Skip navigation
Twitter   Follow us  •   Share   Share    Become a member
Home Business Technology Strategy Business Technology Execution Professional Development Live Exchanges Smart Archive Smart Enterprise Magazine
Up to Blog Posts in Smart Architect

Smart Architect

3 Posts tagged with the data tag
Eric Bruno
0

A few weeks back I wrote about the benefits — and challenges — of a federated architecture. In that blog I wrote that such an approach helps the enterprise architect organize the efforts of disparate groups to avoid duplicate software project silos, but also that the approach won’t get far without buy-in and cooperation from business users, data owners and various other stakeholders. (For a more detailed refresher, see the original post here).

 

I mentioned there that I’d be following up the post with another to discuss a project I’ve been involved in to tie disparate financial systems into a federated portal, which included taking mobility into consideration early in the design process.  I know you’ve been waiting for it, so sit back and enjoy as I delve into the how of architecting that federated effort! I hope my experience will help prepare you for issues that may arise with federated systems in your own enterprise, regarding security, deployment coordination and user interfaces, which is where we’ll start.

 

Dressing for Success

 

The enterprise architect’s first challenge will be getting agreement on a unified presentation strategy. Without standardizing on a single presentation technology, you risk a user interface (UI) that looks disorganized and disjointed. Equally bad, you lose the ability to share design patterns and code across software projects, and developers remain in silos, jeopardizing the agility that can occur when they are free to share their talent with, or even move to, other development groups to create added value. Technical problems, such as OS resource competition and varying data refresh rates, are bound to arise as well.

 

The Web-based portal I’ve been focused on building is for a set of applications — involving multiple development groups — in the banking space. Being Web-based, HTML makes up most of the UI. But because the portal is to be a rich Internet application, we had to get agreement on which more complex UI elements we would leverage for displaying dynamic data (financial market data in this case). Ajax, Silverlight or Flash technologies were in the mix, but trying to combine them all adds up to a sloppy presentation. As the enterprise architect on the case, it was important to listen to the arguments on all counts, and in addition mobility features had to figure heavily into the final verdict. Flash is a good cross-platform, cross-browser choice for dynamic UI development, but even better, it’s turned out to be a real star in the world of mobile devices.


Just Log In

 

Another area of focus in federated architecture is user authentication. It’s absolutely necessary to build a single sign-on (SSO) solution—not necessarily one based on SAML (Security Assertion Markup Language), but one that’s web-proxy friendly—that unifies the login process for your internal applications. But it’s just as important to enable access from external domains, such as those of your customers and business partners, seamlessly and without sacrificing security.

 

Solutions such as those in CA’s Identity and Access Management suite, provide capabilities that can work in your enterprise, across the Web, and even extend to the cloud. A single sign-on product, such as CA SiteMinder®, is specifically built to solve this problem, as shown in Figure 1. 

 

ca.jpg

Figure 1 - How Single Sign-on Works (Illustration credit: CA SiteMinder Product Brief)

 

Here’s how it works:

  1. The user accesses a protected resource.
  2. The user is challenged for credentials, which are passed to a secure SSO agent, such CA SiteMinder.
  3. After passing through another layer of network security, the credentials are passed to a policy server.
  4. The policy server securely authenticates the user against the correct data store.
  5. Entitlements are passed back to the policy server where access is granted.
  6. The user’s profile data is passed to the appropriate application(s).
  7. Appropriate application content is provided to the authenticated user.

 

Remember, in a federated solution, all of your organization’s secure applications need to be unified within a single SSO solution, and all of your user authentication must be accessible within a single set of data stores. 


Deployment Demands

 

Another critical task facing the enterprise architect who drives a Web-based federated effort that runs well on mobile devices is the deployment and administration of services within the cloud. In my case, this involved a private cloud.

 

The main goals were to enable lifecycle and operational independence. The first mistake of some of the groups participating in the effort was that they placed their enterprise software components into the cloud as one large component. This quickly led to problems in the areas of scalability and ease of deployment.

 

As a result, I began an effort to break down all software components into sets of basic services with discrete tasks. We designed a way to easily deploy and dynamically execute these services across servers, both physical and virtual, according to a core set of capabilities and prerequisites. For example, information such as average transaction time, network bandwidth needs, dependencies on other services, and external resources and storage needs all are factors in deciding how many instances of each service are started, and where they’re located.

 

That’s why the system now can manage itself to a degree. However, administrators still can control individual services, migrate them across servers if problems arise, and roll out individual service updates without interrupting the entire federated system. In the end, the entire system and process is more agile, with limited dependency on specific developers’ expertise, or custom frameworks that duplicate deployment and administrative tasks. In summary, less human interaction equates to more efficiency, and reduced duplication equates to reduced costs and greater shared value.

