Software Architecture

Software Architecture : Quality Attributes

 Topics To Be Covered

❑ Functionality & Quality Attributes

❑ Design Check list for
❑ Availability
❑ Performance
❑ Usability
❑ Testability
❑ Interoperability
❑ Modifiability
❑ Security

CONFIDENTIAL - RESTRICTED CIRCULATION 3

 Quality Attributes : A Prelude

Functionality : Ability of the system to fulfill its responsibility . However,

in software Quality attributes, only non-functional requirements are
considered.

Constraint is the condition that the system must satisfy while delivering
its functionality (What is allowed and what is not allowed?)

Design Decision : A constraint driven by external factors (Ex., use of

programming language : Service Oriented architecture decision by top
management)

CONFIDENTIAL - RESTRICTED CIRCULATION 4

 Architectural Decision Vs. Non-architectural
Decisions
• User interface must be easy to use (this is vague)
– Radio button or Check box (Non-architectural Decision)
– Clear text or Screen layout (Non-architectural Decision)
• User interface should allow Redo/ Undo at any level of depth
(Architectural Decision)
• Modifiability of the system (Vague)
– Modular function (Architectural Decision)
– Coding techniques (Non-architectural Decision)
• Need to process 300 requests per second
– Interaction among components, data sharing issues (Architectural Decision)
– Choice of algorithm (Non-architectural Decision)

CONFIDENTIAL - RESTRICTED CIRCULATION 5

 Quality Attribute - Definition

A quality attribute (QA) is a measurable or testable property of a

system that is used to indicate how well the system satisfies the
needs of its stakeholders. You can think of a quality attribute as
measuring the “goodness” of a product along some dimension of
interest to a stakeholder.

1. Availability (Uptime) 2. Interoperability 3. Modifiability

(ECOGRAI Model) (Encapsulation, Polymorphism)
4. Performance 5. Security 6. Testability
(Response Time) (CIA – Incident Response) (Coverage: BVA)
7. Usability (TAT) 8. Scalability 9. Portability
(Throughput, Resource usage) (Time & Cost)
10. Mobility (TAT) 11. Reliability (MTBF – Mean Time Between Failures)

CONFIDENTIAL - RESTRICTED CIRCULATION 6

 Architecture Vs. Requirements

Requirements Type Response of the Architecture

1. Functional Requirements : The very Assigning sequence of responsibilities

essence of the intended purpose of the system

2. Quality Attribute Requirements : These Various structures designed into the

shall “Qualify” functional requirements architecture

3. Constraints : Design decision with “Zero” Accept the design decision and reconcile with
degrees of freedom (static). other decisions.

Functionality does not decide a software architecture: It only helps to assign

architectural responsibilities.
CONFIDENTIAL - RESTRICTED CIRCULATION 7
 A typical Template for defining a ‘Quality Attribute’

1. Source of stimulus. This is some entity (a human, a computer system, or any other
actuator) that generated the stimulus.
2. Stimulus. The stimulus is a condition that requires a response when it arrives at a
system.
3. Environment. The stimulus occurs under certain conditions. The system may be in
an overload condition or in normal operation, or some other relevant state.
4. Artifact. Product produced during development. Some artifact is stimulated. This
may be a collection of systems, the whole system, or some piece or pieces of it.
5. Response. The response is the activity undertaken as the result of the arrival of the
stimulus.
6. Response measure. When the response occurs, it should be measurable in some
fashion so that the requirement can be tested.

CONFIDENTIAL - RESTRICTED CIRCULATION 8

Components of a Quality Attribute

CONFIDENTIAL - RESTRICTED CIRCULATION 9

 Achieving Quality attributes thru’ Architectural Tactics

A “Tactic“ is a design decision that influences the achievement of a

quality attribute response. There are 7 Categories of Design
Decision.

1. Allocation of responsibilities
2. Coordination model
3. Data model
4. Management of resources
5. Mapping among architectural elements
6. Binding time decisions
7. Choice of technology

CONFIDENTIAL - RESTRICTED CIRCULATION 10

 Design Decisions

1. Allocation of responsibilities

• Identifying the important responsibilities, including basic system functions, architectural infrastructure, and
satisfaction of quality attributes.
• Determining how these responsibilities are allocated to non-runtime and runtime elements (namely,
modules, components, and connectors).
2. Coordination model

• Identifying the elements of the system that must coordinate, or are prohibited from coordinating.
• Determining the properties of the coordination, such as timeliness, currency, completeness,
correctness, and consistency.
• Choosing the communication mechanisms (stateful versus stateless, synchronous versus asynchronous,
guaranteed versus nonguaranteed delivery, and performance-related properties such as throughput and
latency).

3. Data model

• Choosing the major data abstractions, their operations, and their properties. (Determining how the data
items are created, initialized, accessed, persisted, manipulated, translated, and destroyed ).
• Compiling metadata needed for consistent interpretation of the data.
• Organizing the data (data is going to be kept in a relational database, a collection of objects, or both)
CONFIDENTIAL - RESTRICTED CIRCULATION 11
 Design Decisions
4. Management of resources
• These include hard resources (e.g., CPU, memory, battery, hardware buffers, system clock, I/O
ports) and soft resources (e.g., system locks, software buffers, thread pools, and non-thread-safe
code).
5. Mapping among architectural elements
• Two types of mappings.
• Mapping between elements in different types of architecture structures (for example, mapping from
units of development (modules) to units of execution (threads or processes).
• Mapping between software elements and environment elements (for example, mapping from
processes to the specific CPUs where these processes will execute).
6. Binding time decisions
• Binding time decisions introduce allowable ranges of variation (For resource management, you can
design a system to accept new peripheral devices plugged in at runtime)
7. Choice of technology
• Example : Determining whether the available tools to support this technology choice (IDEs,
simulators, testing tools, etc.) are adequate for development to proceed

CONFIDENTIAL - RESTRICTED CIRCULATION 12

1. Availability

CONFIDENTIAL - RESTRICTED CIRCULATION 13

 Fault Vs. Error Vs. Failure
❑ Availability is “Readiness” of the software to carryout its task

Fault Error Failure

A Condition that causes a The difference between Actual Out Inability of the system to
Failure. Ex: A wrong program put Vs. Expected Out put. Ex : perform a required function:
code Wrong code causing 4+3 as 6 Ex : Wrong Financial report

❑ The Primary Objective of Availability attribute is to remove faults

with serious consequences
❑ The Secondary objective is to remove faults encountered most often
by the users
Remember that not all faults are required to be removed!!!
CONFIDENTIAL - RESTRICTED CIRCULATION 14
 Availability - Definition

Availability refers to the ability of a system to mask or repair faults such

that the cumulative service outage period does not exceed a required
value over a specified time interval.”

