WHITE P APER

BEA Systems: Expediting SOA Governance Initiatives

Sponsored by: BEA Systems

Sandra Rogers Marianne Hedin

March 2007

SO A GOVERNANCE: CRE ATING A FOUNDATION FOR

MAN AGEMENT AND CHANGE
www.idc.com

SOA Happens: Prepare to Enable Value and

Minimize Risk

Service Oriented Architecture (SOA) has generated a groundswell of activity across the IT market. Most
F.508.935.4015

organizations seek to adopt SOA for efficiency by leveraging reusable services for consistency and
savings and to create systems that can rapidly be configured and modified to support dynamically
changing business requirements — the operative word here being "change."

Enterprises typically begin their SOA efforts at a tactical application or departmental level and then
P.508.872.8200

progressively expand to build more pervasive enterprise foundations. Each new effort is ideally
designed to take advantage of previous ones, reaping value from earlier investments and avoiding the
creation of yet another generation of solution silos. However, as the number of services and engaged
systems increases, SOAs can quickly get out of hand. Along with core development efforts, one must
consider the growing amount of services in packaged applications and other IT components, combined
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA

with the intensifying pressure to exchange services with partners and customers. Add to this the
random activities of individuals across business and IT ranks, especially given readily available
technologies that make it relatively easy to create and consume services including desktop solutions,
and it is hard to deny the need to manage these interfaces in a more structured manner. Unless there is
a coordinated effort to closely supervise these activities, risk and complexity can unfold, let alone the
potential for creating redundancies and wasting valuable resources.

Regulatory, competitive, and corporate pressures have notably increased levels of accountability for
quality, security, and return on investment. IT and business leaders must understand where and how to
best leverage SOA and manage its progress to guarantee successful transitions. Many executives
having adopted SOA note that the largest challenges center on instilling change in the way their
organizations approach and manage IT with a service-oriented perspective. Most IT organizations often
first focus on building out reference architectures and implementing the technical infrastructure for SOA;
however, as their initial deployments expand, especially across multiple functions and organizational
boundaries, change management and governance issues escalate in priority. Thus it is critical for these
leaders to design and implement strong SOA governance programs and teams and provide effective
training and incentives to engender appropriate behavior.

SOA Organization and Governance Building Blocks

SOA depends on shared methods and practices, thus it is necessary to create a framework that
facilitates cooperation and trust, while at the same time enforce oversight and sharing of common
semantics, standardized schemas, and protocols.
Enterprises that already possess a well-established IT governance program find that SOA requires
additional considerations, including involvement by a broader (and at times unknown) set of
participants; service and process interdependencies that are logically, not physically, bound; service
interfaces, message formats, and additional artifacts to standardize and manage; and dynamic load
management and support challenges.

To address these in a realistic fashion requires a balance. Existing systems need to evolve, and
allowances for flexibility and autonomy need to be accommodated. This goes well beyond providing
guidance on how to build services to ensure they adhere to technical and business principles for
consistency, interoperability, and compliance. Service priorities must balance between discrete
objectives and the mesh of preexisting and changing operational and technical dependencies. The
necessary mechanisms to uniformly classify services for tracking purposes and to help navigate service
relationships within composite solutions should also be put in place. This balance ultimately must
ensure that the architectural integrity of the environment is not compromised. In an SOA, access rights
and security, quality assurance, versioning and maintenance, service monitoring and management,
dependency tracking, and supporting service level agreements (SLAs) are pertinent to address at
varied and more dynamic levels.

Many of these concerns are driving companies to think not only about technology but also about the
organizational structure and processes to support SOA for the long haul. Enterprises often develop a
central architecture team or SOA center of excellence (COE) to help establish policies, mentor and
assist distributed development teams, monitor and manage centralized registries, research business
requirements, and prioritize services. In some cases, these COEs also create, own, and maintain
foundational services and infrastructure for the enterprise. Even so, many enterprises still rely on a
significant amount of manual intervention to capture or enforce protocols, leaving tremendous exposure
to error and risk. More strategic moves are warranted, especially when addressing enterprise-scale
initiatives and navigating political arenas.

