Architecture Evaluation - Department of Computer Information Systems
Architecture Evaluation - Department of Computer Information Systems
Architecture Evaluation - Department of Computer Information Systems
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Architecture</strong> <strong>Evaluation</strong><br />
Qualitative and Quantitative
1. Overview and<br />
Introduction<br />
A. Target Program<br />
Summary<br />
B. Program<br />
Description<br />
B. Background<br />
and History<br />
C. Solicitation<br />
Schedule<br />
D. Opportunity<br />
Rating<br />
Summary<br />
E. Capture<br />
Program Status<br />
2. Marketing<br />
Activities<br />
A. Customer<br />
Organization<br />
and<br />
Environment<br />
E. Customer<br />
Source<br />
Selection<br />
Process<br />
C. Customer<br />
Hot Buttons<br />
and Selection<br />
Criteria<br />
D. Competitor<br />
Analysis<br />
F. Customer<br />
Analysis and<br />
Bidder<br />
Comparison<br />
F. Capture<br />
Program<br />
Status<br />
3. Program<br />
Requirements<br />
4. Planned<br />
Program<br />
5. Business<br />
Issues<br />
A. Scope <strong>of</strong> Work A. Win Strategy A. Desirability<br />
<strong>of</strong> Project/<br />
B. Overview <strong>of</strong><br />
Program<br />
Requirements<br />
C. Integrated<br />
Customer<br />
Solution<br />
Worksheet<br />
D. Customer<br />
Solution “Actions<br />
Required” Plan<br />
B. Teaming<br />
Approach<br />
C. Technical<br />
Approach<br />
D. Management<br />
and<br />
Organizational<br />
Overview<br />
E. Personnel and<br />
Staffing<br />
Approach<br />
F. Related<br />
Experience<br />
and Past<br />
Performance<br />
Approach<br />
G. Cost/Price<br />
Approach<br />
Task<br />
B. NDA/<br />
Teaming<br />
Agreements<br />
6. Proposal<br />
Requirements<br />
A. Proposal<br />
Manager and<br />
Key Team<br />
Members<br />
C. Cost to Bid C. Proposal<br />
Requirements<br />
D. Risk<br />
Analysis<br />
and<br />
Mitigation<br />
Plan<br />
7. Cost and<br />
Pricing<br />
A. Executive<br />
Cost Summary<br />
B. Proposal Plan B. Contingencies<br />
and Summary<br />
Volume Outline<br />
D. Special<br />
Requirements<br />
(i.e., Orals, E-<br />
mail, etc.)<br />
C. Material<br />
and/or<br />
Subcontractor<br />
Costs<br />
D. Fee and<br />
Operating<br />
Pr<strong>of</strong>it<br />
Summary<br />
E. Unusual<br />
Costing<br />
Factors/<br />
Concerns<br />
F. BAFO<br />
Requirements<br />
(Discounting,<br />
etc.)<br />
Term<br />
Percent Complete<br />
Cost Performance Index<br />
or Performance Factor<br />
To Complete<br />
Performance Index<br />
or Verification Factor<br />
Schedule Performance Index<br />
Schedule Correlation<br />
Independent Estimate<br />
At Completion<br />
Average Performance<br />
Average Expected<br />
Performance To Finish<br />
Symbol<br />
% Done<br />
CPI or PF<br />
TCPI or VF<br />
SPI<br />
SC or S/C<br />
IEAC<br />
P CUM<br />
P TO GO<br />
1)<br />
2)<br />
ACWP +<br />
Formula<br />
BCWP<br />
BAC<br />
BCWP<br />
ACWP<br />
BAC - BCWP<br />
EAC - ACWP<br />
BCWP<br />
BCWS<br />
PCUM<br />
SV<br />
BAC<br />
PF<br />
BAC - BCWP<br />
.8CPI + .2SPI<br />
BCWPcum<br />
Duration (wks or mos)<br />
Since ACWP Began<br />
BCWPcum<br />
Duration (wks or mos)<br />
From Time Now to<br />
Manager's Stated<br />
Completion Date<br />
Checklist Actions<br />
Ratio <strong>of</strong> work accomplished in terms <strong>of</strong> the total amount <strong>of</strong> work<br />
Ratio <strong>of</strong> work accomplished against money spent (an efficiency ra<br />
Done for Resources Expended)<br />
Ratio <strong>of</strong> work remaining against money remaining (Efficiency whic<br />
achieved to complete the remaining work with the expected remain<br />
Ratio <strong>of</strong> work accomplished against what should have been done (E<br />
Rating: Work done as compared to what should have been done)<br />
to do.<br />
ting: Work<br />
h must be<br />
ing money)<br />
fficiency<br />
Ratio <strong>of</strong> Schedule Variance (SV) in terms <strong>of</strong> average amount <strong>of</strong> wo<br />
rk<br />
accomplished (in weeks or months). It indicates a correlation t<br />
o program true<br />
schedule condition<br />
Calculation <strong>of</strong> a projected Estimate At Completion to compare wit<br />