In Hardware systems, Availability is measured as:

MTBF (Mean Time Between Failure)

-----------------------------------
MTBF + MTTR (Mean Time To Repair)

In software world, it is about what will make your system fail, how likely that is to occur (the
probability), and that there will be some time required to repair it.

CONFIDENTIAL - RESTRICTED CIRCULATION 15

 Failure Classification
❑ Transient Failure : Only occurs with certain inputs and cannot be simulated

❑ Permanent Failure : Occurs on all input

❑ Recoverable Failure : System can recovers without the help of operator

❑ Unrecoverable Failure : Operator has to intervene to recover the system

❑ Non- Corrupting : Failure does not corrupt system state or data

❑ Corrupting Failure : System data gets corrupted

CONFIDENTIAL - RESTRICTED CIRCULATION 16

 Availability Vs. Reliability
❑ Availability is seen as Percentage Uptime
Sl No System Type Availability % Downtime in a year
1 Normal work station 99.0 3.6 days
2 Highly Available System 99.9 8.5 hours
3 Fault Resilient System 99.99 1 hour
4 Fault Tolerant System 99.999 5 minutes

❑ Reliability is the ability to continuously provide service without failure

measured in terms of MTBF… Over a Period of time.
❑ So, the first thing as an architect, one must identify all SPOF (Single
point of failures), introduce Redundancy both in Hardware and
Software System to improve availability and Reliability.

CONFIDENTIAL - RESTRICTED CIRCULATION 17

 ‘General Scenario’ for Availability
1. Source of stimulus. Internal/external, people, hardware, software, physical infrastructure, physical environment.
2. Stimulus. A Fault of any one of the following class can occur:
❑ Omission : A Component fails to respond to an input:
❑ Crash : A component repeatedly suffers omission faults
❑ Incorrect timing : A Component responds but response is too early or late
❑ Incorrect response : A component responds with an incorrect value
3. Environment. The stimulus occurs under certain conditions. The system may be in an overload condition or in normal
operation, or some other relevant state.
4. Artifact. Which resource is required to be highly available ? Processors, Communication Channels, Persistent Storage
(devices which retains data even after the power is shut-off), Processes.
5. Response. Prevent the fault from becoming a failure
• Detect the fault:
– Log the fault
– Notify appropriate entities (people or systems)
• Recover from the fault:
– Disable source of events causing the fault
– Be temporarily unavailable while repair is being effected
– Fix or mask the fault/failure or contain the damage it causes
– Operate in a degraded mode while repair is being effected
6. Response measure. Availability percentage (e.g., 99.999%) : Time to detect the fault Time to repair the fault : Time or
time interval in which system can be in degraded mode Proportion (e.g., 99%)
CONFIDENTIAL - RESTRICTED CIRCULATION 18
CONFIDENTIAL - RESTRICTED CIRCULATION 19
 Availability Tactics : Fault Detection
Fault Detection Tactics

1.Ping/Echo: Used to determine reachability

and the round-trip delay through the associated
network path. Ping/echo requires a time threshold
to be set.
2.Heartbeat : A server sends a periodical signal
called heart beat. The signal might carry data as
well. The listeners (software components, network
components) listen for the signal. If no signal then
it means the Server is DEAD. Eg: ATM (is a node)
connected to a branch office can send the last
transaction to branch office Server. Ping for reaching www.Cisco.com
3.Voting: TMR (Triple Modular Redundancy)
which employs three components that do the same
thing, each of which receives identical inputs, and
forwards their output to voting logic. Majority voting
wins!

CONFIDENTIAL - RESTRICTED CIRCULATION 20

 Availability Tactics : Recovering from Fault
Fault Recovery Tactics

1.Active Redundancy: This refers to a

configuration where all of the nodes (active or
redundant spare) in a protection group receive and
process identical inputs in parallel, allowing the
redundant spare(s) to maintain synchronous state
with the active node(s).

2.Non-stop Forwarding: This is predominantly

done in network systems. The Data packets would Active Redundancy
be transferred through alternate path when one path
fails (at the router level).

3.Roll-Back: This is a strategy through which a

transaction is tracked for its success and in case of
unexpected termination, the system is rolled-back to
original state. ATM - Pin – Fed amount – Power
failure – Debit advise reversal is a classical roll back.
Non-stop Forwarding through Border
CONFIDENTIAL - RESTRICTED CIRCULATION Gateway Protocol 21
 Availability Tactics : Preventing from Fault
Preventing from Fault Tactics

1.Removal from service: This tactic refers to

temporarily placing a system component in an out-
of-service state for the purpose of mitigating
potential system failures (Memory Leak).

2.Software Upgrade:
Periodic upgrade of software from patching prevents
known vulnerability.

