enterprise architecture & it standards

1 w w w . c s I n t e r a c t i v e T r a i n i n g . c o m www.csInteractiveTraining.com

Architecture Standards

Presented by Louw Labuschagne

2 w w w . c s I n t e r a c t i v e T r a i n i n g . c o m

Introduction

EA as Strategy

COBIT

GERAM Zachman Framework

TOGAF

ADM

ISO/IEC 38500

ArchiMateArchitectur

e Capability

SOA

SOCCI

ISO/IEC 42010

Open Enterprise Security

Architecture


Forrester: Empowered Business Technology

• CIOs will have more time and energy managing things like risk, vendors and innovation.

Chief maintenance officer: 25%

Chief vendor manager: 20%

Chief enterprise architect: 20%

Chief risk officer: 15%

Chief innovation officer: 15%

Chief demand officer: 5%

Chief maintenance officer: 60%

Chief vendor manager: 10%

Chief enterprise architect: 10%

Chief risk officer: 10%

Chief innovation officer: 5%

Chief demand officer: 5%

Em

pow

ered

Bus

ine

ss

Tech

nolo

gy

CIO

sC

urrent CIO

s

The breakdown of current and just-beyond-the-horizon CIO duties

Source: Forrester Research, July 2011Accessed: Jamie Eckle On: 13 Oct 2011 For: Computerworld

Forrester Research figures that CIOs currently spend 60% of their time as "chief maintenance officers"

Business units are more involved in deciding what their technology needs are and how to achieve them.


Gartner: Emergent Architecture

1. Decentralise decision-making to enable innovation.

2. Architects recognise the broader business ecosystem and devolve control to constituents.

3. Enterprise architects define a minimal set of rules and enable choice.

4. Goal-oriented, not just corporate goals but also each constituent acting in their own best interests.

5. EA must increasingly coordinate actors that are influenced by local interactions and limited information

6. The system (the individual actors as well as the environment) changes over time. EA must design emergent systems that sense and respond to changes in their environment.

7. The scarcity of resources drives emergence.

New "emergent architecture” is necessary to respond to the growingcomplexity in markets, economies, networks and companies.


KPMG: Integrated Reporting

• Integrated Reporting is intended to improve communication

between companies and capital markets

• Provide financial and non-financial information of a company’s

strategy, performance and governance in its business and social

context, in a way that highlights the interdependencies of the

information

• Organisations would need to explain their business model

- KPMG Integrated Reporting publication,

Issue 1, 2011, KPMG

An Integrated Report provide information of a company in a way that highlights the interdependencies of the information.


My Definition of Enterprise Architecture

"If you get really honest and search all of history, seven thousand

years of known history of humankind, to find how humanity has

learned to cope with two things, complexity and change… there is

one game in town, ARCHITECTURE.” John Zachman

ISO/IEC 42010:2007 defines “architecture” as:

“The fundamental organization of a system, embodied in its components, their

relationships to each other and the environment, and the principles governing its

design and evolution.”


ISO/IEC 42010:2007 defines “architecture” as:

“The fundamental organization of a system, embodied in its components, their

relationships to each other and the environment, and the principles governing its

design and evolution.”

My Definition of Enterprise Architecture

"If you get really honest and search all of history, seven thousand

years of known history of humankind, to find how humanity has

learned to cope with two things, complexity and change… there is

one game in town, ARCHITECTURE.”

Enterprise Architecture is the continuous practice of

describing the essential elements of a socio-technical

organisation, their relationships to each other and to

the environment, in order to understand complexity

and manage change.- Enterprise Architecture Research Forum (EARF)


Conceptual Model Of Architectural Description

• defining standard terms, • presenting a conceptual foundation for expressing, communicating and

reviewing architectures • and specifying requirements that apply to

o architecture descriptions, o architecture frameworks and o architecture description languages.

ISO/IEC/IEEE 42010 aims to standardise the practice of architecture description by


Enterprise Architecture Frameworks

AAF Automotive Architecture Framework

BCA Business Capability Architecture

BEAM Business Enterprise Architecure Modeling

BPEAM iteratec best-practice enterprise architecture management (EAM) method

CEA CEA Framework: A Service Oriented Enterprise Architecture Framework (SOEAF)

CIAF Capgemini Integrated Architecture Framework

DoDAF US Department of Defense Architecture Framework

DRA1 Dragon1

E2AF Extended Enterprise Architecture Framework

EXAF Extreme Architecture Framework

FEAF US Federal Enterprise Architecture Framework

FFLV+GODS Functions-Flows-Layers-Views + Governance-Operations-Development-Support

FSAM Federal Segment Architecture Methodology (FSAM)

GEAF Gartner's Enterprise Architecture Framework

HEAF Health Enterprise Architecture Framework

ICODE iCode Security Architecture Framework

IFW IBM Information FrameWork (IFW)

4+1 Kruchten's 4+1 view model

MODAF (UK) Ministry of Defence Architecture Framework

NAF NATO C3 Systems Architecture Framework

NIST-EAM NIST Enterprise Architecture Model

PEAF Pragmatic Enterprise Architecture Framework

PPOOA Processes Pipelines in Object Oriented Architectures

SABSA Sherwood Applied Business Security Architecture

TEAF (US) Treasury Enterprise Architecture Framework

TOGAF The Open Group Architecture Framework

xAF Extensible Architecture Framework

ZF Zachman Framework

IADS IBM Architecture Description Standard

IAF Index Architecture Framework

1 0 w w w . c s I n t e r a c t i v e T r a i n i n g . c o m

IFIP-IFAC Task Force, 1999)

