|By Gopala Krishna Behara, Prasad Palli||
|December 8, 2012 03:00 PM EST||
The aim of the Architecture Assurance is to provide collaborative architecture processes for assuring complete implementation of the technical solutions that are aligned with the business drivers of an enterprise in a timely environment. The effective sharing of the information across different Business Units (BU) / departments within an enterprise and interoperability across IT systems would ensure the alignment of IT with business. The Architecture Assurance Group (AAG) is involved in reviewing the Project Architecture during the design and development phases of an application/system to help ensure successful project implementation. This review also ensures that the proposed system fits into the existing enterprise environment as well as the future architecture vision.
The goals of Architecture Assurance include some or all of the following:
- Identify inconsistencies in the architecture early, which reduces the cost and risk of changes required later in the life cycle
- Provide an overview of the compliance of architecture to mandated enterprise standards
- Identify where the standards may require modification
- Identify services that are currently application-specific but might be provided as part of the enterprise infrastructure
- Take advantage of advances in technology
- Communicate to management the status of the technical readiness of the project
- Identify and communicate significant architectural gaps to product and service providers
- Establish, own and manage Enterprise Architecture Content
- Provide architecture governance: guidelines and recommendations on business and IT architecture
- Ensure and enforce architecture compliance: review changes and deviations in business and IT architecture
- Resolve architectural ambiguities, issues and conflicts at the enterprise level
- Identify projects that have high architectural risk, and provide assistance to them early and often throughout the project
- Provide guidance to project managers and designers to direct architecture compliance
- Formally review projects to ensure compliance
- Leverage third-party assessments
- Leverage COT's products
The main benefits of these reviews are:
- Architecture is reviewed by a group of experienced architects across the enterprise
- Assistance in leveraging the existing architecture promoting the reusability
- Architecture for plug and play
- Promote simplification and standardization
- Proactively identify risks to the project
- Provide enterprise-wide context to project team
Maintain the integrity of the enterprise IT environment and expand the user community's access to Enter resources
- Does the project presents risk to the IT environment (e.g., infrastructure, other applications, users, enterprise policy)
- Allows Architecture Review Team to proactively recognize when modifications to the architecture are required
- Allows the project team to provide input to the extension of the proposed architecture
- Does the project leverage the existing common services where applicable
- Provides cost effectiveness across the enterprise
Architecture Assurance Methodology
The Architecture Assurance Group is a multi-disciplinary body that is responsible for the maintenance and enforcement of Architecture, Design standards and best practices across the programs/projects. The primary responsibility is to provide governance and ensure compliance of the defined enterprise / solution architecture.
Architecture Assurance is the key success factor in ensuring high quality deliverables for the architecture and design phases. The intent of the Architecture Assurance Process is to ensure that ongoing projects have the right architectural assumptions and that in-flight projects receive architectural guidance throughout the life cycle. This should be a collaborative effort to ensure that project designs and implementations are compliant with the defined architecture
A detailed Architecture Assurance process that achieves these goals is shown in Figure 1.
Architecture/Design Review(s) should be conducted at a stage when there is still time to correct any major inconsistencies or shortcomings in the program/project.
The Architecture/Design Review is typically targeted for the Analysis SDLC phase and at a point in time when:
- Business goals, business requirements, policies are defined
- Ball park clarity of hardware and software requirements & decisions are not finalized
- Project schedules / timelines are defined
- Project risk assessment is done
Architecture Review Criteria is:
- Start Early
- Drive and Participate in architecture workshop
- Establish relation with architecture & design teams
- Involve through architecture & design
- Involve and review the architecture and design decisions on an ongoing basis
- Review the intermittent and final architecture deliverables
- Share architecture best practices
- Mentor architecture and design teams as appropriate
- Architectural Risk Analysis and Mitigation
- Quality attribute analysis of architecture
- Failure and risk analysis of architecture
- Mentor on engineering best practices
- Mentor on Development method, tools & build practices
- Performance and other NFR related best practices
During the review, the architecture review team needs to extract the information like impacted groups, impacted systems, data feeds, software components required such as build, buy and reuse, security requirement, availability, scalability, error handling, capacity sizing, integration with third parties, data center/hosting facility, etc.
Key activities of the Architecture Assurance Group are:
- Conduct planned and random formal architecture review workshops for projects and programs
- Analyze architecture quality attributes against requirements
- Conduct architecture failure and risk analysis and mitigation plan
- Identify areas of non-compliance and options to redress shortcomings
- Conduct formal/informal reviews of intermediate and final architecture deliverables to ensure ongoing compliance and quality
- Review and track architecture and design decisions
In this phase, Architecture Assurance look for a high-level functional fit and nonfunctional fitment of the solution. Also verifies the solution mapping with the design and various options provided for the solution, reasons for the choices, TCO analysis of each option, etc.
In this phase, the verification of the alignment of the solution with the architecture requirements is done. Proper realization of the Architecture Principles, Architecture Patterns, IT Strategy alignment are performed in this phase. Any deviation of the standards needs to be approved by the Architecture Assurance Group.