3.Predictive Model:
A predictive model, when combined with a monitor,
is employed to monitor the state of health of a
system process to ensure that the system is
operating within its nominal operating parameters
(Ex : Monitoring software can predict the processor
capacity of 80 % threshold well in advance for up
gradation).
CONFIDENTIAL - RESTRICTED CIRCULATION 22
 Design Check list for Availability
SL # Category
1 Allocation of
Responsibilities
2 Coordination Model
Checklist
Ensure that there are responsibilities to do the following:
❑ Log the fault
❑ Notify appropriate entities (people or systems)
❑ Disable the source of events causing the fault
❑ Be temporarily unavailable
❑ Fix or mask the fault/failure
❑ Operate in a degraded mode
❑ Ensure that coordination mechanisms can detect an
omission, crash, incorrect timing, or incorrect response
❑ Ensure that coordination mechanisms enable the logging
of the fault, notification of appropriate entities, disabling of
the source of the events causing the fault.
❑ Ensure that the coordination model supports the
replacement of the artifacts used (Does replacement of a
server allow the system to continue to operate?)

CONFIDENTIAL - RESTRICTED CIRCULATION 23

 Design Check list for Availability
SL # Category Checklist
3 Data Model ❑ Determine which portions of the system need to be highly
available. Within those portions, determine which data
abstractions, along with their operations or their properties,
could cause a fault of omission, a crash, incorrect timing
behaviour, or an incorrect response.
❑ For those data abstractions, operations, and properties,
ensure that they can be disabled, be temporarily unavailable,
or be fixed or masked in the event of a fault.

4 Mapping Among ❑ Which processes on failed processors need to be reassigned

Architectural at runtime
Elements ❑ Which processors, data stores, or communication channels
can be activated or reassigned at runtime
❑ How data on failed processors or storage can be served
by replacement units
❑ How quickly the system can be reinstalled based on the
units of delivery provided
❑ How to (re)assign runtime elements to processors,
communication channels, and data stores

CONFIDENTIAL - RESTRICTED CIRCULATION 24

 Design Check list for Availability
SL # Category Checklist
5 Resource ❑ Determine what critical resources are necessary to
Management continue operating in the presence of a fault
❑ Determine the availability time for critical resources
6 Binding Time ❑ Determine how and when architectural elements are
bound. If late binding is used to alternate between
components that can themselves be sources of faults
(e.g., processes, processors, communication channels),
ensure the chosen availability strategy is sufficient to
cover faults introduced by all sources.

7 Choice of ❑ Determine the available technologies that can (help)

Technology detect faults, recover from faults, or reintroduce failed
components.
❑ Determine what technologies are available that help the
response to a fault (e.g., event loggers).

CONFIDENTIAL - RESTRICTED CIRCULATION 25

 Explicit Software Availability Measures

1.POFOD: (Probability of On Demand):

Likelihood when a system will fail, when a
request is made. 0.001 POFOD means, 1 in
every 1000 request will fail. Used in safety
related system where every failure is critical
(aircraft system).

2.ROCOF: (Rate of Occurrence Of Failure).

Its frequency of occurrence of failures. ROCOF
0.02 means 2 failures in each 100 time units

3. MTTF: (Mean Time To Failure). It’s a

measure of time between failures. A 500 MTTF
means an average of 500 time units passes
between failures. Used in transactions taking a
lot of processing time., CAD Systems.
CONFIDENTIAL - RESTRICTED CIRCULATION 26
2. USABILITY
CONFIDENTIAL - RESTRICTED CIRCULATION 27
 Software Usability- Definition

Usability is concerned with how easy it is for the user to accomplish a

desired task and the kind of user support the system provides.
Usability comprises of 2 important domains namely “Learnability &
Operability”.
❑ Learnability : Learning system features (how does the system help user learn quickly?)
❑ Operability : Using a system efficiently (“suspending” a task – it’s impact)
❑ Operability : Minimizing the impact of errors (“Cancelling” a command issued incorrectly)
❑ Operability : Adapting the system to user needs (automatically fill in URLs based on a
user’s past entries)
❑ Operability : Increasing confidence and satisfaction (providing feedback that indicates
that the system is performing a long-running Task)

Usability is a Human Computer Interaction

CONFIDENTIAL - RESTRICTED CIRCULATION 28
 ‘General Scenario’ for Usability
1. Source of stimulus. End user, possibly in a specialized role (Admin)
2. Stimulus. End user tries to use a system efficiently, learn to use the system, minimize the
impact of errors, adapt the system, or configure the system.
3. Environment. Runtime or configuration time
4. Artifact. System or the specific portion of the system with which the user is interacting.
5. Response. The system should provide the user with the features needed : (Learn – Context
sensitive help, familiar interface: Efficient use – Aggregation of data, reuse of already entered
data , Good navigation, great search mechanism : Error impact –Undo, cancel, recover, auto-
correct, etc., )
6. Response measure. One or more of the following: task time, number of errors, number of tasks
accomplished, user satisfaction, gain of user knowledge, ratio of successful operations to total
operations, or amount of time or data lost when an error occurs

Look at an example of an End user – Down Loading an application – Runtime (executing it ) – Using the
application productively – Takes 4 minutes to become productive – The Usability Scenarios could be
understood)

CONFIDENTIAL - RESTRICTED CIRCULATION 29

Usability Scenario

CONFIDENTIAL - RESTRICTED CIRCULATION 30

Usability Tactics

Maintain task model. Example,

knowing that sentences start with capital
letters would allow an application to
correct a lowercase letter in that position.
Maintain user model. Example,
maintaining a user model allows the
system to pace mouse selection so that
not all of the document is selected when
scrolling is required.
Maintain system model. A common
manifestation of a system model is a
progress bar that predicts the time
needed to complete the current activity

CONFIDENTIAL - RESTRICTED CIRCULATION 31

 Design Check list for Usability
SL # Category Checklist
1 Allocation of Identify Modules / Components - Ensure that there are
Responsibilities responsibilities to do the following:
❑ Learning how to use the system
❑ Efficiently achieving the task at hand
❑ Adapting and configuring the system
❑ Recovering from user and system errors

2 Coordination Model ❑ Check if the system needs to respond to : User action Ex.,
can the system respond to mouse events and give
semantic feedback in real time?
❑ Can long running events be cancelled?

