This blog quickly runs though some basics on architecture principles & how I use them.
The company I work for, has a specific set of architecture principles. Within our hybrid Infra team, we limited it to 5 principles so it would be easy for all architects to memorise and learn them. Whenever someone comes to me with a design idea, or an architecture to review, or even an architecture concern the first thing I do is in the back of my head, think about architecture principles. Principles are in the motivation layer of an ArchiMate model.
I tend to think of a principle in architecture as being the same as a principle in the real world – its a rule that we strive towards achieving. The ArchiMate manual defines it as a statement of intent or general property that applies to any system in a context.
An example principle
I will use a simple example principle. Lets say our architecture board established a principle “Systems must be available 99.9999% of the time”
When we define a principle, it should be a simple statement like above, but normally there is a need to document further the exact meaning and scope of a principle, as well as its issuing authority.
If it was a principle applied to our unit, or is in scope, in our design documentation we would state it – and we could connect it to a set of requirements like this for example:
We might decide that we will not be able to achieve a principle. having a high resilience is often expensive, and we may have a requirement to keep costs low, or to implement interim solutions quickly. The important thing is we:
identified the principle
identified how we meet it
if we cannot meet it,we identify that we cannot meet it
We flag principles we cannot meet
We have it agreed with the relevant stakeholder that it is OK to go against the stated principle.
Establishing new requirements
When I drew the view above for the fictional web hosting solution I have sometimes developed in my blogs, i quickly came to thinking of many requirements. I used “…” to represent them above for brevity, but this is another important part of working with principles. Automatically when I started to think about the principle I started to ask myself the question “What do i need to do to achieve it?”.. Suddenly, I started to think about the IT Architecture Aspects and think, I would need to consider people and resourcing, to have resilient processes in place, and so on. Many requirements started to come to mind that I might capture. I may also identify risks when we cannot meet principles.
Had this been a real project i would be validating the principles against the requirements, and I may even define new requirements to meet the needs of the specific principles. I would of course also make sure that in addressing the principles all relevant stakeholders and actors stakeholders were considered.
Of course we do not have to do all our work in ArchiMate, but its a good flexible approach.
Principles have owners. If a leadership team sets a principle, then I would normally say that that leadership team (or someone they nominate) needs to approve any deviation from that principles
Summing it up
Many times I have worked with architectures and stopped work happening early. because I know our principles by heart, and can state that doing something would be a risk and go against our defined business needs.
Principles are a very good way of representing the intent of an organization, unit or specific stakeholders. They can ensure that all the work architects do head in a commonly defined direction.
Control Services are a mechanism we can use to implement security control measures. I wrote this blog to demonstrate that controls are real things, which we should carefully consider; not just line items on a spreadsheet.
The Common Understanding Of Controls
I’ve seen very varied levels of understanding on control measures.
The most crude level of control implementation I have seen is where a project just runs through an excel with a list of questions. For example, they will simply ask the question “is the web server traffic authenticated?” and a technical person says “yes”.
That’s not really a control so much as it is a check of the current state. Some people argue that the exercise of running through the checklist and answering those questions is a control – and to a limited extent I can except that; This basic checking is better than no checking. However, There are varying levels of control, I tend to think about controls in terms of continuous control.
Its important to note there is a balance to be had; In designing any solution you need to think about your requirements, and you need to think about effort, vs return. Its just as easy to over engineer things as it is to under engineer them. Every now and then when I am designing something I stand back and ask myself – is this too much?
The subject of fully modelling security will take a few blogs, and wont try to cover everything here. A lot can be said around FAIR / SABSA way of doing things. There’s a whole bunch of related concepts and elements that I am not covering here.
The Control Measure
There are many frameworks out there that have security controls – for example the Cloud Security Alliance has the Cloud Controls Matrix. When representing a control it can be modeled in standard ArchiMate as a Goal element. Those of us using BiZZdesign’s Enterprise Studio (BES) have a set of elements especially for risk management – so we can represent them directly. In our example we are going to use a fairly simple control – Authentication – a standard control that exists in any number of frameworks. Figure 1 – shows how a control service realizes a control. In BES security controls can be modeled in figure 1.
For those using BES, Control Services can be created in a risk and security view. Although that view type only has a few elements in the create window, its possible to paste architecture from other views into a risk and security view. Enterprise studio will also allow you to assign a control strength to a control and has a number of features relating to modelling risk and security. Control services in BES – have a padlock next to them.
Showing a control service within your architecture
Representing a control service as part of an architecture model is easy. so as an example if I created my Authentication Control Service you could see it represented on a diagram like this:
In this case I have associated my service with some application components. Already this beats the approach of just saying “yes, we have authentication”. Its showing how our controls are implemented; we can see exactly where in our architecture our control is enforced.
