1 Governance Infrastructure

This chapter describes Oracle's service oriented architecture (SOA) governance infrastructure and Oracle's SOA Governance Suite components, such as the Oracle Service Registry (OSR) which is the run-time interface for the repository, Oracle Web Services Manager (OWSM) for security policy management, SOA Suite Runtime MetaData Store (MDS) for design-time tooling, and Oracle's Business Intelligence (BI) Publisher for reporting.

This chapter contains the following sections:

1.1 Overview of Governance Infrastructure

The governance infrastructure includes the following components of Oracle's SOA Governance Suite:

  • Oracle Enterprise Repository (OER)

  • Oracle Service Registry (OSR)

  • Runtime security policy enforcement (OWSM)

  • Service monitoring (Oracle Enterprise Manager SOA Management Pack Enterprise Edition)

Figure 1-1 Components of Oracle's SOA Governance Suite

Description of Figure 1-1 follows
Description of "Figure 1-1 Components of Oracle's SOA Governance Suite"

Figure 1-1 illustrates the components of Oracle's SOA Governance Suite.

Oracle's Governance Suite is a loose bundle meaning that Oracle does not require you to purchase all of the components. As a matter of fact, some of the Governance components are also included in Oracle's SOA Suite, so the loose bundling allows you to purchase and install only the pieces that you need.

The Governance Infrastructure can interoperate with the following design-time tooling:

  • Version Control Systems

  • IDEs

  • Document repositories and File Stores

  • Design-time policy validation tooling

The Governance Infrastructure can also interoperate with the following runtime tooling:

  • MetaData Store (MDS)

  • Testing tools

  • Build Tools/Scripts

  • Defect tracking systems

Figure 1-2 provides an example of the use of governance infrastructure within Service Oriented Architecture. This guide provides information about the governance role for each of these tools and how you can install, connect and configure all the pieces.

Figure 1-2 The Governance Infrastructure

Description of Figure 1-2 follows
Description of "Figure 1-2 The Governance Infrastructure"

Note:

It is not necessary to install all of the governance infrastructure, especially when first starting out. Organizations should select the components that are most relevant for their use cases.

1.2 Oracle's Governance Suite

This section provides descriptions of the components in the Governance Suite. It contains the following topics:

1.2.1 Oracle Enterprise Repository

Oracle Enterprise Repository provides design-time governance in support of the service lifecycle, delivering key capabilities for the storage and management of an extensible set of metadata for any number of composites, services, business processes, and other IT-related assets. Oracle Enterprise Repository acts as the central source of SOA information, providing all actors in the service lifecycle with a human-centric discovery environment for planned, existing and retired services.

Oracle Enterprise Repository provides vital information to the service producers, providers and consumers who use the repository to manage the advancement of services through the lifecycle, and the consumption and reuse of services to enhance applications or deliver new service capabilities. In addition, portfolio managers and business architects use the repository to understand business capabilities and to assist with strategic planning.

Oracle Enterprise Repository provides role-based links to the artifact stores of the assets that it describes as well as links to design documents, justification documents, test plans, support plans, policies, and other forms of documentation. This ensure that approvers in the lifecycle process can reference and upload documentary evidence in support of their approvals and that consumers can reference information to assist in the decision to use a particular service. Oracle Enterprise Repository is packed with features that help to automate the governance of the service lifecycle including:

  • An Asset Harvester that automatically populates OER with SOA assets, and tracks updates to artifacts automatically.

  • Direct integration with IDEs allowing the prescription of assets for new projects and the easy browsing and consumption of existing assets.

  • Reporting on reuse, compliance, and other portfolio management metrics.

  • A built-in process engine with a set of standard processes that can be modified to meet organizations' governance process workflows.

  • Built-in automated notification on a selection of lifecycle events, plus discretionary notification of asset subscribers.

  • An event engine that can publish repository events to any process service endpoint.

  • A bi-directional registry exchange feature that keeps information synchronized between the enterprise repository and the service registry.

  • A rich SOAP-based API that allows organizations to programmatically update the repository, keeping it in sync with the IT and business environment that it describes.

