Saturday, April 13, 2002
- A short PowerPoint presentation on using the Software Architecture Analysis Method as a simple, scenario-based review technique, and a related, 80-page PDF document titled Software Design Reviews Using Software Architecture Analysis Method: A Case Study.
- 5-page PDF document titled Economic Modeling of Software Architectures
- 17-page PDF presentation titled Evaluating the Performance of Software Architectures
- 8-page PDF document titled Assessing Optimal Software Architecture Maintainability
- 28-page PDF document titled Analyzing Software Architectures for Modifiability
Friday, April 12, 2002
The authors provide an in-depth treatment of three methods for evaluating software architectures, all of which were developed at the Software Engineering Institute with involvement by the authors. The methods examined are:
- ATAM (Architecture Tradeoff Analysis Method)
- SAAM (Software Architecture Analysis Method)
- ARID (Active Reviews for Intermediate Designs)
What makes this book so valuable is the fact that you can learn much about developing software architectures from the criteria with which they are evaluated. For example, the discussion on quality attributes is eye-opening because what architects consider to be well formed quality attributes are usually too vague to properly evaluate, resulting in ill defined architectures in the first place. Knowing how to evaluate the architecture will provide the keys for defining a solid architecture. More important is the way the authors define the outputs of the architecture evaluation, which gives the practicing architect a framework for design that fully meets the evaluation criteria. The net result is that a defined architecture will unambiguously communicate the design to the development team, as well as to the QA team.
I especially like the business oriented approach that addresses the costs and benefits of evaluation, the three approaches from which to choose that best meets technical and business goals, and the case studies that support each of the approaches. Another strong point about this book is architecture is also evaluated with production in mind. Too many books only consider architecture from the development point of view, or in rare cases, from development and QA points of view. The evaluation techniques in this book extend to support and maintenance. The authors make selection of the best technique easy by comparing them in Chapter 9, and provide an approach to implement evaluations in Chapter 10.
If you're an architect I also recommend augmenting the excellent material in this book with Design and Use of Software Architectures by Jan Bosch , which gives an alternate method to ATAM that is more complete in many respects. Even if you espouse Bosch's approach, however, the approach and techniques given in Evaluating Software Architectures: Methods and Case Studies are complementary. I personally recommend both books and assign equal value to them.
- SEI's ATAM page
- SEI's SAAM page
- SEI's ARID page
- Jan Bosch's page (see articles and book page for additional documents and information about Design and Use of Software Architectures.)
- Cost Control through Asset Management
- GartnerGroup's View of ITIL (we've discussed the ITIL in previous entries)
- IT Value Can be Determined
- British Standard for IT Service Management
Thursday, April 11, 2002
The demise of Hailstorm (however temporary while they're engaged in rethinking in Redmond) caused me to do some thinking about e-commerce risks. The fruits of my research into some of the top issues yielded the following documents:
- Electronic Systems Assurance and Control Model (eSAC)
- Electronic Commerce Risks and Controls
- eBusiness Risks and Controls
As expected, the book starts with a discussion of function points, its evolution as a methodology, and how it has evolved as a means of measuring a full spectrum of attributes, such as quality, productivity, time and effort. In addition to generic attribute metrics this book shows how function points can be applied to earned value project management, developing a balanced scorecard that views the enterprise holisitcally, business and e-commerce metrics and evaluations and benchmarking.
Parts that I especially like include:
- The complete data collection, analysis and action process that is embodied in the book. This can be used in any setting, such as the Constructive Cost Model (CoCoMo), as well as FP.
- IT work units, which are applicable to production services and support. This dispells the notion that function points are only useful for software estimating. This is also augmented by a later section in the book that addresses IT and business measures that is sure to change the way you approach measuring the overall value of IT.
- Demonstrated use of function points as a viable project estimating technique that extends to projects other than software development.
- Clearly written explanation of statistical process controls.
Traffic Engineering. Network traffic engineering is a science that can be applied to not only circuit capacity, but any activity or process where queuing is involved. This includes help desk staffing and similar uses. The basics are explained in Traffic Engineering, which is an outstanding 29-page overview that starts gently and goes into the details. If you are currently struggling with capacity planning for Voice over IP, the VOIP calculator, which is an Excel application, will help you arrive at capacity plans that are traced to quantitative analysis instead of the usual method (throwing money at the problem). You'll also want to read our previous entries that cover capacity planning, as well as the PowerPoint presentation about measurement capability.