3 Data Model ❑ Determine the major data abstractions that are involved
with user-perceivable behaviour. For example, the data
abstractions should be designed to support undo and
cancel operations: the transaction granularity should not
be so great that cancelling or undoing an operation takes
an excessively long time.

CONFIDENTIAL - RESTRICTED CIRCULATION 32

 Design Check list for Usability
SL # Category Checklist
4 Mapping Among ❑ Determine what mapping among architectural elements is
Architectural visible to the end user (for example, the extent to which
Elements the end user is aware of which services are local and
which are remote)

5 Resource ❑ Determine how the user can adapt and configure the
Management system’s use of resources. Ensure that resource
limitations under all user-controlled configurations will not
make users less likely to achieve their tasks. For example,
attempt to avoid configurations that would result in
excessively long response times.

6 Binding Time ❑ Determine which binding time decisions should be under

user control and ensure that users can make decisions
that aid in usability. For example, if the user can choose, at
runtime, the system’s configuration, or its communication
protocols, or its functionality via plug-ins, you need to
ensure that such choices do not adversely affect the
user’s ability to learn system features

CONFIDENTIAL - RESTRICTED CIRCULATION 33

 Design Check list for Usability

SL # Category Checklist
7 Choice of ❑ Ensure the chosen technologies help to achieve the
Technology usability scenarios that apply to your system. For example,
do these technologies aid in the creation of online help,
the production of training materials, and the collection of
user feedback?

CONFIDENTIAL - RESTRICTED CIRCULATION 34

3. Performance
CONFIDENTIAL - RESTRICTED CIRCULATION 35
 Performance - Definition

It’s about time and the software system’s ability to meet timing requirements.
Throughput and Response time are the two terms associated with Performance.
Throughput refers to the number of transactions per second.
Response time refers to the time taken for completing a task.

An event can be Periodic (Regular interval), Stochastic (some probabilistic) and

Sporadic (Random). The response time can be measured as:

Latency : The time between the arrival of the stimulus and the system’s response to it.
Throughput : The number of transactions the system can process in a unit of time.
The jitter of the response : The allowable variation in latency.
The number of events not processed because the system was too busy to respond
CONFIDENTIAL - RESTRICTED CIRCULATION 36
 Latency

Request Response

Time

Latency

CONFIDENTIAL - RESTRICTED CIRCULATION 37

Throughput

Throughput = # of requests
Request processed in unit time

Time

Response

1 second

CONFIDENTIAL - RESTRICTED CIRCULATION 38

Throughput & latency
in car manufacturing

Think of a car manufacturing

plant. The number of cars
coming out per hour is 5 but it
takes 6 hours to assemble 1
car. Throughput is 5 per hour,
Response time is 6 hours
CONFIDENTIAL - RESTRICTED CIRCULATION 39
 Jitter

Latency

Jitter

Request
CONFIDENTIAL - RESTRICTED CIRCULATION 40
 ‘General Scenario’ for Performance

1. Source of stimulus. Internal or external to the system environment.

2. Stimulus. Arrival of a periodic, sporadic, or stochastic event

3. Environment. Operational, normal, emergency or peak load

4. Artifact. System or one or more components in the system.

5. Response . Process events, change level of service

6. Response measure. Latency, deadline, throughput, jitter, miss rate

CONFIDENTIAL - RESTRICTED CIRCULATION 41

Tactics Vs. Performance Attributes

CONFIDENTIAL - RESTRICTED CIRCULATION 42

 Performance Tactics

One way to increase the performance of the system is by reducing the number of
events processed by enforcing a sampling rate, or by limiting the rate at which the
system responds to events.
CONFIDENTIAL - RESTRICTED CIRCULATION 43
 Understanding Performance related Tactics
Control Resource Manage Resources
1 Managing
Demand
In Signal Processing 1 Increase Resource Faster Processor:
Sampling Rate Systems Additional processor &
memories: SAN, Fiber
2 Limiting Event Discrete events can’t be Optic networks
Response sampled- Achieved
through queue size 2 Introduce Parallel processing of
concurrency events in different
threads- schedule
3 Prioritizing Events High, Medium & Low
policies
4 Reducing Collocating 3 Multiple copies of To reduce Contention
Overload coordinating elements computation (conflict) – multiple
in the same processor servers in client Server
to avoid latency- pattern – load balancers
eliminate all
intermediaries - 4 Maintain Multiple Caching – local disk-
Reinitialize hash tables copies of data SAN- DR Center
& virtual memory maps
5 Bound Queue size Controlling the
5 Bound Execution Limit execution time maximum # of queue
Times used to respond to arrivals
events
6 Increase resource Improving algorithms 6 Schedule Schedule based on
efficiency used in critical areas Resources FIFO the resources
will decrease latency Processor, RAM ,
memories in case of
CONFIDENTIAL - RESTRICTED CIRCULATION conflict 44
 Performance Tactics

Cause Tactic

Poor algorithm Improve search algorithm

Database retrieval is slow • Index data – Hash index, B+ tree index

• Partition data, De-normalize, etc.
• Run reports in night
• Maintain multiple copies of data

Volume of data to be Distribute data on multiple servers and parallelize data

processed is high processing (ex Map-Reduce)

Number of concurrent users Distribute requests to different servers and do load

is high balancing

CONFIDENTIAL - RESTRICTED CIRCULATION 45

How to improve performance when # of users is very large?

Approaches

• Round robin
• Based on txn load

CONFIDENTIAL - RESTRICTED CIRCULATION 46

How to improve performance when multiple users want to READ the same data?

Maintain multiple copies of data. This reduces contention. However we need to keep them
synchronized

Before After

Poor response due to large data and Replicated data enables load
high volume txns balancing
CONFIDENTIAL - RESTRICTED CIRCULATION 47
 Example
Example
❑ Supports the delivery of over 100 million videos per day.