It is essential to clearly define roles and responsibilities. Many organizations are modifying their
governance structures to address specific domains and processes that cut across departments and
applications. As services can be uniquely designed to map to specific business functions, some
enterprises opt to tie more direct responsibilities to business entities for decisions rights, policy
management, and general ownership across the services life cycle. Some organizations also find they
must change how they approach funding projects, especially given the increasing number of centralized
and shared resources to develop and maintain.

Key to the success of any governance initiative is addressing human factors and the culture and
methods of how the organization operates. A strong program promotes communication by providing
greater transparency and imparting policies to address service requirements and prioritization. It is
human behavior to resist change, especially when information and process ownership are at stake. To
create effective collaboration, many organizations build incentives alongside their governance efforts.
Delivering metrics is also part of what is required by today's businesses. Therefore, assigning key
performance indicators (KPIs) to specific services is a growing phenomenon. These and other
mechanisms can be used to help measure and control decisions on service prioritization in an objective
manner. From an operational point of view, monitoring and reporting for compliance and communicating
status and usage patterns provides much needed visibility to stakeholders across the ecosystem.

Most CIOs recognize the need to accommodate incremental SOA adoption yet lay out and follow a well-
designed road map from the onset. They also realize that steps to automate efforts tied to governance
should also be taken in stages.

2 #205575 ©2007 IDC

Primary Elements of SOA Governance
Primary areas of governance to be addressed with SOA in mind include:

! SOA organizational governance structure. To establish roles and responsibilities, create SOA
competency centers and service review boards, and design service ownership, accountability,
funding, maintenance, and support models

! SOA governance procedures. To provide a framework of activities to follow, from service

conception to review and approval checkpoints to conflict resolution (These processes should
complement and coordinate with overall IT governance procedures.)

! Service portfolio management. To provide a service road map and framework for prioritization
and alignment to business objectives and to document and track services tied to all ongoing project
developments (It is essential to outline requirements for common services, track service
dependencies, and organize service information and artifacts. Incorporating domain and business
process views is also critical.)

! Reference service architecture and standards. To outline standards for service definition,
message formats, naming conventions, security policies, and other protocols (This often includes
guidelines on specific architectural and service design patterns and the use of technologies to
uphold the reference architecture.)

! Service life-cycle management. To define processes and policies and ensure all service life-cycle
steps are properly addressed, from requirements gathering through to service retirement (This can
include guidelines and standards for creating and publishing services to versioning and change
management procedures and controls.)

! Services policy and operational management. To define and enforce service policies, including
identity and access management along with security and service management protocols; to help
manage and monitor service behaviors to ensure adherence to contracts, such as SLAs or service-
provider agreements; and to address overall enterprise efficiency and business goals

Tapping into Experience and Technology

Frequently, enterprises look to experienced vendors to provide planning, design, assessment,
implementation, and support services to assist them in developing an effective SOA governance
program. The many service offerings include: defining processes to address specific business and
technology requirements; developing road maps for guidance in implementing and evolving their
initiatives; formulating communication and collaboration plans to involve and gain support from key
business and IT stakeholders; designing and running education and training programs to address the
need for continuous learning and development of new skills; assessing organizational structure to help
identify and create new (or changing) roles and responsibilities; and developing and implementing tools
and technologies to facilitate SOA governance processes.

Looking ahead, service vendors are focusing on helping enterprises manage organizational change as
part of this new governance and operational model with guidance as they evolve their SOAs and more
effectively promote collaboration across multiple functions.

There are many tools and automated techniques that can facilitate governance — in particular, the use
of service-based registries and repositories, life-cycle automation, and policy and service management
engines. These technologies can help organizations manage pertinent metadata used for the discovery,

©2007 IDC #205575 3

consumption, and management of services, composite solutions and business processes, and varied
policies, alongside other critical system artifacts. From an architectural perspective, the integration of
these technologies with other IT infrastructure and applied across the overall services life-cycle
workflow can create improved compliance and standardization and influence proper behavior and
benefits of sharing and reuse. Runtime management and deployment engines that enforce services
routing and access policies also often provide critical information for monitoring compliance and
performance of services.

