SOA Governance

An effective SOA governance strategy must not only ensure that development is in-line with corporate goals; it also must address security and compliance issues that arise from regulations and business demands such as Sarbanes-Oxley, MIFID, and Visa PCI, ensuring nothing falls through the cracks.

Progress® Actional® products address SOA governance throughout the lifecycle—in pre-production with Progress® Actional® Application Development and at runtime with Progress® Actional® Enterprise. In addition, the Actional Governance Integration Module complements governance tools such as registries and repositories.

SOA Governance During Development: Design-time Compliance

As part of its service quality and validation solution, Actional offers design-time policy authoring and checking. These capabilities ensure services comply with industry standards (including WS-Security) and corporate standards, and perform well in production.

Actional Enterprise provides the end-to-end visibility needed to manage SOA operations. It automatically discovers services and generates flow maps of the SOA network and triggers user-defined, policy-based alerts on performance and availability issues. SOA administrators can drill down to flow maps of individual violating transactions to perform root cause analysis and quickly find and solve problems before they impact end users.

Achieving Business Goals with SOA Governance

Governance must be established to control quality of service and meet service-level agreements (SLAs). Actional generates alerts based on user-defined SLA policies, enabling quick action to rectify SLA issues. It also provides multi-dimensional business analytics for real-time transactions and trends and controls for directing SOA behavior to optimize business outcomes, for example, to ensure priority service for key customers.

Breaches in security and compliance can lead to penalties, litigation, and other business losses. Consequently, SOA governance requires accurate, consistent security and compliance policy enforcement. When SOA developers are responsible for policies, there is a risk of inconsistent policies and coverage gaps.

Actional provides centralized security and compliance policy enforcement with distributed enforcement. This slows experts to author policies once and apply them consistently across the SOA, guaranteeing complete, accurate coverage.

Finding and Controlling Rogue Services

Rogue services can expose sensitive information to unauthorized users, elude compliance audits, and subvert system capacity planning. Our Governance Integration Module integrates with third-party governance tools (see Technical Specifications), to find rogue services and govern their activities according to applicable policies. It also feeds back runtime metadata on actual services usage and dependencies, to add value to registry and repository metadata, and help developers minimize disruption during SOA versioning and maintenance.

In addition to SOA Governance, Progress Software also offers solutions for:

• Service Level Management
• Business Transaction Assurance
• Application Middleware
• Enterprise Service Bus (ESB)