Enable Cloud Strategy and Planning with Predictable Methods, Models, and Tools

Mike The Architect Blog - Cloud Strategy and Planning

We previously
looked at why cloud is so important (Challenge
the Status Quo and Advance Business through Cloud Computing
, ),
approaches to cloud strategy (Understanding
Which Investments Should go to the Cloud
, Cloud
Strategy Begins with Value and Balances Risk
) and who the best
people (Why
Enterprise Architects Must Drive Cloud Strategy and Planning
) are to
execute. Today we’ll examine the methods, models, and tools that the enterprise
architect should use for effective cloud strategy and planning.

As far as methodologies go, it’s usually
better not to reinvent the wheel. There are already proven general frameworks EAs can use, so try to leverage
what is already out there whenever possible. When using an existing
general-purpose framework like TOGAF, apply cloud specifics to it.

Using a framework like TOGAF can ensure that you
are not missing the critical steps, questions and outcomes that every good
architecture should have. This will also ensure that all the other architecture
work and this work is consistent and predictable with the outcomes it produces.
Below are a list of a few benefits for leveraging TOGAF as your methodology for
Cloud Strategy and Planning:

  • Broad Community – If a custom framework is built, very few people
    have expertise and experience. TOGAF has an extremely broad EA acceptance,
    adoption and certification.
  • Deliverables and ArtifactsTOGAF comes
    with a wealth of “out of the box” templates
    that can be leveraged to
  • Linkages to SOA and Cloud IP The Open Group which manages TOGAF, has
    other forums  and working groups that
    builds content for specific architecture areas and domains such as SOA,
    Cloud, Business Architecture and Security Architecture to name a few.
  • Associated Cloud Standards Bodies – The Open Group has done a great job of
    uniting multiple specialized and deep cloud standards bodies with the TOGAF
    standard to bring together the best of both worlds. The general purpose
    framework applied. These partners include NIST, Cloud Security Alliance and more.
    All this work has come together in The
    Open Group Cloud Computing Work Group

Below is a visual on how Cloud Strategy and Planning
extends TOGAF within this framework:

Mike The Architect Blog - Cloud Strategy and Planning TOGAF Method.jpg

Another great visual is from Serge Thorn where he shows this from
a native TOGAF view:

Mike The Architect Blog - Cloud Strategy and Planning TOGAF Detail

Check out his blog post, “Cloud
Computing Requires Enterprise Architecture and TOGAF

Is TOGAF the only methodology you use? No. Just
like any other architecture work there are many different facets other than
just architecture such as: Risk Management, Information Security, Project /
Program Management, Software Development and Operations. There are methodologies
and frameworks for each specialized area that complement your architecture

Some things to remember when adopting methodologies:

  • Strategy Methods are Universal – The same macro/basic steps are the same
    and can be applied to most anything. Just like with anything you will have to tailor
    slightly to your needs. DO NOT REINVENT
  • Make General Purpose Methods Specific – These were meant to be applied to a
    specific problem set. Cloud is
    no different.
  • Use Extensions – Cloud tools and techniques such as CSA, NIST,
    and Open Group-specific resources can be very useful in giving general-purpose
    frameworks meaning.


When we apply these
aspects to a cloud methodology you get The Cloud Strategy and Planning (CSP)
Framework. It is comprised of three simplified phases and seven activities.

Mike The Architect Blog - Cloud Strategy and Planning Method and Act

embraces and extends proven practices in the industry and the industry
resources from the following distinguished bodies:

  • The Open Group (TOGAF)
  • Cloud Security Alliance (CSA)
  • NIST Cloud Computing Working Groups
  • Sherwood Applied Business Security
    Architecture (SABSA)
  • Cloud Security Alliance (CSA)


Activity Descriptions

Below is a high-level overview of the activities with the description of
what occurs in each. The detailed steps are not shown below.



Establish Scope, and Approach

  • Conduct the Cloud Envisioning Workshop
  • Provide overview of cloud computing
  • Define the enterprise business model for
    cloud computing
  • Establish project charter



Understand Strategic Vision

  • Gather the IT and business strategic
  • Identify strategic cloud computing patterns
    and technologies
  • Analyze customer feasibility and readiness
  • State strategic vision for cloud computing



Identify and Prioritize Capabilities

  • Define evaluation criteria for key IT &
    business value drivers
  • Evaluate the capabilities based on these
  • Identify ~5 high-priority capabilities for
    deeper analysis



