Transcription
IBM Software GroupSoftware & Systems Development Governance :An approach to improving Software AssuranceSridhar IyengarIBM Distinguished Engineersiyengar@us.ibm.comOMG Software Assurance Day : February 15, 2006 : Tampa, Florida 2004 IBM Corporation
IBM Software Group Rational softwareTopics Covered Introduction to Governance – Why do we care What does Software Assurance have to do withGovernance Model driven tools integration across the life cycle Enabling traceability and management of artifacts Model Driven Security – An example2
IBM Software Group Rational softwareIf only we could link Business, Development & Operations3
IBM Software Group Rational softwareComplexity is Forcing ChangeMaininframePC/NT appsUnix apps3rd Party InterfaceAIS ReportsAIS CalendarDue DatesGeneralMaintenanceBroadcastFilterStores & MrktsDepositoryBanksVendor SetupBudgetAnalysis ToolVendorMaintenanceInsertionsOrdersInvoice AppProcess Servers(Imaging)PrinterMaintenanceNEW SoundscanNPD GroupAIG Warranty GuardMesa DataS20-SalesPollingPrinter POSterling VANMailbox (Value)RoadshowI13- AutoReplenishmentI06 - CustomerOrderS01 - SalesCorrectionsI17 Customer PerceivedIn-StockUAR - Universal AccountReconciliationI15 Hand ScanAppsI06 WarehouseManagementPrint CostingE13E3 InterfaceFringe POSmart PlusM03 - Millennium 3.0Smart PlusLauncherP16 - Tally SheetS04 - Sales PostingS07 - CellPhonesM02 - MillenniumI03 Return toVendorD01 Post LoadBillingS06 - Credit AppEquifaxStock OptionsP15 EES EmployeeChange uy.comV04-SignSystemU18 - CTOSpec SourceSKU TrackingB01 - StockStatusProdigyBanks - ACH and Pos toPayI10 Cycle PhysicalInventoryI04 HomeDeliveriesInterceptE02-EmployeePurchaseS08 - VertexSalesTaxI02 TransfersScorecard - HRS02 LayawaysS03-PollingI05Inventory InfoV01-Price ManagementSystemK02Customer RepairTrackingI18SKU RepArthur PlanningI07 PurchaseOrderAd ExpenseStoreScorecardNARMMerch Mngr ApprovalBatch ForecastingAd MeasurementAIMS AdminStore BudgetReportingValley MediaBMP - Busperformance MngtEDICoordinatorAIMSJournal Entry Tool KitA05 - APCellularRolloverAIMSReportingAdLauncherI14 Count CorrectionsB02 MerchandiseAnalysisCopyWriter'sWorkspaceS05 - HouseChargesOptikaPSPData Warehouse(Interfaces to and from theData Warehouse are notdisplayed on this diagram)SKU SelectionToolG02 - GeneralLedgerSignSystemTexlon 3.5SKUPerformanceI35 Early WarningSystemI55 SKUInformationELTPowerSuiteSupplierComplianceL60 MDFCoopASISRebateTransferX92-X96Host to AS400CommunicationI01 POReceivingV03- MktReactionsI35 - CEIU16-TexlonI11 PriceTestingI09 Cycle ,RGIS,Ntl Bus SystemsS11 - ISPTrackingPOSPlan Administrators(401K, PCS, Life,Unicare, SolomonSmith eMasterfileP09 - P17CyborgCobraS09 - DigitalSatelliteSystemI12 EntertainmentSoftwareA04 - CustRefund ChksP14 On-line NewHire EntryC02 - CapitalProjectsUS Bank ReconFileConnect 3ICMS HER APPS - PCAP - Collections/CreditTM - Credit Card DBF06 - FixedAssetsStar RepairConnect 3PDF TransferConnect 3ReportsCash Over/ShortCash Receipts/CreditMisc Accounting/Finance Apps - PC/NTCOBA (Corp office Budget Assistant)PCBS(Profit Center Budget System)Merchandising BudgetINVENTORY CONTROL APPS - PCCode AlarmDebit ReceivingsDevo SalesDisplay InventoryIn HomeJunkoutsMerchandise WithdrawalPromo CreditsRTV AccrualShrinkAP Research - Inv CntrlAP Research-Addl RptsBook to Perpetual InventoryClose Out ReportingComputer Intelligence DataCount CorrectionsCross Ref for VCB DnldsDamage Write OffDebit ReceivingsDFI Vendor DatabaseDisplay Inventory ReconcileDisplay Inventory ReportingINVENTORY CONTROL APPS - PCDPI/CPIIC BatchingInventory Adj/Count CorrectInventory Control ReportsInventory LevelsInventory RollMerchandise WithdrawalOpen ReceivingsPI Count ResultsPI Time Results from InvPrice ProtectionSales Flash ReportingShrink ReportingSKU Gross MarginSKU Shrink Level DetailUSMVCB DownloadsACCTS REC APPS - PC990CORBad DebtBeneficial FeesBeneficial eCredit FeesPrepared by Michelle MillsActual Application Architecture4
