2019-05-07

Better architecting with - standard viewpoints and model-types

1 Smart Cities Reference Architecture Methodology


The IEC System Committee “Smart Cities” is mandated to develop the Smart Cities Reference Architecture (SCRA) which is a template for various Smart Cities solution architectures.  Although there are many reference architectures for Smart Cities, those architecture have been developed under different and unknown methodologies. This made practically impossible to use them together and to adjust them to the needs of a particular city system.

To address this problem the IEC System Committee “Smart Cities” had decided to develop Smart Cities Reference Architecture Methodology (SCRAM) as an international normative document IEC SRD 63188. The SCRAM provides the logic how to build the SCRA and how to tailor the SCRAM and SCRA. The ability to tailor is very critical.
  • Cities, as places where people live and work, are very important for our civilisation.
  • All cities are different.
  • Smart City is a city which makes the world easier for citizen, society, business and government.
  • In Smart Cities projects 50% – 70% of work is about IT, i.e. digital.
  • Smart City is a city which is rebuilt as a digital system (Digital Transformation is critical).
  • Digital systems can be done well, be adaptable and easy repeated (this is the main secret of Digital Transformation), but such emergent characteristics have to be purposefully created.
  • If a common methodology for building Smart Cities as digital repeatable systems is used, then all Smart Cities are the 70% same (an estimation).
  • Coordinated and cooperated building together Smart Cities as digital repeatable systems leads to substantial gains in cost, speed and quality of their implementations.
  • An export version of the Smart Cities implementation is created automatically.

Considering that Smart Cities will be digital repeatable systems, it has been understood that a platform is necessary. The SCRA outlines the Common Smart Cities Digital Repeatable Platform. Because of the complexity in Smart Cities, this platform is actually a complex of platforms (See the illustration below, which is slightly different from the various version in https://improving-bpm-systems.blogspot.com/2019/03/better-architecting-with-solution.html). For each platform, the SCRA lists its own components and essential capabilities for each component.



To describe such complexity, the SCRAM provides 11 viewpoints and 107 model-kinds. Additional, the Smart Cities Implementation Manual is anticipated for continual improvement and collecting knowledge about the SCRAM and SCRA.

2 Example of tailoring


A country NNN decided to introduce a country-wide ICT reference architecture for all Smart Cities projects. The country wanted to reuse the SCRAM and SCRA for the NNN-ICT RA. There are two fundamental requirements:
  1. The NNN-ICT RA must include communication infrastructure which is not defined in the SCRAM and SCRA.
  2. The NNN-ICT RA must be detailed enough as a Reference solution architecture.

A recommended tailoring is below. For Reference architecture, consider the following:
  • Describe the requirements for NNN-ICT RA by covering the SCRAM model-types 7.2-7.15; maybe in a free format.
  • Outline NNN-ICT RA via the SCRAM model-types 7.16-7.30; use SCRA whenever possible.
  • List of platforms to be provided at the beginning via the SCRAM model-type 7.43.
  • Provide a view of the Universal platform via SCRAM PLATFORM ENGINEERING viewpoint (thus you will know components and solutions for this platform).
  • Provide a view of the Urban Platform via the SCRAM PLATFORM ENGINEERING viewpoint (thus you will know components and solutions for this platform).
  • Provide a view for each vertical platform, e.g. transportation, gas, water, energy, waste etc. via the SCRAM PLATFORM ENGINEERING viewpoint (thus you will know components and solutions for these platforms).
  • For each SCRAM model-types 7.31-7.42 develop implementation materials, i.e. how different teams must provide various information, e.g. model processes, data, etc.
  • Provide any additional views and models, especially for communication infrastructure.