Another growing consideration is support for federated capabilities to accommodate the needs of highly
distributed organizations. The use of technologies that allow for tiered and role-based activities and
administration can help drive participation in a shared SOA environment and allow key stakeholders the
necessary levels of control for their unique needs, yet adhere to enterprisewide governance policies.

CASE STUDIES IN SO A GOVERNANCE

The following case studies provide insights into the path these enterprises are undertaking as they
develop and expand the scope of their SOA governance needs.

T-Mobile Germany

Background
T-Mobile International, a wholly owned subsidiary of the Deutsche Telekom Group, is one of the largest
international providers of mobile communications to business and consumers. It services over 103 million
customers across the United States and Europe and continues to expand into a number of Eastern
European and emerging countries.

A primary goal for T-Mobile is to become even more agile to address rapidly changing business
demands. Applying an overall corporatewide and technology-independent approach has become
imperative to ensuring consistency and efficiency while allowing for enough flexibility to address specific
customer and market expectations. Another objective is that T-Mobile provides seamless processing for
its expanding network of third-party content providers.

T-Mobile has amassed a heterogeneous mix of technologies, including proprietary systems servicing
unique requirements. In 1999, T-Mobile Germany, a subsidiary of T-Mobile International, began
modularizing its business support systems for customer care, billing, and other critical processes. Most
of these were homegrown solutions that mapped to a large consolidated database. In recent years, the
organization has been re-architecting and consolidating its integration infrastructure, eliminating
unnecessary gateways and components.

There is now a companywide SOA initiative that has already produced visible savings and added
flexibility to address business opportunities. Web services are being used to help integrate these back-
end systems and create a portfolio of services. Model-driven development approaches have also been
introduced into the environment.

The SOA Governance Initiative

T-Mobile IT is organized in a functional matrix, with country-level IT departments responsible for local
delivery, projects, and budgets. IT staff are, however, assigned to an overarching structure organized
along functional units, called "domains." These work within a governance body for international project
delivery, harmonizing applications and ensuring standards are enforced. Major IT governance

4 #205575 ©2007 IDC

objectives involve prioritizing and budgeting for the many activities the organization is to pursue. It is run
akin to demand management to understand the goals, generate the necessary road maps, and
synchronize activities.

Florian Mösch, vice president in IT and head of Enterprise Integration & Architecture for T-Mobile, is
responsible for all integration strategy, architecture, and delivery for Germany, the United Kingdom, the
Netherlands, Austria, and the Czech Republic. According to Mösch, managing this across all five
countries is a piece of art. The process of gathering requirements, involving all the right people,
implementing a structure, examining dependencies, determining what to handle at a local versus
corporate level, and addressing budget allocations — and a myriad of other interrelated tasks — can be
complex, thus a good IT governance process is a necessity.

The company's overall IT governance structure involves common and local portfolio management
committees that make sure requirements are harmonized and implemented appropriately across the
entire organization. The SOA governance program now ensures that enterprise architects, including
representatives from each country, review all projects to make sure they are soundly designed, meet
business objectives, and support the overall architecture. T-Mobile also employs a robust change
management system that helps align roles and tasks to specific business processes and associated
projects and services.

The company's SOA governance program is strongly connected to its overall IT governance structure.
Mösch states, "If you don't have IT governance, you can't have SOA governance." SOA, however, adds to
and changes what is particularly addressed, impacting T-Mobile especially around the areas of service
portfolio management and service life-cycle management. One of the firm's initial SOA governance tasks
was to describe new roles and responsibilities and address organizational change dynamics.

Building on Best Practices

In the fall of 2006, T-Mobile decided to seek assistance from an external provider that could help the
company define the critical steps and necessary procedures to address in its SOA governance program
— from an objective view and bringing varied experiences to the table. After speaking with many
vendors, the group decided to engage BEA Systems because of its practical approach to SOA
governance and the collaborative manner in which BEA would work with the T-Mobile team.