Cloud Valuation




  • Determine current state of capability
    maturity leveraging IO Maturity Tools
  • Execute Risk Analysis Method with
    corresponding assessments and remediation steps.
  • Profile the capability asset portfolios of
    information, technology, and processes and analyze by architectural fit, risk
    and readiness



Deployment Patterns


  • Research capability proven practices and
    market direction
  • Define target cloud capability requirements
  • Determine optimal cloud service and
    deployment patterns for the capabilities based on fit, value, and risk




Transformation Planning


and Prioritize Opportunities


  • Completely define opportunities to
    include  an overview, benefits, risks,
    assessment results, technology impacts, and project plan
  • Prioritize opportunities for detailed
    architecture and execution



Understand Strategic Vision

  • Assess implementation risks and dependencies
  • Develop and deliver a business
    transformation roadmap
  • Validate with the customer and edit




With respect to models, there are many out there readily available. Since
we are starting with  business value we
want to make sure we continue to do so and ensure there is a bridge from
strategy to implementation.

Mike The Architect Blog - Top Down Strategy

Given the top down
nature you will want to pull from models  that lend to our approach. When selecting
models, take a step back and ensure you fully understand the scope of what you
want to accomplish then select the most appropriate models from the many
sources at your disposal such as: analysts, standards bodies, industry bodies
or internal reference models.

For example, CSP
integrates SABSA to ensure that CSP has a classification scheme to capture business
requirements along with the identification, classification and management of risk.
The SABSA method focuses on the area of security while CSP extends this for cloud
computing. CSP incorporates a similar structure to SABSA and utilized the SABSA
matrix as a stellar example of using question-based analysis in IT
decision-making. By using the business requirements as the “red thread” through
the analysis, SABSA and CSP are both able to ensure that the business
objectives are being met. In the case of CSP, the business should be the
driving force behind the cloud transformation.

Mike The Architect Blog - SABSA Matrix

A common issue I
see when selecting models are that a model is selected either based on
preference or it is good enough. Don’t do that. Make sure you have a fit for
purpose model. If you don’t you may not get an accurate output.


Below are a good
set of models that can be used when rationalizing strategy:

  • Strategy maps
  • Business canvas
  • Hosen strategy
  • Net Present Value (NPV)
  • Business Scenarios
  • SWOT
  • Porters Five Forces Analysis
  • Motivation Model

Mike The Architect Blog - Strategy Map Example


 Now let’s talk about
the tools. These will allow us to automate the method along with helping align,
measure, quantify and qualify our work.

The tools below
will help

  • Charter – Template to authorize the
    project and define scope, stakeholders and timeline
  • Enterprise Capability Assessment
    Enterprise level 1 capability analysis to segment a customer’s portfolio for
    the discovery of cloud opportunities.
  • Business Heat Map – Graphical view of an
    organization based on business capabilities and cloud attributes like risk,
    value, fit and readiness
  • Capability Prioritization – Further
    refinement of each business capability with respect to cloud risk, fit and
  • Capability Profiling – Rollup dashboard
    of a given capability to determine the level of value and risk it provides in
    the context of cloud.
  • Cloud Pattern Valuation – Robust metric
    driven analysis tool used to determine which cloud service and deployment
    models should be used for a solution.
  • Cloud Pattern Matching – Graphical tool
    to connect service and deployment models with business or technical capabilities.
  • Portfolio Analysis – A tool to plot cloud
    opportunities to a grid based on Business Priority, Value, Risk and Effort to
    aid in the roadmapping.
  • Cloud Opportunity Dashboard  – A dashboard that provides a complete
    rollup of the Cloud Valuation assessments into one sheet to support decision
  • Cloud Taxonomy –This taxonomy provides a
    way of rationalizing cloud specific cloud implementation decisions.
  • Cloud Risk Framework – A risk reference
    model that identifies the key aspects of cloud risk to be assessed.
  • Cloud Risk Method – Process for applying
    a risk classification to a potential cloud solution.
  • CSP Project Planning – Examples of a
    defined project engagement, with timelines, milestones, activities and

A good example of a tool leveraged in CSP is The Capability Planning
Tool. It analyses Business and IT capabilities under seven areas that fall
under four assessment drivers: architectural fit, value, risk, and readiness:

  • Architectural
    : Adoption and Complexity
  • Value:
    Cost and Strategic Alignment
  • Risk:
    Significance and Regulations, Standards, and Policies
  • Readiness:
    Organizational Readiness and Technical Readiness

For all capabilities, the EA will ask the customer for the enterprise’s
score in each topic area. For example, for the business capability, Claims
Management, the EA will ask for the capability’s level of adoption based on the
following criteria: 5-Enterprise-Proven, 4-Tested, 3-Industry-Proven,
2-Emerging, and 1-Not Available.