For Reference solution architecture, consider the following:
  • Provide view for the SCRAM CROSSCUTTING ASPECTS ENGINEERING viewpoint.
  • Provide view for the SCRAM RISK MANAGEMENT viewpoint.
  • Provide view for the SCRAM SOFTWARE FACTORY viewpoint.
  • For each component of the Universal platform, provide a view via the SCRAM PLATFORM COMPONENT ENGINEERING viewpoint (start with 7.51-7.53).
  • For each solution on top of the Universal Platform, provide a view via the SCRAM SOLUTION ENGINEERING viewpoint (start with 7.65-7.67).
  • For each component of the Urban platform, provide a view via the SCRAM PLATFORM COMPONENT ENGINEERING viewpoint (start with 7.51-7.53).
  • For each solution on top of the Urban platform, provide a view via the SCRAM SOLUTION ENGINEERING viewpoint (start with 7.65-7.67).
  • For each component of the vertical platform, provide a view via the SCRAM PLATFORM COMPONENT ENGINEERING viewpoint (start with 7.51-7.53).
  • For each solution on top of the vertical platforms, provide a view via the SCRAM SOLUTION ENGINEERING viewpoint (start with 7.65-7.67).
  • Provide any additional views and models.

3 SCRAM viewpoints and model-kinds

3.1 VALUE viewpoint

The value viewpoint describes the problem space in terms of expected value for the stakeholders by providing some ideas about potential overall solutions (called system-solutions to distinguish them from solutions on top of a platform). The value viewpoint comprises the following model-types:
  • Problem space overview (see 7.2)
  • Problem space terminology (see 7.3)
  • Problem space specifics nomenclature (see 7.4)
  • Problem space classifications nomenclature (see 7.5)
  • Stakeholders nomenclature (see 7.6)
  • Stakeholders’ concerns nomenclature (see 7.7)
  • Dependencies between generic system stakeholders, stakeholders, stakeholders’ concerns and categories of concerns (see 7.8)
  • High-level requirements nomenclature (see 7.9)
  • High-level stories nomenclature (see 7.10)
  • High-level use cases nomenclature (see 7.11)
  • Problem space coverage by the high-level use cases (see 7.12)
  • The mission statement (see 7.13)
  • The vision statement (see 7.14)
  • The strategic goals nomenclature (see 7.15)

3.2 BIG PICTURE viewpoint

The big picture viewpoint outlines the solution space and describes potential system-solutions as a set of high-level elements. The big picture viewpoint comprises the following model-types:
  • Solution space boundaries (see 7.16)
  • Solution space terminology (see 7.17)
  • Solution space constraints nomenclature (see 7.18)
  • Solution space classifications nomenclature (see 7.19)
  • Solution space essential emergent characteristics nomenclature (see 7.20)
  • Dependency matrix between problem space essential high-level requirements and solution space constraints vs. solution space essential emergent characteristics (see 7.21)
  • Solution space architecture principles nomenclature (see 7.22)
  • Dependency matrix between solution space essential emergent characteristics vs. solution space architecture principles (see 7.23)
  • High-level illustrative diagrams (see 7.24)
  • High-level business map (see 7.25)
  • Beneficiaries’ journeys nomenclature (see 7.26)
  • High-level reference capability map (see 7.27)
  • High-level process map (see 7.28)
  • High-level architecture (see 7.29)

3.3 SYSTEM-SOLUTION ENGINEERING viewpoint

The system-solution engineering viewpoint describes the system-solution as sets of artefacts such as capabilities, processes, service, functions, data, information, etc. This viewpoint explains how the system-solution delivers value to its beneficiaries as well as how the system-solution actually runs itself. The model-types of the system-solution engineering viewpoint are applied to any potential system-solution as the whole and some of its elements. The engineering viewpoint comprises the following model-types:
  • Capability map (see 7.30)
  • Low-level use cases nomenclature (see 7.31)
  • Function map (see 7.32)
  • Partners nomenclature (see 7.33)
  • Process map (see 7.35)
  • Services nomenclature (see 7.34)
  • Decisions nomenclature (see 7.36)
  • Events nomenclature (see 7.37)
  • Data schemas nomenclature (see 7.38)
  • Information flows nomenclature (see 7.39)
  • Document/content classifications nomenclature (see 7.40)
  • Key performance indicators nomenclature (see 7.41)
  • Reports nomenclature (see 7.42)
  • Standards and norms nomenclature (see 7.43)