For three months, BEA consultants worked with T-Mobile's enterprise integration team and country
CIOs to review the current state of its SOA governance program and developed a proposal and road
map on how to proceed. T-Mobile found BEA very helpful in structuring best practices by introducing
ideas and constructive proposals that mapped to what would be best for T-Mobile. BEA and T-Mobile
then developed an SOA governance and policy handbook to document the processes and standards to
be addressed. This handbook provides references to other sources for detailed technical specifications.
Specific operational management and security policies are addressed at a service contract level versus
at an abstracted organizational level.

BEA subsequently helped T-Mobile develop and run a series of workshops for country-level CIOs,
architectural teams, and IS staff designed to elicit dialogue and tune the details of the SOA governance
program. The BEA team referenced real-life examples, bringing very tangible elements to these
discussions. The BEA team also worked with T-Mobile to develop an SOA dashboard to provide a
central source of information and status for all SOA activities and measurements to assess the
effectiveness of its SOA program. Once the SOA dashboard is implemented, metrics will include reuse
ratios, staff skills, number of SOA solutions, and service mappings to key performance indicators.
The dashboard and reports will allow the IT architecture group to relay important information to the
leadership team on a regular basis.

©2007 IDC #205575 5

Looking Ahead
BEA continues to work with T-Mobile IT with its overall change plan to link what was outlined in the
handbook to all the necessary elements and drive greater cross-enterprise service use and
effectiveness. T-Mobile anticipates that this exercise will help the company reshape how it addresses
enterprise integration. This effort should also help the IT group better understand and prepare for the
impact SOA will have on its overall resources and outline change processes to be implemented to
support the overall environment at the right levels of granularity.

In the future, T-Mobile plans to incorporate business process management into the SOA infrastructure
and architecture. This will introduce additional technical aspects to the SOA governance structure and
will likely prompt many more business stakeholders to engage in the overall process. The company also
continues to advance its services "registry," which will soon be available in all five countries to provide
what Mösch refers to as "the single point of truth for services including their metadata." It will be used
throughout the whole service and solutions life cycle.

Words of Wisdom
What would T-Mobile have done differently? It would have started earlier. Mösch believes organizations
should not try to solve every angle of the SOA environment and infrastructure before getting their feet
wet with SOA projects. Yet he recommends at the onset to understand and plan for addressing all the
awaiting complexities. Mösch mentions that obtaining assistance from a vendor such as BEA can help
the entire effort go significantly faster versus attempting to research and learn everything on one's own.
BEA's advice in creating a proposed structure has had a positive impact on T-Mobile's SOA efforts.

One of the biggest challenges to an SOA governance program is getting it rolling and accepted as a
common exercise. It takes time to get all parties to buy in and accept that there are certain
dependencies and elements of the environment that will no longer be under their direct control. Here, it
was not a matter of command but a matter of gaining trust. According to T-Mobile management,
instilling an overall architectural and governance structure can at times be difficult, especially if
participants view it as too bureaucratic. It is important to provide concrete examples so they can better
understand what is entailed and understand the discrete and overall value they will be able to directly
glean from the effort.

Managing expectations of C-level executives and country-level CIOs was another challenge Mösch
cites. He considers the easiest elements to address are the technology concerns, whereas the primary
issues are those of people, especially among middle managers who are concerned about effectively
running operations with no disruptions and pressured to ensure optimal time to market and financial
results. Mösch advises both vendors and users not to promise too much too quickly or rely on generic
ROI models. The ideal scenario is to develop a customized business case for SOA that is very specific
to the organization. Understanding how to measure the business value based on aspects inherent to
one's individual firm is important.

Washington Mutual Card Services

Background
Washington Mutual Inc. (WaMu) is one of the top retail banking and financial services firms in the
United States. Its Card Services division, primarily formed from the acquisition of Providian Financial
Corp. in October 2005, provides credit card products and related services to 11 million customers.

