Aug 20

Overview on .Net Solution Architecture #20

Just an overview (Will be updated …).

  • Microsoft Solution Framework is a combination/mix of both Waterfall model and Spiral model. It includes waterfall models milestone based planning and resulting predictability with the spiral model’s benefits of feedback and creativity
  • Roles in the MSF Team Model:
    • Product Management (Deals with customers, collects customer requirements, ensures requirements are met, plans project communications, and performs related duties)
    • Project Management: Develop processes and deliver solutions
    • Development: Develop the solution
    • Testing:
    • Release Management: Responsible for deployment
    • User Experience: Analyzes performance needs, supports issues of the users
    • Project Sponsor:
    • Customer
    • End user
    • Operations
  • Gathering Information: Information Categories: Business, Application, Operations, Technology
  • Information Gathering Techniques: Shadowing (Observe the operation, ask questions (how do interruptions affect users?) and collect information), Interviewing, Focus Groups, Surveys, User instruction, Prototyping
  • Sources of information:Artifacts (like documents), Systems (set of processes performing an action), People (responsible for different project related tasks)
  • Analyzing Information Step: Analyze collected information and create use cases and use case diagrams. Use cases and use scenarios will identify the total/complete system clearly, all processes involved in the system, identify gaps in the information collection, establish connections between business needs and user requirements. Collecting information and Analyzing can be iterative processes
  • A use case diagram will contain information like: Requirement ID, Requirement description, Priority, Data Source, current functionalities, questions from this item.
  • Several other documents may be created such as: Actors Catalog (For each responsibilities in the system list the actor’s/responsible employee’s name, and source of information), Business Rules Catalog (may include short title, description of the rule, source of the business rule, reference to the corresponding use case diagram, functionalities related to the business rule)
  • UML notations may be used to create the diagrams
  • Envisioning Phase: The team, the customer, and the sponsor define the high level business requirements and overall goals of a project. Identify what the project involves, what the customers want to achieve with the project, what is the business need, what must be developed to solve/address the business needs. Make all involved people aware of the project goals and requirements clearly. Form project team
  • Output from the Envisioning Phase: Vision/Scope document, Project structure document, Risk assessment document, list of testable features, preliminary requirements and architecture, a GUI storyboard.
  • Vision/Scope Document: Problem Statement, Vision Statement, User profiles, Scope of the project, Solution concept, Project Goals (both business and design), Critical success factors, Initial schedule
  • Project Structure Document: components of the project structure (team and structure, project estimates, project schedules)
  • Contents of the project structure document: Team and customer roles and responsibilities, communication decisions, Logistical decisions, Change management decisions, Progress assessment decisions
  • Next three steps: Conceptual Design->Logical Design->Physical Design
  • Conceptual Design: Define the problem from the perspective of the user and the business/usage scenarios
  • Logical Design: Define the problem from the perspective of the project team/cooperative services
  • Physical: Define the problem from the perspective of the developers
  • Goals of Conceptual Design: Understand the business problem to be solved, requirements of the business, and target future state of the business.
  • Steps in Conceptual Design: Research, Analysis, Optimization
  • Build Conceptual Design: analyze information, Restate requirements, categorize requirements, refine use case diagrams, select an application architecture (client/server, layered, Stateless, Cache, Layered-client-cache-stateless-cash-server),
  • Logical Design: List candidate tools and technologies, identify business objects and services, identify important attributes and key relationships, optimize logical design (refine, validate)
  • Outputs of Logical Design: logical object model, high level user interface design, logical data model
  • logical object model – identify all the relevant objects/entities [will be pretty similar to identifying entities to create data model and E-R Diagram]
  • In logical design, identifying services are also important
  • Physical Design: Defines the parts of the solution, how they will be developed, how the interaction will happen.