ISO 15704 Requirements for enterprise-reference architectures and methodologies

GERAIdentifies concepts of enterprise integration

EEMDescribe process of

enterprise engineering

EMLsProvide modelling

constructs for modelling enterprise concepts

EETsSupport enterprise

engineering

GEMCsDefine the meaning of enterprise modelling

constructs

PEMsProvide reusable

reference models and designs of enterprise

concepts

EMsEnterprise designs, and

models to support analysis and operation

EMOsProvide implementable

modules (human, process & technology)

EOSSupport the operation of the particular enterprise

employ utilise

Implemented in

support

Used to build

Used to implement

(Particular) Enterprise

Operational Systems

Generic Enterprise Reference

Architecture

Enterprise Engineering Methodology

Enterprise Modelling

Languages

Partial Enterprise

Models

Generic Enterprise Modelling Concepts

Enterprise Modules


Models

Enterprise Engineering

Tools


IFIP-IFAC Task Force, 1999)


GERAIdentifies concepts of enterprise integration

EEMDescribe process of

enterprise engineering

EMLsProvide modelling

constructs for modelling enterprise concepts

EETsSupport enterprise

engineering

GEMCsDefine the meaning of enterprise modelling

constructs

PEMsProvide reusable reference

models and designs of enterprise concepts

EMsEnterprise designs, and

models to support analysis and operationEMOs

Provide implementable modules (human,

process & technology)EOS

Support the operation of the particular enterprise

employs utilise

Implemented in

support

Used to build

Used to implement


Operational Systems

Human Concepts

Technology

Concepts

Process Concepts

Generic Enterprise Reference

Architecture

Enterprise Engineering Methodology

Enterprise Modelling

Languages

Partial Enterprise

Models

Generic Enterprise Modelling Concepts

Enterprise Modules


Models

Enterprise Engineering

ToolsStrategic

Management Entity

(Type 1)

Construction Entity

(Type 2)

Engineering Entity

(Type 2)

Enterprise Product (Type 4)

Manufacturing Entity (Type 3)

Methodology Entity

(Type 5)


Relationships between GERA Entity Types

Manufacturing Entity (Type 3) is the result of the operation of Entity Type 2. It uses the operational system provided by Entity Type 2 to define, design, implement and build the products and customer services of the enterprise (Entity Type 4).

Strategic Management Entity (Type 1) defines the necessity and the starting of any enterprise engineering / integration effort.

Construction Entity (Type 2) provides the means to carry out the enterprise engineering efforts defined by enterprise Entity Type 1.

Engineering Entity (Type 2) provides the means to carry out the enterprise engineering efforts defined by enterprise Entity Type 1.

Enterprise Product (Type 4) is the result of the operation of Entity Type 3. It represents all products and customer services of the enterprise.

Methodology Entity (Type 5) is employed by the Engineering, Construction and Manufacturing entity (Entity Type 3) to define, design, implement and build.

Product: Enterprise Design Product: Enterprise

Installation

Product: Enterprise Concept



• its initial concept in the eyes of the entrepreneurs who

initially developed it,

• through its definition,

• functional design or specification,

• detailed design,

• physical implementation or construction,

• and finally operation

• to obsolescence.

Generalised Enterprise Reference Architecture and Methodology (GERAM) is an enterprise-reference architecture that models the whole life history of an enterprise integration project from

Identification

Concept

Requirements

Preliminary Design

Detailed Design

Implementation

Operation

Decommission

Entit

y Li

fe-c

ycle

Pha

ses


The Open Group Architecture Framework (TOGAF) aligned with other management frameworks• The Architecture Development Method (ADM) is an iterative

approach to planning, designing, realising, and governing the architecture.

ISO 38500:2008

ISO 21500:2012

ISO/IEC 15504 (SPICE)

ISO/IEC 20000: 2005 Identification

Concept

Requirements

Preliminary Design

Detailed Design

Implementation

Operation

Decommission

1 5 w w w . c s I n t e r a c t i v e T r a i n i n g . c o mProject Management

Companywide IT Governance

IT Engagement Model

• Based on the model defined in Enterprise Architecture as Strategy (Ross, Weill & Robertson)

Company strategy & operations

Project planSolution

Architecture

Enterprise architecture

Alignment

Co

ord

inat

ion

Business Linkage• Business sponsors for projects• Regular project reviews by

company level office• Process owners• Incentives tied to company goals

Architecture Linkage• Architect on projects• Project funding based on

Architecture compliance• Architect training

Pro

ject

L

evel

Co

mp

any

Lev

el

ITBusiness

Alignment Linkage• Project Management Office• Business – IT relationship

managers• Project manager training


SOA, Security & Risk Architecture Styles• Open Enterprise Security Architecture (O-ESA) Guide

• Reference resource for practicing security architects and designers• ISO/IEC 27001/2 standard

• ISO/IEC 16680:2012 is The Open Group Service Integration Maturity Model (OSIMM)

• It specifies a model against which the degree of service integration maturity of an organization can be assessed, and

• a process for assessing the current and desired degree of service integration maturity of an organization, using the model.

• The Open Group Technical Standard: FAIR – ISO/IEC 27005 Cookbook

• The Factor Analysis for Information Risk (FAIR) is complementary to other risk assessment models/frameworks, including COSO, ITIL, ISO/IEC 27002, COBIT, OCTAVE, etc.

• It provides an engine that can be used in other risk models to improve the quality of the risk assessment results


Business owners need to realise that their

enterprise architecture design is a reflection of their

business even if it is not intentional. If you don’t

care about your enterprise architecture then your

design is telling people that you don’t care about

your business.

— MARCO SUAREZ (SLIGHTLY ADAPTED)