As time goes by architects are reviewing less custom / "home grown" solutions and looking at commercial off the shelf (COTS), platforms or cloud based solutions. I thought I would share with you a vendor architecture question template that I have used in the past to fast track my understanding.
Keep in mind that this isn't an RFI / RFP type template. It can be used to augment one but isn't the full view, just technology. I try to work with PMO, procurement and others to include this to the RFI / RFP process.For the sake of this post I will assume that's not the case.
I use this template as a first pass with the vendor. It serves as a base understanding so I can then ask my level two and three questions of the vendor. Here is the process in which I use:
- Modify for the solution - Review the template for any modifications. usually there are tweaks that need to be made based on the type of problem or solution that is needed.
- Send to vendor - Send with instructions that it needs to be returned in a timely manner and decisions will be made based on the quality and accuracy of the information.
- Distillation - I use the information to categorize how well the vendor's technology:
- Aligns the companies policies and standards
- If they are instantly disqualified for some reason
- If it meets the non-functionals / quality attributes of the requested solution
- Compile additional questions - The vendor solutions that make it will most certainly have additional questions that will be needed to be answered. Compile the extended questions and send to the vendor.
- Deep dive workshop - I like to do a deep dive workshop with the vendor so they can expand on their responses and provide a forum for EA to probe more into the solution.
|
Architecture Domain |
Question |
Response |
|
General |
What architecture style used to build this application? (ex: Cloud, SOA, SaaS, N-Tier, client server, etc.) |
|
|
Is there a separation of concerns in the architecture to the effect that solution components have very specific bounds and are applied at the right layers? |
||
|
What documentation can be provided?(Ex: ERD application API’s, UML diagrams of objects, business process models) |
||
|
Does the solution support internationalization and localization? |
||
|
Define the solution roadmap with product version cycles, expected point and major releases of the current version. |
||
|
Is there usage of proprietary technologies? |
||
|
Application / Logical |
In what languages is the application built? This includes business logic and presentation tiers. |
|
|
Has the application been ported into other languages? |
||
|
Are there a blend of multiple languages and/or versions of languages in you solution? |
||
|
Is there a mixture of language interpreters? |
||
|
Is the application customizable? If the application is customizable, what methods, languages and tools are needed to customize? Are these tools bundled in the solution? |
||
|
Is the source code provided with the solution? |
||
|
Are there “out of the box adapters”, plug-ins or accelerators provided as productized and supported by the vendor? |
||
|
Is there a cloud based offering? If so, what service models (IaaS, PaaS, SaaS) and deployment models (Private or Public) are supported? |
||
|
What client models are supported: 1. Mobile – What platforms, application type (app vs. web based) and the limitations 2. Browser – What browsers are supported and what standards are used (ex: HTML 5) 3. Thick Client – What OS platforms are supported? |
||
|
Is there a configurable business rules and or workflow engine included? |
||
|
Are there business process or workflow capabilities built into the solution? If so, what standards does it use? |
||
|
Are there any open source used in your solution? |
||
|
How much of the logic is hard coded vs. being data driven or configurable? |
||
|
Interoperability |
Do the solution support integration with its processes and information? |
|
|
At what level and how deep is integration supported? |
||
|
Explain how functionality can be extended in the solution |
||
|
Describe the various protocols supported by the solution. Indicate required, optional and major non-supported protocols. |
||
|
Describe communication ports and ability to move across the enterprise and outside the company firewall. |
||
|
Is there support for Enterprise Service Bus (ESB) or middleware technologies? |
||
|
If ESB or middleware technologies are supported, how is the solution configured to fit within a services framework? |
||
|
Is the integration supported by services? If so, what types of services? (ex: Web Services, EJB, .Net Remoting, Queues, etc.) |
||
|
How are the services implemented? |
||
|
What service standards are used? (Web Services over HTTP, SOAP, REST, etc.) |
||
|
What services directories (ex: UDDI) can the solution hook into? |
||
|
Does the solution provide or receive bulk transactions or data feeds? |
||
|
Does the solution wrap the database with a service or does the solution access the database directly? |
||
|
How does the solution support synchronous and asynchronous transactions? |
||
|
Does the solution have publish/subscribe capabilities? |
||
|
Are there integration adapters that are provided? If so, identify. |
||
|
Platforms |
OS Platforms |
|
|
What are all the supported Operating System (OS) platforms and their versions across the solution? |
||
|
Describe the OS platforms and their configurations at all tiers of the solution. |
||
|
Has the solution been tested and/or certified with new OS platforms or emerging OS platforms that are in planned release within the year? |
||
|
If there are multiple OS platforms available (that compete), provide the recommended OS platform(s) with pros and cons contrasted by your solution set. |
||
|
Are there recommended platform recommendations based on size of the organization and/or the size of the solution? If so describe the recommendations. |
||
|
Application Platforms |
||
|
Describe the application platforms that are required in the solution. (ex: Apache, IIS, BizTalk, WebSphere, etc.) |
||
|
If multiple database platforms are supported, what are the preferred DB platform(s)? |
||
|
Affordability |
What is the solution licensing model? |
|
|