❑ Most popular content is moved to a CDN (content delivery network):

❑ CDNs replicate content in multiple places. There's a better chance of

content being closer to the user, with fewer hops, and content will run
over a more friendly network.

CONFIDENTIAL - RESTRICTED CIRCULATION 48

 CDN - Content Delivery Network

No CDN CDN with multiple servers serving

neighbouring clients
CONFIDENTIAL - RESTRICTED CIRCULATION 49
How does Google Return Results
So Damn Fast?!?

• Search the index not the internet

• Direct the search to nearest datacentre
• Hundreds of computers in each data center perform distributed look up
• Store index in RAM instead of disk

Google
Data
centers

CONFIDENTIAL - RESTRICTED CIRCULATION 50

 Design Check list for Performance
SL # Category Checklist
1 Allocation of ❑ Determine the system’s responsibilities that will involve
Responsibilities heavy loading, have time-critical response requirements,
are heavily used, or impact portions of the system where
heavy loads or time-critical events occur
❑ Responsibilities that result from a thread of control crossing
process or processor boundaries
❑ Responsibilities to manage the threads of control
❑ Responsibilities for scheduling shared resources or managing
performance

2 Coordination Model ❑ Determine the elements of the system that must

coordinate with each other -directly or indirectly

❑ Support any introduced concurrency , event prioritization,

or scheduling strategy
❑ Ensure that the required performance response can be
delivered
❑ Can capture periodic, stochastic, or sporadic event
arrivals, as needed

CONFIDENTIAL - RESTRICTED CIRCULATION 51

 Design Check list for Performance
SL # Category Checklist
3 Data Model ❑ Determine those portions of the data model that will be
heavily loaded, have time-critical response requirements,
are heavily used
❑ Whether maintaining multiple copies of key data would
benefit performance
❑ Whether partitioning data would benefit performance
❑ Whether reducing the processing requirements ,
❑ Whether adding resources to reduce bottlenecks

4 Mapping Among ❑ Where heavy network loading will occur, determine

Architectural whether co-locating some components will reduce loading
Elements and improve overall efficiency.
❑ Ensure that components with heavy computation
requirements are assigned to processors with the most
processing capacity.
❑ Determine where introducing concurrency (that is,
allocating a piece of functionality to two or more copies of
a component running simultaneously) is feasible and has a
significant positive effect on performance.

CONFIDENTIAL - RESTRICTED CIRCULATION 52

 Design Check list for Performance

SL # Category Checklist
5 Resource ❑ Determine which resources in your system are critical for
Management performance. For example
❑ System elements that need to be aware of, and manage,
time and other performance-critical resources
❑ Process/thread models
❑ Prioritization of resources and access to resources
❑ Scheduling and locking strategies
❑ Deploying additional resources on demand to meet
increased loads

6 Binding Time ❑ Time necessary to complete the binding

❑ Additional overhead introduced by using the late binding
mechanism

CONFIDENTIAL - RESTRICTED CIRCULATION 53

 Design Check list for Performance

SL # Category Checklist
7 Choice of ❑ Does your choice of technology give you the ability to set
Technology the following:
❑ Scheduling policy
❑ Priorities
❑ Policies for reducing demand
❑ Allocation of portions of the technology to processors
❑ Does your choice of technology introduce excessive
overhead for heavily used operations?

CONFIDENTIAL - RESTRICTED CIRCULATION 54

 4. Testability
CONFIDENTIAL - RESTRICTED CIRCULATION 55
 Testability - Definition

Software testability refers to the ease with which software can be made to demonstrate
its faults through testing. Specifically, testability refers to the probability, assuming that
the software has at least one fault, that it will fail on its next test execution.

For a system to be properly testable, it must be possible to control each component’s

inputs (and possibly manipulate its internal state) and then to observe its outputs (and
possibly its internal state, either after or on the way to computing the outputs)

A Model for Testing : Oracle is an agent that helps in deciding whether output is correct or not.
CONFIDENTIAL - RESTRICTED CIRCULATION 56
 ‘General Scenario’ for Testability
1.Source of stimulus. Unit testers, integration testers, system testers, acceptance testers, end
users, either running tests manually or using automated testing tools

2. Stimulus. A set of tests is executed due to the completion of a coding increment such as a class
layer or service, the completed integration of a subsystem, the complete implementation of the whole
system, or the delivery of the system to the customer.

3. Environment. Design time, development time, compile time, integration time, deployment time,
run time

4. Artifact. The portion of the system being tested

5. Response. One or more of the following: execute test suite and capture results, capture activity that
resulted in the fault, control and monitor the state of the system

6. Response measure. Effort to find a fault, effort to achieve a given percentage of coverage,
probability of fault being revealed by the next test, time to perform tests, effort to detect faults, length of
time to prepare test environment, reduction in risk exposure (size(loss) × prob (loss))
CONFIDENTIAL - RESTRICTED CIRCULATION 57
 Testability Tactics

A common form of sandboxing is to virtualize resources. Using a sandbox, you can build a
version of the resource whose behaviour is under your control. Non-deterministic systems are
hard to test as they correspond to unpredictable events.
CONFIDENTIAL - RESTRICTED CIRCULATION 58
 Testability Issues and Tactics

Issue Tactic
We need to test during every release Automated testing

Sometimes external systems are not Simulators

available
Sometimes lot of test data needs to be Copy production data into Test DB but
prepared remove / change sensitive data

When an error is found in a Complex Incremental integration of smaller modules

system, we are not sure which module is
the cause Log the steps completed and intermediate
results after each step

CONFIDENTIAL - RESTRICTED CIRCULATION 59

 Design Check list for Testability
SL # Category Checklist
1 Allocation of ❑ Determine which system responsibilities are most critical
Responsibilities and hence need to be most thoroughly tested
❑ Execute test suite and capture results (external test or self-
test)
❑ Capture (log) the activity that resulted in a fault or that
resulted in unexpected (perhaps emergent) behaviour that
was not necessarily a fault
❑ Control and observe relevant system state for testing Make
sure the allocation of functionality provides high cohesion,
low coupling, strong separation of concerns, and low
structural complexity