This assessment is intended to capture a range from 1 to 5 for each
topic area under these assessment drivers. The end result is a rolled-up
dashboard with the scores of architectural fit, value, risk, readiness, and an
overall score for each capability. The final results presented in the dashboard
will allow the EA to determine the high-priority capabilities with the

Mike The Architect Blog - Capability Planning Tool Worksheet
Mike The Architect Blog - Capability Planning Tool Dashboard


The Cloud Strategy & Planning (CSP)
guidance helps establish a common context for cloud computing among all
business and IT stakeholders. Furthermore, it allows companies to define an
actionable cloud opportunity plan for qualified & validated cloud
opportunities to be architected for a specific service and deployment model.

The CSP guidance has 3 phases and 7
activities which give an overall structure to the approach. These allow the
client to assess and identify the current maturity level of their competences,
to find out which of these are best suited for cloud migration, and to evaluate
and better understand the opportunities for cloud solutions in the
organization. This assessment will ultimately lead to a business transformation
roadmap that is aligned with the enterprise’s technology and business

A few key points:

  • Focus on Maximizing Business Value – Leverage a business top down
    process of analysis and refinement, describing business capabilities to matched cloud technologies is essential
  • Capability
    – Respect both the business and IT dimensions of an organization
  • Balance
    Value and Risk
     – Identify cloud
    opportunities while also rationalizing the potential challenges
  • Leverage Industry Best Practices – Amplify value of proven methods, models
    and tools to reduce risk of a poorly planned and executed strategy.

Related articles

Technology Architecture Questions for Vendors
Challenge the Status Quo and Advance Business through Cloud Computing
TOGAF Templates

The Open Group SOA Governance Framework Becomes an International Standard

The Open Group has moved the technology industry forward yet again with its second international standard on SOA.The Open Group SOA Governance Framework is now an International Standard, having passed its six month ratification vote in ISO and IEC.

This will be the second since January 2012 when the Open Services Integration Maturity Model (OSIMM). The Open Group has certainly have been getting a great deal of momentum on it's SOA OSIMM as it is being considered for adoption as a national standard in countries such as China and Korea. While this framework has been around for awhile it is great to see the broad acceptance internationally.

SOA governance is critical to all SOA implementations. Just like with building a road, laying the asphalt is just the beginning. That road will need  governing aspects such as the law and maintenance plans. The same with SOA implementations, deploying an ESB with some web services is relatively easy but making sure that those services are adopted and sustainable, that is tricky.  Having a standard way of addressing SOA governance is not only an accelerant to companies but also allows them to:

  • Leverage a universally accepted and trusted framework
  • Exposure to an evolving framework that is leveraged by many companies that contribute to the Open Group with best practices,  guidance and standards
  • Eventually tap into a network of SOA practitioners that understand the standard without training
  • Potential for certifications to validate competencies and skills

The Open Group SOA Governance Framework includes a standard governance reference model and a mechanism for enterprises to customize and implement the compliance, dispensation and communication processes that are appropriate for them. Long term vitality is an essential part of the framework, and it gives guidance on evolving these processes over time in the light of changing business and technical circumstances, ensuring the on-going alignment of business and IT.

Mike The Architect: Open Group SOA Governance Model

What I really like about this model is that SOA Governance is viewed as the application of Corporate Governance, IT Governance and EA Governance to Service Oriented Architecture. This shows that SOA Governance extends IT and EA Governance ensuring that the benefits that SOA extols are met. This requires governing not only the execution aspects of SOA but also the strategic planning activities.

Take a look at the new standard, it is certainly worth the read!


Open Group Publishes its First Cloud and International SOA Standards

Today, The Open Group announced three new industry standards to enable businesses to effectively integrate elements of SOA and Cloud Computing into a solution or enterprise architecture. The new standards are:

  • SOA Reference Architecture
  • Service-Oriented Cloud Computing Infrastructure Framework
  • Open Group Service Integration Maturity Model


SOA Reference Architecture

Provides a blueprint for creating and evaluating SOA solutions. With the release of the SOA RA Standard, enterprise architects now have a common language and approach for creating SOA solutions that meet different organizational needs, and bridge the gap between business and IT.



This specification presents an SOA RA, which provides guidelines and options for making architectural, design, and implementation decisions in the implementation of solutions. The goal of this SOA RA is to provide a blueprint for creating or evaluating architecture.