 

Looking Ahead

 

If you’re interested in moving your enterprise toward a federated architecture, you must understand that you’ll need to constantly engage in forward-thinking and proactive planning, since unification efforts take a great deal of time and need to be flexible. That’s especially true as new development groups come on board and various databases need to be consolidated.

 

But as most enterprise architects learn early on, a good architecture is never complete. It just continues to evolve over time. We’d love to hear about any of your own evolutionary experiences as an architect.

638 Views 0 Comments Permalink Tags: single_sign-on, portals, ajaz., silverlight, flash, user_interface, ca-siteminder, ca_identity_and_access_management, federated_systems, silo, complex, processing, eric, bruno, federated, architect, event, data, architecture, smart, agile, agility, mobile, mobility
Jennifer Zaino
0

Storage is critical enterprise infrastructure, and how best to protect these environments to ensure the safety and recovery of the data that resides there is pretty darn important. But is this sometimes a bit overlooked by enterprise architects thinking more about big-picture strategies than nitty-gritty details?

 

Perhaps. Consider, for example, that physical to virtual infrastructure transitions present the best chance nearly any organization will have for some time to rearchitect its backup methodology, says Marco Coulter, Research Director for Storage Practice at TheInfoPro (a division of 451 Research). After all, a large-scale change like that doesn’t happen every day. You have to “exploit that opportunity, because you may not get it again for another 10 years,” he says.

 

Yet, when laying out the frameworks for physical to virtual infrastructure projects, most enterprise architects won’t have a ready answer about accomplishing backup redesign, he says. That has to change: Just as enterprise architects have a role in helping simplify server environments, so too should they play a part in reducing management overhead — i.e., the cost factor — for data protection. “This is a way of protecting the business; it’s not the business,” Coulter notes. “The time you spend doing this isn’t creating business value.” Yet, according to Storage Study Wave 15 done in 1H2011 by TheInfoPro, backup remains the largest storage time-sink (see chart below).

 

infochart.gif

 

Complexity has had a long reign when it comes to storing, managing and protecting data, going back to the days of purely physical environments. Without guidance from enterprise architects, the addition of virtualization, on- and off-premises clouds, and SaaS solutions, can further complicate data management and protection — certainly during the period of time when organizations are transitioning to these new technologies and environments.    

 

David Liff, VP, Global Marketing, at CA Technologies, sees the enterprise architect as bringing the risk assessor’s eye to the job, to apply recovery point objective (RPO) and recovery time objective (RTO) principles appropriate to each specific business process, across whatever swaths of technology are in place or moving into place, and ideally enabling all protections via a single ergonomic console. “Architecting storage used to be about making sure you had enough storage and that it was working. That’s now a given,” he says. “Now it’s about driving risk management around storage architectures, based on the business process defining RPO and RTO.”

 

The amount of data the enterprise is willing to lose and the amount of time it is willing to wait to recover information depends on the impact that each specific loss-and-recovery effort will have on the business. It may be okay to lose a day’s worth of human resource transactions and to wait two weeks to recover HR data, but clearly it’s a very different story for the transactions and data involved with online trading system processes, for example. There, the requirement may be to restore back to just one minute or one transaction ago, and to do it instantly. While storage architects are themselves being asked to think more about protection according to RPO and RTO objectives, they should be defining those SLA goals in consultation with enterprise architects, Liff says.

 

Indeed, the enterprise architect should make it a point to be involved now more than ever. After all, enterprise architects regularly deal with governance issues, and increased regulatory and legal requirements — such as producing digital records in a timely manner as part of electronic discovery of evidence during litigation — demand good storage architecting and data protection practices. 

 

The enterprise architect also is needed now, more than ever, to help guide backup and recovery strategies because the enterprise has to move away from using many technology solutions to manage and protect distinct environments — physical, virtual, cloud — to a solution that can range across these platforms and across their various vendors, while seamlessly accommodating different business process Service Level Agreements. “That’s a challenge that creates churn,” Liff says. “Storage is known for high levels of complexity, and in large organizations you have teams of experts running different solutions, but their expertise is not portable. These teams are passionate about what they do and emotionally attached to what they know, too. Once you get to the business-driven goals of RTO and RPO, you need someone who’s outside of just the storage world — the enterprise architect — to decide what is the way forward to a more comprehensive solution that gives you granular control at a very high level.” (Today there are just a very few solutions that fit the bill, including CA Technologies’ ARCserve, he says.)

 

However you’re contemplating addressing storage in the new year, Coulter makes an important comment about getting these architectures right, especially in light of all the work most enterprises have been doing around server virtualization and the growth in capacity that that’s been driving. “Get it wrong and you will spend more and more on storage, and that eats into the savings [virtualization can deliver] on the server side,” he says.

 

How are you planning to help your enterprise get storage right? 