6 #205575 ©2007 IDC

WaMu focuses on being highly efficient to keep costs low and pass those benefits on to its customers. It
also emphasizes first-rate customer service and allows for the required flexibility to address local market
demands. Important ingredients to its overall growth strategy are to apply consistent methods across
the enterprise and promote cross-selling initiatives. The company also heavily invests in technology,
with a large Web presence, effective telemarketing capabilities, strong partner alliance and co-branding
activities, and sophisticated direct mail and rewards programs.

In 2003, the Card Services division, then Providian, had a very labor-intensive IT environment centered
around supporting legacy systems. The company realized it could not sustain this model given all of its
expanding business requirements. Porting its highly specialized applications to a new platform would be
too costly and a difficult endeavor that would not by itself provide the firm with the levels of reuse and
flexibility it desired.

The group also wanted to become much more product independent and leverage more of a business
process computing approach. This would require building out a more standardized and layered system
architecture. As such, the decision to move to an SOA model was borne, and with it the need to create
an overall SOA governance structure. Not only did WaMu require that all the technical tenets and
policies of this new environment be consistently upheld, but it also had to assure that corporate and
divisional business goals were properly addressed on an ongoing basis. It also needed to generate
proper behavior and cooperation from all business and IT constituents, which would involve internal
staff and external resources.

The SOA Governance Initiative

According to Mannie Heer, VP of Utilities and Services within the IT group at WaMu's Card Services
division, the group undertook a rather large transformation effort within an extremely short period of time
— defining a new architecture, selecting products, and delivering solutions against this new construct.
The firm's overall organizational structure emphasizes a centralized management and operational
model, and in Heer's opinion, this was a large factor in WaMu's ability to successfully implement SOA
while many aspects of the environment were still being formulated. Most SOA-specific governance
processes and policies were initially handled manually, which only such a contained environment could
permit. WaMu expects to employ more automated means in the future to enforce explicit design and
operational policies.

The Card Services IT team had developed a technical infrastructure road map in early 2005 and by
midyear selected many of BEA's software offerings to underpin much of its SOA infrastructure along
with other technology. Over the following six to nine months, the team implemented this infrastructure
and developed a set of core technical and business services. Seeking to gain from the experiences of
others and leverage an outside vendor with strong SOA experience, the WaMu team engaged BEA to
supply guidance and assist with defining an appropriate SOA governance model, reference framework,
and services road map. For three months, a small, dedicated team of BEA consultants worked closely
with the Card Services architecture team through a series of onsite work sessions. They outlined
desired processes along with service design and operational policies to be enforced. An explicit road
map was created, specifying governance requirements and procedures to follow as well advice on what
to avoid. The inclusion of these insights has provided WaMu with guidance to follow as it evolves and
enhances its overall SOA framework.

Building on Best Practices

A primary objective for most SOA governance efforts is to institute a process to determine whether a
particular project appears to be a good SOA technical fit and business investment. WaMu wanted to
create a mechanism to enforce governance at the earliest stages of an individual project and make

©2007 IDC #205575 7

available a baseline of core services to ensure that a proper footprint for its SOA (upholding its
standards blueprint) be developed during the crucial first stages of its overall initiative. This objective
was achieved by ensuring that all projects go through an architectural assessment at project initiation
and an additional review during the development life cycle by an SOA governance body.

WaMu has a clear corporate and IT governance methodology and standardized approach to evaluating
and prioritizing technology projects. Its general IT governance model already handled basic review and
escalation processes; however, the SOA governance initiative needed to incorporate specific
characteristics and detailed elements to address a services-based environment including roles and
processes along with key interoperability standards and common messaging schema. In WaMu's
opinion, these standards are essential to setting contracts between service consumers and providers.
Communication of standards along with instructions on building interfaces and a listing of available
services were posted to a collaborative developer portal site. This is used as an important checkpoint as
new services are formulated.

In Heer's view, an SOA environment needs to address multiple iterations and versions of services. And
what is designed must also take into consideration the growing volume, variety, and complexity of
services and applications. A key early governance activity was to develop a service versioning strategy,
which allowed for life-cycle management. The potential to create redundant or slightly modified services
is another key concern. Therefore, a more structured approach to prioritizing and identifying services
opportunities within concurrent development initiatives is being developed.