Processes. Much of what I cover in this weblog is about software engineering. The MS Word document titled Integrating Iterative Processes examines life cycle approaches and is something every architect, project management and software engineer will find interesting.
Systems Integration. If you are faced with an enterprise integration project you'll undoubtably be using XML (if not now, you can be sure that you will be in the future). Connecting E-Commerce to XML is a good starting point for understanding the issues.
An excellent book on the topic is XML, Web Services, and the Data Revolution. In many respects this book extends David Linthicum's B2B Application Integration by focusing solely on the data aspects, and explaining the web services approach that has matured after Mr. Linthicum's book was published.
This book defines the tools, cuts through the hype and sorts out the pieces needed to design and deploy enterprise-wide solutions. What makes it particularly valuable is that it doesn't side with the two major factions espousing web services - the Microsoft .NET and Sun-sponsored J2EE approaches are presented without bias (refreshing in itself considering the hype and industry posturing). The same objective treatment of approaches by IBM, BEA, HP Oracle is given, which ensures that you have ample insights into the available approaches to developing web services. Of course, SOAP, the XML-family of protocols, and UDDI are also covered in depth using clear writing and excellent illustrations.
What I particularly like about this book are:
- The way Chapter 1, Extending the Enterprise, presents a coherent picture of the complexities of web services and enterprise integration. This is done in less than 30 pages and packs an amazing amount of information into those pages.
- Chapters 3 (XML in Practice), 4 (SOAP) and 5 (Web Services) drill down into the guts and sort out the complexities - especially the discussion of web services, which doesn't [yet] seem to have a standard definition.
- Chapter 7's discussion of XML security, which is a nice and needed touch that rounds out the information provided in the book.
Did Microsoft acquire Yahoo while nobody was looking? Yahoo apparently wants to compete with Microsoft through the use of a mechanism called a Web Beacon. This piece of code will track your activities long after you've departed Yahoo sites and services. See their explanation (at least they've disclosed the existence of web beacons). Also note that about halfway down the page in the body text there is a way to opt out (see Please click here to opt-out.). If you don't want to be stalked you may want to do just that. Just don't click the button marked Cancel Opt-Out at the bottom of the window, else you'll be back where you started: stalked.
Wednesday, April 10, 2002
Tuesday, April 09, 2002
I've collected a number of documents by these lesser known, but equally important, practitioners and wish to share them:
- Business Case for Software Performance Engineering
- Information Requirements for Software Performance Engineering
- Performance and Scalability for Distributed Software
- Building Responsive and Scalable Web Applications
- Tutorial: Designing High Performance Distributed Applications
- Performance Assessment of Software Architectures
- Software Performance Anti-Patterns
- Performance Modeling Interchange Format
- Performance Evaluation of Software Architectures
Monday, April 08, 2002
[W]hile the performance and scalability techniques presented in this book don't approach those embodied in books by Daniel A. Menasce and Virgilio A. F. Almeida, or Raj Jain, they are more than sufficient for software engineers and architects ... The value of this book is that it does make scalability and performance techniques accessible to most developers, even those who are math-challenged (and there are quite a few of them out there)...Who are Menasce, Almeida and Jain? They are among the foremost experts on capacity planning and performance/scalability. Raj Jain is probably the father of performance analysis. His seminal The Art of Computer Systems Performance Analysis Techniques for Experimental Design, Measurement, Simulation, and Modeling is one of the most comprehensive books on the subject. It's also not easy to read unless you have up-to-date math skills. I use MathCad to work through examples in this and other books, making learning much easier. Mr. Jain also coauthored Practical Performance Analyst with Neil J. Gunther - I have this book, but got it in the same timeframe that I discovered the body of work by Daniel A. Menasce and Virgilio A. F. Almeida. These two writers have taken the foundation laid by Raj Jain and have built upon it through a series of excellent books. While their work does not supersede Jain's first book, it does keep it alive in spirit and currency. The books they published, in chronological order, are:
- Capacity Planning and Performance Modeling: From Mainframes to Client-Server Systems (still valuable despite its age)
- Capacity Planning for Web Performance: Metrics, Models, and Methods (I frequently refer to this one)
- Scaling for E-Business: Technologies, Models, Performance, and Capacity Planning (my favorite among their books to date)
- Capacity Planning for Web Services: Metrics, Models, and Methods (their latest work and topical given the activity in web services)
Sunday, April 07, 2002
What's New. Since we are so busy I want to rekindle the thread that Mike is still working about processes and strategy. A PowerPoint presentation on Information Systems Strategy provides excellent information and a structured approach to developing a strategy. The strategy is the root of policies, processes and procedures, and it also ties nicely into Mike's and my entries about the Tarrani-Zarate Model that we're discussing in Postcards from the Revolution. A related document is Models of Quality, which covers the Goal-Question-Metric approach (among others).
