Checkpoints? They’re so 90’s

Let me say this so every­one can understand:

Rely­ing on check­points as a SOA gov­er­nance strat­egy is stupid.

The Open Group just released a white paper “intended to serve as a guide to the reader to help dif­fer­en­ti­ate and select spec­i­fi­ca­tions appro­pri­ate to their needs.” [Dis­clo­sure: I’m not a huge believer in stan­dards, though I do think they’re impor­tant.] Page 19 talks about SOA Gov­er­nance, so I skipped right to that and was imme­di­ately disappointed.

Under “Gov­ern­ing Process,” they listed one of the key ele­ments as Check­points, defined as stop points to check for gov­er­nance com­pli­ance.

Why don’t check­points work? Because things change. And, when you only check at the bound­ary to pro­duc­tion, but things change within the pro­duc­tion envi­ron­ment, you’re going to have gov­er­nance fail­ures within pro­duc­tion that will go totally undetected.

Here’s an analogy:

You all use Face­book, right? Face­book has the abil­ity to have “closed cor­po­rate groups,” where you enter your cor­po­rate email and are allowed into this closed group. The “check­point” they have is to send an email to your cor­po­rate address to val­i­date that it’s really you. This works just fine, except that when you leave the com­pany, you remain a part of the group.

Change, in this case change in employ­ment sta­tus, has inval­i­dated the check­point. Over time, you can be cer­tain change will occur and inval­i­date this check­point com­pletely, ren­der­ing Face­book closed groups use­less for inter­nal cor­po­rate communication.

There are exam­ples, where check­points work… and they usu­ally involve places where change is slow. For exam­ple at a club. Peo­ple age rel­a­tively slow to the length of a party. So, when you check their ID at the door, you can be cer­tain that the gov­er­nance pol­icy (drink­ing age) is enforced within pro­duc­tion (the club).

Unfor­tu­nately for SOA Gov­er­nance own­ers, SOA pro­duc­tion envi­ron­ments change rapidly. And, with many mov­ing parts inter­act­ing, it’s dif­fi­cult to pre­dict where a change in one place might have a rip­pling effect.

The solu­tion?

Actional. And, of course Soft­ware AG web­Meth­ods Insight.

In par­tic­u­lar, the abil­ity to auto­mat­i­cally dis­cover ser­vices, con­sumers, and rela­tion­ships between ser­vices with­out any a-priori knowl­edge of the environment.

Sim­ply put, this is one of the unique dif­fer­en­tia­tors between Actional (and Insight), and it’s tra­di­tional com­pe­ti­tion like Amber­point and more cur­rent com­pe­ti­tion like Ora­cle Busi­ness Activ­ity Mon­i­tor­ing, CA Wily, and HP.

Actional auto­mat­i­cally dis­cov­ers what’s hap­pen­ing. Sure, it col­lects a lot of infor­ma­tion, but it let’s you know, in (near) real-time exactly what’s going on in your envi­ron­ment, so you are not wholly depen­dent upon checkpoints.

And, lest you think you know exactly what’s going on in your envi­ron­ment, most Actional deploy­ments dis­cover some­thing unknown even dur­ing the proof-of-concept. You won’t even need to wait until pro­duc­tion deploy­ment to start reduc­ing the risk of the unknown in your environment.

Don’t believe me? Drop me an email, and I’ll send you a pre­sen­ta­tion that cov­ers this topic using cus­tomer exam­ples, and with speaker notes so you can see for yourselves.