Looking Ahead
The Card Services division built its own service registry and repository but is looking to implement a more
robust industry solution. It also expects to install a more "industrial-strength" enterprise service bus and
Web services management solution, coordinating with the overall corporate SOA road map. More
formalized and automated testing, monitoring, and management to support SLAs will also be addressed.

It is imperative that the Card Services division influence and align with the overall corporate SOA strategy.
WaMu ideally seeks to employ a federated model, especially to support cross-division services. Already
there are some business lines sharing services, therefore reinforcing development standards is critical but
not the entire picture.

Also, in Heer's opinion, adopting SOA will allow WaMu much more resource flexibility in that the older
legacy application world necessitates employing individuals who have specialized skills, whereas with
SOA there will be less need for such technical domain expertise by leveraging services versus always
directly tying into the underlying infrastructure and data sources.

Words of Wisdom
A big challenge for WaMu has been transforming a primarily legacy application–oriented IT force into a
new services development business. Shifting the application development teams away from coding
functionality directly into the application to creating and encapsulating logic in services is an evolving
proposition. According to Heer, this required an assessment of staffing and skill sets along with revising
many IT procedures, including what to review as each service, application, or system is delivered. He
also emphatically advises companies to look for specialized resources with proven SOA expertise
versus expect all that is to be learned and addressed to be effectively gleaned out of existing internal or
external staff.

8 #205575 ©2007 IDC

Speaking from experience, Heer recommends that organizations not attempt to build out an entire SOA
framework and concurrently commit to too many services development projects within a compressed
period of time. Not only are there many interdependencies and decision points to consider, but when a
more robust infrastructure is employed early on, there is less groundwork to make up to ensure what has
already been implemented is documented and in compliance with the established policies and procedures.

Josie Roberts, who oversees SOA governance activities for the Card Services organization at WaMu,
notes that ideally the group should have introduced a more robust service registry and repository much
earlier. Creating the service life-cycle processes leveraging such tools can introduce much-needed
discipline. It also helps provide a comprehensive service inventory, which at the very beginning stages
of a development project can facilitate service discovery and prioritization.

Heer also notes that upfront costs can be higher to develop services and adhere to standardized
policies than implementing a discrete change to a preexisting application. He emphasizes the
importance of taking a long-term view and the necessity of building the confidence of all key
stakeholders regarding SOA's overall benefits. They require a good understanding of the overall
business impacts and need to have proper expectations as to their individual levels of control and
influence on outcomes. Another key to success has been senior management reinforcing the criticality
of the SOA initiative by aligning divisional goals and metrics with delivery on specific SOA objectives
and using these monitory incentives to foster employee participation.

IDC believes that WaMu's preexisting IT governance and life-cycle models contributed to its SOA
governance initiative getting up and running so smoothly in such a small time frame. Clarity on terms
and related expectations (i.e., what is a policy, a standard, a guideline, a procedure) and a mechanism
to communicate among stakeholders were already in place to build upon — and strong communications
is indeed a critical key to success.

BE A SYSTEMS' APPRO ACH TO SO A ORG ANIZ ATIONAL

CHANGE AND GOVERNANCE
BEA Systems Inc. is a major $1.2 billion infrastructure software company, providing standards-based
technology designed to help customers successfully deploy and manage applications and SOA
environments. The company has a rich history of experience in the market, providing technology and
services to large institutions across a variety of sectors. SOA is indeed the core strategic focus for the
company's current and future product and go-to-market strategy.

BEA Systems conveys a holistic SOA adoption strategy via its SOA Domain Model based on six major
dimensions, one of those being Organization and Governance (O&G). BEA has also developed its own
SOA Governance Framework to assist clients in developing and designing their own SOA governance
decisions and accountability frameworks. This framework focuses on four major factors that affect SOA
governance: structure, process, communication, and tools (see Figure 1).

