Agile Architecture Method Explained - Chapter 5 - Step 4: Key Hot Spots

From Guidance Share

- J.D. Meier , Alex Homer, David Hill, Jason Taylor , Prashant Bansode , Lonnie Wall, Rob Boucher Jr, Akshay Bogawat.

Contents 1 Overview 2 Outcomes 3 Architecture Frame 4 Quality Attributes 5 Quality Attribute Frame 6 Security Frame 7 Performance Frame

Overview

Identify the hot spots in your application architecture to understand the areas where mistakes are most likely to be made. Key hotspots can be organized around quality attributes and cross cutting concerns.

Outcomes

• Architecture Frame analysis
• Quality attribute analysis

Architecture Frame

The architecture frame represents cross cutting concerns that will impact your design across layers and tiers. These are also the areas in which high impact design mistakes are most often made. Use the architecture frame to identify hot spots in your design that require additional attention to get right.

You can use the following architecture frame to identify cross cutting concerns in your design:

Area	Description
Authentication and Authorization	How to choose an authentication strategy. How to choose an authorization strategy. How to flow identity across layers and tiers. How to store user identities when not using Active Directory.
Caching and State	How to choose an appropriate caching technology. How to determine what data to cache. How to determine where to cache the data. How to determine the expiration policy.
Communication	How to choose appropriate protocols for communication across layers and tiers. How to design loose coupling across layers. How to perform asynchronous communication. How to pass sensitive data.
Composition	How to choose a composition pattern for the user interface (UI). How to avoid dependencies between modules in the UI. How to handle communication between modules in the UI.
Concurrency and Transactions	How to handle concurrency between threads. How to choose between optimistic and pessimistic concurrency. How to handle distributed transactions. How to handle long running transactions.
Configuration Management	How to determine what information needs to be configurable. How to determine where and how to store configuration information. How to protect sensitive configuration information. How to handle configuration information in a farm/cluster.
Coupling and Cohesion	How to choose an appropriate layering strategy for separation of concerns. How to design highly cohesive components and group them within layers. How to determine when loose coupling is appropriate between components within a layer.
Data Access	How to manage database connections. How to handle exceptions. How to improve performance. How to handle binary large objects (blobs).
Exception Management	* How to handle exceptions. How to log exceptions. How to provide notification when required.
Logging and Instrumentation	How to determine which information to log. How to make the logging configurable. How to determine what level of instrumentation is required.
User Experience	How to improve task efficiency and effectiveness. How to improve responsiveness. How to improve user empowerment. How to improve look and feel.
Validation	How to determine where and how to perform validation. How to validate for length, range, format, and type. How to constrain and reject input. How to sanitize output.
Workflow	How to choose the appropriate workflow technology. How to handle concurrency issues within a workflow. How to handle task failure within a workflow. How to orchestrate processes within a workflow.

Quality Attributes

Quality attributes are the cross cutting concerns that affect runtime performance, system design and user experience. Quality attributes are important for the overall usability, performance, reliability, and security of software applications. The quality of the application is measured by how the application possesses a desired combination of these quality attributes. When designing applications to meet any of these requirements it is necessary to consider the impact on other requirements or by taking them into account. You need to analyze the trade-offs between multiple quality attributes. The importance or priority of each quality attributes differs from system to system, for example in LOB system performance, scalability, security, and usability will be very important than interoperability, but in packaged application interoperability will be very important.

Quality attributes represent areas of concern that have the potential for application-wide impact across layers and tiers. Some are related to the overall system design, while others are specific to runtime, design time, or user-centric issues. Use the following table to help you organize your thinking about the quality attributes, and to understand which scenarios they are most likely to affect.

Type	Quality Attributes
System Qualities	Supportability Testability
Runtime Qualities	Availability Interoperability Manageability Performance Reliability Scalability Security
Design Qualities	Conceptual Integrity Flexibility Maintainability Reusability
User Qualities	User Experience / Usability

Quality Attribute Frame

The following table frames out the quality attributes covered in this chapter. You can use this table to understand what each of the quality attributes means in terms of your application design.