In addition, Oracle Enterprise Manager SOA Management Pack Enterprise Edition provides Oracle Enterprise Repository with a summary of runtime performance metrics. These metrics help service providers view the performance of their service portfolios, and allow service consumers to judge whether a service's runtime performance is adequate for their needs.

Oracle Enterprise Repository also tracks asset usage and provides a set of robust reports that help organizations determine the ROI on asset reuse. Oracle Enterprise Repository's interface integrates with JDeveloper and other integrated development environments, and with source code management tools, to promote developer adoption.

The following resources can help you when installing the Enterprise Repository:

Oracle Enterprise Repository can also leverage the Organization's common authentication mechanisms. Oracle Enterprise Repository supports:

Oracle Enterprise Repository uses Oracle's Business Process Management (BPM) Tool to run the out-of-the-box automated workflows. While organizations are free to use the workflow engine of their choice, the Oracle Enterprise Repository includes a limited use license of Oracle BPM. For more information about Oracle BPM, see

Oracle Enterprise Repository uses Oracle's Business Intelligence (BI) Publisher as its reporting engine. The Oracle Enterprise Repository includes a limited use license of Oracle BI Publisher. For more information about Oracle BI Publisher, see

1.2.2 Oracle Service Registry

Oracle Service Registry is a feature rich UDDI version 3 compliant service registry that provides standards based interoperability and forms the run time interface of the Repository. It provides service binding and run time location transparency, federation of run time metrics for closed loop governance and allows access to an appropriate service version based on the environment. Services published to the registry can be looked up at run time for dynamic service location. For more information, see http://www.oracle.com/technology/products/soa/registry/index.html.

Oracle Service Registry also serves as an integration point for runtime tooling

There is tight integration between the Oracle Enterprise Repository and the Oracle Service Registry. The Oracle Registry Repository Exchange Utility synchronizes Oracle Enterprise Repository and Oracle Service Registry bi-directionally so that the metadata from either of these products can flow in either direction through the utility.

1.2.3 Oracle Web Services Manager

Oracle Web Services Manager (OWSM) is a security policy manager for Web services that allows IT management to centrally define security policies that govern Web services operations (such as access policy, logging policy, and load balancing). Those policies can then be applied to Web services in a heterogeneous environment without requiring modification to those services. In addition, Oracle Web Services Manager collects and monitors statistics to ensure quality of service, uptime, and security and displays them in a Web dashboard.

A key OWSM feature is the ability to provide end-to-end security between the service consumer and the service provider by deploying client and server agents within the container itself. Both the client agent and the server agent obtain central policy information from the OWSM Policy Manager, thereby ensuring that the consumer can apply the correct policies, even when the security measures are updated on the called service.

The Oracle Web Services Manager is part of Oracle's SOA Suite. If you have installed Oracle SOA Suite, then OWSM is also installed.

1.2.4 Oracle Enterprise Manager Grid Control

Oracle Enterprise Manager SOA Management Pack Enterprise Edition builds upon the core Oracle Enterprise Manager Grid Control (Grid Control) product and provides operational management of complex SOA environments.

Grid Control is a Web-based system for central management of Oracle products, host systems, and applications, as shown in Figure 1-4. It is architected to allow management of various Oracle products through packs and plug-ins. The Management Pack provides discovery and configuration management of deployed SOA artifacts.

Figure 1-4 Oracle Enterprise Manager Grid Control

Description of Figure 1-4 follows
Description of "Figure 1-4 Oracle Enterprise Manager Grid Control "

Grid Control also provides dynamic discovery and service level monitoring of all artifacts deployed within a Java Application Server. This gives administrators the ability to confirm what is running in a particular SOA environment is exactly as defined at design time.

Grid Control collects statistics that include latency, invocation counts and exceptions for each of the service components. It then aggregates and stores them over various aggregation periods to provide a rich dashboard of metrics presented across a user selected set of time-periods. Service-level objectives can be established at each layer in the SOA architecture and both cautionary and violation level thresholds can be set, which when breached over a defined period can trigger alerts, delivered via a number of standard protocols.