2 Coordination Model ❑ Ensure the system’s coordination and communication

mechanisms:
❑ Support the execution of a test suite and capture the results
within a system or between systems
❑ Support capturing activity that resulted in a fault within a
system or between systems
❑ Support injection and monitoring of state into the
communication channels for use in testing, within a
❑ system or between systems

CONFIDENTIAL - RESTRICTED CIRCULATION 60

 Design Check list for Testability
SL # Category Checklist
3 Data Model ❑ Ensure that it is possible to capture the values of instances of
these data abstractions
❑ Ensure that the values of instances of these data abstractions
can be set when state is injected into the system, so that system
state leading to a fault may be re-created
❑ Ensure that the creation, initialization, persistence, manipulation,
translation, and destruction of instances of these data
abstractions can be exercised and captured

4 Mapping Among ❑ Determine how to test the possible mappings of

Architectural architectural elements (especially mappings of processes
Elements to processors, threads to processes, and modules to
components) so that the desired test response is achieved
and potential race conditions identified.

❑ In addition, determine whether it is possible to test for

illegal mappings of architectural elements.

CONFIDENTIAL - RESTRICTED CIRCULATION 61

 Design Check list for Testability

SL # Category Checklist
5 Resource ❑ Ensure there are sufficient resources available to execute a test
Management suite and capture the results.
❑ Ensure that your test environment is representative of the
environment in which the system will run.
❑ Ensure that the system provides the means to do the following:
❑ Test resource limits
❑ Capture detailed resource usage for analysis in the event of
a failure
❑ Inject new resource limits into the system for the purposes
of testing
❑ Provide virtualized resources for testing

6 Binding Time ❑ Ensure that components that are bound later than compile
time can be tested in the late-bound context
❑ Ensure that the full range of binding possibilities can be
tested

CONFIDENTIAL - RESTRICTED CIRCULATION 62

 Design Check list for Testability

SL # Category Checklist

7 Choice of ❑ Determine what technologies are available to help achieve

Technology the testability scenarios that apply to your architecture.
❑ Are Technologies available to help with regression testing,
fault injection, recording and playback, and so on?
❑ Determine how testable the technologies are that you
have chosen (or are considering choosing in the future)
and ensure that your chosen technologies support the
level of testing appropriate for your system

CONFIDENTIAL - RESTRICTED CIRCULATION 63

5. Interoperability
CONFIDENTIAL - RESTRICTED CIRCULATION 64
 Interoperability - Definition

Interoperability is about the degree to which two or more systems can usefully exchange
meaningful information via interfaces in a particular context. Not only having the ability to
exchange data (syntactic interoperability) but also having the ability to correctly interpret
the data being exchanged (semantic interoperability).

There are 5 levels of interoperability : Lowest being systems that do not share data at all
and highest level indicates systems that work together seamlessly.

Level 0 Level 1 Level 2 Level 3 Level 4

(No (Technical (Syntactic (Semantic (Complete
interoperability) interoperability) interoperability) interoperability) interoperability)

CONFIDENTIAL - RESTRICTED CIRCULATION 65

 Interoperability

• Interoperability is the ease with which systems residing on different servers

and developed in different technologies can interact with each other

• For example MakeMyTrip.com needs to interact with

• Airlines, to inquire about ticket availability and to book tickets
• Banks, to do fund transfer
• Hotels, to reserve rooms

• Service oriented architecture (SoA) is useful in such situations

• Airlines, Banks and Hotels can provide services to external applications
which can be called by MakeMyTrip.com

CONFIDENTIAL - RESTRICTED CIRCULATION 66

 ‘General Scenario’ for Interoperability

1. Source of stimulus. A system initiates a request to interoperate with another system.

2. Stimulus. A request to exchange information among system

3. Environment. System(s) wishing to interoperate are discovered at runtime

4. Artifact. The systems that wish to interoperate

5. Response . One or more of the following:

❑ The request is (appropriately) rejected and appropriate entities (people or systems) are notified.
❑ The request is (appropriately) accepted and information is exchanged successfully.
❑ The request is logged by one or more of the involved systems .

6. Response measure. Percentage of information exchanges correctly processed and

Percentage of information exchanges correctly rejected

CONFIDENTIAL - RESTRICTED CIRCULATION 67

 Interoperability Tactics

Orchestrate : Managing sequence of invocations . Ex: Work flow engine in ERP : Tailor Interface
refers to add / remove capabilities to interface Ex: Hiding particular function from untrusted user:
Locate and Discover services : Google Map integration on the go.

CONFIDENTIAL - RESTRICTED CIRCULATION 68

 Example of Service Oriented Architecture in
a Travel website
Application is composed of different business services offered by internal systems and external systems

OPC: Order processing centre

(Service Consumer)

Service providers

CONFIDENTIAL - RESTRICTED CIRCULATION 69

SOA - How does it work?
Service registry stores the physical location of services
(service end-points)

Using SOAP or REST

(SOAP: Simple Object Access Protocol
CONFIDENTIAL - RESTRICTED
REST – Representational CIRCULATION
State Transfer) 70
 SOAP Vs. ReST
• Simple Object Access Protocol
• Technology to allow web-based
applications to interoperate
• Protocol specification for XML-based
information that distributed
applications can use
• SOAP relies on HTTP and RPC
(Remote Procedure Call) for
message transmission
• SOAP offers completeness
• Implementation has greater support
for security, availability
CONFIDENTIAL - RESTRICTED CIRCULATION
• Representation State Transfer
• Technology to allow web-based
applications to interoperate
• Is a client-server-based architectural
style that is structured around a small
set of create, read, update, delete
(CRUD) operations (called POST,
GET, PUT, DELETE respectively in
the REST world)
• REST offers simplicity: any HTTP
client can talk to any HTTP server.
• Is more appropriate for read-only
functionality, typical of mashups,
where there are minimal QoS
71
Use of Enterprise Service Bus
in SOA