Category	Description
Availability	Availability defines the proportion of time that the system is functional and working. It can be measured as a percentage of the total system downtime over a predefined period. Availability will be affected by system errors, infrastructure problems, malicious attacks, and system load.
Conceptual Integrity	Conceptual integrity defines the consistency and coherence of the overall design. This includes the way that components or modules are designed, as well as factors such as coding style and variable naming.
Flexibility	Flexibility is the ability of a system to adapt to varying environments and situations, and to cope with changes to business policies and rules. A flexible system is one that is easy to reconfigure or adapt in response to different user and system requirements.
Interoperability	Interoperability is the ability of diverse components of a system or different systems to operate successfully by exchanging information, often by using services. An interoperable system makes it easier to exchange and reuse information internally as well as externally.
Maintainability	Maintainability is the ability of a system to undergo changes to its components, services, features, and interfaces as may be required when adding or changing the functionality, fixing errors, and meeting new business requirements.
Manageability	Manageability defines how easy it is to manage the application, usually through sufficient and useful instrumentation exposed for use in monitoring systems and for debugging and performance tuning.
Performance	Performance is an indication of the responsiveness of a system to execute any action within a given interval of time. It can be measured in terms of latency or throughput. Latency is the time taken to respond to any event. Throughput is the number of events that take place within given amount of time.
Reliability	Reliability is the ability of a system to remain operational over time. Reliability is measured as the probability that a system will not fail to perform its intended functions over a specified interval of time.
Reusability	Reusability defines the capability for components and subsystems to be suitable for use in other applications and in other scenarios. Reusability minimizes the duplication of components and also the implementation time.
Scalability	Scalability is the ability of a system to function well when there are changes to the load or demand. Typically, the system will be able to be extended over more powerful or more numerous servers as demand and load increase.
Security	Security defines the ways that a system is protected from disclosure or loss of information, and the possibility of a successful malicious attack. A secure system aims to protect assets and prevent unauthorized modification of information.
Supportability	Supportability defines how easy it is for operators, developers, and users to understand and use the application, and how easy it is to resolve errors when the system fails to work correctly.
Testability	Testability is a measure of how easy it is to create test criteria for the system and its components, and execute these tests to determine if the criteria are met. Good testability makes it more likely that faults in a system can be isolated in a timely and effective manner.
Usability	Usability defines how well the application meets the requirements of the user and consumer by being intuitive; easy to localize and globalize; provide good access for disabled users; and provide a good overall user experience.

Security Frame

Security frames define a set of pattern-based categories that organize repeatable problems and solutions. You can use these categories to divide your application architecture for further analysis, and to help you identify application vulnerabilities. The categories within the frame represent the critical areas where mistakes are most often made.

Category	Description
Auditing and Logging	Who did what and when? Auditing and logging refer to how your application records security-related events.
Authentication	Who are you? Authentication is the process where an entity proves the identity of another entity, typically through credentials, such as a user name and password.
Authorization	What can you do? Authorization refers to how your application provides access controls for resources and operations.
Configuration Management	Who does your application run as? Which databases does it connect to? How is your application administered? How are these settings protected? Configuration management refers to how your application handles these operations and issues.
Cryptography	How are you handling secrets (confidentiality)? How are you tamper-proofing your data or libraries (integrity)? How are you providing seeds for random values that must be cryptographically strong? Cryptography refers to how your application enforces confidentiality and integrity.
Exception Management	When a method call in your application fails, what does your application do? How much information do you reveal? Do you return friendly information to end users? Do you pass valuable exception information back to the caller? Does your application fail gracefully? Exception management refers to how you handle exceptions within your application.
Input and Data Validation	How do you know that the input your application receives is valid and safe? Input validation refers to how your application filters, scrubs, or rejects input before additional processing. Consider constraining input through entry points and encoding output through exit points. Do you trust data sources such as databases and file shares?
Sensitive data	How does your application handle sensitive data? Does your application protect confidential user and application data? Sensitive data refers to how your application handles any data that must be protected either in memory, over the network, or in persistent stores.
Session Management	How does your application handle and protect user sessions? A session refers to a session of related interactions between a user and your Web application.

Use the security frame to determine key security design decisions for your application.

Performance Frame

The following performance frame defines a set of patterns-based categories organized around repeatable problems and solutions. You can use these categories to divide your application architecture for further analysis, and to help identify application performance issues. The categories within the frame represent the critical areas where mistakes are most often made.

Category	Description
Caching	What and where to cache? Caching refers to how your applications stores frequently used data at a location close to the point of use to reduce the number of round-trips. The main points to be considered are per-user caching, application-wide caching, and data volatility.
Communication	How to communicate between layers? Communication refers to choices for transport mechanism, boundaries, remote interface design, round trips, serialization, and bandwidth.
Concurrency	How to handle concurrent user interactions? Concurrency refers to choices for transaction, locks, threading, and queuing.
Coupling / Cohesion	How to structure the application? Coupling refers to the relationship between components or sub-systems. Tight coupling leads to the creation of an architecture where changes ripple through components making it hard to understand and modify the code. Cohesion refers to the way components or classes are composed. If a component or class has a well-defined role within the entire system, then it is said to be highly cohesive.
Data Access	How to access data? Data access refers to choices and approaches for schema design, paging, hierarchies, indexes, volume of data, and round trips.
Data Structures	How to handle data? Data structures and algorithms refer to the choice of code algorithms, and the choice of application entities (such as arrays or collections).
Exception Management	How to handle exceptions? Exceptions management refers to choices and approaches for catching, managing, and throwing exceptions.
Resource Management	How to manage resources? Resource management refers to approach for allocating, creating, destroying, and pooling application resources.
State Management	What and where to maintain state? State management refers to how your application maintains state. The main points to consider are per-user state, application-wide state, state persistence, and state store location.

Use the performance frame to determine key performance design decisions and understand possible performance bottlenecks for your application.