Additionally, it provides insights, patterns, and the building blocks for integrating fundamental elements of an SOA into a solution or enterprise architecture.

Informally, the aim of the SOA RA is to answer some of the key questions and issues encountered by architects, including but not restricted to common questions such as:

  • What are the aspects, building blocks, and layers of an SOA that I need to consider in designing solutions, establishing enterprise architecture guidelines, or assessing an architecture based on service-oriented principles?
  • What are the building blocks I need to include in each layer of my solution or standardize as part of a enterprise architecture?
  • What are some of the key architectural decisions I need to make when designing a solution, or assessing an architecture that is based on service-oriented principles?
  • How do I increase my chances of gaining benefit from using SOA by taking into account key layers and building blocks with which I may initially be unfamiliar as our company makes it journey through higher levels of maturity? One of the ways in which we can establish a baseline and move to higher levels of maturity is to use The Open Group Service Integration Maturity Model (OSIMM) [21].
  • Which roles in a project would benefit from using these principles and guidelines?

The SOA RA is used as a blueprint and includes templates and guidelines for enterprise and solution architects as well as software engineering roles within the software development life-cycle. These facilitate and ultimately enable automation and streamlining the process of modeling and documenting the architectural layers, the capabilities and the Architecture Building Blocks (ABB) within them, options for layers and ABBs, mapping of products to the ABBs, and architectural and design decisions that contribute to the creation of an SOA. It is intended to support organizations adopting SOA, product vendors building SOA infrastructure components, integrators engaged in the building of SOA solutions, and standards bodies engaged in the specifications for SOA.

More: http://www.opengroup.org/soa/source-book/soa_refarch/intro.htm


Service-Oriented Cloud Computing Infrastructure (SOCCI) Framework

Is the first Cloud standard from The Open Group, which outlines the concepts and architectural building blocks necessary for infrastructures to support SOA and Cloud initiatives.

Service-Oriented Cloud Computing Infrastructure (SOCCI) is the realization of this framework for the cloud. This document details the SOCCI elements, the synergies realized through the cohesive application of SOA and cloud-based principles, and the SOCCI Management Building Blocks. It expands upon the relationships between service-orientation and its application to various infrastructure components. Finally, the concepts outlined are explained in the context of a business scenario – Motor Cars in the Cloud.


Participants have specific requirements from the cloud computing infrastructure. We will be elaborating on these requirements. The relationship of the base roles (Consumer, Provider, and Developer) and composite role (Integrator) are described above.

More: http://www.opengroup.org/soa/source-book/socci/intro.htm


Open Group Service Integration Maturity Model

Delivers a common maturity model, which has now been ratified as an ISO and IEC International standard, for advancing the continuing adoption of SOA and Cloud Computing within and across businesses.

The Open Group SOA Integration Maturity Model (OSIMM) provides consultants and IT practitioners with a means to assess an organization’s Service Oriented Architecture (SOA) maturity level. It defines a process to create a roadmap for incremental adoption which maximizes business benefits at each stage along the way. The model consists of seven levels of maturity and seven dimensions of consideration that represent significant views of business and IT capabilities where the application of SOA principles is essential for the deployment of services. The OSIMM acts as a quantitative model to aid in assessment of current state and desired future state of SOA maturity.


More: http://www.opengroup.org/soa/source-book/osimmv2/intro.htm


More information


Architecture Journal – Service Orientation Today and Tomorrow

AJ 21 Cover

A good friend of mine Diego Dagum just published the latest Architecture Journal some time back. I am just now getting to reading it. It's a great issue and would recommend taking a look. Great work to all the authors!

To download the full pdf go to the http://www.architecturejournal.net or you can get updates on the Architecture Blog (RSS) at Microsoft 


Design Considerations for Software plus Services and Cloud Computing

By Jason Hogg et al. 
Design patterns for cloud-computing applications.


Model-Driven SOA with “Oslo”

By César de la Torre Llorente 
A shortcut from models to executable code through the next wave of Microsoft modeling technology.


An Enterprise Architecture Strategy for SOA

By Hatay Tuna. 
Key concepts, principals, and methods that architects can practically put to work immediately to help their organizations overcome these challenges and lead them through their SOA- implementation journey for better outcomes.


Enabling Business Capabilities with SOA

By Chris Madrid and Blair Shaw 
Methods and technologies to enable an SOA infrastructure to realize business capabilities, gaining increased visibility across the IT landscape.


Service Registry: A Key Piece for Enhancing Reuse in SOA

By Juan Pablo García-González, Veronica Gacitúa-Décar, and Claus Pahl 
A strategy for publishing and providing facilities to access services information.


