By proliferating services far deeper down into the stack, beyond the capabilities of today's SOA governance tools, cloud environments are making unified planning, design, provisioning, monitoring and control of all services next to impossible.
One key area where cloud governance differs from traditional SOA is in its focus on life-cycle governance of VMs. To facilitate automated provisioning of deep application and integration stacks on VMs, cloud management environments should offer prepackaged "server templates," says Michael Crandell, founder and CEO of cloud management platform vendor RightScale.
These templates embed prepackaged policy definitions that govern important life-cycle service VM governance functions, including deployment, setup, booting, monitoring, control, optimization and scaling of VMs on one or more public or private clouds. Cloud governance even encompasses the periodic need to "decommission and throw away" old VM instances, and launch new ones in their place, Crandell says.
Indeed, this could prove to be the killer application for cloud governance: preventing the unchecked proliferation of VM instances across public and private virtualization infrastructures. This problem, sometimes known as "VM sprawl," can present both a maintenance burden and could consume inordinate, costly amounts of cloud CPU, storage and network resources.
A growing range of commercial management tools provide the ability to control VM sprawl across disparate hypervisors. In addition, the hypervisor platform vendors — such as VMware, Citrix and Microsoft, and public cloud services providers have made this the principal feature of their various management tools. Sometimes referred to as "instance management," it's a feature that is lacking from traditional SOA governance tools.
The mash-up quagmire
Traditional SOA-style development is top-down. It requires considerable upfront architectural design, factoring functional primitives into platform-independent, loosely coupled service contracts that are exposed to developers through open Web services standards. It often also includes a core service catalog, such as Universal Description Discovery and Integration (UDDI) to broker abstract service contracts, as well as tools and platforms that support key interface standards such as Web Service Definition Language (WSDL) and Simple Object Access Protocol (SOAP).
By contrast, cloud services encourage a grassroots style — often known as Web 2.0, Web Oriented Architecture or Representational State Transfer (REST) — of service provisioning, development and management. Anyone with a credit card can sign up for and start accessing cloud services, which may be totally redundant with applications that their companies have deployed internally.
By the same token, anyone with a browser can mash up available cloud service components into applications that may deviate significantly from corporate-standard design patterns — and probably lack the stringent security expected from enterprise-grade services. In the REST paradigm, UDDI, WSDL, SOAP and other WS-* standards are conspicuous in their absence. So it's no surprise that the phrase "mashup governance" gives some SOA professionals anxiety fits and causes others to double over with laughter.
SOA best practices reach for the clouds
Nevertheless, cloud services can benefit from the many lessons learned by enterprise SOA governance implementers, says Tim Hall, director of SOA products for HP Software and Solutions. "Most important, you need a service catalog that maintains metadata about services and enables you to control development and construction of services and publish visibility and availability of services to consumers."
Also, federation agreements should be set up to auto-provision service definitions between public clouds and enterprises' SOA, REST and other application environments, Hall says. He says that after all, it's all about the service. From a macro view, the service can be directly equated to value, its contribution to how the service helps you make money, save money or mitigate risk.
Clearly, SOA governance is maturing as a discipline, while cloud computing — the new galaxy in which services will burst forth — is anything but. Unfortunately, the cloud arena may continue to evolve so fast over the next several years that it will be difficult for consensus service-governance practices to coalesce.
So the outlook for strong service governance in this brave new paradigm remains cloudy, but with scattered patches of promise.
Kobielus is a senior analyst at Forrester Research in Alexandria, Va. The opinions expressed are his own. E-mail him at jkobielus@forrester.com.