Lab Session:16

Understanding Quality Attributes in Software Architecture

Analyzing Quality Attribute Design Decisions: Tactics-Based
Questionnaires

• Choose any system and apply this questionary on it.

E-commerce platform

Performance Questionnaire:
1.How does the proposed architectural design ensure fast response times for critical user
interactions?
• The platform utilizes a microservices architecture, allowing for independent scaling of
different components. Caching mechanisms such as Redis are employed to cache
frequently accessed data, improving response times.
2. What caching mechanisms are employed to reduce latency and improve system
responsiveness?
• Redis is used for caching frequently accessed data, such as product listings and user
session information.
3. Are there any potential bottlenecks identified in the system architecture that could impact
performance under load?
• The checkout service is identified as a potential bottleneck during peak periods of user
traffic. To address this, horizontal scaling and load balancing are implemented.
4. How does the chosen data storage strategy optimize query performance and data retrieval
times?
• A combination of relational and NoSQL databases is used. Relational databases are
optimized for complex queries, while NoSQL databases handle high-volume, low-latency
data retrieval.
5. What strategies are in place to monitor and optimize performance metrics over time?
• Performance monitoring tools such as New Relic are utilized to track key metrics and
identify areas for optimization.
Scalability Questionnaire:

1.How does the architectural design support horizontal scaling to accommodate increases in user
traffic and data volume?
• The microservices architecture allows for individual components to be scaled
horizontally as needed. Containerization with Docker and orchestration with Kubernetes
facilitate easy scaling.
2. Are there any components in the system that may become scalability bottlenecks as the user
base grows?
• The product catalog service may become a bottleneck as the number of products
increases. To address this, sharding and partitioning strategies are employed.
3. What mechanisms are in place to dynamically allocate resources and scale individual
components based on demand?
• Kubernetes auto-scaling is configured to monitor resource usage and automatically scale
services up or down based on predefined thresholds.
4. How does the system handle distributed data storage and replication to support scalability
across multiple nodes?
• Data is distributed across multiple database instances, and replication is used to ensure
data consistency and availability across nodes.
5. What load testing strategies are employed to validate the scalability of the system under
various conditions?
• Load testing tools such as Apache JMeter are used to simulate user traffic and assess the
system's performance under different load scenarios.

Reliability Questionnaire:
1. What measures are in place to ensure high availability and minimize downtime for critical
system components?
• The platform is deployed across multiple availability zones within a cloud provider to
ensure redundancy and fault tolerance. Service-level agreements (SLAs) guarantee a
certain level of uptime.
2. How does the architecture support fault tolerance and graceful degradation in the event of
component failures?
• Circuit breaker patterns are implemented to isolate and contain failures, preventing them
from cascading across the system. Graceful degradation strategies ensure that essential
functionality remains available even during degraded conditions.
3. Are there any single points of failure identified in the system architecture that could impact
reliability?
• Load balancers and redundant components are deployed to eliminate single points of
failure. Active-active or active-passive configurations are used for critical services.
4. What strategies are employed for automated monitoring and alerting to detect and respond to
potential reliability issues?
• Monitoring tools such as Prometheus and Grafana are utilized to monitor system health
and performance. Automated alerts are configured to notify the operations team of any
anomalies or potential issues.
5. How is data integrity maintained and verified across distributed components to ensure
reliability and consistency?
• Transactional guarantees provided by the database system ensure data integrity across
distributed transactions. Event sourcing and event-driven architectures are employed to
maintain consistency across services.

Security Questionnaire:
1. What authentication mechanisms are implemented to verify user identities and prevent
unauthorized access?
• OAuth 2.0 with JWT tokens is used for user authentication and authorization. Multi-
factor authentication (MFA) is enforced for sensitive operations.
2. How is sensitive data encrypted both at rest and in transit to protect against data breaches?
• TLS encryption is utilized to secure data transmission over the network. Data at rest is
encrypted using AES encryption algorithms.
3. Are there any potential security vulnerabilities identified in the system architecture, such as
injection or authentication flaws?
• Regular security audits and penetration testing are conducted to identify and address
potential vulnerabilities. Vulnerability scanning tools such as Nessus are used to assess
the system's security posture.
4. What access control mechanisms are in place to enforce least privilege and limit exposure to
sensitive data?
• Role-based access control (RBAC) is implemented to restrict access to sensitive data and
operations based on user roles and permissions. Principle of least privilege is followed to
minimize the attack surface.
5. How are security audits and penetration testing conducted to identify and address potential
security risks proactively?
• External security firms are engaged to perform regular security assessments and
penetration testing. Vulnerability management processes ensure timely remediation of
identified security issues.

Maintainability Questionnaire:
1. How is the system architecture designed to facilitate ease of maintenance and updates?
• The microservices architecture promotes loose coupling and modularity, allowing for
independent development and deployment of services. Continuous integration and
continuous deployment (CI/CD) pipelines automate the testing and deployment process.
2. Are there clear separation of concerns and modularization strategies employed to isolate
changes and minimize dependencies?
• Each microservice is responsible for a specific domain or functionality, promoting
separation of concerns. API gateways and service meshes are used to manage inter-
 service communication and dependencies.
3. What documentation practices are in place to provide guidance for developers and
administrators maintaining the system?
• Comprehensive documentation, including system architecture diagrams, API
specifications, deployment procedures, and troubleshooting guides, is maintained and
regularly updated. Knowledge sharing sessions and onboarding programs ensure that
developers and administrators are familiar with the system's architecture and operation.
4. How are continuous integration and deployment pipelines utilized to automate the testing and
deployment of changes?
• CI/CD pipelines, configured with tools such as Jenkins or GitLab CI, automate the build,
test, and deployment process. Automated testing suites ensure the quality and stability of
code changes before they are deployed to production.
5. What strategies are employed to refactor and optimize codebase over time to improve
maintainability and reduce technical debt?
• Regular code reviews and refactoring sessions are conducted to identify and address areas
of code complexity and technical debt. Technical debt tracking tools are used to prioritize
and manage refactoring efforts based on business impact and urgency.