  • Physical Design: Components, User Interfaces, and Physical Database. Scope: Coding, deployment
  • At the end of logical design UML diagrams such as Class Diagram, Sequence Diagrams, Activity diagrams, Component diagrams are available. In physical design refinements of these diagrams occur.
  • Physical Design: Define programming model, Specify component interfaces and interactions, Design Physical UI Model, Design Physical Database model
  • Designing the Presentation Layer: Functions of the User Interface Components: Acquire data from users, capture events from the users, restrict the types of input a user can enter, perform data entry validation, perform simple mapping and transformation of the user provided information, perform formatting of values
  • Well designed interface: Intuitive design, Optimum screen space utilization, appearance, easy of navigation, controlled navigation, populating default value, input validation, menus, toolbars and help, efficient event handling
  • Designing the Presentation Layer: Create an initial user interface either by hand or using Visual Basic forms, provide user assistance, use tooltips if appropriate, display status, use wizards if appropriate, provide accessibility aids for disabled people
  • Types of user interfaces: Windows based, web-based, mobile device based, documentation based
  • Design Data Layer: Typically database objects are modeled in an entity-relationship diagram.
  • Data Model Types: Flat file, Hierarchical, Relational, Object oriented
  • Optimize data access: Minimize roundtrip requests, minimize returned resultset size, reduce concurrency, find the tradeoffs between managing data on the client or on the server
  • Optimize the database: Index data (clustered, non-clustered), Partition data (why and how vertical and horizontal partitioning), Normalize data
  • Sometimes Denormalization of database tables is also required for better performance.
  • Implement data validation: Check for Data Integrity (Domain, Entity, Referential), Validate Data (Range check, Data format, data type check)
  • Think about client side/server side data check. Many times both are required for optimum performance and integrity.
  • Design Security Specifications: Common Types of Security Vulnerabilities: Weak passwords, Misconfigured software, Social engineering, Internet connections (through unsecured ports, if firewalls are not configured appropriately), Unencrypted data transfer, Buffer overrun, SQL Injection, Secrets in code.
  • Principles for creating Security Strategies: Rely on tested and proven security systems than creating your own, use your own only after expert auditing and reviewed by security organizations, never trust external input, Assume that external systems are not secure, use principle of least privilege, reduce components and data availability, default to a secure mode, follow STRIDE (spoofing identity, tampering, repudiation, information disclosure, denial of service, and elevation of privilege) principles
  • How to create a security model: Arrange for a brainstorming meeting, list all possible threats, apply the STRIDE security categories, conduct research, rank the risk of each threat
  • Security mitigation techniques: Authentication and authorization, Secure communication, Quality of Service, Throttling, Auditing, filtering, least privilege
  • STRIDE mitigation techniques: Authentication, protect secrets, audit trails, do not store secrets, privacy protocols, authorization, hashes, digital signatures, time stamps, filtering, throttling, quality of service, run with least privilege
  • .Net security features: type safety verification, code signing (Ensure authenticity, ensure integrity) – digital certificates and signatures, code access security, role based security (make use of windows users and permissions) , saving data in isolated storage
  • ASP.net authentication: Forms authentication, Passport authentication, Windows authentication
  • Web-services security: transport level, application level, message level

From: http://sitestree.com/?p=4916
Categories:20
Tags:
Post Data:2009-07-17 16:41:21

    Shop Online: <a href='https://www.ShopForSoul.com/' target='new' rel="noopener">https://www.ShopForSoul.com/</a>
    (Big Data, Cloud, Security, Machine Learning): Courses: <a href='http://Training.SitesTree.com' target='new' rel="noopener"> http://Training.SitesTree.com</a> 
    In Bengali: <a href='http://Bangla.SaLearningSchool.com' target='new' rel="noopener">http://Bangla.SaLearningSchool.com</a>
    <a href='http://SitesTree.com' target='new' rel="noopener">http://SitesTree.com</a>
    8112223 Canada Inc./JustEtc: <a href='http://JustEtc.net' target='new' rel="noopener">http://JustEtc.net (Software/Web/Mobile/Big-Data/Machine Learning) </a>
    Shop Online: <a href='https://www.ShopForSoul.com'> https://www.ShopForSoul.com/</a>
    Medium: <a href='https://medium.com/@SayedAhmedCanada' target='new' rel="noopener"> https://medium.com/@SayedAhmedCanada </a>