h the CAM's<br />
Estimate At Completion:<br />
1) Ration <strong>of</strong> total work to be done against experienced cost eff iciency<br />
2) Sunk costs added to a ratio <strong>of</strong> remaining work against weight ed cost and<br />
schedule efficiencies<br />
Average rate at which work has been accomplished since work bega<br />
Average rate at which work must be accomplished in the future to<br />
date the CAM has forecasted for completion <strong>of</strong> the work.<br />
n<br />
finish on the<br />
<strong>Architecture</strong> Management & Planning<br />
Skills<br />
Inventory<br />
Corporate<br />
Fixed Asset<br />
Inventory<br />
Vendor &<br />
New Technology Research<br />
<strong>Department</strong>al<br />
Fixed Asset<br />
Inventory<br />
IT Hardware<br />
Inventory<br />
$<br />
$<br />
$<br />
$<br />
$<br />
$<br />
IT S<strong>of</strong>tware / Applications<br />
Inventory<br />
$ $<br />
$<br />
<strong>Architecture</strong><br />
Management<br />
& Planning<br />
Today…<br />
$<br />
$ $ $<br />
Network Map<br />
$<br />
$<br />
$<br />
Connectivity<br />
Diagrams<br />
Topology Map<br />
Business Unit &<br />
<strong>Department</strong>al<br />
Interviews<br />
Organizational<br />
Charts<br />
Project<br />
Inventories<br />
Data Element Term Acronym<br />
Framework or<br />
Reference Model<br />
Enterprise <strong>Architecture</strong>s<br />
Version<br />
Control<br />
Scheduled Work Budgeted Cost for Work Scheduled BCWS<br />
Earned Value Budgeted Cost for Work Performed BCWP<br />
Actuals Actual Cost <strong>of</strong> Work Performed ACWP<br />
Authorized Work Budget At Completion BAC<br />
Data Element Term Acronym<br />
Forecasted Cost Estimate At Completion EAC<br />
Work Variance Schedule Variance SV<br />
Cost Variance Cost Variance CV<br />
Completion Var Variance At Completion VAC<br />
Life Cycle<br />
Management<br />
Budgets<br />
.<br />
Buy<br />
List<br />
Standards<br />
Pr<strong>of</strong>essor<br />
Truex<br />
Configuration<br />
Management
Two Techniques<br />
<strong>Architecture</strong> Trade<strong>of</strong>f Analysis Method (ATAM)<br />
Qualitative approach to prioritizing requirements<br />
Cost Benefit Analysis Method (CBAM)<br />
Takes the output <strong>of</strong> the ATAM and adds economic<br />
analysis in the form <strong>of</strong> cost benefit trade<strong>of</strong>fs<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
ATAM<br />
Multiple stakeholders and participants<br />
<strong>Evaluation</strong> team<br />
Project managers<br />
<strong>Architecture</strong> stakeholders<br />
What characteristics do you want in the team?<br />
Roles and attributes (c.f. pg 273)<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
ATM outputs/deliverables<br />
<br />
Rank ordered priorities in the following forms:<br />
1. Concise architecture model<br />
2. Clear business goals <strong>of</strong> the architecture (system)<br />
3. Quality requirement scenarios (QRSs)<br />
4. Mapping <strong>of</strong> architectural decisions to QRSs<br />
5. Sensitivity analysis and trade<strong>of</strong>f points<br />
– How important is it and at what trade<strong>of</strong>f?<br />
E.g., back up database important to reliability, problem for<br />
security<br />
6. Risk analysis and risk theme clustering<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Example tabular ATAM output<br />
Quality Attribute Attribute refinement Scenarios<br />
Performance<br />
Transaction Response<br />
time<br />
Throughput<br />
Generating reports<br />
User updates patient acct.<br />
in less than .75 second<br />
Patient acct under peak<br />
load in response to chg <strong>of</strong><br />
add notification < 4 secs.<br />
Batch by midday<br />
Usability Pr<strong>of</strong>iciency training Experienced new hires up<br />
to speed in < 2wks<br />
Configurability<br />
Maintainability<br />
Enterprise <strong>Architecture</strong>s<br />
Normal operation<br />
Set payment plan real<br />
time with patient w/out<br />
delays<br />
No source code changes<br />
to change fee structures;<br />
CBAM -- Cost Benefit<br />
If each architectural decision has costs and trade<strong>of</strong>fs<br />
(risks)<br />
How do we evaluate economic value and necessity?<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