IBM Software Group Rational softwareInitiatives Underway at IBM Outside In Design (OID) – Scenario Driven Componentization – exploit open source or binary components asneeded Drive componentization and SOA standards End-end life cycle integration Move to SOA across and within products Model Driven Development, Deployment, Security, Management Standards (UML, SysML, UML Testing Profile, MOF, XMI, RAS,SAML, XACML, WS Security ) Patterns, Transformations and Recipes Modeling Tools : Abstract modeling level Development Tools : Code & Artifact level5
IBM Software Group Rational softwareThe world of many of our customersGoverning a geographically distributed, service-oriented, open computingenvironment while ensuring regulatory complianceCustomer(Topeka)Executive(Somers)Project )Provisioning(Boulder)6
IBM Software Group Rational softwareTransforming software and systems developmentTRADITIONALCo-located teamsTechnology firstVendor lock-inApplication silosProject drivenCURRENT REALITYRight-sourcingStandardsSolution deliveryGeographically distributedComplianceOpen computingModular systems (SOA)Value drivenBusiness Driven DevelopmentEnabling organizations to govern the businessprocess of software and systems development7
IBM Software Group Rational softwareGovernance definedGovernance is the exercise of authority,responsibility and the communication of information Establishing chain of authority,accountability and responsibility Measurements and controls to enable peopleto carry out their authority and responsibility8
IBM Software Group Rational softwareGovernance consists ofGovernanceEstablishing chains of responsibility,authority and communication toempower peopleExecuting measurement and controlmechanisms to enable people to carryout their roles and responsibilitiesGoverning Development,Deployment & ManagementManage value Align business and software At organizational and project levels- Balance risk and return- Provide clarity and accountabilityDevelop flexibly Leverage resources anywhere Enable agile sourcing choices Use iterative processes to reduce riskControl risk and change Continuously measure to reduce risk Enable lifecycle change management Meet internal and external complianceneeds9
IBM Software Group Rational softwareEstablishes strategic goalsand ensures companyprofitabilityInnovation Insurance TeamCEOAnalyze, define,and managepoliciesModelsbusinessprocessesBusiness AnalystAssembles andimplementssolutionsProject ManagerPortfolio ManagerReducescost SRVP of ClaimsHandles claimsthat can besettled by phoneor emailInsurance AdjusterMaintains the DataCenterIT OperationsManages newdevelopmentprojectsEnsures developmentprojects are aligned withbusiness strategyDeploys thesolutionsDeploymentManagerCFOCIORisk AnalystIntegrationDeveloperResponsible foraccounting andfinancialResponsible forTechnologyInfrastructureReviews forecast vs actual andcompetitive products.Formulates actions to addressVP of DevelopmentHandlesrequests thatrequire on-siteinspectionField Adjuster10
IBM Software Group Rational softwareGovernance across life cycle : Project FlowData, Security,Strategic, entifyremediationplan (w/LOB)IdentifyrequirementsValidateplan &requirementssign-offPROJECT APPROVAL eProjectsign-offSecuringServcesDevelop, TestServicesign-offENDDecomposeprojects intotasksEstimateproject costsSOA (Service)GovernanceIMPLEMENTATION FLOWDeploy, ackDevelopmentGovernanceGenerateAuditPackageIT Governance11
IBM Software Group Rational softwareGovernance and processes are the keys to asuccessful transition to SOA Discover Construct & test Compose Integrate people Integrate processes Manage andintegrate information Protect information Gatherrequirements Model &simulate Design Financial transparency Business/IT alignment Process control SOA GovernanceProcesses Manage applications& services Manage identity& compliance Monitor business metrics Secure Apps & Services12