 

 

592 Views 0 Comments Permalink Tags: theinfopro, 451_research, david_liff, recovery_point_objective, recovery_time_objective, server, enterprise_architect, enterprise_architecture, smart_architect, storage, ca, technologies, business_process, virtualization, data, protection
Eric Bruno
0

You know it and I know it: Most large organizations suffer from silos, with duplicate software projects in active development. The reasons for this vary — a political power-play, an accident, a belief that it's easier to reinvent the wheel than drive someone else’s car.

 

But the results, as every enterprise architect knows, are the same: Duplication is costly, and ultimately it eats into the organization’s ability to function as an agile enterprise — that is, one that can freely and spontaneously exchange information as a whole, and where new initiatives are taken on by many people working collectively, instead of only a few working in isolation.

 

How to wrestle this problem to the ground? I suggest thinking in terms of the federated architecture pattern, an approach that focuses on software, processes and developer behavior. This approach leads to a more agile organization, as it fosters interoperability between lines of business and information sharing. John Zachman, creator of the Zachman Framework for Enterprise Architecture, has positioned this approach as a practical way to employ architectural concepts in complex, multi-unit enterprises. And he has noted that its success requires someone (YOU) figuring out and actually creating and managing what is to be federated — i.e., that which is to be centralized, optimized, integrated and reused by the overall enterprise. (You may want to read Smart Architect’s interview with John Zachman on recent changes to his framework here.)

 

Building on Zachman’s definition, federated architecture is more than a fancy term to describe an enterprise-wide approach to software. It's a model to share concerns across the enterprise, and to identify common business problems, infrastructure requirements, development efforts and data needs. It requires, in effect, that you build a system that encompasses the entire organization, so that the business is able to adapt to changes in the market more quickly and efficiently, and in a much more cost-effective manner.

 

 

tax.jpg

 

As Fig. 1 shows, a federated architecture solution provides the platform to align disparate systems, data sets, other internal and external cloud-based systems, legacy systems, and infrastructure, all via an organization-wide taxonomy. From the purely organizational perspective, this is a difficult task: You need to align the business, the data owners and all stakeholders, the corporate IT strategy, and all of development. And if that weren't difficult enough, there are technical hurdles beyond the norm.

 

 

Indirectly related to this is a means to perform communication and integration across the components: Complex event processing (CEP). CEP involves designing your systems to respond to events that occur across all layers of the organization's IT systems. CEP, which in a federated architecture goes way beyond plain-vanilla middleware, becomes a driving force of systems integration and higher operational intelligence, and as such requires corporate wide buy-in and cooperation. Successfully accomplished, the result is a unified architecture, and a common development approach, for all of the systems in the enterprise — no more silos.

 

Integrating this into the cloud also ties into everything we’ve discussed here over the past year: further reducing costs, increasing efficiency, and raising overall system quality and uptime. (For more on those issues, see, for starters, Time to Revisit Your Cloud Strategy, Architecting the Cloud: Which Workloads Should Move First, or A Technical Perspective On Which Workloads Should Move to the Cloud.)  It also leads to that elusive agile enterprise, where individual components within the architecture — and the people involved — are part of a larger system, one where changes and improvements affect the organization as a whole, with benefits shared. 

 

Additionally, the federated approach helps to achieve operational independence: Developers for one part of the system can help (or even take over) when emergencies arise in other parts. Examples include software failures, architectural deficiencies and changing requirements that demand additional expertise. Being able to quickly find others within the organization to plug in and help in these situations is a big win. This is a key value that’s lost in the “silo approach.”

 

For the past year, I’ve been involved in a project where a set of disparate financial systems are being integrated into a single federated portal. As the system brings together elements of trade execution and supporting analytics, the problems have been wide and varied, from normalizing technology selections, to ensuring data-access rights, to meeting latency requirements.

 

In an upcoming blog, we’ll explore an architectural solution for a federated system based on this real-world experience. Your own federated systems will vary, and of course they don’t need to be a Web portal solution specifically for these lessons to apply. Regardless of what you’re building or integrating, you’ll face the struggles of coordinating numerous stakeholders across the organization, getting them to agree on an architectural direction, aligning their schedules and deployment plans to one another, and truly implementing the systems according to the agreed-upon plan.

 

In the meantime, let us know if you have an example of how you have implemented a federated architecture to drive agility – and how you did it. 

613 Views 0 Comments Permalink Tags: federated_systems, silo, complex, processing, eric, bruno, federated, architect, event, data, architecture, smart, agile, agility


We encourage your feedback. Reach out via the "Contact the Editor" and "Contact the Concierge" services for any needs, questions or comments. We look forward to serving you!

Paula Klein, Smart Enterprise Exchange Editor
e-mail

Ellen Lalier, Smart Enterprise Exchange Concierge
e-mail
phone 516-562-5727; fax 516-562-5466