Designing a Control Service
The authentication control is a simple example, but right from the beginning I can ask some simple questions:
How do I ensure that control is being continually achieved?
What do I want to happen if things fail?
How much of this control can I automate?
I was talking to a colleague about implementing this kind of a control in a conversation in the office and I came up with something like this:
Figure 3 was a quick view drawn to support a conversation, during a conversation. Its not a complete architecture but it does show some elements we can use to control authentication at an application layer. This control would be fairly easy to scale because it doesn’t rely on any person to check it. It leverages policies in active directory, and in this simple example I was demonstrating that we need a mechanism that shows continuous control.
You can see I was showing that we do not just need an authentication mechanism but we also need a mechanism to ensure its applied – you can have the best burglar alarm in the world, but if you don’t switch it on, its useless.
The view doesn’t cover all the IT Aspects; In itself it raises other questions we would need to answer in other views; for example:
Where would we run the different application components?
Who supports this architecture?
How would it be deployed?
How are these things supporting business needs?
What are the motivations for this?
What are the Key Performance Indicators & How Would I Implement Them?
In my example I am showing an application level control service – I can also have business or technology layer control services. There’s also nothing to stop me realizing a security control with a number of different control services or a combination of them.
So Why Bring All This Up?
Controls are important. The point of this blog wasn’t so much to show how to properly design a control service, as it was to show that there are varying levels of control you can apply in architecture, and hopefully to get people to think more seriously about what applying a control actually means.
I have spoken about requirements realization before – I tend to think of controls in a similar way – it is not enough to say we have controls in place – we need to understand how we have controls in place.
Controls need to be considered as an integral part of architecture design, and should not be an afterthought. If you design controls into architecture audits become significantly cheaper, because you do not need to burn so much time hunting for answers to auditor questions – you are continuously ensuring a well designed solution which does not only satisfy the needs of the auditors but is also built to actually protect the Information running through our systems.
Those of you using BiZZdesign’s Enterprise Studio know we are lucky enough to have a collection of risk and security elements for security modelling. This view shows how we can map those to standard ArchiMate elements.
When looking at ArchiMate diagrams its easy to miss the fact they are part of a model, and not just pictures. This blog addresses the difference and demonstrates some basics around models.
Last week someone was commenting one of the views I demonstrated in a blog, and pointed out something that didn’t make full sense in the diagram but had been addressed in the view documentation. Its very easy to forget that we are not talking about pictures when we speak of ArchiMate models. In the blog my ArchiMate views are just images. I wanted to show some practical examples and discuss this. For anyone that doesn’t actually do modelling using a modelling tool, but interacts with those of us that do, this blog is for you.
Before I get started its worth mentioning that a view and a viewpoint of architecture is a concept that extends beyond the modelling language. We tend to talk about views visually, but the view taken from a specific viewpoint could expressed in writing if we wished it to be, but you would miss the benefits of modelling elements and relationships with a tool.
“a graphic design that explains rather than represents especially: a drawing that shows arrangement and relations (as of parts)”
Of course there are many dictionaries but they all follow a similar pattern.Technically Figure 1, is both a view and a diagram. On this website its a diagram, which is a representation of an architecture view. the actual full architecture view has a lot more information in that is represented in figure 1.
Of course we can just use something like Paint or Visio to create a view like above – and it has a lot of value, but in those tools are for visual representation, and not modelling.
Figure 1 is a fairly self explanatory made up view which gives a level of information by itself. But it doesn’t tell us everything. I will show some of the things that differentiate pictures and diagrams from an architecture view in the rest of this blog.
The first thing to show is that views can have their own documentation – Figure 2 shows this – I have selected a view and you can see its documentation in the field below.
Of course if this was a real view I might also have provided links in the documentation to the organization chart. Although the view documentation is short here, it helps set the context for the view, and does provide some valuable information.
Individual elements or relationships can also be documented:
As well as elements having documentation relationships can:
The relationship type gives you an understanding of what kind of relationship the elements have but it doesn’t tell you why. That’s something I will typically do in documentation. This is particularly important when it comes to documenting less defined relationships, such as associations.
The point I am making is just looking at the diagram does not give you a complete picture. Some tools will allow you to auto generate documentation:
Many tools allow you to connect all kinds of metadata to elements & relationships, and allow varying degrees of customization in the example below you can see a references link I added:
Its very tempting to add lots of metadata to a model because you can, but i tend to think carefully about the value of any kind of information I would want to maintain.
Some tools such as Enterprise Studio, allow some pretty advanced analytics depending on the information you store with the model.