Because we are working on a proposed solution that addresses development of a collaborative computing environment, I want to share one of our source documents we're using that discusses the key issues of web engineering. This document is not the same approach as set forth in Nick Flor's excellent book, Web Business Engineering (see Mike's and my reviews dated 16 and 14 September 2001, respectively). Where the book is focused on a business approach, the PowerPoint presentation I'm sharing is more technical in nature.
I want to wrap up with two documents about service management. We usually focus on that subject in Postcards from the Revolution, but many readers here do not read our sister weblog and the topic is too important to our profession. The documents are:
- IT Service Management Whitepaper - this document is brief and covers all of the important points.
- IT Service Management in eGovernment, which is focused on the IT Service Management Forum's approach, and documents successes achieved by the Government of Ontario. Although the theme is eGovernment, the information applies to commercial organizations as well.
My candle burns at both ends;Indeed, there are movements afoot and intrigue in the industry:
It will not last the night;
But, ah, my foes, and oh, my friends;
It gives a lovely light
- Special report titled, Liunx in the Limelight shows the growing popularity of Linux, which is [in my opinion] fueled by the ongoing security issues with MS products
- Apple and Linux in pincer movement on PC market?. Apple? The worm turns (yes, that was a pun of sorts).
- In Windows to Linux Application Migration we find an exit strategy and means to break the bonds of mediocrity.
Late entry by Mike Tarrani - there is lag between the time these entries are written, and when one of us reviews and releases them. This is one case in which I have an additional item to add to what Kate has reported above.
I'll keep this editorial remark in the same spirit as Kate's report by quoting from Edna St. Vincent Millay's Second Fig, which is unerringly appropriate:
Safe upon the solid rock the ugly houses stand
Come and see my shining palace built upon the sand
Yes, the security and reliability traits of certain products do appear to be palaces built upon the less-than-solid foundation of sand. The special report titled, IBM's Return to Dominance shows that systems built upon the solid foundation of reliability, availability and supportability - and security - bodes well for consumers.
What makes this book so important is that the authors provide an analysis of the major problems with all software, and give a collection of techniques with which to address the recurring problems, such as buffer overflows, access control exposures, randomness flaws and other security-related defects. They do not attempt to provide specific solutions. Instead they raise an awareness of the common problems, discuss the underlying causes, and give a framework with which developers can use as the basis for developing secure software.
Key points of this book that I found especially useful include:
- Even treatment of commercial and open source software. I found this refreshing because there are two camps, Microsoft developers and open source advocates, each of which criticize the other. Yes, Microsoft has a bad reputation for security, but the open source faction has its own challenges, and the authors show the strengths and weaknesses of each in an objective manner.
- Surprises, such as documented cases of peer reviews that failed. I am an advocate of this technique, yet a case where a flawed, two-line piece of code that was extensively reviewed by literally thousands of reviewers and readers of a technical publication slipped by without notice for a long time.
- The ten guiding principles for software security encapsulate the essence of building secure software. This list and the discussion of each principle should be required reading for every architect, developed and QA engineer. Chapter 1 (Introduction to Software Security) and Chapter 6 (Auditing Software) give a framework for security and a methodical approach to quality assurance. These, in my opinion, are the heart of the book.
The authors have imparted the sum of their extensive experience in this book. It's up to you to take that experience and apply it. The book's accompanying website adds further value.
Subscribe to Posts [Atom]