3.4 PLATFORM ENGINEERING viewpoint

The platform engineering viewpoint covers a platform. A potential system-solutions may contain more than one platform. The platform viewpoint comprises the following model-types:
  • Platforms nomenclature (see 7.44)
  • Platform overview (see 7.45)
  • Platform terminology (see 7.46)
  • Platform components nomenclature (see 7.47)
  • Platform solutions nomenclature (see 7.48)
  • Platform software factory configuration (see 7.49)
  • Platform governance, management and operations manual (see 7.50)

3.5 PLATFORM COMPONENT ENGINEERING viewpoint

The platform component engineering viewpoint covers a component of a platform. The platform component viewpoint comprises the following model-types:
  • Platform component overview (see 7.51)
  • Platform component terminology (see 7.52)
  • Platform component capability map (see 7.53)
  • Platform component function map (see 7.54)
  • Platform component process map (see 7.55)
  • Platform component business specifications (see 7.56)
  • Platform component information specifications (see 7.57)
  • Platform component application specifications (see 7.58)
  • Platform component data specifications (see 7.59)
  • Platform component infrastructure specifications (see 7.60)
  • Platform component security specifications (see 7.61)
  • Platform component services and APIs nomenclature (see 7.62)
  • Platform component software factory configuration (see 7.63)
  • Platform component management and operations manual (see 7.64)

3.6 SOLUTION ENGINEERING viewpoint

The solution engineering viewpoint covers various artefacts of the particular solution. The solution engineering viewpoint comprises the following model-types:
  • Solution overview (see 7.65)
  • Solution terminology (see 7.66)
  • Solution capability map (see 7.67)
  • Solution function map (see 7.68)
  • Solution process map (see 7.69)
  • Solution business specifications (see 7.70)
  • Solution information specifications (see 7.71)
  • Solution application specifications (see 7.72)
  • Solution data specifications (see 7.73)
  • Solution infrastructure specifications (see 7.74)
  • Solution security specifications (see 7.75)
  • Solution services and APIs nomenclature (see 7.76)
  • Solution software factory configuration (see 7.77)
  • Solution management and operations manual (see 7.78)

3.7 CROSSCUTTING ASPECTS ENGINEERING viewpoint

The crosscutting aspects engineering viewpoint specifies engineering practices for several essential emergent characteristics of the system-solution. The crosscutting aspects viewpoint comprises the following model-types:
  • Interoperability aspect (see 7.79)
  • Security aspect (see 7.80)
  • Privacy aspect (see 7.81)
  • Safety aspect (see 7.82)
  • Reliability and resilience aspect (see 7.83)
  • Low cost of operations and time-to-market aspect (see 7.84)
  • Self-reference aspect (see 7.85)

3.8 CORPORATE viewpoint

The corporate viewpoint specifies various governance and management setup of the system-solution. The corporate viewpoint comprises the following model-types:
  • Organisational structure (see 7.86)
  • Governance structure (see 7.87)
  • Project management (see 7.88)
  • Corporate manual (see 7.89)
  • Independent evaluation (see 7.90)
  • Ethics, integrity and ani-corruption (see 7.91)
  • Environment and health (see 7.92)

3.9 RISK MANAGEMENT viewpoint

The risk management viewpoint specifies necessary governance practices. The risk management viewpoint comprises the following model-types:
  • Risk management aspect (see 7.93)
  • Compliance management aspect (see 7.94)
  • Regulatory management aspect (see 7.95)
  • Crime prevention and detection (see 7.96)
  • Auditing (see 7.97)
  • Independent investigation (see 7.98)
  • Crisis management (see 7.99)

3.10 SOFTWARE FACTORY viewpoint

The software factory viewpoint specifies BizDevOps practices. The whole logic of the software factory is quickly create a simple but complete solution, validate it and gradually enrich it. The implementation viewpoint comprises the following model-types:
  • Software factory overview (see 7.100)
  • Prototyping practices (see 7.101)
  • Engineering practices (see 7.102)
  • Assembling practices (see 7.103)
  • Testing practices (see 7.104)
  • Deployment practices (see 7.105)
  • Monitoring practices (see 7.106)

3.11 STANDARDS viewpoint

The standards viewpoint specifies existing and future standards applicable for the system-solution. This viewpoint comprises the following model-types:
  • Existing standards nomenclature (see 7.107)
  • Potential standards nomenclature (see 7.108)

4 Conclusion

The logic behind the SCRAM and its viewpoints/model-types may be used for other digital domains, such as: Digital Healthcare, Smart Homes, Smart Building, argotech, fintech, edutech, etc.