In this phase, the report will be reviewed in terms of Business, Data, application & Technology. Also, identification of the open items, action items and next steps will be addressed & communicated to the project team
The prepared report will be presented to the Program management & track the observations to the closure. In this Phase, we oversee the updated architecture artifacts
Architecture Review Process
To ensure smooth, timely, and low impact reviews, the involved parties should prepare within the guidelines below. The process flow is shown in Figure 2.
The project architecture team is responsible for:
- Developing a project description that provides sufficient detail for the review team to evaluate architectural risks, including the project size, business impact, NFRs, Architecture Principles
- Sharing project estimates
The Architecture Assurance Team is responsible for:
- Assessing projects for architectural impact during the Proposal/Project Initiation phase of the SDLC processes
- Providing guidance to projects through the design phase to ensure that the final design is architecturally compliant
- Prepare/Customize Architecture Templates, Architecture Checklist
- Participate in the Architecture Review meetings to provide support to project teams and to assist the Architecture Assurance Group in decision making.
- Analyze the filled up Checklist, Summarize the review findings
- Customize Architecture Metrics
As part of the Architecture Review Process the following standards of the system need to be reviewed and agreed
- Business Strategy, Goals & Vision
- IT Strategy
- Existing Budgets, Resource Plans, Project Plans
- Business Scope Description
- Use Case Specification
- Business Requirements Document (BRD)
- Service Level Agreements
- TCO Model (CAPEX/OPEX etc.) - Funding Status
- Build/Buy/Reuse(Retrofit) Considerations
- Business process modeling and workflow system
- Business Process Optimization
- Business Process Analysis
- Business Process Monitoring & SLA's
- Application platform
- Programming/scripting language
- Testing/monitoring tools
- User interface platform
- Enterprise application integration platform
- Conceptual Architecture
- Logical Architecture
- Physical Architecture
- Security Architecture
- Portal platform
- Architecture Frameworks
- Performance Tuning Plan
- Migration Plan
- Tool/Vendor Selection Results
- Data Strategy
- Logical Data Model (LDM)
- Physical Data Model (PDM)
- Data integration platform
- Reporting and data analysis platform
- Server platform and operating system
- Desktop platform and operating system
- Bill of Materials
- H/W & S/W Acquisition/Lease Plan
- Security Implementation/Management Plan
- Deployment Plan
- Operational Readiness Plan
- Release Plan
- Network infrastructure
- System Performance Report
- Disaster Recovery Plan
Architecture Assurance Lead will perform the following activities:
- Assign Review Team
- Disagreement/Issue Resolution
- Review Findings discussion and agreement & communication with the project/program team
Review members will:
- Commit to review all materials in advance
- Prepare detailed questions using this practice standard and Checklist as appropriate
- Conduct any preliminary research as necessary to be an informed team member
- Attend all review meetings
- Provide a final assessment and recommendation based on their interpretation of the impact of the proposed solution architecture and design on the Enterprise Architecture.
Authors like to thank Hari Kishan Burle, General Manager, Wipro Technologies for giving us the required time and support in many ways in bringing this article as part of Architecture Assurance Practice efforts.
Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement. In his session at @DevOpsSummit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.
Oct. 8, 2015 09:15 PM EDT Reads: 199
Manufacturing has widely adopted standardized and automated processes to create designs, build them, and maintain them through their life cycle. However, many modern manufacturing systems go beyond mechanized workflows to introduce empowered workers, flexible collaboration, and rapid iteration. Such behaviors also characterize open source software development and are at the heart of DevOps culture, processes, and tooling.
Oct. 8, 2015 09:00 PM EDT Reads: 1,081
Between the compelling mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a revolutionary model enabled by new technologies. Learn how busine...
Oct. 8, 2015 08:45 PM EDT Reads: 262
The APN DevOps Competency highlights APN Partners who demonstrate deep capabilities delivering continuous integration, continuous delivery, and configuration management. They help customers transform their business to be more efficient and agile by leveraging the AWS platform and DevOps principles.
Oct. 8, 2015 07:30 PM EDT Reads: 219
Containers are revolutionizing the way we deploy and maintain our infrastructures, but monitoring and troubleshooting in a containerized environment can still be painful and impractical. Understanding even basic resource usage is difficult - let alone tracking network connections or malicious activity. In his session at DevOps Summit, Gianluca Borello, Sr. Software Engineer at Sysdig, will cover the current state of the art for container monitoring and visibility, including pros / cons and li...
Oct. 8, 2015 07:00 PM EDT Reads: 187
IT data is typically silo'd by the various tools in place. Unifying all the log, metric and event data in one analytics platform stops finger pointing and provides the end-to-end correlation. Logs, metrics and custom event data can be joined to tell the holistic story of your software and operations. For example, users can correlate code deploys to system performance to application error codes.
Oct. 8, 2015 06:45 PM EDT Reads: 205
Any Ops team trying to support a company in today’s cloud-connected world knows that a new way of thinking is required – one just as dramatic than the shift from Ops to DevOps. The diversity of modern operations requires teams to focus their impact on breadth vs. depth. In his session at DevOps Summit, Adam Serediuk, Director of Operations at xMatters, Inc., will discuss the strategic requirements of evolving from Ops to DevOps, and why modern Operations has begun leveraging the “NoOps” approa...