Navigating the model
The main thing that sets a modelling tool apart from a visual tool like PowerPoint and Visio is the fact its a modelling tool. We can navigate each element and see its relationships and the different views it appears in. The tool stores the elements and relationships as a fully relational model
Auto generating views
Lets say for example a stakeholder came to me and asked me to tell them a little bit more about what an enterprise architect is – With some tools I can automatically generate views. Take a look at a view I generated literally in 5 seconds:
In previous blogs I have used the enterprise architect role, and because the modelling software knows all the roles and relationships between each element in a model, and the rules for modelling in archimate we can very quickly create something meaningful.
The more work we do with our models, the more value they can bring us.
An architecture view is a view into a model. Figure 9 shows our auto generated view but on the left hand side you can see in the model browser that our model package contains many elements that are not on this view (because we created this view to only show actor cooperation’s to the enterprise architect element)
The model package contains many elements, views, and relationships. You see them on the model browser. You could theoretically take all those elements and put them onto a view:
Theres too much to remain readable on a normal screen – and it doesn’t make sense to show our architecture in a single view. This is why we break down architecture into multiple views, created for people interested in its different aspects.
To put in simple then. a view is just a small part of a model we are communicating, As you can see, the view in Figure 1, would be part of something much bigger.
So we can see that models have lots of elements and relationships, and different people have needs to see different things. View Points define which parts of an architecture we look at. A viewpoint definition tells us which types of elements we are interested in, and which types of relationships are allowed between them. There are many standard viewpoints defined in places like TOGAF and the Archimate Manual.
Figure 8 was an automatically generated Actor Cooperation View. It was generated from a Archimate 2.1 Viewpoint. The viewpoint definition tells exactly what elements and relationships are allowed within the view, so our tool could find those within the model and generate a view from the viewpoint definition.
As your models become well developed benefits start to come from automatically derived relationships. Not every relationship we use is created by hand. You can find more information on them in the Archimate Manual
Summing It Up
As your model grows the value we can gain from it also grows. For a model to realize its full potential requires architects to actually use it, have competency around it and have a level of discipline. When we achieve that modelling can be used to save time in understanding your enterprise and understanding the impact of change across the different IT aspects. At this point it can become an invaluable tool for management.
Anyone who knows me, knows I use ArchiMate a lot. I know its not perfect, but here are 7 Reasons why its my modelling language of preference.
I spoke about it briefly before in Architecture Languages and Frameworks. To get the full value from ArchiMate you really need to understand it. These are not ordered in any particular order; I am interested what other people think. Here goes:
1. It is a standard
It’s a widely used well documented vendor independent standard. Every element and relationship type is explicitly defined and as such enables improved communication between people across enterprise boundaries
2. It helps focus on value
You can easily define reusable viewpoints that are exactly what different stakeholders need and develop your catalog of viewpoints over time. For Example, if a Product manager decides they want a conceptual product architecture viewpoint, just to help everyone consistently understand products and services aligned to the technologies they use, we can define exactly which elements are allowed, and which relationships. This gives you consistent information that that stakeholder needs every time.
3. It covers many aspects of architecture
It can be used to model most things, some more naturally than others – It enables us to connect the physical world with technology, application, business, implementation & migration and the motivations behind them. I don’t know of any other modelling language that does that in such a balanced way. It covers all the IT aspects.
4. Its easy to draw
I am not a talented artist – But in a meeting with a white board, I can stretch to drawing some stick figures. Its easy to draw elements nicely with a whiteboard pen, and there’s nothing there more complex to draw than box and a few lines. (But not 7 red lines)
5. It aligns nicely to other standards
Its built by The Open Group, Creators of TOGAF and as such aligns with that standard really well. Its also fairly easy to align with the ITIL Architecture Processes.
It doesn’t advocate a way of working.
In addition it connects nicely to ISO 42010, the standard for architecture description. ISO 42010 talks about elements and relationships, and ArchiMate extends those concepts by creating standard element and relationship types that extend the vocabulary.
6. It helps structure your thinking
Because of strict definition of element types and the relationships between them, after becoming familiar with the language I found myself looking at architecture problems in a specific way – breaking down architecture concerns into these modular elements. As a consequence it becomes easier to start to create modular pieces of reusable architecture, which can help us create much more agile architecture, and give us more efficient usage of the resources we have.
7. Fantastic tools exist for modelling ArchiMate
There are many good tools out there for modelling ArchiMate- and when you model, it gives you the opportunity.to build a complex structure which enables us to leverage the benefits of understanding the connection between the layers. I will talk about that further in my next blog – but basically as the model grows so does the value we get from being able to look at it from different standard viewpoints.