Thanks,
AS


This blogpost belongs to the series https://improving-bpm-systems.blogspot.com/search/label/%23BAW

2019-03-31

Better architecting with - explicit #security

1 Addressing crosscutting aspects by-design


Various crosscutting aspects (also known as non-functional or quality characteristics) of systems are, actually, dependant on all the system elements and relationships between them. For example, the security design principle “weakest link” is saying that “in designing security for a system, focus should be put on the weakest components of the overall system” (see Goldratt E.M., Cox J. The Goal: A Process of Ongoing Improvement, Second Revised Edition, 1992).

The understanding of emergent nature of crosscutting aspects led to raising of requirements for addressing them “by-design”. The most noticeable example of “privacy by-design” is the General Data Protection Regulations (GDPR) from the European Union (see https://eur-lex.europa.eu/eli/reg/2016/679/oj ). The concept “a system characteristic by-design” may be defined as “taking into account the characteristic throughout the system entire lifecycle processes (e.g. architecting, engineering, construction, operating, etc.) as an essential emergent characteristic of the system”.

2 Security Risk Architecture Model (SRAM)


To “estimate” a relative value of a non-functional or quality characteristic of a system at any stage of the system life cycle, it is necessary to “spread” such characteristic over the system elements and relationships between them. Figure below shows, that by knowing:
  1. the security-related paraments, i.e. threats, attacks and vulnerabilities (see oval “Security”) for each least granular system elements;
  2. relationships between the system elements (see oval “Architecture”), i.e.
    • how a set of least granular elements forms a service,
    • how services are used in business processes,
    • how business processes contribute into results,
    • how results reflect goals,
    • how goals are important for the system;
  3. adverse impact which is produced by problems with each system element;
it is possible to objectively evaluate system risks (see oval “Risk management”).



Considering that relationships between system elements are static or dynamic then the structure and behaviour of security will be covered. The same can be done for all crosscutting aspects: security, privacy, safety, reliability, resilience, performance, value, income, expenses and other emergent characteristics.

3 Enhancement practices


There are internal and external enhancement practices for each crosscutting aspect. The internal enhancements practices comprise various certifications and industry agreements which are aspect-specific and element-specific. The external enhancement practices depend on the treatment of an element as:

  • “white-box” with fully internal visibility and testability – some simulation, inspection and compliance external enhancement methods can be used;
  • “black-box” with no internal visibility and testability – use external enhancement points for data/information inputs and outputs, and external enhancement controls for leaks detection;
  • “grey-box” with partial internal visibility and testability – combining two previous options.


Typically, external enhancement methods are based on explicit relationships between elements (e.g. information flows). External enhancement points are based on digital archives and technologies similar to Security Information and Event Management (SIEM) tools. External enhancement controls are monitoring tools with some AI logic, for example, Data Loss Protection (DLP) tools.

For each relationship between elements, use external enhancement points for data/information flow starts and ends, and external enhancement controls for data/information transit.

The static relationships are expressed by any structural connection between elements, but dynamic relationships are expressed only by events (ECA and EPN techniques), processes (BPM techniques) and information flows (IFD techniques).

For example, a process model formally identifies all necessary enterprise enhancement points, methods and controls. (see figure below)
  1. Add all external enhancement points.
  2. Add all external enhancement controls for 4 activities which are “black-boxes”.
  3. Add all external enhancement methods for 2 activities which are “white-boxes” and the process as the whole.
  4. Add all the events and mitigation processes for some of them.