SOAP request
Routes
messages and
provides other
features

Services
running on
different
servers

CONFIDENTIAL - RESTRICTED CIRCULATION 72

Rest

JSON – JavaScript
Object Notation

CONFIDENTIAL - RESTRICTED CIRCULATION 73

 Design Check list for Interoperability
SL # Category Checklist
1 Allocation of ❑ Ensure that responsibilities have been allocated to carry out
Responsibilities the following tasks:
❑ Accept the request
❑ Exchange information
❑ Reject the request
❑ Notify appropriate entities (people or systems)
❑ Log the request (for interoperability in an untrusted
environment, logging for nonrepudiation is essential)

2 Coordination Model ❑ Considerations for performance include the following

❑ Volume of traffic on the network
❑ Timeliness of the messages being sent by your systems
❑ Currency of the messages being sent by your systems
❑ Jitter of the messages’ arrival times

CONFIDENTIAL - RESTRICTED CIRCULATION 74

 Design Check list for Interoperability
SL # Category Checklist
3 Data Model ❑ Determine the syntax and semantics of the major data
abstractions that may be exchanged among interoperating
systems.
❑ Ensure that these major data abstractions are consistent
with data from the interoperating systems

4 Mapping Among ❑ For interoperability, the critical mapping is that of

Architectural components to processors. The components that
Elements communicate externally are hosted on processors that can
reach the network.
❑ The primary considerations deal with meeting the security,
availability, and performance requirements for the
communication.

CONFIDENTIAL - RESTRICTED CIRCULATION 75

 Design Check list for Interoperability

SL # Category Checklist
5 Resource ❑ Ensure that interoperation with another system (accepting
Management a request and/or rejecting a request) can never exhaust
critical system resources
❑ Ensure that the resource load imposed by the
communication requirements of interoperation is
acceptable.
❑ Ensure that if interoperation requires that resources be
shared among the participating systems, an adequate
arbitration policy is in place

6 Binding Time ❑ Ensure that it has a policy for dealing with binding to both
known and unknown external systems.
❑ Ensure that it has mechanisms in place to reject
unacceptable bindings and to log such requests

CONFIDENTIAL - RESTRICTED CIRCULATION 76

 Design Check list for Interoperability

SL # Category Checklist

7 Choice of ❑ For any of your chosen technologies, are they “visible” at

Technology the interface boundary of a system? If so, what
interoperability effects do they have?
❑ Do they support, undercut, or have no effect on the
interoperability scenarios that apply to your system?
❑ Ensure the effects they have are acceptable.
❑ Consider technologies that are designed to support
interoperability, such as web services.
❑ Can they be used to satisfy the interoperability
requirements for the systems under your control?

CONFIDENTIAL - RESTRICTED CIRCULATION 77

6. Modifiability

CONFIDENTIAL - RESTRICTED CIRCULATION 78

 Modifiability
Deals with the ease with which we can make changes to a system

Tactics for Modifiability

• Reduce complexity – ex. smaller modules

• Encapsulate aspects that are likely to change – ex. interface to external

systems
(Information hiding principle was introduced by David Parnas)

• Increase cohesion & Reduce coupling

CONFIDENTIAL - RESTRICTED CIRCULATION 79

 Reduce Complexity
Weather forecasting

Process air
pressure data

Complex weather
forecasting module Weather
forecasting - Process
Master module Humidity data

Process
Temperature
data

CONFIDENTIAL - RESTRICTED CIRCULATION 80

 Encapsulate things that are likely to change

Interface to external Database technology may

systems may change change

Order
Fund xfer
processing
module
module

Data access
Interface to SBI layer
bank
via internet

Oracle
SBI system External DBMS
system
CONFIDENTIAL - RESTRICTED CIRCULATION 81
 Protect system from variations

Variation Example Tactic (Binding)

Changes in business rules Income Tax rules, Pricing rules in Rules engine (Deployment time)
airline change frequently
Change in business process Need one more approval Work flow engine, Configuration
files (Deployment time)

Changes in module interface Need to interface with a different Adaptor pattern (Build time)
SMS service provider

Adding new recipients of ‘New order’ event needs to be Publish – Subscribe

notification of event notified to Order Fulfilment module (Deployment time)
& Transport module

Enhancing browser to handle mp3, wav, … Plugins (Deployment time)

new audio file format

CONFIDENTIAL - RESTRICTED CIRCULATION 82

Example of Rules engine

Book ticket
(Pax name, profession,
Booking Reservat
age, Flt#, date, etc.)
module ion DB

Web
server Determine ticket price
(profession, age, Flt#, date, etc)

Rules engine Like Drools, Jess,

JRules

Rules DB

• All flights in the afternoon will have 5% discount

• Flights booked 3 months before will have 20% discount
• Senior citizens above 60 yrs will have 5% discount
• Defence personnel will get 10% discount

CONFIDENTIAL - RESTRICTED CIRCULATION 83

 7.Security
CONFIDENTIAL - RESTRICTED CIRCULATION 84
 Primary Goals of Security : The CIA Triad
The First Principle

• Security Controls are evaluated on how well they address these 3 tenets (belief)
• Vulnerabilities & Risks are assessed Based on the threats they pose against CIA

85
Confidentiality: The measure used to ensure the
protection of Secrecy of data, objects or resources
Goal To prevent or minimize unauthorized access to data
Security ❑ Access Control
Measures ❑ Data Classification
❑ Encryption
❑ Steganography
❑ Network Traffic Padding
❑ Training

Attacks ❖ Capturing Network Traffic

focused on ❖ Stealing Password Files
Confidentiality ❖ Social Engineering
❖ Port Scanning
❖ Shoulder Surfing
❖ Sniffing
❖ Escalation of privileges

Object is a passive element such as file, computer and a network connection

Subject is an active element such as user, programs and computers
86
Integrity: The Act of Protecting the correctness &
Reliability of data. This ensures that data remains
correct, unaltered and preserved. Integrity must be
ensured when the data is at rest, in transit or in process.