©2007 IDC #205575 9

FIGURE 1

BEA's SOA Governance Framework

Source: BEA, 2007

BEA works with clients to apply techniques that complement their existing environments to
pragmatically and incrementally drive change. The company focuses on providing technologies and
services that can work in harmony with other vendors' offerings, which is critical given today's complex
IT environments and customer demands. BEA frequently teams up with other services vendors that
fulfill much of the implementation phases of a governance project while BEA concentrates on laying the
initial groundwork, such as: assessing needs and identifying a future vision and road map; reviewing
and educating on best practices; determining staffing (e.g., roles and responsibilities) and organizational
changes to address; and developing a training and communications plan addressing skill gap.

From a technology perspective, BEA continues to adhere to and contribute to many key industry
standards, promoting and helping define interoperability across many dimensions of the SOA-based
computing landscape. To note, BEA has been an active member of the Open Group's SOA Working
Group to help generate a reference framework for SOA, including a standard definition for SOA
governance and a common language for communicating aspects of a governance program.

BEA Professional Services Offerings to Support

SOA O&G

SOA governance is a specialty area for BEA's Organization and Governance services team, which in
turn provides a wide range of professional consulting and training services. BEA's main offerings here
include:

! Education and training, including classroom-based and self-paced courses on SOA organization
and governance, targeting IT executives and their direct reports

10 #205575 ©2007 IDC

! Communication and collaboration plan to create buy-in and support from key stakeholders from both
the business side and the IT side of the organization, with a focus on team building and team
leadership (BEA also offers a two-day Executive Forum to help IT management identify SOA priorities,
assign roles and responsibilities, and determine how to maximize business value from SOA initiatives.)

! Assessment of a client's maturity profile from an SOA perspective vis-à-vis BEA's SOA Maturity
Matrix and industry best practices

! Review of the current state of a client's governance structure, practices, policies, and procedures
and need for change of certain roles and responsibilities

! Road map to guide the organization toward its future vision as a services-enabled enterprise

With these and other offerings, BEA is able to help clients move to the next levels of SOA adoption,
focusing on steps to be taken that can be implemented in an accelerated fashion, from initial awareness
and readiness assessment to the more pragmatic design and planning stages.

In particular, BEA differentiates itself by offering a modular and low-cost delivery model of services to
enable enterprises to undertake tailored projects that do not require large teams of consultants and
significant upfront involvement before benefits can be realized.

BEA Software Offerings to Support SOA O&G

BEA's primary product lines include application development and deployment technology, including an
expansive set of middleware such as integration, application server, and portal software. BEA's growing
AquaLogic family of service infrastructure is specifically designed to support the creation and ongoing
management of SOA-based systems.

Key technologies to note that particularly enhance an SOA governance program include:

! BEA AquaLogic Enterprise Repository. A metadata repository to capture and manage

definitional and instructional information on services and associated artifacts (The repository is
positioned as a key element of the SOA environment and a shared resource to other technologies.
It can facilitate processes such as service, asset, architecture, and policy compliance; dependency
tracking and impact analysis; and service life-cycle management.)

! BEA AquaLogic Service Registry. An UDDI-based services registry to associate primary

protocols for discovery and instruction on engagement policies (It complements AquaLogic
Enterprise Repository to provide service life-cycle governance support.)

Other enablers that play a role in SOA governance, especially from the runtime and policy perspectives,
include BEA AquaLogic Service Bus, BEA AquaLogic Enterprise Security, and BEA AquaLogic Data
Services Platform.

BEA WorkSpace 360 Vision

As part of BEA's SOA 360 initiative to unify the technology underpinning its entire product suite, BEA
WorkSpace 360 is slated to provide a collaborative tooling environment for business and IT
stakeholders that engage in the SOA environment and services life cycle. It is designed to support
business analysts, architects, developers, and operations staff tailored for their individual roles while
coordinating their specific tasks with shared metadata in a common repository and leveraging common
infrastructure, workflow, and event triggering. Monitoring and reporting mechanisms will provide metrics
on architectural and standards compliance; visibility for business and operations into performance,
reliability, and quality of services and configurations; and status of procedures and services to help
guide and assess the state of the environment and governance plan.

