Architecture Review Board (ARB) - Information Technology · 2016-08-03 · Architecture Review...
Transcript of Architecture Review Board (ARB) - Information Technology · 2016-08-03 · Architecture Review...
-
uOttawa.ca
Architecture Review Board (ARB)
-
Presentation Outline
• ARB – Goals
• ARB – Big Picture
• ARB – Membership
• ARB – 3 Steps
– Gate 1: Initiation
– Gate 2: Solution Review
– Gate 3: Architecture Review
uOttawa.ca
http:uOttawa.ca
-
ARB - Goals
• Support Client Objectives – Identifying opportunities for reuse early
– Identifying risks early
– Opening new communication channels among stakeholders
• Support EA Objectives – Alignment of IT project to EA principles, strategies and
roadmaps
• Support IT Objectives – Cooperation: work with each other, with our clients, and
our partners
– Efficiency: to streamline the technology architecture review process
– Quality: to ensure the technology architecture reflects our joint commitment to quality
uOttawa.ca
http:uOttawa.ca
-
ARB – Big Picture
uOttawa.ca
http:uOttawa.ca
-
ARB - Membership
uOttawa.ca
-
ARB – 3 Steps
• Gate 1: Initiation – Initiation Presentation (Client and IT Manager)
– The ARB will recommend specific solutions and technology directions that the project team will include in their options analysis
• Gate 2: Solution Review – Solution Review Presentation (IT Manager)
– The ARB will make a recommendation based on a fit/gap assessment of the proposed solution against EA principles and target-state roadmaps
• Gate 3: Architecture Review – Architect Review Presentation (IT Manager)
– The ARB will make a recommendation based on security risk assessment, alignment with technology standards, and operational feasibility.
-
Architecture Review Board – Gate Details
INITIATION
-
ARB Initiation Input: 1-Pager Presentation
Item Description
Project Name, Sponsor, Budget Project Details
Timelines / Constraints / Special Considerations Project Context
Current state process, data/information, and Current Situation business application.
Problem or opportunity prompting this project Problems Statement activity - in customer terms
Desired state process, data/information, and Business Case business application
Sole-Source, RFI / RFPApproach Internal
Impacted internal or external clients Key Clients
Expected outcomes or metrics Outcomes
• Student Experience, Research Excellence, Strategic Alignment International, Bilingualism
uOttawa.ca
http:uOttawa.ca
-
ARB Initiation Outcome: Solution Direction
ARB Outcomes Description
• Identify an IT lead for the project ARB Delegate
• Period at which the project is expected to Solution Review Period present at Gate 2 (Solution Review)
• Alternatively, explicitly stating that this requirement is waived.
• Specific solution and technology direction Solution Direction that the project team will include in their
options analysis.
uOttawa.ca
http:uOttawa.ca
-
Architecture Review Board – Gate Details
SOLUTION REVIEW
-
ARB Solution Review Input: High-Level Design Presentation
Solution Description
• Internal and external clients and Key Client Impacts stakeholders
• Data elements and classification Key Data Impacts
• What is the proposed technology solution, Proposed Technology Solution including existing or evolved application
and services.
• How does the proposed architecture Options Analysis compare to other options?
• How are architecturally significant use Use Case Realization cases realized by the solution?
• Describe the architecturally significant Viewpoints viewpoints such as business process,
security, information/data, and technology.
• Any known exceptions to existing Exceptions to Existing Standards standards
*Include opportunities / risks from Architecture Guidance
uOttawa.ca
http:uOttawa.ca
-
ARB Solution Review Outcome: Solution Review
Solution Review
Aspect
Details
Architectural Review
Period
• Period at which the project is expected to present at Gate 3 (Architectural Review)
• Alternatively, explicitly stating that this requirement is waived.
• Alignment to EA Principals EA Fit/Gap • Expected alignment to the target-state with respect to:
Security, SOA, Mobile, Business Intelligence (BI), and
Operational Simplicity
• Applicable TOGAF Checklists EA Architecture Review • Applicable Security Checklists
Criteria • PCI DSS Compliance
(as applicable) • FIPPA Compliance • SOC 2 Type 2
• The ARB will make a recommendation based on a fit/gap Recommendation assessment of the proposed solution against EA principles
and target-state roadmaps.
uOttawa.ca
http:uOttawa.ca
-
Architecture Review Board – Gate Details
ARCHITECTURE REVIEW
-
ARB Architecture Review: Input: Architecture Presentation
Architecture Design Specific Elements
• Internal / External Users • User / Administrative Roles
• Confidentiality, Volume Systems and Data • Integration Patterns (ETL) / Analytics (BI)(SIS, ERP, CRM, Faculty / Service System) • Transmission / Storage Encryption
• Authentication / Federation Security • Authorization / Access Control • Network Zoning
• Web, Mobile User Interface
• Portal Platforms • Document Management / Collaboration • Datacenter / Virtualization • Cloud (IaaS, PaaS, SaaS)
• Integration patterns (i.e. ESB/SOA) Application Integration • Services
• Supported Technology Operationalization • Availability and Monitoring • Resilience and High Availability(RPO,RTO) • Backup / Restore and Disaster Recovery
*Include opportunities / risks from Architecture Guidance uOttawa.ca
http:uOttawa.ca
-
ARB Architecture Review Outcome: Architecture Review
Evaluation
Criteria
Evaluation Details
Security Risk
Assessment
EA Architecture
Review Criteria
• What is the assessment of the proposed architecture from a security perspective.
