9: Architecture Design

Introduction

Architecture Design: the plan for how the system will be distributed across the computers and what hardware and software will be used for each computer.

Resource: See the Zachman Institute at www.zifa.com.

Elements of an Architecture Design

Architectural Components

The major architectural components of any system are the software and the hardware. The major software components of the system being developed have to be identified and then allocated to the various hardware components on which the system will operate.

All software systems can be divided into four basic functions:

1. data storage (from a Word file to a large Oracle database)
2. data access logic: the processing required to access data (often database queries in SQL); document in ERDs
3. application logic; documented in the DFDs, use cases, and functional requirements
4. presentation logic: the display of information to the user and the acceptance of the user's commands (i.e. the user interface)

These four functions form the basic building blocks of any information system.

The three primary hardware component of a system are:

1. client computers,
2. servers, and
3. the network that connects them

Server-Based Architectures

• first computer architectures
• server (central mainfram computer) performed all four application functions
• client (terminals) enabled users to send and receive messages from the server
• application software and data stored on server
• drawback: server processes all messages; server easily becomes overloaded and unable to quickly process all the users' demands

Client-Based Architectures

• clients are microcomputers on a local area network
• application software on client computers is responsible for the presentation logic, application logic, and data access logic
• servers simply stores data
• in simple one-user system, the data may reside on the client computer; no server is used
• drawback: data one the server muct travel to the client for processing

Client-Server Architecture

• attempts to balance the processing between the client and the server
• client responsible for presentation logic; server responsible for data access logic and data storage
• application logic may reside on either or be split between both
• "thick" (or "fat") vs "thin" client, depending on whether the application logic resides on the client
• e.g of thin client: Web-browser
• benefits of client-server architectures:
  1. they are scalable: it is easy to increase or decrease the storage and processing capabilities of the servers; and the cost to upgrade is much more gradual or incremental
  2. they can support many different types of clients and servers: it is possible to connect computers that use different operating systems; (middleware: a type of system software designed to translate between different vendors' software)
  3. for those that use Internet standards, it is simple to clearly separate the presentation logic, the application logic, and the date access logic, and design each to be relatively independent (think: HTML/XML, ASP/PHP/ColdFusion/CGI, SQL, Access/Oracle).
  4. because no single server computer supports all the applications, the network is generally more reliable
• limitations: complexity: we must content with client-side and server-side issues

Client -Server Tiers

• two-tiered: client responsible for application and presentation; server responsible for data
• three-tiered: client, application server, database server
• n-tiered: splits the application logic and data access logic/storage across multiple computers. Consider a Web-based application:
  • Client browser: presentation logic (HTML)
  • Web server (IIS, Apache): application logic
  • Application server (ASP, PHP, etc.): application logic
  • Database server (Oracle, Access; SQL): data access logic and storage

Creating and Architecture Design

Operational Requirements

• technical environment requirements: the type of hardware and software on which the system will work
• system integration requirements: those that require the system to operate with other information systems; typically specify interfaces through which data will be exchanged with other systems
• portability requirements: how the technical operating environment may evolve over time and how the system must respond (e.g. the system must run on all current and future versions of Windows.); also refers to potential changes in business requirements that will drive technical environment changes.
• maintenability requirements: specify the business requirements changes that can be anticipated so that the system designed today will be easy to maintain if and when those future requirements appear; may also defined the update cycle for the system, such as the frequency with which new versions will be released

Performance Requirements

• speed requirements: how fast the system must operate: the response time of the system (how long does it take the system to respond to a user request); "propagate" (sic) time (how long it takes transactions in one part of the system to be reflected in other parts)
• capacity requirements: attempt to predict how many users the system will have to support, both in total and simultaneously; important in understanding the size of the databases, the processing power needed, etc.
• availability and reliability requirements: focus on the extent to which users can assume that the system will be available for them to use: will the system be available during the 40 hour workweek or 24x7? Further, a system tat requires high reliability (e.g. a medical device) requires far greater planning and testing than one that does not have such high reliability reliability needs (e.g. a personnel system).

