Software

Architecture
Assignment :1
Name Email Address ID Number
Aiman Kamal [email protected] 2021mt12160

BITS Pilani
Purpose of the
system
CFME - CloudForms is a Red Hat product that the Labs have
adopted in order to provide a menu of services (particularly virtual
machines) to be ordered. It is the replacement for Omnitool
(cxlabs.cisco.com) for virtual machine access, creation, and
management.

CFME is an application worked on CloudForm technology. It is a

management platform for internal Cisco where its managing
traditional server virtualization products such as VMware vSphere.

Here, Support for the local site infrastructure is provided by the local
Labs team in your location. Based on local sites and its servers,
CFME having as of now 11 different management tool where 1
among it is development tool which managing all other 10 tools.
Key Requirements : Functional
& Non-Functional

Functional requirements Non functional requirements

• Customer , Subscriber and Account • Operation and Maintenance

Management • Backup of records
• Basic Rating • Security and its ACL
• Notification over tool • Automation Advancement and its Scaling
• Outlook mail Rating
• VM and its template Details
Records
• Fundamental Package
configuration
• Open API integration capability
 Utility Tree
Understanding business value & Impact on architecture

Quality attribute Attribute Scenario Business Architecture

Refinement Value Impact

Security Integrity The data should not be lost or tampered with by unauthorized people, including High High
those working in the company (1)
Performance Service Availability System should support 99.999% Availability (5) High High

Usability User Experience Customer under TACACS+ should be able to login using system UI using
standard self guided workflow within 2 minutes, (3) High High
Usability Correctness System should provide limited VMs to customer accurately based on Global policy. High High

Modifiability Criteria specification User should be able to modify VM and its template using system feature. (4) High High

Interoperability Notification The system should send real time notification to the customer when he/she order a new High Medium
Virtual machine or for any modification to it. (5)
Performance Response time System should be able to support 1000 CAPS. Medium High
Interoperability Unified User Customer should be able to get a personal space for deployment of VM on single platform each High High
Experience URL/site
Customer should be able to query his/her machine record, system should store &
Usability Understanding user support the query of minimum 6 months, query response should be less than 5 seconds. Medium Low
model (2)

Usability Intuitiveness Using Data service should be very easy (2) High Medium

Interoperability User Experience Customer should be able to use basic services and Record, Virtual Machine deployment High High
Should not take time more then 30 minutes
Customer should be able to choose machine feature and resource, Can raise the
Usability Understanding user concern/feedback using another too l High Low
Model

Usability Status notification Customer should be notified when VM is activated, or failed High Medium

Performance Scalability System should support Millions of VMs deployment for any kind of ISO/OVF High High
 Utility Tree
Understanding business value & Impact on
architecture