IBM Software Group Rational softwareTransforming to an SOA environment : How do weintegrate Custom & COTS softwareServiceOwnership& FundingServiceJustification2.0 Identify ment6.0 Develop& Test Services4.0 Specify ServicesServiceOperationsManagement10.0 ManageServicesPerformance7.0 Deploy Services1.0 Identify Services3.0 Fund ServicesDecomposebusiness processand identifyservices required5.0 Realize Services8.0 ManageServices11.0 ManageService Level9.0 MaintainDevelopServicesEstablishfunding, projectplans andresourcesCodifybusinessprocess andenforcestandardsContinuous Process Measurementiteratively, testto improvepredictability,manage changeto torcompositeapplicationperformanceand adjustMeasure progress, manage change andadjust13
IBM Software Group Rational softwareModel Driven Development & /ManageJ2EE/Web ServicesDevelopmentWrappingOrchestrationIT Modeling(UML, SQL, XSD)ManagementDeploymentJ2EE App SvrWeb Services(J2EE))BizRulesBPMSQLUML2C SPEMSpecific SAMComponentMgmtApp MgmtJ2EEDCMCIMUML2J2EETraceabilityLinks andTransformations(profiles, metamodels,Code Gen Templates)Serve up models,Components, processesOn Demand14
IBM Software Group Rational softwareApplication Life Cycle Integration PlatformA call to action to the Eclipse CommunityLanguage Tooling(J2EE, Web Services,Deployment)Data Tools(RDBMS, XML XML )MDD Tools(Object, Data Modeling,Code generators generators )DomainSpecificTools/Apps End to End Application Lifecycle Tooling (Eclipse.org member value add tools)Eclipse Tools Integration platform (Models, APIs, XML formats )Web Tools(WTP )EMFJ2EE(EJB, JSP )GEFMDD/MDA(UML2,U2TP )JDT/CDTTestingTPTPRCPSAM*.ETC.Eclipse CoreCode/Artifact Repositories, Management Tools (Eclipse.org member value add tools)15
IBM Software Group Rational softwareModel Driven Security – Life Cycle16
IBM Software Group Rational softwareSecurity Roles in an OrganizationOrganizationRolesBusiness Strategyand decision makingChief Security Officer, Security Policy Officer,Security Architect, Security AuditorDevelopmentBusiness analyst, Application programmer,Identity/Security developerOperations andAdministrationSecurity Administrator, System/ApplicationAdministrator, Operator17
IBM Software Group Rational softwareSecurity Definitions at the Business Process Level18
IBM Software Group Rational softwareSecurity Constraints captured in UMLFigure 5 Applying constraints to UML sequence diagram19
IBM Software Group Rational softwareSample XACML generated from Annotated Model20
IBM Software Group Rational softwareSoftware Assurance : Some Relevant OMG Standards UML 2.0 : Architecture, Design & Requirements Capture UML Testing Profile : Test automation KDM : Metadata about existing systems MOF & XMI : Metadata Infrastructure SysML : System design, Requirements21
IBM Software Group Rational softwareGovernance consists ofGovernanceEstablishing chains of responsibility,authority and communication toempower peopleExecuting measurement and controlmechanisms to enable people to carryout their roles and responsibilitiesGoverning Development,Deployment & ManagementManage value Align business and software At organizational and project levels- Balance risk and return- Provide clarity and accountabilityDevelop flexibly Leverage resources anywhere Enable agile sourcing choices Use iterative processes to reduce riskControl risk and change Continuously measure to reduce risk Enable lifecycle change management Meet internal and external complianceneeds22
IBM Software Group Rational software 4 E01-EDI DataWarehouse (Interfacestoandfrom the . accounting and financial Manages new development projects . A call to action to the Eclipse Community End to End Applicati