How the Cloud Stretches the SOA Scope

By Lakshmanan G and Manish Pande. 
An emerging breed of distributed applications both on-premises and in the Cloud.


Event-Driven Architecture: SOA Through the Looking Glass

By Udi Dahan. 
Looking back on the inherent publish/subscribe nature of the business and how this solves thorny issues such as high availability and fault tolerance.


Is SOA Being Pushed Beyond Its Limits?

By Grace Lewis. 
Challenges for future service-oriented systems. 
This Article is copyrighted by Carnegie Mellon University and is subject to the Software Engineering Institute’s Terms of Use found at http://www.sei.cmu.edu/.

Open Group SOA Governance Framework

The Open Group SOA Governance Framework provides context and definitions to enable organizations to understand and deploy SOA Governance. It describes SOA Governance; defines an SOA Governance Reference Model (the SGRM) and its constituent parts; and defines the SOA Governance Vitality Method (SGVM), which assists an organization in customizing the SGRM to realize its customized SOA Governance regimen.


Open Group Governance Framework - Governing Processes

This generic reference model for SOA governance is provided as a standard, to be used by companies to create (and constantly monitor and update) their own specific governance model and best practices. The SOA governance framework may be used in the context of another governance framework, such as COBIT or ITIL; the SOA working group did a mapping of COBIT to this framework as part of the framework development process, and plan to do more in the future in order to help organizations preserve their investment in COBIT/ITIL training and implementation.

The SOA Governance Framework will be available here for free download:



SOA Maturity Models

Over the past week another SOA maturity model emerges. The Open Group SOA Working group released a new maturity matrix (OSIMM) for the identification of where your IT organization is on the SOA continuum.

OSIMM is positioned to be a strategic planning tool that is used to assess where you are along the SOA continuum relative to a standard, vendor-neutral maturity model, and help create a roadmap for how to move on to the higher levels of maturity. At the heart of it is the OSIMM matrix, with maturity levels as columns progressing from left to right, and the different organizational dimensions being measured as rows: business view, governance and organization, methods, applications, architecture, information, and infrastructure and management.

Open Group SOA Maturity Matrix OSIMM

Within each cell of the matrix there are indicators for that dimension and maturity level: for example, if you’re using object oriented modeling methods, that indicates that your methods are at level 2, whereas using service oriented modeling would move you up to level 4 or 5 in the methods dimension. Behind this matrix, OSIMM includes a full set of maturity indicators and attributes, plus assessment questions that organizations can use to determine where they are in terms of maturity: each dimension can be (and likely will be) at a different level of maturity.

While it is stated that the OSIMM is vendor neutral, keep in mind that this was created largely from Service Integrators (SI) and vendors. However, this isn’t necessarily a bad thing as long as there isn’t a conflict of interest to push/lock us into unnecessary services engagements. 

The OSIMM Technical Standard at no cost and all the materials are located:



Other Maturity Models

OSIMM isn’t the only game in town when it comes to maturity models. Below are some others used in the industry. As you will notice, these are all provided by SI’s or vendors. While there is good concepts and ideas in these they are not compiled in an open industry forum. This is a large disadvantage to customers as it hasn’t be vetted openly.

Infosys SOA Maturity Model

Microsoft SOA Maturity Model (SOAMM)

IBM SOA Maturity Model (SIMM)

Sonic SOA Maturity Model


Zapthink SOA Maturity Model


Microsoft SOA & Business Process Conference 2009


The annual Microsoft SOA & Business Process Conference 2009 continues again this year with some really exciting features for three days dedicated to customer needs. The conference is the event for customers to receive detailed guidance on Service Oriented Architecture and Business Process Management. SOA & BPM span the enterprise, from developers building new services; to architects recommending IT standards; to business analysts designing processes; to business owners using IT to compete effectively and move their business forward.  The conference is designed to cover the relevant areas of concern to you.  

Online Registration


Registration for the conference is $899.  Register by 12/1 to receive a discounted rate of $599.

Conference Highlights

  • Keynotes delivered by Microsoft Executives
  • Breakout and Chalk Talk Sessions, Case-Studies & Roundtables from partners and SOA customers
  • Networking Reception on Tuesday, January 27 with Partners and Customers
  • Partner Expo


Conference Tracks

            Track 1: SOA & BPM Best Practices

            Track 2:  Technology Offerings



The conference will be held in Redmond, WA at the Microsoft Conference Center, January 27-30th.


Technorati Tags:

Share this post :