Quality Attribute Scenrario Business Architecture Impact

Attribute refinement value
Easy Operation & High High
Maintainability Maintenance System should support easy monitoring, alarms , deployment.
Customer personal data like email/password ..etc should be encrypted in database High Medium
Security Confidentiality using standard algorithm(5)
System should keep back up of complete system data including customer information ,
Availability Data backup system configuration details, (3) Medium High
Detecting System should support auto/mock testing to reduces testing cost and efforts. (4)
Testability failure Medium Low
modes
Solution supports databases and virtualization environments full backup or Differential
Availability Data backup incremental backup High Medium
Operation & Manage and audit all system logs through a centralized log server
Security Maintenance Medium High
Operation &
Security Maintenance Monitor all systems to find exceptions and attacks Medium High
Performance Scalability System should be able to Scale In/Out based on future business need. Medium High
 Tactics used to achieve
the top 3 ASRs :
Security
Quality Attribute Scenario (ASR)
The customer data should not be lost or
tampered with by unauthorized people,
including those working in the company (1)
Security Customer personal data like
email/password/VMs should be encrypted in
database using standard algorithm(5)
Manage and audit all system logs through a
centralized log server
Monitor all systems to find exceptions and
attacks.
Tactics
No direct access database by any user, all system user can access backend
data through system business process with respective access rights.
Web Service Interfaces will be authenticated with User/Password
Coding security includes security methods during programming of codes
Access security includes identification, authentication, authorization, access
control, session control etc.
Block multi session login from different devices and session time out after 5
minute (default time) for system user.
Store data on a separate database server cluster and protect the server
using an appropriate security zones using firewall technologies
Encrypt critical and personal data using standard protocol Like DB user
Password will be encrypted using TACACS+, sensitive data of
application like password AES 128 algorithm for encryption
Develop a centralized log monitoring module to audit the system, user logs.
Communication security is to ensure the security of transmission through
secure protocol and non-repudiation technologies like HTTPS/SSL.
Ensure the security of applications and database OS
Separate different network traffic and control through the appropriate
security zones depending on subnets and firewall technologies
Protect internal and external network connections through VPN tunnels
Develop a centralized log monitoring module to audit the system, user logs
 Tactics used to achieve
the top 3 ASRs :
Performance
Quality Attribute Scenario (ASR)
The system should send real time
notification to the customer when he/she
order new VM or feature modification
System should be able to support 1000
request per minute by multiple Engineers
Performance
& • Session Control and Routing Service Separated from
System should support Millions of Request
Scalability
either new deployment or modification in •
services.
• Distributed DB and In-Memory DB Improve X Capacity
System should be able to Scale In/Out
based on future business need within 1 day.
Tactics
• Design south bound integration using Elastic Load
Balancer
• 99.999% Availability based on Distributed Architecture.
New Services Deployed as Add-ons in separate container
using service based architecture (SBA)
Session Control and Routing Database Cluster
All Routing Service Nodes and Routing In-memory
Database Nodes are Active
and Performance
• Fully Micro-service Based Architecture to support Auto
service Scaling In/Out.
• Container: support seconds Scale In/Out, 90%
Computing/hardware Resource savings for individual
Tactics used to achieve the
top 3 ASRs :
Interoperability
Quality Scenario (ASR) Tactics
Attribute
The system should send real time • Develop SMS adapter so user can get related messages over
phones as well.
notification to the customer when he/she
Order a VM

Interoperab • Customer should be able to use basic

ility services from different network by Develop separate module for storage and functionality using
having VPN connected. service container.
• VM deployment delay should be more
than 30 minutes.
• VM feature modification should take
maximum 60 seconds.

System should be able to support Develop API gateway for Deployment enhancement
Multiple OS on single platform
 System Context
Diagram

User
1. Storage
TACACS+

API System
2. Network CFME

3. Compute

Monitoring System
ESXI (Hypervisor) on top UCS
 Module Decomposition
Diagram
Legends
DB: Database
CFME Engine

Network
Storage

CP
Storage Network U
Adapter Adapter

Data Access Layer Network Layer

External DB Physical DB … Select From Available Virtualized CPU

Network
Component & Connection
diagram
Deployment
diagram
 CFME Works

CFME handle conventional virtualization application products such as VMware vSphere

CFME Communicates to vSphere with the help of CFME engine.

CFME validates and authenticate the correct user in the domain using TACACS or Radius.

Once user request a service on CFME, CFME engine pass down the user instruction to
vSphere to create, delete or modify the virtual machine.

CFME keeps track of the request made by the user, on successful completion of the request,
users are notified on CFME and also via email.

CFME also returns various error based on the underline virtual infrastructure, when the user
request fails.

If virtual infrastructure is not working properly, CFME would also state the error related to
the virtual infrastructure status.
Top 3 Key Learnings on CFME

• Provisioning or scaling out of workloads, such as virtual machines or cloud

instances
• Provisioning or scaling out of infrastructure, such as bare-metal hypervisors or
compute nodes
• Scaling back or retirement of virtual machine or cloud instances
Each of these is done in the context of comprehensive role-based access control.