Thus, an explicit description of system elements and relationships between them provides a nomenclature of external enhancement practices, controls, points, and methods to be added to the system. Then they have to be linked to the risk management practices. All the information risk-related information sourced from various crosscutting aspects must be collected and treated together (see figure below).

  1. Enterprise business functions should be enriched to generate the risk-related information.
  2. Those risk-related data need to be collected at the enterprise data warehouse together with other business information.
  3. Some business processes need to be updated to embed risk-related activities.
  4. A set of risk-related rules, logic and risk-related knowledge should be able to use the risk-related and other business data to detect acceptable limits of risk as well as interdependencies and correlations between different risks.
  5. Some business processes for risk mitigation maybe automatically activated.
  6. A lot of risk-related indicators, alerts should be available in the form of dashboards and reports available for different staff members.
  7. Staff members should be able to initiate business processes based on the observed risk-related information.

Additional security-related techniques are mentioned in https://improving-bpm-systems.blogspot.com/2014/04/ideas-for-bpmshift-delenda-est-vendor.html


4 Conclusion


Crosscutting aspects are desired emergent characteristics of a system. They must be addressed systemically.

Thanks,

AS


This blogpost belongs to the series https://improving-bpm-systems.blogspot.com/search/label/%23BAW

2019-03-27

Better architecting with - solution artefacts

1 Introduction


Although the global success of software is unquestionable (“software is eating the world”, everyone wants to use agile, etc.), last year the agile guru and “father” of microservices Martin Fowler was talking "why are we struggling" (see https://martinfowler.com/articles/agile-aus-2018.html ). He pointed at three problems:
  1. Get rid of the Agile Industrial Complex and the idea of imposing stuff on teams. Let teams work out the way they should work themselves.
  2. Raise the importance of technical excellence, and never forget that when writing software, the technology side is really vital, and
  3. Organize around products.
Let us see how architecture addresses these three points (please, note that the word “architecture” has not been used in this speech).

The point 1 is actually well-known for architecture – no organisation is using only one framework and a framework “as is”. It is always a mixture of several frameworks which have been “massaged” to handle the real and unique needs of an organisation. To overcome this problem, the serious of blogs “Better Architecting With” (BAW) https://improving-bpm-systems.blogspot.com/search/label/%23BAW introduces a different approach – architecture description (remember ISO/IEC/IEEE 42010) which is a set of views and models, these models are aligned, and some models are, also, parts of system-of-interest. Thus teams may use views and models as they want.

There is already a standard set of model-types (e.g. I use 100+ of them) and there are some methods to generate (sometimes semi-automatic) some models from existing models. Processes are not fixed, but there is a natural order of dependencies between model-types. So, the teams may have a lot of freedom by using standard methods and model-types.

The item 3 is also well-known for architecture – the entity (product, solution, system, etc.) life cycle is more important than projects at various stages of such life cycle (see https://improving-bpm-systems.blogspot.com/2018/01/better-architecting-with-explicit.html ). So, there is a clear separation of duties:
  • Use architecture to define the units-of-work to be done and some dependencies between them.
  • Use agile to schedule and monitor execution of such units-of-work.
The item 2 is, actually, about being able to build that kind of adaptive software including refactoring – ‘I always loved Mary Poppendieck's phrase, "A late change in requirements is a competitive advantage." But to do that you need software that's designed in a way that's able to react to that kind of change. Refactoring is central to this because refactoring is a disciplined way of making changes.’

It seems that the guru is “self-locked” in the software domain in accordance with the well-known observation “if all you have is a hammer than everything looks like a nail”. Software has its artefacts (classes, packages, interfaces, schemas, services, applications, platforms, etc.), however solutions are, also, built from a different set of artefacts (which use software artefacts, of course). 


2 Solution artefacts


Architecturally, solutions consist of solution artefacts such as:
  • events,
  • processes,
  • UI forms,
  • roles,
  • rules,
  • KPIs,
  • audit-trails,
  • reports,
  • automation scripts,
  • data structures,
  • documents,
  • IoT devices,
  • etc.

