack of working SOA governance arrangements is the In 2010, a reason for SOA most commonlack of working SOA governance arrangements is the most failure. common reason for SOA failure. (Gartner) (Gartner)

35

2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

TIBCOs Solution: ActiveMatrix Platform

SOA Guided by Application Governance

Lifecycle Governance
AMX Lifecycle Governance Framework

AMX Service Grid ActiveMatrix BusinessWorks

BW IT

Java
POJO/ Spring

.NET

C++

Ruby

Perl/ PHP

Python

ESB: AMX Service Bus

TIBCO EMS

ActiveMatrix Runtime Foundation & Administrator

Operational Governance
AMX Policy Manager
36

AMX Service Performance Manager

2008 TIBCO Software Inc. All Rights Reserved. Confidential and Proprietary.

Adapters

Get the Most from GovernanceIntegrate With the Complete Application Lifecycle
HP Application Lifecycle Management enabled with software integration

Architecture

Manage the lifecycle of delivering apps and services with visibility, automated processes for architectural consistency and control, information and feedback

Governance

Quality
App or Service Owner
App & Service creation

Management
Manage services and traditional applications using a single unified management system IT Operations

Manage quality complexity while accelerating functional, performance and security validation Applications

Composite App Dev

Consumers

Re-use modules in composite applications

Strategy
37

Applications

Operations

The HP Governance Software Portfolio

HP SOA Systinet
Complete Governance platform Manage the complete lifecycle Define and enforce policy Manage consumption Governance Information for measureInteroperability ment and feedback Framework

HP SOA Policy Enforcer

Seamless integration with HP SOA Systinet Automation of run-time policy configuration and enforcement Provides key run-time metrics to Systinet

HP SOA Registry Foundation

Embeddable UDDI registry Jumpstart ISVs, developers and solution providers building SOA composite apps Simplify integration and discovery

38

Take Away
When modernizing, realize that governance can be a guidance system

Engage in an application modernization discovery day

Drill down into managing the application lifecycle with Governance

Learn more at www.hp.com/go/ALM

See Application Governance at the HPSU Solution Showcase

39

Q&A

40

To learn more on this topic, and to connect with your peers after the conference, visit the HP Software Solutions Community:

www.hp.com/go/swcommunity
41 2010 Hewlett-Packard Development Company, L.P.

42