©2007 IDC #205575 11

CHALLENGES AND OPPORTUNITIES
Not only does the term SOA still have much ambiguity in the market at large, but so does the term
"governance." Combine these two architectural and management paradigms and the difficulties in
understanding magnify. An ongoing challenge for vendors is to help individuals grasp all the various
technology and business issues involved in developing a service-oriented environment, especially when
many of the benefits to investing in such an environment will need to evolve and bear fruit over a period
of time.

From both a technical and a governance design perspective, the overall functions of quality assurance
and testing, change management, and SLA monitoring and management need to be further addressed
by the market at large, including BEA. It is essential to also address many tasks from a holistic
composite application view versus solely from a discrete service asset perspective. Users and vendors
alike must pay closer attention to how dependencies are managed and cut across the varied levels and
combinations of processes. BEA's SOA 360 initiative is certainly a step in the right direction from a
technology perspective. Supporting these goals will be not only guidance and training on best practices
but also automated integrated workflow capabilities along with increased levels of visibility and
collaborative tooling BEA is developing. This will also need to integrate with other industry solutions.

Vendors, such as BEA, should also work to create programs that offer guidance to help IT organizations
transition from traditional roles and procedures to embrace the more orthogonal cross-cutting
dimensions demanded by SOA environments. Clients may need assistance in managing organizational
change, and it behooves BEA to further strengthen its capabilities to support these endeavors. The
company maintains a positive reputation for delivering enterprise-caliber software and is a leader in the
SOA infrastructure arena. Although BEA has recently made a concerted effort to reach beyond
development and operations professionals to engage upper tiers of IT management and an expanding
business audience, it must do so to an even greater extent. Establishing a deep level of rapport and
recognition with these critical stakeholders in the SOA governance process will further BEA's efforts and
its overall program value.

Keeping Complexity Under Control

More than just an advancement in distributed, network-based architecture, SOA presents a whole new
paradigm in the way enterprises approach technology. Greater levels of clarity, transparency, and
coordination are required to assure the architectural integrity of such an open and collaborative systems
environment.

Enterprises that have taken steps to implement SOA and address governance concerns offer these
additional words of wisdom:

! View SOA as part of an evolving enterprise architecture program, not a dedicated project; leverage
the existing IT governance structure and amend as needed.

! Establish an SOA governance program early on and then continuously monitor and assess
progress to make necessary modifications; do not assume adherence just because a guideline has
been communicated.

! Establish an SOA COE with representation from multiple departments; these teams are usually
staffed with enterprise architects who typically take on responsibility for determining cross-
enterprise priorities along with reference architecture and standards.

12 #205575 ©2007 IDC

! Adapt one's governance structure and organization to accommodate business process or domain
views; instill a consumer-centric and enterprise-scale mindset to focus services and support on the
design of the business and not the preexisting IT landscape.

! Create stakeholder incentives to support a shared and trusted environment, promote achievement
of specific business goals and technology milestones associated with the architecture road map,
and reuse ambitions.

! Provide tools that facilitate visibility and communications to help garner acceptance and promote
collaboration and ease the use and adoption of shared services; address both IT and business
perspectives within documentation, IT and analyst portals and workbenches, registry and repository
efforts, and analysis and reporting.

! Recognize that standards compliance for service interoperability and identity management are
critical to realizing the ultimate vision of SOA. Typically, the further a deployment evolves and
extends, the more adherence to industry standards is required.

! Acknowledge that commitment from all senior executives is a must for success.

Copyright Notice

External Publication of IDC Information and Data — Any IDC information that is to be
used in advertising, press releases, or promotional materials requires prior written
approval from the appropriate IDC Vice President or Country Manager. A draft of the
proposed document should accompany any such request. IDC reserves the right to
deny approval of external usage for any reason.

Copyright 2007 IDC. Reproduction without written permission is completely forbidden.

©2007 IDC #205575 13