1.3 Design-time Tooling

You can configure the Governance infrastructure to interoperate with design-time tooling. This section contains the following topics:

1.3.1 Version Control Systems

Oracle Enterprise Repository is not a Version Control system; it is a metadata management system. However, Oracle Enterprise Repository can be tightly integrated with your existing version control systems. When developers find an asset in the Enterprise Repository, and need access to the physical artifact (such as an XSD or WSDL file), Oracle Enterprise Repository serves as a broker and deliver a copy of the code from the version control system to the developer.

This benefits your organization in several ways:

  • In a scenario where no behavioral change required, the organization maintains its existing version control practices. Thereby, there are no behavioral changes required.

  • In a scenario where Oracle Enterprise Repository serves as a single broker for all SCMs, the developers do not need access to multiple version control systems.

You can also connect to several Version Control Systems/Source Control Management Systems.

1.3.2 Integrated Development Environments (IDE)

Oracle Enterprise Repository makes governance as invisible as possible to developers. One way this is accomplished is through tight integration with the development environment (IDE). Through the development environment, developers can search for relevant assets, evaluate asset metadata, and select assets that they would like to reuse. Oracle Enterprise Repository can then harvest their completed work, automatically generating assets and relationships based on the harvested artifacts.

Integrating with Supported IDEs:

1.3.3 Document Repositories and File Stores

Sometimes developers need additional information to understand an asset's functions and behaviors. This information might be captured in use case documents, architecture documents, test cases, test results, etc. Such documents are typically stored in version control systems, repositories, and file stores. However, you'll want to create a link from the asset in the Enterprise Repository to the associated documents, so that developers can seamlessly access this information.

This functionality is available natively within Oracle Enterprise Repository and requires no connector or plug-in. For more information, see "Configure Artifact Stores" in Oracle Fusion Middleware User's Guide for Oracle Enterprise Repository.

1.3.4 Design-time Policy Validation

Oracle offers OWSM for runtime security policy management and enforcement. However, there are times when it is important to communicate design-time and development requirements to development teams as policies. Oracle Enterprise Repository offers native policies to serve this purpose. Policies might include:

  • Corporate quality standards and guidelines

  • Asset naming conventions

  • Performance targets

Policies are applied to assets in order to communicate asset requirements that must be considered during design and development, and to provide administrators with the means to enforce and monitor asset compliance with governance, architecture, and other organizational standards. For example, a policy might articulate corporate quality standards, identifying the platforms that an asset should run on, and identifying acceptable defect density rates.

Oracle Enterprise Repository's native policies can be manually validated by a Subject Matter Expert, or they may be validated programmatically through third party tooling.

To use Oracle Enterprise Repository's native policies:

  • Activate the Policy Management Feature

  • Create a Policy Type

  • Add the Policy Assertion Element to the Policy Type

  • Create a Policy

  • Add the Applied Asset Policies Element to a Type

  • Apply a Policy to an Asset

  • View Policy Status

  • Validate Policy Assertions

Oracle Enterprise Repository's native policies can be validated by third party tooling, such as Parasoft and WebLayers.

For more information about configuring Oracle Enterprise Repository's native policies, see "Configuring Policy Management" in Oracle Fusion Middleware Configuration Guide for Oracle Enterprise Repository.

For more information about validating Oracle Enterprise Repository native policies using third-party tooling, see http://www.oracle.com/technetwork/middleware/repository/.

1.4 Runtime Tooling

You can configure the Governance infrastructure to interoperate with runtime tooling. This section contains the following topics:

1.4.1 SOA Suite Runtime MetaData Store (MDS)

MDS is a runtime metadata storage system that is used by Oracle's Fusion Middleware including Oracle SOA Suite to store runtime metadata and configuration information. Oracle Enterprise Repository can harvest metadata from MDS. The runtime and design-time metadata can be viewed in Oracle Enterprise Repository, which provides Oracle SOA Suite with visibility into the service endpoints. Oracle Enterprise Repository maintains references to externally hosted artifacts that reside in an HTTP server, Web based Distributed Authoring and Versioning (WEBDAV), or in a repository such as MDS.

