This content is part of the Essential Guide: SOA tutorial: Trends, governance and the microservice impact

SOA governance tools offer automation, centralization

This article takes a look at SOA governance tools and how various vendor offerings stack up.

SOA projects have a tendency to get out of hand, potentially derailing the SOA initiative, losing support for future endeavors and wasting time and resources. Enterprise architects can avoid these problems by leveraging automated and integrated SOA and middleware governance tool suites. The challenge is choosing the right tool set from the many available.

This article covers a few of the many tool suites available, including vendor-specific and vendor-neutral products. These governance tools evaluated by experts help wrangle SOA projects, including APIs, through planning, lifecycle management, integration and management. Experts found that most of the tools provide mechanisms for SOA quality assurance and validation, automating some processes, and offering support for common languages and protocols. Despite the plethora of options, experts agree that there are varying categories for these products, and their use depends on the infrastructure being used for development.

SOA governance tools fall into many different categories, according to Matt Brasier, principal consultant at UK-based C2B2. The first category is at the core of governance products: monitoring the SOA infrastructure and the ability to set service level agreements (SLAs) against it. The selling point for those is the dashboard, he said, because developers and application architects can check response times and ensure SLAs are being met.

Other categories include service discovery, EDI registries and service registration, Brasier added. Additionally, he said, some products focus on monitoring, but looking at it from the business value standpoint; for example, which endpoints are busiest and being able to track and trace business transactions through various endpoints, as well as follow the flow of data in business transactions.

Vendor-specific governance tools are best for vendor-specific platforms.

No matter which SOA governance platform is chosen, they're all very vendor-specific, Brasier said. "Most of the platforms work best if you use that vendor's governance tools, especially since there's been some consolidation on the market," he said, citing the acquisition of AmberPoint, which used to be vendor-neutral, by Oracle.

"Most vendors have been bought up by bigger companies," he said.

Some of the main vendors in the SOA governance space, IBM, Akana (formerly SOA Software) and Tibco, offer governance as part of an SOA suite, according to Gary Olliffe, Gartner research director for technical professionals. Meanwhile, vendors like MuleSoft and Akana, as hinted at by the name, have added API management features and now call their SOA governance tools API management products, he added.

Vendors do draw lines between SOA and API

However, there are still differences between SOA governance tools and API management products, depending on the vendor, Olliffe said. The best examples are IBM and Oracle, which both still offer separate product lines. IBM has an API management solution as an add-on to the data power platform for SOA. There is integration between the two products, but they are still distinct, he said.

Oracle's products, while not on the Gartner Magic Quadrant, are somewhat similar, Olliffe said. Oracle has its Enterprise Repository for SOA governance and API Management Gateway and catalog bundled together, he said.

Use cases draw distinctions among product categories

Olliffe sees the real distinction between SOA governance products and API management products in how they're used. "SOA governance use cases are much more lifecycle-centric," he said, adding that they include end-to-end planning and the metadata around that, as well as workflows, approvals, and the tracking of efforts to deliver managed services. "Some of that is runtime governance, and some is security policy," he added.

On the other hand, API management is much more focused on encapsulating services behind a gateway. "There's nothing to stop API management in SOA governance, but you don't manage the lifecycle of a public API" in an SOA governance tool, he said. A mature team would want to use both sets of capabilities, and more developers are starting with runtime use cases.

Where the products fall on the Gartner Magic Quadrant reflects their overall strengths, according to Olliffe. IBM, Software AG, Tibco and Akana are the strongest in SOA performance, he said. Meanwhile, Apigee, Axway, Mashery and CA Technologies focus more on API management and are stronger for those applications, Olliffe said, noting that the Magic Quadrant is more about the target market for the products and not necessarily how vendors are rated.

Ultimately, Olliffe advises developers and application architects to focus on where they will get value and what questions they want answered by using an SOA governance product. "Think about the question [and] metrics important to your organization, then choose features and capabilities accordingly," he said.

A sampling of governance products

IBM offers two primary SOA governance tools, WebSphere Service Registry and Repository and Tivoli Security Policy Manager. WebSphere Service Registry and Repository's lifecycle management component automates the discovery and cataloguing of service details, as well as the association of policies with them. The lifecycle management also supports REST and WSDL. Tivoli Security Policy Manager's main SOA draw is that it acts as a centralized point for administration. IBM also touts the product's scalability and support for plug-ins and Java, .NET and mainframe applications.

Akana offers two tools to help with SOA governance: Portfolio Manager and Service Manager. The Portfolio Manager tool is for planning, which includes modeling architectures and identifying assets. Service Manager is a full suite of SOA policy management and governance tools, handling everything from security to monitoring, mediation and other runtime capabilities. It works with Akana's Policy Manager for enforcement and implementation purposes, supporting Java and .NET servers, ESBs, mainframes and packaged applications.

Oracle's SOA Governance product automates SOA governance processes and the SOA lifecycle itself. Oracle bills the product as being ready to work with out of the box, particularly for understanding and measuring an SOA investment.

Anypoint Service Registry from MuleSoft is another governance product, but it's also advertised as handling APIs first. It consists of a Service Repository, which manages services and endpoints; Service Virtualizer, which provides a way to modify services and locations between cloud and on-premises environments; and Policy Manager to create and apply security, compliance and management policies.

Next Steps

Learn how to build governance into your SOA initiative

Learn the truth about common SOA governance misconceptions

Dig Deeper on Distributed application architecture