87
 Technology Controls for Maintaining Integrity
✔ Restrict Access to data & ✔ Rigorous authentication process
Objects

✔ Activity Logging ✔ Intrusion Detection System

✔ Object/ Data Encryption ✔ Verification of object integrity across
the storage
✔ Hash total verification

Attacks on Integrity
✔ Virus attacks ✔ Logic Bombs
✔ Unauthorized access ✔ Errors in coding & application
✔ Malicious modification ✔ Intentional Replacement
✔ System backdoors ✔ Trojan Horse

88
Availability: It refers to the ability of the system to grant data
access to authorized objects timely and uninterrupted. It
means that efficient, uninterrupted access to objects &
prevention of Denial of Service (DoS)
Technology Controls for improving availability
⮚ Elimination of Single Point of Failure ⮚ Acceptable level of performance
(SPOF)
⮚ SLA’s for correction of interruption ⮚ Build redundancy
⮚ Reliable back-up & restore ⮚ Prevent data loss/ destruction
⮚ Design effective intermediary delivery ⮚ Effectively using access control
system
⮚ Monitoring performance & Network Traffic ⮚ Defense-in depth mechanism

Threats to Availability
⮚ Device Failure ⮚ Software Errors
⮚ Environmental Issues (heat, flooding, ⮚ DoS attacks
power loss)
⮚ Object Destruction ⮚ Communication interruption

89
 Primary Goals of Security : IAAAA
The Second Principle

DAC - Discretionary Access Control : MAC - Mandatory Access Control : RBAC - Role Based Access Control
90
 Security Tactics
Issue Tactic

A hacker may gain access to confidential data such as credit Encrypt data in DB
card number, password stored in DB
Firewall

A hacker may snoop on messages (intercept messages) Encrypt messages

flowing in the internet

Malicious people may Forge electronic documents Digital signature

Malicious people may create websites that look like original Digital certificate
websites to gather your user id & password

CONFIDENTIAL - RESTRICTED CIRCULATION 91

Difference between Digital Signature and
Digital Certificate

A digital signature is a mechanism that is used to verify the

authenticity of a document or a message

A digital certificate is a certificate issued by a trusted third party

called a Certificate Authority (CA) to verify the identity of the
certificate holder.

Video: Story of Digital signature & Public Key Infrastructure

https://www.youtube.com/watch?v=G7hs-3R86M0

CONFIDENTIAL - RESTRICTED CIRCULATION 92

Complete Security Tactics

CONFIDENTIAL - RESTRICTED CIRCULATION 93

 EXCERCISES
CONFIDENTIAL - RESTRICTED CIRCULATION 94
 Exercise - RTO
Regional Transport Office (RTO) gave a project to Tata Infotech to develop a software to manage
the service they provide to citizens, namely issue of driving license and registration of vehicles.

The requirement consisted of functional requirements such as application for license, recording
results of test, etc. and a few reports.

As the project entered the design stage, new requirements started coming in. These consisted of
many more reports. They also said that they may require more reports in the future.

What tactic should be adopted in this scenario?

A module for generating ad-hoc reports which can generate a report based on specification
provided by the user, can address most of the reports. Some examples of report generation
tools are Ubiq, Zoho Analytics, BIRT, etc.

CONFIDENTIAL - RESTRICTED CIRCULATION 95

Exercise – Airline Royalty Module

An airline is building a comprehensive flight information & reservation system. It has several
modules such as Flight planning, Flight schedules, Pricing, Reservations, Departure control,
Analytics, etc.

As the airline industry is very competitive, the airline foresees many new requirements such
as Loyalty card, etc. to come up in the future. The new modules to be built in the future would
most probably be dependent on existing modules. For example, the Loyalty module will have
to calculate Loyalty points based on flights undertaken by the customer, which is an output of
Departure control module.

What architecture approach should be take to address this?

Since new modules would require information from other modules, it is good idea to have a
common database which can be accessed by all modules. If information is needed in real-
time, one can adopt a Publish-Subscribe approach where all important events taking place in
different modules are identified and published to interested subscribing modules

CONFIDENTIAL - RESTRICTED CIRCULATION 96

Exercise: Identify one dominant quality attribute
(QA) of systems given below

System Dominant Quality attribute to be addressed

IRCTC Availability, Performance

YouTube Performance

FlipKart.com Availability, Performance, Usability

OnlineSBI.com Security

Uber Usability

CONFIDENTIAL - RESTRICTED CIRCULATION 97

Exercise: Identify a tactic to address the Quality Attribute

System Dominant Quality Tactics

attribute to be
addressed
IRCTC Availability, Performance Multiple servers

YouTube Performance Content Delivery Network (data replication)

Flipkart.com Availability, Performance, Easy to search and buy (navigation)

Usability

OnlineSBI.com Security Encryption of sensitive data in DB,

Digital certificate
Uber Usability Easy to book a cab and cancel

CONFIDENTIAL - RESTRICTED CIRCULATION 98

Exercise: What tactics can be used to address these
Quality attributes?
Quality attribute Systems that have the Tactics
quality attribute

Modifiability Online SBI Modularity, simple architecture that is easy to

understand

Security Police intelligence Encryption

systems

Interoperability MakeMyTrip.com, ReST API

Income Tax system,

Monitorability DBMS, Networking Tool to monitor disk space, change

system, distribution, de-fragmentation

Portability DBMS OS independent design, layer to translate

requests to OS

CONFIDENTIAL - RESTRICTED CIRCULATION 99

Understanding Quality Attributes (youtube.com)

Software Quality Attributes (youtube.com)

CONFIDENTIAL - RESTRICTED CIRCULATION 100