Zadak solution architecture components (1)

50 %
50 %
Information about Zadak solution architecture components (1)

Published on October 25, 2016

Author: MohammedOmar4

Source: slideshare.net

1. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 0 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Solution Architecture - ZADAK Online Grocery Shopping Project (ZOGS) OCT 2016By Solution Architect: Eng Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL

2. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 1 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Document History Version No. Date Author Revision Description 0.8 6-OCT-2016 Mohammed Omar Initial Solution Architecturedocuments

3. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 2 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Executive Summary 1.1 Introduction In thisstage we are proposing anddesigningatechnical specification whichwouldsupportall functionalities neededbyZOGSplatform.The purpose of thisdocumentistoprovide the designthe architecture of the envisaged ZOGSsolutionbasedonthe initial functionalrequirements. 1.2 SolutionArchitecture Basedon bothfunctional andsystemrequirementsdifferentviewsof the solutionhasbeenrepresented to describe the entire solutionindetails. The architecture sectionincludesfollowingcomponents: ZOGS SolutionArchitecture 1. Reference Architecture - Givesanoverview of the entire solutioncontainingthe key componentsof the solution. 2. Overall envisagedtechnologyplatformof ZOGSsystemwill comprise of asetof applicationsand services.A numberof serviceswill be hostedforinternal consumption;typicallytomanage the businessprocessesandfunctionsof ZOGSasan organizationandsome external services throughcontent,data andapplicationlevel integrationwillalsobe renderedthroughthis platformtothe insurer, ZOGScustomers,employeesandmanagementteam. 3. The functional viewcomprisesof the followingservices/applications: Platform ManagementServices  Security Services: Standardauthenticationandauthorizationservices, applicationregistrationandstrongauditingcapabilitiesforthe transactions and otherpertinentdetails.  ApplicationManagementServices: Alongwiththe setof servicesprovided ina typical applicationserverenvironment,typical ITandSLA management services  InformationDissemination/RenderingServices 1. ZOGSPortal: The portal will provideaplatformforthe extendedenterprise tobe managed.Itwill thereforeexpose bothenterprise applicationsanda numberof functional applicationstothe extendedenterprise 2. MobileApplications:Mobile applicationsforbothiOSand Androidplatformwillbe developedtoensure thatthe portal functionalitywillbe deliveredtomobileusers  BusinessApplicationsand Services 1. BusinessApplications: These willbe offeredasaplatformto ZOGS. Thisplatformwill be runonthe internal environment and will be accessible,todifferingextents,throughthe channelsof informationdissemination throughdefined integrationtouchpoints.

4. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 3 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL 4. ApplicationView- Elaborates the applicationsto fitthe Functional requirementofthe system and to support the Information flowin the system.The applicationviewassumes all the differentapplicationsspread across departmentswouldbe accessible fromthe portal using a central integrationlayer. 5. Infrastructure View- Elaborates the Infrastructure needof ZOGSto support the applications that has beenproposedin the previousview.The infrastructure viewcomprisesof the followingcomponents:  Central Data Centre (CDC) andDisasterRecovery(DR) site specifications  BusinessContinuityPlan  Hardware Infrastructure  NetworkConfiguration  ScalabilityPlan 6. Security Frameworkand Architecture - Elaboratesthe securityneedof ZOGSto safeguardthe data, information,othercontents,applicationsfromvariousinternal andexternal security threats.Thissectiondescribesthe differentmethods,processesandmechanismssuchasaccess control,authenticationsandencryptionmechanismsthroughadvancedsolutionslike biometric devicesanddigital signature

5. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 4 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL SolutionArchitecture Components For designingthe solutionarchitecture,the systemrequirementhasbeenconsideredasone of the key input.These systemrequirementshave beendividedintothe Functional RequirementandSystem requirementof the solution.Basedonbothfunctionalandsystemrequirementsdifferentviewsof the solutionhasbeenrepresentedtodescribe the entiresolutionindetails. The solutionarchitecture sectioncomprisesfollowingcomponents:  Reference Architecture  ApplicationArchitecture The followingsubsectionselaborate the abovementionedcomponentsof the solutionarchitecture Reference Architecture The reference architecture givesanoverview of the entire solutioncontainingthe keycomponentsof the solution. The Solution hasthree broadcomponentsthatinteractwitheachother.  A front-endportal whichactsas a window toall ZOGS applications  A centralizeddatabase This traditional web hosting architecture is implements a commonthree-tier web application model that separates the architecture into presentation, application, and persistence layers. Scalability is provided by adding additional hosts at the presentation, persistence, or application layers. The architecture also has built-in performance, failover, and availability features The diagram belowdepictsthe keycomponentsof the solution.

6. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 5 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL . 1. ExteriorFirewallHardware orSoftware Solutiontoopenstandardports(80,443) 2. Web Load Balancer Hardware or Software solution to distribute traffic over web servers 3. Web Tier Fleet of machines handling HTTP requests 4. Backend Firewall limits access to application tied from web tier

7. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 6 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL 5. App Load Balancer Hardware or Software solution to spread traffic over app servers 6. App Server Tier Fleet of machines handling Application specific workloads Caching server machines can be implemented at this layer 7. Data Tier Database Server machines with master and local running separately, Network storage for static objects

8. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 7 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Application Architecture (Applicationview) Thisviewof the architecture elaboratesthe applicationstofitthe Functional requirementof the system and to supportthe Informationflowinthe system. The applicationviewassumesall the differentapplicationsspreadacrossdepartmentswouldbe accessible fromthe portal usingacentral integrationlayer.Thislayerwouldactas a hub forthe overall architecture bothfroma data and applicationlevel communicationperspective.Thislayerwill facilitate communicationbetweenthe portal,differentinternal applications,backendsystems,access managementservicesandall otherchannels.The diagrambelow showsamodel of the ZOGS solution applicationview. ApplicationComponents Followingapplicationcomponentsare envisagedasmainbuildingblocks:  Access Managementcomponentservesasagatewayto overall applicationlandscape.It providesforrole securedrole basedaccesstodifferentviewsof the portal.Thiscomponent enablesSingleSign-On(SSO) sothatusersneednotsigninagainfor eachof the applications accessedthroughthe portal.  ApplicationPortal componentsserve asa gatewayforall the Businessapplications,alongwith contentand knowledge managementfeatures.There will be different informational/transactional viewsofferedtodifferentstakeholdersdependingontheir role/levelof access.  IntegrationHub will serve afulcrumforthe overall applicationview.Itwill have several componentsforcomplex standards-basedaswell asproprietaryintegrations,connectivitywith

9. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 8 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL all internal hostedapplication/services,connectorsetc.These layerswill alsoserveasonand offline dataintegrationgateway.  Databases: Each componenthasbeenfurtherdetailedoutbelow: Access Management AccessManagementcomponentwillserve asagatewayfor all requeststhatare routedthroughweb browser.Itwill use anEmployee directoryof ZOGSalongwitha SSO/IDMinfrastructure toauthenticate users.All the external userswouldbe validatedagainstausercredential database.AccessManagement module shouldbe designedinanopenmode withabilitytoaccommodate additional applicationsand security managementsolutionfornewapplications. ApplicationPortal Applicationportal will serveasa gatewayforrequeststhatmay be routedthroughbrowser.Portal shouldbe developedusingstandardportal server.Portal servermayhave followingillustrative components-  Knowledge ManagementServices:Portal will provide forrichknowledge management capabilitiesacrossdifferentdepartments.A role basedview of thissystemwouldbe givento internal andexternal stakeholders.  Analytics and ReportingServices:Portal will provide reportinganddataanalysisfeaturesin formsof reportsanddashboards.  Work FlowServices:A configurable workflow service wouldbe runningacrossall the business applications.  Notificationsand MonitoringServices:A configurable notificationsservice wouldbe runningin associationwiththe workflowservice  Search Services:Abilitytoconductregularandadvancedsearch.  CollaborationServices:Abilitytoperformcontent,dataandapplicationbasedcollaborationin line withWeb2.0 principle  PersonalizationServices:Abilitytopresentcustomizedviews(e.g.languagebased personalization)andmodulesthroughaportal dependingonthe type andnature of users  Payment Gateway:The proposedportal will have aninterface withafull-featuredpayment gatewaysolutionandwouldprovidethe abilitytoprocessonline paymentsusingmanypayment instruments. The capabilitiesof the PaymentGatewaywouldbe the following o Transaction Processing  Basic validationof PaymentInformation  Well-formedCreditcardnumbervalidation  Card expirydate validation  Authenticationof paymentinformation  AuthenticationforIssuingBanks  AuthenticationforInternetpaymentprocessing  Supportfor serviceslikeVerified-by-Visa,MasterCardSecureCode etc  Authorizationof paymentinformation  Capabilitytoensure atomicityof the transaction  EfficientandcentralizedReconciliationmechanism

10. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 9 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL o Security  Capabilitytosecurelycommunicate tootherthirdparty application/serviceson the InternetusingSSLprotocol  ProtectionbySecuredfirewall  Verisigncertification o Administration  Checkingthe statusof individualtransactions  MIS Reports  Refundingtransactionsif applicable SystemsFeatures  Industry-standardScalability  Industry-standardPerformance IntegrationHub Integrationhubwill servethree core functions  Manage the interface betweenvariousapplicationsthroughapplicationtoapplicationand applicationtodataintegration. In additiontothese services,asetof common servicesshouldalsobe provisionedforusingthis integrationhub.Thiswouldinclude-  ContentandInformationpublicationmanagement  WorkflowEngine  NotificationEngine Databases Thislayerincludes:  Back End RDBMS ex) MySql Database clusters  It wouldalsoinclude communicationcomponentssuchasEmail. Followingare the keyconsiderationsfor ZOGS’s envisagedsolution:  HeterogeneousEnvironment:Overall systemisexpectedtohave multiplecomponentsresident indifferentanddiversetechnologyplatforms.Properconsiderationshouldbe giventothispoint while finalizingthe integrationarchitecture.  End-to-endIntegration(Data Level):Thisapplicationwouldhave significantdatalevel integrationbetweenlegacysystemsandthe ZOGSPortal whichwill pose asignificantchallenge interms of latency,frequencyof information.Ensuringthe consistencyandintegrationof transactionina concerted mode will pose asignificantchallengetothisarchitecture

11. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 10 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Architecture Considerations andConstraints  The hardware sizedforall the applicationsshouldbe redundantandscalable.All the componentswithinthe servershouldbe hotswappableandshouldincurnodowntime due to componentfailure.  All the serverssuggestedshouldhave dual powersupplies.The powerinputtothe power supplieswill be fromseparate UninterruptedPowerSupplieswhichwill be fedfromtwo differentpowersources.Incase of failure of one powersupply,the secondpowersupplyshould be able to take the full loadwithoutcausinganyinterruptioninservices.  All serversshouldhave ata minimumof dual 1000 Mbps networkinterface cards(NIC) installed on differentslots. EachNICwill be cabledfromadifferentmodule onthe switchusinggigabit speedcabling.  The systemshouldbe platformindependentandshouldnotonlybe deployable onmultiple platformssuchas HP UNIX,IBM AIX,IBMi,Sun Solaris,MicrosoftWindows,Linuxetc.,but shouldalsoallowintegrationwithothersoftware deployedacrossheterogeneousoperating systemplatforms.  The systemshouldhave the capabilitytouse Service OrientedArchitecture bestpracticesand shoulduse industrystandardsforintegrationtoachieveuniversal use.  The systemshouldbe database independentandshouldallowdeploymentonmultipleRDBMS such as DB2, Oracle,and Microsoftetc.The systemshouldallow integrationwithother heterogeneousdatabasesirrespective of the choice of database forthe enterprisesystem.The database language shouldbe ANSISQLandshouldavoidusinganyVendorspecificproprietary extensionstoANSISQL(e.g.PL-SQL)  Abilitytobe browserindependent.The systemshouldbe compatiblewiththe following browsers o InternetExplorer6.0or higher o MozillaFirefox 3.0.7or higher o Safari,Netscape,etc.  The systemshouldhave modularstructure providingthe flexibilitytodeployselectedmodules- products- linesof businesscombinationasperthe ZOGS ’sconvenience  The systemshouldprovide fastandsteadyresponse times(Qualityof Service).The speedand efficiencyof the systemshouldnotbe affectedwithgrowingvolumes,especiallyduringsearch operations,datawarehousing,reporting,MIS,onlineprocessesandbatchprocesses.  The systemshouldbe operational withgoodresponse timeusinglow bandwidthinthe region of about15Kb per user,especiallyforWAN andinternetusers.

12. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 11 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL The systemshouldmeetthe followingscalabilityrequirements:  Supportmulti- tierarchitecture (The Applicationshouldatleasthave the followingwithinits architecture) forall moduleswithinthe applicationwith well-definedinterfacesbetweenthe layers o PresentationLayer o BusinessLogicTier o Data Tier  Capabilitytointegrate withexternal/thirdpartycomponentslike RulesEngine,Functional Modules,General Ledgeretcwhichshouldnotbe pointtopointintegration,butwith well- defined interfacesfordataintegrationusingenterprise datamodel  Abilitytoscale horizontallywithoutredesign  Multiple similarhardware andmix of multiple hardwareinahorizontal setup.  Scalabilityforexternal components(External componentsshouldnotrestrictscalability) - Provide performancebenchmarksforsimilarfunctionsrequiredin ZOGSforSolutionscalability  Abilitytoscale verticallywithoutredesign  Additionof CPU,Memory,Hard diskcapacitywithoutcausingdowntime  Supportthe deploymentof additionalmodulesata laterpointintime withminimal downtime and lossof productivity. Interoperability Aspects of the Solution Challenges of Interoperability Interoperabilityisessential forthe ZOGSsolution Technical interoperability Technical Interoperabilitycoversthe technical issuesof computersystems.Itincludesalsoissueson platformsandframeworks.Frameworksforthe solutionmightbecome complex andmanytimes provide conceptual differencestoworkingapproaches.Inaddition,attimesframeworksare duplicative and contradictingwithmultiple levels.Hence,thoroughreview andutmostcare shouldbe takenwhile decidingonthe frameworksandplatformsforthe solution.Some of the specificplatformand frameworkrelatedconsiderationsfor the solutions are:  Choice of the operatingsystemforbothclientandserver  Optiontouse serverfarmanduse loadbalancingtohostthe portal  Choice of the browserand it’saddon components Otherconsiderationswhichare dependentonthe platformandframeworksare:  Portletsbuiltforone portal platformwouldnotinteroperate withotherportal platforms  Developerswouldneedtobuildthe same portletmanytimestosupportmultiple portal vendors.  A limitednumberof portletswill be availablefromaparticularportal vendorforpage designers.  Deploymentof portletsmaywantto be managedoncertainsystemsbut“consumed”onother systems.

13. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 12 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Semantic Interoperability Interoperabilityorintegrationeffortsare aboutmakinginformationfromone systemsyntacticallyand semanticallyaccessible toanothersystem.Syntax problemsinvolveformatandstructure.Semantics beinganimportanttechnical issue isone thatisalmostinvisible outside technical circles.Whatitboils downto isthat the meaningof apparentlyidentical termscandifferinsignificantwaysbetween systems.Suchdifferencesnormallymake itmore difficulttomake systemsworktogether.The differencescanbe minimizedif systemsare designedusingagreeddataformats.Semanticsrelate tothe understandingandintegrityof the information. Technology Considerations for Interoperability There are varioustechnologiesthathelpinachievingthe objectivesof the solution bysolvingthe problemof interoperability.Keytechnologiesare discussedbelow: Service-orientedArchitecture (SOA) SOA is an architectural style whose goal istoachieve loosecouplingamonginteractingsoftware agents. A service isa unitof workdone by a service providertoachieve desiredendresultsforaservice consumer. Service OrientedEnvironmentisbasedonthe followingkeyprincipals:  SOA is notjust architecture of servicesseenfromatechnologyperspective,butthe policies, practices,andframeworksbywhichthe rightservicesare providedandconsumed.  WithSOA itis critical to implement processesthatensure thatthere are at leasttwodifferent and separate processes—forproviderandconsumer.  Ratherthan leavingdeveloperstodiscoverindividualservicesandputthemintocontext,the BusinessService Busisinsteadtheirstartingpointthatguidesthemtoa coherentsetthathas beenassembledfortheirdomain. . Web Services (WS) A webservice supportsdirectinteractionswithothersoftware agentsusingXML-basedmessages exchangedviaInternet-basedprotocols”.The SemanticWeb infrastructure of ontologyservices, metadataannotators,reasoningenginesandsoonwill be deliveredasWebservices.InturnWeb servicesneedsemantic-drivendescriptionsfordiscovery,negotiationandcomposition.

14. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 13 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Infrastructure Specifications Thissectionelaboratesthe Infrastructureneedof ZOGStosupportthe applicationsthathasbeen proposedinthe previoussection. A fullywebbasedapplicationarchitecture isenvisagedthatwill ensureall the applicationaccessis throughweb.Specificdescriptionof differentinfrastructure solutioncomponentsalongwiththe rationale ispresentedinrespective sections:  Central Data Centre (CDC) andDisasterRecovery(DR) site  Strategyfor DisasterRecovery  BusinessContinuityPlan  Hardware Infrastructure  NetworkConfiguration  SizingandPerformance RelatedConsiderations  ScalabilityPlan Data Centre and Disaster Recovery Site Strategy for Disaster Recovery (DR) DisasterRecoveryisa strategyusedforprovidingalternateoptiontoatleastrestore keyoperationsin case problemsatmainsites.Inthe contextof IT services,typicallyDRrelatestocreatingbackupsor havingalternate site forrestoringthe operations.Below isamatrix showingthe differenttypesof disasterrecoverystrategiesapplicableforthe ZOGS projectalongwiththeirtechnical specifications: Data Replication  SAN Replicationbetweenthe Data Centersforcritical data basesneededto meetacceleratedRPOrequirements(up to 2hours or lessof lostdata) DedicatedDBServers  Deploymentof RecoveryDataCenter Database ServerCapacityto supportthe critical Data Bases

15. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 14 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL DedicatedApplicationServerCapacityforCritical Applications  Procurementof additional virtualization capacityat the RecoveryDC  Purchase of additional applications, middleware,andtool serversatthe RecoveryDC  CPU, Memory,and Logical Partition upgradesto existingdevelopment,test, and stage serversatthe RecoveryData Center  Upgrade of the RecoveryDC Operations (people andprocess) capabilitiesto supportproductionrequirements  Expansionof E-mail Infrastructure to supportresiliencyacrossthe Data Centers EnhancementstoReduce RecoveryTime, Complexity,&Risk  WirelessNetworkDeployment  TechnologyServicesToolsResiliency  BCP SecurityAccessChanges Tech ServicesTools  Make monitoringandsupporttools resilientorquicklyavailable atthe recoverydatacenter Technical specificationsfor the DRC for the ZOGS program The followingwithrespecttoDisasterRecoveryisrecommendedforthe ZOGS program: Technical Considerations  Networkconnectivityandsufficientbandwidthwill be neededbetweenDCandDRC; burstable bandwidthprovisioningshouldbe negotiatedwithWAN provider(s).  Systemsoftware shouldbe usedtosynchronizeplatformsatproductionandrecoverylocations  Dedicatedequipmentisrequiredatthe DRC,but itcouldbe usedtoprovide testingor developmentduringnormal operations  Automatedprovisioning/repurposingof testanddevelopmentequipmentfor production/recoverypurposesisarecommendedcapability  Boot-from-SAN,Igniteorsimilarprocessshouldbe usedtoreduce recoverytime  Regular,full-scale testingof the disasterrecoverysolutionshouldbe performed  A distinctDRsite shouldbe createdinthe nextseismiczone,designedasthe backup(mirror) site to the mainsite.The DR site shoulddeploythe entire applicationsolution(currentand latestversionof the applicationbuilds,andall solutioncomponents).

16. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 15 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL  The DR site shouldbe invokedautomaticallywhenthe productionsitefailstoprovide its servicesanditshouldensure thatitsupportsa degradedperformance of atleast80 percentof that prescribedforthe primarysite.  It shouldbe ensuredthatdatais replicatedatthe DR site at regularintervals  Routine testsshouldbe simulatedtoensure thatincase of an emergency,rollovertothe DR site happensautomaticallywithoutanyservicedowntime.  ZOGS shouldrunall servicesandtransactionsfromthe DR Site,at leastonce ina month,on a non-peakdaytocheck itsperformance incase of an exigencyandservice provider(s) should performDR drillsmonthly.  In termsof storage requirementsforthe DRC, ZOGSneeds toimplementsome type of InformationLifecycle Management(ILM) approach.Data needstobe classifiedandplacedon the appropriate classof storage. ZOGS needs toimplementasynchronousorasynchronous replicationapproachforcritical data(e.g. SRDF,TrueCopy,PPRC,SnapMirror,etc.).  In additionto ZOGS’s disasterrecoveryinitiatives,otheroptionsalsoinclude investigatingthe use of thirdpartyvendorsto provide offsite datastorage.Offsite datastorage servicesfroma thirdparty providerprovide asecuredmeanstostore critical businessandapplicationdatain the eventof a disaster.Manyof these vendorsalsoprovide disasterrecoveryservices,which may include the abilitytouse vendorhardware torun ZOGSbusiness applicationsin the event of a disastertothe ZOGS operations center. ServerSide RecommendationsforDRC at ZOGS  The serversshouldbe designedinan“Active/Passive”strategyforthe SAN replication.  The serverslocatedinthe CDC will continuallyreplicate tothe clusteredserversinDRC.  All storage/database servershave matchingmodel numbers,CPUandmemoryconfigurations. There are duplicate SAN withidentical diskconfigurationsonbothsites  Use of technologiestocreate andmaintainstandbydatabases  Non-Productionserverswouldbe usedtosupportProductionduringadisasterorextended outage  As a part of the disasterrecoveryprocedures,all non-productioncomponents/serverswouldbe shutdown.  The productionWeband Applicationserverswouldbe mountedonthe non-production hardware fromthe mirroredcopies.The productiondatabasescanbe startedfromthe standby databasesor restoredfroma backupor mirroredcopydependingonthe disasterscenario.  ServerClusterwill deliverhigh-availabilityfunctionalityto the Solution.Thiswillenable the applicationstoremainavailable inthe case of a hardware;networkorOperatingSystemfailure on one of the serversinthe clustergroup.  These ServerClusterswill be configuredwithclusterresourcesrequiredbythe BAPapplication. These resourcesincludenetworknames,IPaddresses,applicationdata,services,anddisk drives.Once the Clusterresourcesare broughtonlineitthenbeginsprocessingclientrequests.

17. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 16 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Connectivity betweenCDC andDR Site innormal operation DR (DisasterRecovery) site shouldbe ata differentseismiczone fromthatof CDC. To ensure undisturbedconnectionbetweenCDCandDR site the connectivityneedstobe at leastfromtwo individualISPs,one isformainnetworkconnectionandthe otheris as fall back option.SimilarlyinDR site,internetconnectivityshouldbe same like CDC.Itisrecommendedtohave anonline replication betweenCDCandCDC – DR site.

18. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 17 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Business Continuity Plan ZOGS ’s Data Centre will hostcritical applicationsanddatabase whichneedstobe protectedfrom variousthreatsof disastertominimize businessinterruption/disruption.BusinessContinuityPlanningis the act of proactivelyplanningawayto prevent,if possible,andmanage the consequencesof adisaster, limitingittothe extentthata businesscanafford.Businesssurvival isanissue withall organizations,big or small,due tovariousthreatsand vulnerabilitiessuchas: 1. catastrophicevents - floods,earthquakes,oractsof terrorism 2. accidentsor disruptionbyinternal orexternal factors 3. outagesdue to an applicationerror,hardware ornetworkfailures Businesssurvival necessitatesplanningforeverytype of businessdisruptionincluding,butbynomeans, limitedtothe above mentionedcategoriesof disasterswithresultsrangingfrominsuredlossesof replaceable tangiblestouninsurable capital losses tocustomerdissatisfactionandpossible desertionto complete insolvency. A businesscontinuityplanisaninsurance againstsuchdisastersandensuresthatkey(if notall), businessfunctionscontinue.A businesscontinuitystrategy,then,isahigh-value aswell asahigh- maintenance proposition.Inthiscontext, ZOGSisnoexceptionanditisas vulnerable asanyother enterprise globally. The keychallenge of businesscontinuitypreparationisnottechnology,butthe internal “business” aspectsthat beginatthe foundationlevelof anyprojectandcontinue throughoutitslife cycle:suchas justification,executivebuy-in,broadorganizational support,governanceandpolitics. Perhapsthe mostimportantpointtomake about businesscontinuitysupporttechnologiesisthatits effectivenessdependsentirelyuponthe organization’stop-downcommitmenttothe entire project, includingupdatingandtestingITSystemsandInfrastructure,recommendingsuitable policiesfor maintenance toremainevergeared upforan unexpectedturnof events. Therefore,itisstronglyrecommendedtohave a comprehensive BusinessContinuityPlanningand DisasterRecoveryinitiative at ZOGSwithfull commitmentandsupportfromtopmanagementand seniorexecutives.EventhoughBusinessContinuityPlanning(BCP)appearstoprimarilydeal with technology,itisequallyassociatedwiththe business

19. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 18 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Recovery Point and Time Objectives for the Solution The businessrequirementsforITdisasterrecoveryserviceswere capturedbyreviewingeachof the key businessprocesseswithinthe functional areasof ZOGS, identifyingforeach: 1. How quicklyfollowingadisasteraparticularprocessneedstobe operational (the RTO– RecoveryTime Objective) 2. The amount of data that can be lostas a resultof a disaster(the RPO – RecoveryPoint Objectives) In addition,variousdesignattributesrelatingtothe process,suchas,if there isa workaroundthatcan be put inplace,if it isnecessarytobe able toperformthe processout of the office,were identified. Functional Areas Reviewed 1. Online submissionof dataand electroniccommunicationmanagementare consideredthe highestpriorityfunctional areaforrestorationinthe eventof adisaster. 2. Reportingandanalytics,trackingandmonitoringandworkflow are consideredtobe of medium priority. BusinessProcessesConsidered o Restorationpriorities(RTO) alignwithbeingable tocommunicate withthe externalstakeholders, beingable tocomplete disclosure transactions,andthe abilitytobe able accessandupdate documents. o Zerodata loss(RPO) isrequiredforall the critical functionalities.

20. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 19 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL DR Approachesand Options 1. Priorto the capture of businessrequirements,threeapproachestoDRwere definedproviding differentlevelsof recoverycapability. 2. Followingthe capture of the businessrequirementsandtechnologyconstraints,three solution optionswere developedbroadlyinline withthe three approaches. 3. Option 1 Data for critical applicationsreplicatedinreal time betweenthe existingdataCentre andanear site locatedoutside ZOGS.In case of any failures,replicationwill take place betweenthe DCandnear site almostat real time forimmediate prevention.Intermsof storage capacityandspecificationsthe near site will be areplicaof the DC. Dependinguponthe level of urgencyof recovery,the transactional capabilitiesalsocanbe made available inthe DRC.Replicationwill alsotake place betweenthe nearsite and the DRC. Processingequipmentinthe DRdata centerwill be maintainedforall services.

21. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 20 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL RPO: Almostzerolossof saveddatafor critical applications. 1. RTO: Recoveryof critical applicationswithin2hoursof invocation. 2. Performance incase of disaster:Same asnormal for critical applications,reducedfornoncritical applications. 3. Benefits:Meetsandexceedsrequirements.Simplestfailbacktoproductionoperationrequiring relativelyminimal outage (e.g.overnight). 4. Weaknesses:Costsof fibersopticlinkswill varysignificantlybetweendatacenters(careful choice required).Operatorerrorinthe nearsite and the DRC environmentcouldimpact productionoperations.If evencomputationpowerisreplicatedinthe nearsite aswell,the costs will goevenhigher Option 2 Architecture similartoOption1, exceptthatlowerperformance andcostnetworklinksbetweenthe data centersare provisionedsuchthatthe replicationof databetweensiteswill incuralag. 1. RPO: 30 minutesof dataloss. 2. RTO: Recoveryof critical applications within2-4 hours,althoughadditional testingpriortoservicescomingonline andpotential synchronizationerrorsmaycause recoverytime tobe extended. 1. Performance incase of disaster:Slightlyreducedrelativetonormal operationforcritical applications,reducedfornon-criticalapplications. 2. Benefits:Meetsrequirements(withsome riskonrecoverytime objective). 3. Weaknesses:Failbacktonormal operationrequiresaplanneddayof outage Comparisonof Options 1. Option3 providessome improvementsoverthe currentstate,primarilythe certaintythata facilityandsystemswillbe available torecoverthe services. However, the RTOobjectivesfor prioryareas wouldbe notmetand recoveryreliesonrelativelyunreliabletapes.Option3is not a recommendedapproachgiventhe scale of incremental investmentrequiredrelativetothe benefitdelivered. 2. Option2 meetsmostof the businessrecoveryrequirementsandwillcostlessertoimplement than Option1. However,the costdifference isnotaslarge as anticipatedbecause the asynchronousreplicationsoftwarecostsmore thanthe synchronousequivalentandislicensed by terabyte of datareplicated.Thisislikelytoresultinrecurringchargesincreasingmore sharply inthisoption,thanin Option1 (where the software islicensedperdevice). 3. Option1 meetsthe businessrecoveryrequirements.Assessingthese optionsagainstselection criteriaincludingIToperational risk,costandmatch to businessrecoveryrequirements,Option 1 can be the preferredsolution.The relativelysmall incremental costs bring: a. minimized dataloss(zeroforsaveddatain critical processes), b. fasterrecoveryof services, c. relative ease of failback,negatinganyprolongedperiodof outage, d. ease of maintainabilityand

22. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 21 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL e. a potential platformforfurtherimprovingcontinuityinthe future through‘stretching’ primaryservicesbetweenthe DCandDR data center.Althoughthiswouldbe atextra cost, itis notpossible withotheroptions. Strategy for Business Continuity Planning (BCP) In the contextof IT services,typicallyBCPrelatestocreatingbackupsorhavingalternate mechanismfor providingun-interruptedcontinuousservicesduringacrisis.Adherence tothe followinglistensuresthat the BCP strategyworkswithutmostease at the time of any contingency. The Alternate Site (AS) shouldbe exactlylike MainSite (MS) instorage capacityand shouldshare standbyforeach otherincase of failure,switchingimmediatelyincase of a failure.The performance level shouldnotgobelow80%incase of failure of eithersite. 1. Duringnormal operations,bothmainsite andalternate site shouldbe runninginthe “Active- Passive”mode withanautomaticloadbalancerbetweenthem, sharing80per centof the full envisagedload. 2. Maximumtime fora downsite to recovershouldbe 24 hours. 3. Minimal datalossshouldbe envisagedduringfailureandthattoo onlyto the extentof data beinginthe transmissionlines.Also,all suchincidentsshouldbe suitablynotifiedtothe clients/users. 4. A drill shouldbe carriedoutrandomlyonce everymonthtotestthe BCP functionality. 5. Vendorsshouldbe encouragedtosuggesttheirownbusinesscontinuityplanduringtendering process.Evaluationof solutionproposedbythe vendorsandSLAsproposedbythemshouldbe keyparametersforevaluatingthe technical proposals Scalability andObsolescence Plan As the ZOGS portal envisagesapotential userbase of consumers,employees/managementof ZOGS, Scalabilityismust-have aspecttobe incorporatedinthe solutionarchitecture,design,implementation and management.The proposedsolutiontriestomeetthe scalabilityrequirementsfromanumberof angles,suchas: Technical Angle The followingcomponentsof the technical solutionwouldhelpcatertothe envisagedscalability requirements.These have alsobeencoveredinthe applicationarchitecture section.  Load balancing– thiscomponentwouldprovideloadbalancingcapabilitiesforincoming requests,therebyallowingthe portal usertraffictobe uniformlyservicedbya numberof front- endservers.ApplicationServerWebCachingwouldbe usedforprovidingthisfunctionality.  Caching– Cachingserviceswouldprovide auniversalviewof the cachingbymeansof cachingof the following  Webcontent  Data  User Information

23. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 22 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Thiswouldbe made possible byretainingversionsof renderedwebpages,commonwebpage areas (headers,footerandnavigationpanels),frequentlyaccesseddata,rarelychangingdatafromexternal applications/services.Cachingwouldresultingreaterperformance,responsivenessandscalabilityby reducingrepeateddatabase accessforsame data,executionof webpage generationlogic,cross-system callsor businesslogic.Cachinglayerwouldhave built-inintelligencetoholddatain the memorybased on frequencyof access,change frequency,user behavior.Techniquestoinvalidate the cache when newerdatais available wouldalsobe applied. – The database design,developmentandoperationalplanswouldbe designedusingproven bestpracticesfor data centricapplicationstoensure maximumpossible scalability. OperationsAngle From an Operationsperspective,the followingbestpracticeswouldbe followedtoensure scalability. Regulardatabase re indexing 1. Well-defineddatabase maintenance plans 2. Well-definedmaintenance plansforservers 3. Diagnostictuningof serverstoensure bestperformance 4. QuickFailure Isolationandreplacementof faultycomponents 5. Periodically measure the system performance counters of the server using System Management Console to ensure that the hardware is scaling up 6. Disable unnecessary heavy performance logging in the system. (e.g. Windows PerfMon) 7. Defragment the storage periodically 8. Check the storage health periodically Infrastructure Angle From an Infrastructure perspective,the followingbestpracticeswouldbe followedtoensure scalability. 1. HighAvailability:Application,Webanddatabase serversneedtobe designedinfailoverand firmmode withan abilitytoensure full-proof operations 2. Redundancy:Adequateprocessingandcapacityredundancyneedtobe builtinwithinthe systemtoensure zeroto minimal disruptioninthe overalloperations 3. Optimal networkdesigntoensure bestbandwidthusages 4. Ideal recycle timesforthe WebServerprocess.Ensure thatitis setto be recycledbasedonthe resource utilization

24. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 23 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Security Frameworkfor ZOGS Solution Application Security Strategy The strategyfor ZOGS applicationlevelsecurityincludingall developmentproductioninstancesisto grant securityaccesson a “leastprivileged”basis.The leastprivilegedsecurityapproachwill restrict usersonlyto the componentsandreportsthattheyrequire accessto,in orderto performtheirjob.This will be accomplishedbyimplementingan“All DoorsClosed”approachto applicationsecuritywithin the Solution.Thismeansthatbydefault,userswillbe preventedfromaccessinginteractive applicationsand data unlesstheyhave beenexplicitlyauthorized.Securitylevelsandtechniqueswillbe appliedwithin the solutiontoachieve thisobjective,balancingsecurityrequirementswithbusinessneeds. Thissecuritystrategywill be implementedinamannerthat providesforasefficientadministrative process,as possible aftergolive. Basic applicationsecuritywillbe usedtopreventaccesstokeyconfigurationandadministrative applications.Action,processingoptionandothersecuritymethodswill be implemented tofurther secure allowedobjects. Accessto applications,reports,andtoolswill be grantedonanindividualrole basis.Eachuserwill belongtoa securityrole towhichsecuritywill be applied.ITwill be allowedforthe userstobelongto more than one securityrole.Ingeneral,the securityroleswillbe designedsuchthateachuserwill only have one securityrole perenvironment.Securitywill be appliedatthe Role level,notthe userlevel. Security Considerations ZOGS solution willbe utilizingmanyenvironmentswithinone instanceof the Solution duringthe design and implementationprocess,throughtoproduction.Userscanbe assignedspecificenvironmentsand securedoutof the remainingenvironmentsdependingontheirinvolvementinthe developmentand testingof the systemdesign.Eachof the environmentswillhave itsownsetof businessdata.Datain one environmentcannotbe accessedunlessspecificaccessisgrantedto a User or Role to that environment. It isrecommendedthatanauditof the userlistbe reviewedperiodicallyaftergolive,tohelptoensure that usershave beenassignedappropriate environmentsandtoidentifyunauthorizedaccesstothe Productionenvironment. Environment Environment Description Purpose PD Production Live System TR Training Trainingof Users QA QualityAssurance ValidatedTesting DV Development Development Environment The followingtable showsalistof accessby environmentforthe developmentandprojectteamsaswell as endusers.

25. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 24 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL PD TR QA DV CV Key Users N N Y N N Admin istrato rs Y Y Y Y Y Projec t Team N N N Y Y Traini ng N Y N N N Produ ction Suppo rt Y N N N N In interactive applicationswithdrill downoptions,the securityoptionsmustalsobe configuredforthat useror role to be able to drill down. 3. Row Security will be usedtorestrictaccess, throughSolution,tothe datain tables.The use of row securitywill be limitedtosituationswherethe othersecuritytypesprovetobe insufficient,due tothe systemperformance implications. 4. ColumnSecurity will be usedtorestrictaccessto the data in the Solutiondatatablesandin applicationsandforms.Asthissecuritytype doesnothave anysignificantimpactonperformance,itis expectedthatthissecuritywillbe usedinthe ZOGSapplication securitydesign,incompliancewith businessrequirements,in ordertoprotectkeydata fields. 5. Form Security will be usedtorestrictendusersfromopeningunauthorizedandrestricteddatainput formsfor data entry. 6. Report Security will be usedtorestrictaccess, throughSolution,tothe unauthorizedstaticand cannedreports. 7. Analytical Security will be usedtoallow endusersaccesstosearching/selectingtablesorbusiness views(i.e.,creatingad-hocqueries). 8. Design Security will be usedona need-onlybasisinthe ZOGSsecurity design.Thissecurityrestrictsor allowsthe role the abilitytomake changestothe webpages/tabs/forms/reports/RDBMSandother componentswithinthe entire solution.Here typicallythe accesswill be giventoSystemAdministrators.

26. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 25 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Other Security Considerations . Roles & EnvironmentEnvironmentsare definedatthe Role level.A role needstobe explicitlygranted access to an environmentbefore privilegesassignedtothe role canbe effective inthatenvironment Role Based Security Strategy Securityroleswill be basedonthe functionalbusinessprocessdesignstobe createdby the implementation teamandwill be approvedbythe businessprocessowners.Userswillbe assignedto these rolesbythe ZOGS ’sbusinessprocessownersbasedonthe user’sjobfunctions. ZOGS will developseparateuserrolesforthe followinggroupsof users: Technical andPowerUsertype roles EndUser Functional Roles Data inputRoles(Rolesdesignedspecificallyfor the external stakeholderssuchasinsurersand intermediariesetc.) Technical Frameworkfor Security Thissectionelaboratesthe securityneed forZOGSto safeguardthe data,information,othercontents, applicationsfromvariousinternal andexternalsecuritythreats.athree tiersecuritysystemisproposed for the Solution,asfollowing:  Application  Systemand  Network

27. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 26 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL Using Amazon webservers (AWS) to realize ZOGS Solution Architecture The followingsections willlook at why and how such an architecture should be and could be deployed in the Amazon Web Services cloud.

28. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 27 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL 1. Route 53 Provides DNS services to simplify domain management and zone APEX support (http://zadak.com) 2. Elastic Load Balancer ELB to spread traffic to Web Server Auto scaling groups 3. Exterior Firewall moved to every Web Server instance via Security Groups 4. Auto Scaling Web Tier Group of EC2 instances handling HTTP requests 5. Backend Firewall moved to every back-end instance 6. App Server Load Balancer Software LB (e.g. HAProxy) on EC2 instances to spread traffic over app server cluster 7. Backups Amazon S3 used for storing Static Object and Backups (S3 Bucket) 8. Auto-scaling App Tier Group of EC2 instances running the actual app. Instances belong to Auto Scaling group 9. ElastiCache Provides caching services for app, removing load from database tier 10. DB Tier MySQL RDS DB creates a highly available architecture with multi-AZ deployments. Read-only replicas can also be used to scale read intensive applications

29. Solution Architecture - ZADAKOnline GroceryShopping Project (ZOGS) 28 OCT 2016 By Solution Architect: Eng.Mohammed Omar Abdurrahman, PMP, TOGAF, CISA, ITIL How AWS Can Solve Common Web Application Hosting Issues If you are responsible for running a web application, you face a variety of infrastructure and architectural issues for which AWS can provide seamless and cost-effective solutions. The following are just some of the benefits of using AWS over a traditional hosting model: A Cost-Effective Alternative to Oversized Fleets Needed to Handle Peaks In the traditional hosting model, servers need to be provisioned to handle peak capacity, and unused cycles are wasted outside of peak periods. AWS-hosted web applications can leverage on-demand provisioning of additional servers, so you can constantly adjust capacity and costs to actual traffic patterns. A Scalable Solution to Handling Unexpected Traffic Peaks An even more dire consequence of the slow provisioning associated with a traditional hosting model is the inability to respond in time to unexpected traffic spikes. There are many stories about web applications going down because of an unexpected spike in traffic after the site is mentioned in the popular media. The same on-demand capability that helps web applications scale to match regular traffic spikes can also handle an unexpected load. New hosts can be launched and ready in a matter of minutes, and they can be taken offline just as quickly when traffic returns to normal. An On-Demand Solution for Test, Load, Beta and Pre-Production Environments The hardware costs of building out a traditional hosting environment for a production web application don’t stop with the production fleet. Quite often pre-production, beta, and testing fleets also need to be created to ensure the quality of the web application at each stage of the development lifecycle. While various optimizations can be made to ensure the highest possible utilization of this testing hardware, these parallel fleets are not always utilized optimally: a lot of expensive hardware sits unused for long periods of time. In the AWS cloud, you can provision testing fleets only when you need them. Additionally, you can simulate user traffic on the AWS cloud during load testing. You can also use these parallel fleets as a staging environment for a new production release, which allows for quick switchover from current production to a new application version with little or no service outages.

Add a comment