Oct. 8, 2015 06:00 PM EDT Reads: 136
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, discussed how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at th...
Oct. 8, 2015 06:00 PM EDT Reads: 2,161
With containerization using Docker, the orchestration of containers using Kubernetes, the self-service model for provisioning your projects and applications and the workflows we built in OpenShift is the best in class Platform as a Service that enables introducing DevOps into your organization with ease. In his session at DevOps Summit, Veer Muchandi, PaaS evangelist with RedHat, will provide a deep dive overview of OpenShift v3 and demonstrate how it helps with DevOps.
Oct. 8, 2015 06:00 PM EDT Reads: 626
The web app is agile. The REST API is agile. The testing and planning are agile. But alas, data infrastructures certainly are not. Once an application matures, changing the shape or indexing scheme of data often forces at best a top down planning exercise and at worst includes schema changes that force downtime. The time has come for a new approach that fundamentally advances the agility of distributed data infrastructures. Come learn about a new solution to the problems faced by software organ...
Oct. 8, 2015 06:00 PM EDT Reads: 781
The last decade was about virtual machines, but the next one is about containers. Containers enable a service to run on any host at any time. Traditional tools are starting to show cracks because they were not designed for this level of application portability. Now is the time to look at new ways to deploy and manage applications at scale. In his session at @DevOpsSummit, Brian “Redbeard” Harrington, a principal architect at CoreOS, will examine how CoreOS helps teams run in production. Attende...
Oct. 8, 2015 05:45 PM EDT Reads: 1,226
“All our customers are looking at the cloud ecosystem as an important part of their overall product strategy. Some see it evolve as a multi-cloud / hybrid cloud strategy, while others are embracing all forms of cloud offerings like PaaS, IaaS and SaaS in their solutions,” noted Suhas Joshi, Vice President – Technology, at Harbinger Group, in this exclusive Q&A with Cloud Expo Conference Chair Roger Strukhoff.
Oct. 8, 2015 05:00 PM EDT Reads: 437
In their session at DevOps Summit, Asaf Yigal, co-founder and the VP of Product at Logz.io, and Tomer Levy, co-founder and CEO of Logz.io, will explore the entire process that they have undergone – through research, benchmarking, implementation, optimization, and customer success – in developing a processing engine that can handle petabytes of data. They will also discuss the requirements of such an engine in terms of scalability, resilience, security, and availability along with how the archi...
Oct. 8, 2015 05:00 PM EDT Reads: 395
DevOps has often been described in terms of CAMS: Culture, Automation, Measuring, Sharing. While we’ve seen a lot of focus on the “A” and even on the “M”, there are very few examples of why the “C" is equally important in the DevOps equation. In her session at @DevOps Summit, Lori MacVittie, of F5 Networks, will explore HTTP/1 and HTTP/2 along with Microservices to illustrate why a collaborative culture between Dev, Ops, and the Network is critical to ensuring success.
Oct. 8, 2015 04:45 PM EDT Reads: 127
Application availability is not just the measure of “being up”. Many apps can claim that status. Technically they are running and responding to requests, but at a rate which users would certainly interpret as being down. That’s because excessive load times can (and will be) interpreted as “not available.” That’s why it’s important to view ensuring application availability as requiring attention to all its composite parts: scalability, performance, and security.
Oct. 8, 2015 03:00 PM EDT Reads: 388
Saviynt Inc. has announced the availability of the next release of Saviynt for AWS. The comprehensive security and compliance solution provides a Command-and-Control center to gain visibility into risks in AWS, enforce real-time protection of critical workloads as well as data and automate access life-cycle governance. The solution enables AWS customers to meet their compliance mandates such as ITAR, SOX, PCI, etc. by including an extensive risk and controls library to detect known threats and b...
Oct. 8, 2015 03:00 PM EDT Reads: 206
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud wit...
Oct. 8, 2015 02:30 PM EDT Reads: 646
Overgrown applications have given way to modular applications, driven by the need to break larger problems into smaller problems. Similarly large monolithic development processes have been forced to be broken into smaller agile development cycles. Looking at trends in software development, microservices architectures meet the same demands. Additional benefits of microservices architectures are compartmentalization and a limited impact of service failure versus a complete software malfunction....
Oct. 8, 2015 02:00 PM EDT Reads: 163
At DevOps Summit NY there’s been a whole lot of talk about not just DevOps, but containers, IoT, and microservices. Sessions focused not just on the cultural shift needed to grow at scale with a DevOps approach, but also made sure to include the network ”plumbing” needed to ensure success as applications decompose into the microservice architectures enabling rapid growth and support for the Internet of (Every)Things.
Oct. 8, 2015 01:15 PM EDT Reads: 2,042
Our guest on the podcast this week is Jason Bloomberg, President at Intellyx. When we build services we want them to be lightweight, stateless and scalable while doing one thing really well. In today's cloud world, we're revisiting what to takes to make a good service in the first place. Listen in to learn why following "the book" doesn't necessarily mean that you're solving key business problems.
Oct. 8, 2015 01:00 PM EDT Reads: 2,218