The best practice is to host all shared runtime metadata on a single MDS instance so that the metadata can be accessed by all SOA infrastructures. This is also the instance from which you would harvest metadata into Oracle Enterprise Repository.

For more information about harvesting assets and metadata from MDS, see "Configuring and Using Automated Harvesting in Design-time and Runtime Environments" in Oracle Fusion Middleware Configuration Guide for Oracle Enterprise Repository.

1.4.2 Testing Tools

A wide selection of Web Service testing tools is available. These tools are extremely valuable in that they allow organizations to test their Web Services early and often. Because of the number of tools on the market, there is no single out of the box testing tool connector. Instead, integration with the testing tool of your choice can be accomplished using the Repository Extensibility Framework (REX). REX is a Web Services API for programmatic integration into Oracle Enterprise Repository. It is based on accepted industry standards, and designed with a focus on interoperability and platform independence. REX uses Remote Procedure Call (RPC) Web Services described by the Web Services Description Language (WSDL v1.1). This allows clients to interact with Oracle Enterprise Repository using any platform and any implementation language that supports Web Services.

When integrating with testing tools, the following approach is recommended:

  • When a Web Service asset in Oracle Enterprise Repository reaches a particular lifecycle stage, an event is triggered

  • The event initiates retrieval of the Web Service code from the location indicated in Oracle Enterprise Repository.

  • The testing tool runs the appropriate tests for the lifecycle stage.

  • The test results are posted to Oracle Enterprise Repository as metadata or as a document link attached to the Web Service asset.

To view the REX API calls that can be used to execute the above sequence, see "Repository Extensibility Framework" in Oracle Fusion Middleware Integration Guide for Oracle Enterprise Repository.

1.4.3 Build Tools/Scripts

One of the goals of governance is to ensure that the organization has visibility into assets as they move throughout the lifecycle. Therefore, it is important to harvest information about the organization's assets at build time. This can be done by integrating the Oracle Enterprise Repository Harvester into build tools and scripts, including Ant and the WebLogic Scripting Tool (WLST). WLST is a command-line scripting interface that system administrators can use to manage WebLogic Server instances. WLST supports Oracle Service Bus and SOA Suite.

For more information about WLST, see Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

You can invoke harvester from WLST to ensure that all deployment information is stored in Oracle Enterprise Repository at deployment time. For more information about embedding the Harvester into Build Tools and Scripts, see "Configuring and Using Automated Harvesting in Design-time and Runtime Environments" in Oracle Fusion Middleware Configuration Guide for Oracle Enterprise Repository.

Governance practices can also be enforced at build time. Figure 1-5 illustrates a sample example of one of an Oracle customer's governance practices.

Figure 1-5 Example Governance Practice

Description of Figure 1-5 follows
Description of "Figure 1-5 Example Governance Practice"

For more information about SFID, see "Configuring Automated Usage Detection" in Oracle Fusion Middleware Configuration Guide for Oracle Enterprise Repository.

1.4.4 Defect Tracking Systems

Defect Tracking Systems are useful in tracking problems with assets once they are deployed to the runtime environment. When a developer considers whether to reuse an asset, it is helpful to view all of the defects associated with that asset.

Oracle Enterprise Repository can integrate with defect tracking systems, and has an adapter that supports integration with ClearQuest. Integrating ClearQuest with your system enables you to use a ClearQuest store in Oracle Enterprise Repository. For more information about integration with ClearQuest, see "ClearQuest Integration" in Oracle Fusion Middleware Integration Guide for Oracle Enterprise Repository.

1.4.5 Federation

Oracle Enterprise Repository can be logically federated: the repository's Role Based Access controls can be used to ensure that different groups across the organization have access to their assets, and that everyone can see enterprise-wide assets. Oracle Enterprise Repository does not have any out-of-the-box support for physical federation: there are individual instances of Oracle Enterprise Repository to serve the needs of individual groups. While it is possible to build a federated structure using Oracle Enterprise Repository, Oracle does not recommend it.

For more information about setting up your Oracle Enterprise Repository instance to support logical federation, see "Advanced Role-based Access Control" in Oracle Fusion Middleware Configuration Guide for Oracle Enterprise Repository.