Security Requirements

security is the ability to protect the information system from disruption and data loss, whether caused by an intentional act (e.g. a hack or terrorist attack) or a random event (e.g. disk failure, a tornado); primarily the responsibility of the operations group: the staff responsible for instanlling and operating security controls such as firewalls, intrusion detection systems, and routine backup and recovery operations

security within systems usually focuses on specifying who can access what data, identifying the need for encryption and authentication, and ensuring the application prevents the spread of viruses.

• system value estimates: an organization's most important asset is not its equipment, but its data. In some cases, the information system itself has value that far exceeds the cost of the equipments (consider an Internet bank that has no brick-and-mortar branches. It's Web site is a mission critical system, an application tha is literally critical to the survival of the organization.)
• access control requirements: state who can access what data and what type of access is permitted (read-only or read-write; or whether the individual can create, read, update, and/or delete data.
• encryption and authentication requirements: encryption refers to the means of disguising information by the use of mathematical algorithms (or formulas); two types of encryption: symmetric and asymmetric:
  • a symmetric encryption algorithm (such as Data Encryption Standard [DES] pr Advanced Encryption Standard [AES] is one in which the key used to encrypt the message is the same as the one used to decrypt it, which means that it is crucial to protect the key and that a separate key must be used for each person or organization with whom the system shares information
  • an asymmetric encryption algorithm (such as public key encryption) is one in which the key is used to encrypt data (called the public key) is different from the one used to decrypt it (called the private key). That is, even if everyone knows the public key, once the data is encrypted, it cannot be decrypted without the private key. Public key encryption also permits authentication (or digital signatures): public key encryption algorithms are invertible (that is text encrypted with either key can be decrypted by the other... since the private key is secret, only the real user could use it to encrypt a message, hence a digital signature. (But, how do we know that the person or organization who sent the document with the correct private key is actually the person or organization they claim to be? This is where the Internet's public key infrastructure (PKI) becomes important (see www.ietf.org/internet-drafts/draft-ietf-pkix-roadmap-06.txt). The PKI is a set of hardware, software, organizations, and policies designed to make public key encryption work on the Internet. PKI begins with a certificate authority (CA) who can vouch for the authenticity of the person or organization using authentication (e.g. VeriSign). A person or organization wanting to use a CA registers with the CA and must provide some proof of identity... The CA issues a digital certificate that is the requestor's public key encrypted using the CA's private key as proof of identity. The certificate is then attached to the user's e-mail or Web transactions in addition to the authentication information. The receiver than verifies the certification by decrypting it with the CA's public key--and must also contact the CA to ensure that the user's certificate has not been revoked by the CA.
    
    the encryption and authentication requirements state what encryption and authentication requirements are needed for what data. will sensitive data (like customer's credit card numbers) be stored in the database in encrypted form? will encryption be used to take orders over the Internet from the company's Web site? Will users be required to use a digital certificate in addition to a password?
• virus control requirements: requiring that systems that permit the import or upload of user files to check those files for viruses before they are stored in the system

Cultural and Political Requirements

• multilingual requirements:
  • concurrent multilingual systems (systems designed to handle multiple languages one the fly so that users in different countries can use different language concurrently) versus discrete multiligual systems (systems designed with separate parts to support different language and must be reinstalled for a specific language to be used).
• customization requirements: how much of the application will be controlled by a central group and how much of the application will be managed locally?
• unstated norms: like the formatting of date in the US versus in Canada and most European countries; another one is currency--the point being to specify the currency in which the information is being entered and reported
• legal requirements: by formally considering legal regulations, they are less likely to be overlooked.

Hardware and Software Specification

1. define the software that will run on each system component (e.g. components for a Web-based application would be the client browser, Web server, application server, and database server). This usually includes the OS, and special purpose software, as well as additional costs (technical training, maintenance, extended warranteers, licencing agreements, etc.)
2. create a list of hardware that is needed to support the future system, as well as the quantities of each
3. describe in as much detail as possible, the minimum requirements for each piece of hardware (such as the amount of processing capacity, the amount of storage space, and any special features that should be included.)