• Architecture alignment to technology standards operational feasibility requirements
• Identity Provisioning, Authentication, Authorization • Network, Transport encryption, and zoning • Storage, Backup, Recovery • Integration SOA/ESB, ETL
• Update to standards and building blocks as required Standards and
Building Blocks
• Update assets inventory and health as required EA Application
Inventory
• The ARB will make a recommendation based on security risk assessment, Recommendation alignment with technology standards, and operational feasibility.
uOttawa.ca
http:uOttawa.ca
-
Architecture Review Board – Gate Details
ARCHITECTURE GUIDANCE
-
Architecture Guidance Input
Agenda Discussion Points
• Internal / External Users • User / Administrative Roles
• Confidentiality, Volume Systems and Data Options • Integration Patterns (ETL) / Analytics (BI)(SIS, ERP, CRM, Faculty / Service System) • Transmission / Storage Encryption
• Authentication / Federation Security Options • Authorization / Access Control • Network Zoning
• Web, Mobile User Interface Options
• Portal Platforms Options • Document Management / Collaboration • Datacenter / Virtualization • Cloud (IaaS, PaaS, SaaS)
• Integration patterns (i.e. ESB/SOA) Application Integration Options
• Supported Technology Operationalization Options • Availability and Monitoring • Resilience and High Availability(RPO,RTO) • Backup / Restore and Disaster Recovery
uOttawa.ca
http:uOttawa.ca
-
Architecture Guidance Outcome: Guidance
Agenda Discussion Points
• Recommendations that may guide, Architecture Guidance influence, or change the proposed
architecture
• Opportunities to be presented to the ARB Opportunities
• Risks to be included in the presentation to Risks the ARB
uOttawa.ca
http:uOttawa.ca
Structure•ARB –Goals•ARB –Big Picture•ARB –Membership•ARB –3 Steps–Gate 1: Initiation–Gate 2: Solution Review–Gate 3: Architecture Review•Support Client Objectives–Identifying opportunities for reuse early–Identifying risks early–Opening new communication channels among stakeholders•Support EA Objectives–Alignment of IT project to EA principles, strategies and roadmaps •Support IT Objectives–Cooperation: work with each other, with our clients, and our partners–Efficiency: to streamline the technology architecture review process–Quality: to ensure the technology architecture reflects our joint commitment to quality•Gate 1: Initiation–Initiation Presentation (Client and IT Manager)–The ARB will recommend specific solutions and technology directions that the project team will include in their options analysis•Gate 2: Solution Review–Solution Review Presentation (IT Manager)–The ARB will make a recommendation based on a fit/gap assessment of the proposed solution against EA principles and target-state roadmaps•Gate 3: Architecture Review–Architect Review Presentation (IT Manager)–The ARB will make a recommendation based on security risk assessment, alignment with technology standards, and operational feasibility.•Student Experience, Research Excellence, International, Bilingualism•Identify anIT lead for the project•Period at which the project is expected to present atGate 2 (Solution Review)•Alternatively,explicitly stating that this requirement is waived.•Specific solution and technology direction that the project teamwill include in their options analysis.•Internal and external clients and stakeholders•Dataelements and classification•What is the proposed technology solution,including existing or evolved application and services.•How does the proposed architecture compareto other options?•How are architecturallysignificant use cases realized by the solution?•Describe the architecturallysignificant viewpoints such as business process, security, information/data, and technology.•Any known exceptions to existing standards•Period at which the project is expected to present atGate 3 (Architectural Review) •Alternatively,explicitly stating that this requirement is waived.•Alignment to EA Principals•Expected alignmentto the target-state with respect to: Security, SOA, Mobile, Business Intelligence (BI), and Operational Simplicity•ApplicableTOGAF Checklists•ApplicableSecurity Checklists•PCIDSS Compliance•FIPPA Compliance•SOC 2 Type 2•The ARB will make a recommendation based on a fit/gap assessment of the proposed solution against EA principles and target-state roadmaps.•Internal / External•User/Administrative Roles•Confidentiality,Volume•Integration Patterns (ETL)/ Analytics(BI)•Transmission/Storage Encryption•Authentication / Federation•Authorization/Access Control•Network Zoning•Web,Mobile•Portal•DocumentManagement /Collaboration•Datacenter / Virtualization•Cloud (IaaS, PaaS, SaaS)•Integration patterns (i.e. ESB/SOA)•Services•Supported Technology•Availability and Monitoring•Resilience and High Availability(RPO,RTO)•Backup/ Restore and Disaster Recovery•What is the assessment of the proposedarchitecture from a security perspective.•Architecture alignment to technology standards operational feasibility requirements•Identity Provisioning,Authentication, Authorization•Network, Transport encryption, and zoning•Storage, Backup, Recovery•Integration SOA/ESB, ETL•Update to standards and building blocks as required•Updateassets inventory and health as required•The ARB will make a recommendation based on security risk assessment, alignment with technology standards, and operational feasibility.•Internal / External•User/Administrative Roles•Confidentiality,Volume•Integration Patterns (ETL)/ Analytics(BI)•Transmission/Storage Encryption•Authentication / Federation•Authorization/Access Control•Network Zoning•Web,Mobile•Portal•DocumentManagement /Collaboration•Datacenter / Virtualization•Cloud (IaaS, PaaS, SaaS)•Integration patterns (i.e. ESB/SOA)•Supported Technology•Availability and Monitoring•Resilience and High Availability(RPO,RTO)•Backup/ Restore and Disaster Recovery•Recommendationsthat may guide, influence, or change the proposed architecture•Opportunities to be presented to the ARB•Risks to be included in the presentationto the ARB