CBAM (Benefits) vs. ATAM (trade<strong>of</strong>fs)<br />
ATAM identifies sets <strong>of</strong> key architectural decisions<br />
BAM quantifies them as to cost<br />
Scenarios<br />
Utility curves<br />
Best case and worst case scenarios compared to current and<br />
desired states<br />
Prioritizing scenarios via voting<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
A model <strong>of</strong> Security Design<br />
Threats<br />
Control<br />
s<br />
Targets<br />
Enterprise <strong>Architecture</strong>s<br />
What are each <strong>of</strong> these elements?<br />
Pr<strong>of</strong>essor<br />
Truex
A model <strong>of</strong> Security Design<br />
Threats<br />
Control<br />
s<br />
Targets<br />
Destruction<br />
Modification<br />
Disclosure<br />
Avoidance<br />
Tolerance<br />
Mitigation<br />
Physical (Hardware, people…)<br />
Data<br />
Data Communications<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Intranet Security: instance<br />
example<br />
Intranet security is vital especially if connected to the<br />
Internet<br />
Security can be<br />
threatened (someone tries to break in)<br />
compromised (someone knows how to break in)<br />
breached (actually breaks in or infiltrates)<br />
Security threats can<br />
come from inside and outside<br />
be deliberate or accidental<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Types <strong>of</strong> Threats<br />
Threats to hardware<br />
Theft <strong>of</strong> equipment<br />
Tampering by disgruntled employees<br />
Destruction by natural accidents (fire, flood etc.)<br />
Ordinary wear and tear<br />
Threats to s<strong>of</strong>tware<br />
Deletion - accidental or deliberate<br />
Theft by user<br />
Corruption by virus or hardware malfunction<br />
Threats to information<br />
Corruption, theft or deletion <strong>of</strong> files<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Planning Intranet Security<br />
Defining security goals<br />
Protect what? (hardware? network? data?)<br />
Protect from whom? (users? outsiders?)<br />
Protect from what? (fire? natural disasters?)<br />
Cost effectiveness <strong>of</strong> measures<br />
Typical security goals include<br />
Preventing malicious damage to files and system<br />
Preventing accidental damage<br />
Protecting data integrity and confidentiality<br />
Preventing unauthorized access<br />
Providing appropriate disaster recovery<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Intranet Security: Access<br />
Control<br />
Isolating the server<br />
physically<br />
by specific protocol<br />
by specific IP address<br />
Password access<br />
Passwords should<br />
be mixture <strong>of</strong> upper and lowercase; be <strong>of</strong> sizable length; not<br />
be words found in dictionary<br />
be changed regularly<br />
be changed from vendor supplied defaults<br />
Other password issues:<br />
passwords <strong>of</strong> ex-users should be removed<br />
no more than two invalid attempts should be allowed<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Intranet Security Techniques<br />
Cryptography (or encryption): converting a message (plaintext)<br />
into a secret code (cyphertext) and the reverse process<br />
Can be public or private<br />
Firewall: a device that sits between the internal network and the<br />
outside Internet<br />
Can be packet filtering, proxy server or combination (dualhomed)<br />
Authentication: proving the identity <strong>of</strong> both clients and servers<br />
Non-repudiation: proving that a document was originated by the<br />
sender<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Use the model to assess and<br />
plan...<br />
Threats<br />
Control<br />
s<br />
Targets<br />
Destruction<br />
Modification<br />
Disclosure<br />
Avoidance<br />
Tolerance<br />
Mitigation<br />
Physical (Hardware, people…)<br />
Data<br />
Data Communications<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Security Planning and Design<br />
Grid<br />
Physical Data Data Comm.<br />
Destruction<br />
Disclosure<br />
Modification<br />
Intentional<br />
Accidental<br />
Intentional<br />
Accidental<br />
Intentional<br />
Accidental<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Risk (Cost) benefit analysis<br />