Also, architecturally, each of these artefacts may have several facets:
  • specific management tool, e.g. Business Process Management (BPM)-suite tool;
  • templates, e.g. process templates;
  • instances, e.g. process instances;
  • APIs (or interfaces) to all functionality, and
  • patterns used by templates, e.g. workflow patterns.
Obviously, the specific management tools for these solution artefacts are needed only once for all the solutions within the whole computing environment, i.e. enterprise-wide. Also, templates, patterns and APIs are shared between many solutions. So, each unit-of-functionality that is used by more than one solution must be put aside and organised for sharing.

Logically, all the units-of-functionality to be shared should form an enterprise-wide platform (this is a type of software artefacts) and some units-of-functionality may become microservices (this is a type of software artefacts). 


3 Platforms and microservices orientation


The logic behind platforms is rather straightforward – instead of developing traditional applications which contain a lot of duplicating functionally, all common functionality is collected into a platform and solutions which are built on top of that platform possess only unique functionality. See figure below.


Planform is designed on the following principles:
  • The platform simplifies the use of its platform components and ensures interaction between them. Thus, the platform frees up resources to focus on solving unique problems.
  • New solutions are implemented outside the platform using rapid development techniques (agile methodology) and platform existing functionality.
  • The planning of new solutions is coordinated within the scope of the platform to minimize duplication of efforts in solving the same problems.
  • Successful new (thus innovative) solutions are gradually included in the platform for their wide use.
  • Constant improvement of the platform is achieved through transparency, feedback, results of use and systematic evaluation of existing platform components.
  • All interactions inside and outside the platform use the standardized interfaces (API methodology).
  • The platform provides for several interchangeable options for some platform components.
  • The platform offers not only a rich functionality, but also a methodology for developing various solutions based on it.
  • The platform is built gradually by increasing its functionality horizontally and vertically.

The platform-enabled agile solutions orientation implies common engineering practices for solutions created on top of the platform. Any solution which is built on such a platform must contain only functionality which is not implemented in the platform (see Figure below).

4 Smart cities reference architecture case


Let us illustrate platforms, solutions and solution artefacts with the Smart Cities Reference Architecture Methodology which is under development in the IEC System Committee “Smart Cities”. Some of the goals of this methodology are to guarantee that 
  1. all the common functionality is developed once and used by many Smart Cities and
  2. individual Smart City can easily developed their own unique solutions (including replacing some platform functionality).

The analysis of Smart Cities functionality demonstrated that minimum 3 platforms are necessary: universal, urban-generic and urban-specific (see Figure below).


Another option is to split the urban-specific platform into 14 platforms.

To facilitate the isolation of solution artefacts, a reference application architecture for solutions is proposed (see figure below).



Then all the various facets (tools, APIs, patterns, templates and instances) are mapped to the platforms and solutions (see figure below).




5 Typology of solutions


The reference application architecture for solutions can be further elaborated by adding a typology (classification) of solutions. This means that there are some types of solution and each type is formed around a predominant solution artefact, namely:
  • event centric,
  • data-entry centric,
  • document/content centric,
  • data or/and information flow centric,
  • data or/and information visualisation,
  • IoT-device centric,
  • short-running operations (or activity-based),
  • long-running operations (or process-based),
  • etc.
For each of these types of solution it is possible to propose a reference architecture. For example, a process-based solution reference architecture is illustrated in figure below. (Note that each activity in this process is surrounded by microservices with pre- and post-automation strips.)




However, a real solution, usually, combines some of those types.

Thus, solutions are delivered in accordance with the following generis procedure:
  1. Minimal architecting to understand the type (or a mixture of types) of a solution.
  2. Collecting use cases to define capabilities of the solution.
  3. Quick prototyping to outline functions, APIs, and solutions artefacts.
  4. Conducting gap analysis to determine what is missing in the platform(s).
  5. Developing missing functionality as microservices to close the gap.
  6. Assembling newly created and existing microservices to deliver the solution.

And, don’t forget the versioning for everything.

Thanks,
AS

This blogpost belongs to the series https://improving-bpm-systems.blogspot.com/search/label/%23BAW