Checkpoints? They’re so 90′s
Let me say this so everyone can understand:
Relying on checkpoints as a SOA governance strategy is stupid.
The Open Group just released a white paper “intended to serve as a guide to the reader to help differentiate and select specifications appropriate to their needs.” [Disclosure: I'm not a huge believer in standards, though I do think they're important.] Page 19 talks about SOA Governance, so I skipped right to that and was immediately disappointed.
Under “Governing Process,” they listed one of the key elements as Checkpoints, defined as stop points to check for governance compliance.
Why don’t checkpoints work? Because things change. And, when you only check at the boundary to production, but things change within the production environment, you’re going to have governance failures within production that will go totally undetected.
Here’s an analogy:
You all use Facebook, right? Facebook has the ability to have “closed corporate groups,” where you enter your corporate email and are allowed into this closed group. The “checkpoint” they have is to send an email to your corporate address to validate that it’s really you. This works just fine, except that when you leave the company, you remain a part of the group.
Change, in this case change in employment status, has invalidated the checkpoint. Over time, you can be certain change will occur and invalidate this checkpoint completely, rendering Facebook closed groups useless for internal corporate communication.
There are examples, where checkpoints work… and they usually involve places where change is slow. For example at a club. People age relatively slow to the length of a party. So, when you check their ID at the door, you can be certain that the governance policy (drinking age) is enforced within production (the club).
Unfortunately for SOA Governance owners, SOA production environments change rapidly. And, with many moving parts interacting, it’s difficult to predict where a change in one place might have a rippling effect.
The solution?
Actional. And, of course Software AG webMethods Insight.
In particular, the ability to automatically discover services, consumers, and relationships between services without any a-priori knowledge of the environment.
Simply put, this is one of the unique differentiators between Actional (and Insight), and it’s traditional competition like Amberpoint and more current competition like Oracle Business Activity Monitoring, CA Wily, and HP.
Actional automatically discovers what’s happening. Sure, it collects a lot of information, but it let’s you know, in (near) real-time exactly what’s going on in your environment, so you are not wholly dependent upon checkpoints.
And, lest you think you know exactly what’s going on in your environment, most Actional deployments discover something unknown even during the proof-of-concept. You won’t even need to wait until production deployment to start reducing the risk of the unknown in your environment.
Don’t believe me? Drop me an email, and I’ll send you a presentation that covers this topic using customer examples, and with speaker notes so you can see for yourselves.