E C = P I * C I<br />
E v = B i - E C<br />
Overall utility <strong>of</strong> scenarios<br />
Where B i = ∑ j (b i,j X W j )<br />
Where bi,j is the benefit assigned to a strategy I given its effect on<br />
scenario j and where Wj is the weighting given to scenario j<br />
What is an inherent weakness in this formulation?<br />
Are traditional investment decision metrics adequate?<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Design benefits, costs and<br />
Return on Investment<br />
Question; How good is good enough?<br />
Once decided and costs are assigned then we compute<br />
the expected return on investment. That metric is, in<br />
turn, compared to organizational standards.<br />
ROI ==> R i = B i / C i<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
CBAM steps<br />
1. Gather and group (Collate) scenarios<br />
2. Refine scenarios<br />
3. Prioritize scenarios<br />
4. Assign a utility to each<br />
5. Develop architectural strategies for each and assess<br />
expected quality attribute levels<br />
6. Determine utility value for each<br />
7. Derive expected benefit<br />
8. Choose strategies based on ROI<br />
9. Check choices with your intuition (common sense)<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Collected scenarios<br />
Response goals<br />
Refined Scenarios<br />
Assign utility<br />
c.f., pgs. 318-323<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Financial Analysis <strong>of</strong> Projects<br />
Financial considerations are <strong>of</strong>ten an important<br />
consideration in selecting projects<br />
Three primary methods for determining the<br />
projected financial value <strong>of</strong> projects:<br />
Net present value (NPV) analysis<br />
Return on investment (ROI)<br />
Payback analysis<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Net Present Value Analysis<br />
Net present value (NPV) analysis is a method <strong>of</strong><br />
calculating the expected net monetary gain or loss from<br />
a project by discounting all expected future cash inflows<br />
and outflows to the present point in time<br />
Projects with a positive NPV should be considered if<br />
financial value is a key criterion<br />
The higher the NPV, the better<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Net Present Value Example<br />
Excel file<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Return on Investment<br />
Return on investment (ROI)<br />
or income divided by investment<br />
ROI = (total discounted benefits - total discounted costs) /<br />
discounted costs<br />
The higher the ROI, the better<br />
Many organizations have a required rate <strong>of</strong> return or<br />
minimum acceptable rate <strong>of</strong> return on investment for<br />
projects<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Payback Analysis<br />
Another important financial consideration is<br />
payback analysis<br />
The payback period is the amount <strong>of</strong> time it will<br />
take to recoup, in the form <strong>of</strong> net cash inflows,<br />
the net dollars invested in a project<br />
Payback occurs when the cumulative<br />
discounted benefits and costs are greater than<br />
zero<br />
Many organizations want IT projects to have a<br />
fairly short payback period<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
NPV, ROI, and Payback<br />
Analysis for Project 1<br />
Excel file<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
NPV, ROI, and Payback<br />
Analysis for Project 2<br />
Excel file<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Weighted Scoring Model<br />
A weighted scoring model is a tool that provides a<br />
systematic process for selecting projects based on many<br />
criteria<br />
First identify criteria important to the project selection process<br />
Then assign weights (percentages) to each criterion so they add up<br />
to 100%<br />
Then assign scores to each criterion for each project<br />
Multiply the scores by the weights and get the total weighted scores<br />
The higher the weighted score, the better<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex
Sample Weighted Scoring Model for<br />
Project Selection<br />
Excel file<br />
Enterprise <strong>Architecture</strong>s<br />
Pr<strong>of</strong>essor<br />
Truex