What client licensing is required for each end user or desktop? |
||
|
What is the server licensing model? (ex: per CPU, per CAL, per Core, etc.) |
||
|
Are there any third party licenses required? |
||
|
Infrastructure |
What class of hardware is recommended across the tiers of the solution? (ex: processor, disk, memory, etc.) |
|
|
Provide a profile of recommended server counts and configurations. |
||
|
Is virtualization supported? If so, by which vendors? |
||
|
Provide example physical topologies of the solution. |
||
|
What is the scaling model for the architecture (Scale-Up / Scale-Out ) |
||
|
Data Communications |
Are there any network requirements for this solution? |
|
|
Are there any solution limitations with implementing network segmentation? |
||
|
Are there any solution limitations with implementing multiple DMZ tiers? |
||
|
Are there any solution limitations with implementing VLAN's? |
||
|
Are there any solution limitations with implementing network appliances such as SSL / XML acceleration or network load balancing? |
||
|
SaaS Solutions |
Is there a solution hosting model? If so, define. |
|
|
Is a cloud platform provided for optional development or integration? |
||
|
Is the solution hosted on a third party platform? (ex: Amazon or MSFT?) |
||
|
What is the solutions connectivity to the internet or to internal systems? |
||
|
Define the solution inbound and outbound traffic. |
||
|
Is multi-tenancy supported? |
||
|
What level of business continuity and disaster recovery supported? |
||
|
Performance and Scalability |
Is load balancing supported and implemented in the solution? |
|
|
At what level is load balancing supported? (ex: application and/or at the network level) |
||
|
Describe how high availability is supported. |
||
|
If available, provide a performance and/or stress test report. |
||
|
Describe the number of transactions per hour that the solution can handle with the recommended solution implementation. |
||
|
Describe the number of concurrent user sessions that the solution can handle with the recommended solution implementation. |
||
|
What is the recommended scaling model? Scale up or out? |
||
|
What factors determine hardware, OS, database or other system component upgrades? |
||
|
Describe the algorithm or guidance that you use to determine the solutions configuration and scaling model. |
||
|
Describe your systems capabilities for automated fail-over and/or error detection and prevention |
||
|
Security |
What is the authentication model? |
|
|
What is the authorization model? |
||
|
Does the solution support Single Sign On? If so, is customization required? |
||
|
Can the security be externalized into an enterprise identity store such as Microsoft Active Directory? |
||
|
Are trust boundaries defined with users that are authenticated across those trust boundaries. |
||
|
If security is custom and internal to the system, can the solution support strong passwords? |
||
|
Is there security API's for application level integration? |
||
|
What auditing mechanisms are available from within the tool? |
||
|
If externalization of authentication and authorization is unavailable can identities be provisioned and de-provisioned? If so, elaborate? |
||
|
How are transaction secured? |
||
|
What protocols are used to secure the solution? |
||
|
Are data or message level transactions supported? (ex: ws-security) |
||
|
Is federated identity supported? |
||
|
What level of hardening is supported on the platforms and protocols/ports? |
||
|
Is there unsecured data at rest along the process chain? |
||
|
Training |
What end-user training options are available and at what cost? |
|
|
What administration training options are available and at what cost? |
||
|
What application development training options are available and at what cost? |
||
|
Databases |
Is an ERD available for the solution? |
|
|
Is a data dictionary for the solution available and if so what is the format and what metadata does it include? |
||
|
What databases and versions are supported by the solution? |
||
|
What database versions have been certified and/or tested? |
||
|
If multiple databases are supported what is the preferred database? |
||
|
How is access to the database achieved from the application? |
||
|
How is access to the database achieved from external applications? |
||
|
Are there specific database access components or drivers required at any tier in the solution? (ex: client tier) |
||
|
Identify all the locations in the solution where data may be kept. This can include flat files, cookies, XML files, access databases, etc. |
||
|
Is referential integrity handled at the application, services, database or not implemented? |
||
|
What is the typical size, number of transactions and complexity of the database compared to the requirements given by our company? |
||
|
Under what conditions can the database significantly expand? (ex: increase in customers, employees, assets, transactions, etc.) |
||
|
What is the largest database implementation that you currently support? |
||
|
Provide a list of all the database platforms you support. |
||
|
Does the solution have special fault tolerance mechanisms? |
||
|
Will the solution support native database fault tolerance mechanisms? |
||
|
Does the solution allow for SSIS or ETL solution integration? |
||
|
Are there any special considerations for backup and recovery of the solution? |
||
|
Are there any batch processing events that occur within the application? |
||
|
Is the supported solution database schema modifiable? |
||
|
Support |
What is the delay before the solution supports a next release of dependent platform such as OS, database, Web Server, etc. |
|
|
Describe the instrumentation included in the solution that allows for the health and performance of the application to be monitored. |
||
|
Is there a defined support model based on technology or platform selection? |
||
|
How often are new versions released? |
||
|
How often are patches released? |
||
|
What is the support model for the solution in relation to the co-existence with OS patch releases? |
If you decide to use these questions as a starting point for your evaluations, please tell me about it as I would love to hear how you have changed the questions based on the solutions you are evaluating.