Kitabı oku: «IT Architecture from A to Z: Theoretical basis. First Edition»
Translator Lala Aliyeva-Klychkova
© Vadim Aldzhanov, 2018
© Lala Aliyeva-Klychkova, translation, 2018
ISBN 978-5-4493-9132-2
Created with Ridero smart publishing system
PREFACE
About the author
Vadim Aldzhanov
Vadim Aldzhanov is a Microsoft MCP, MCSA Security, MCSE Security, MCTS, MCITP, MCITP SQL Database Administrator, Cisco CCNA, VMware VCP4, CompTIA A+, Network+, Security+, EC – Council CEH и ECSA, SNIA Certified Storage Professional SCSP, Wireless Technology CWTS, CWNA, CWSP, IT Management ITILv3, Apple Certified Associate – Integration | Management.
A series of books “IT Architecture from A to Z: Theoretical Basis” contains and harnesses the knowledge and experience of more than 17 years in IT. I was involved in banking for 14 years, and headed the IT department most of time. At this moment, I am an IT Architect in one of the largest holdings in the country. I have a bachelor’s degree in radio engineering and a master’s degree in Computer Information Systems (CIS). I am also continuing my education for a doctoral degree in Management of Information Systems (MIS). In addition, I have about a thousand hours of training in specialized courses on system administration, computer networks, wireless networks, storage systems, virtualization systems, information security, IT services management, project management, banking, plastic cards, strategic planning, auditing etc. My LinkedIn profile: https://www.linkedin.com/in/vadim-aldzhanov-623a7b44/
Introduction
A series of books “IT Architecture from A to Z” is an author’s attempt to collect, summarize and systematize his accumulated experience and knowledge in IT.
A series of books “IT Architecture from A to Z” – Green Book
“IT Architecture from A to Z: Theoretical Basis” is the first book of the “IT Architecture from A to Z” series which contains the theoretical basis of planning, building and maintaining IT architecture, Project management, IT services, etc. It is used as a source of proven practical materials and recommendations of standards and practices. It is a revised, amended and updated edition of “IT Architecture: a Practical Guide from A to Z”.
A series of books “IT Architecture from A to Z” – Blue Book
“IT Architecture from A to Z: A Complete Solution” is the second book of the “IT Architecture from A to Z” series which contains detailed technical information and practical examples of implementing IT solutions based on the fundamentals of the theory described in the first book. As examples, I considered Windows 10/2016 based solutions, as well as complex solutions on monitoring, managing and configuring Microsoft System Center 2016, Microsoft SharePoint Server 2016, project management solutions in Microsoft Project Server 2016, Exchange 2016, Skype for Business 2015 solutions, functionality of Direct Access 2016, Hyper-V, DFS и File Server, RDS etc. I presented the detailed requirements and examples of system assurance estimates as well as the power capacity calculations and costing solutions. The author selects solutions that are the most suitable for performing the objectives set, or have been practical for him. It is a revised, amended and updated edition of “IT Architecture: A Practical Guide from A to Z”.
A series of books “IT Architecture from A to Z” – Grey book
“IT Architecture from A to Z: Documentation Templates” contains the set of documentation templates and examples, required for daily IT routine. It is used as a source of proven practical materials and recommendations of standards and practices.
A series of books “IT Architecture from A to Z” – Yellow book
“IT Architecture from A to Z: Solutions Catalog” describes the possibilities of various IT solutions, analysis and comparison of functionalities. Over a hundred solutions have been tested or practically used so far.
A series of books “IT Architecture from A to Z” – Red book
“IT Architecture from A to Z: Alternative Solutions” contains detailed technical information and practical examples of carrying out the IT solutions based on the theory, described in “IT Architecture from A to Z: Theoretical Basis”. As examples, the author uses solutions whose priority selection criterion is “zero value”. The IT infrastructure and components described in the “Blue book” are taken as a basic solution.
A series of books “IT Architecture from A to Z” – Black book
“IT Architecture from A to Z: Cloud solution” contains the detailed technical information and practical examples of carrying out the IT solutions based on the theory described in “IT Architecture from A to Z: Theoretical Basis”. The “cloud” solutions are used as examples where possible.
The Objectives of thee Book
The objectives of the book is to help the specialists, IT managers and directors to build the architecture of the enterprise, arrange management processes, calculate the costs of implementation and maintain the IT infrastructure, select the optimal architecture solution, from both a business and IT perspective. The book will help arrange communication between business and IT, allowing them to communicate in the same “language”. The material presented in the book is not sufficient for a detailed study of all aspects of IT operations, but it is enough to understand the links of various aspects and give a direction for organization development in general and particularly in IT.
The book is not a mandatory guide for selecting a product or a solution, and presents the author’s views.
The material is presented in a logical order, supplemented with theoretical information and illustrative examples of implementation. That makes the guide useful for methodical study of all aspects of IT operations, as well as using it as a handbook when working with particular systems.
Scope covered by the Book
This book is the first one of the series “IT Architecture from A to Z” and a Russian manual, containing and harnessing theoretical knowledge of enterprise architecture, project management, informational security, IT service and audit arrangement and management. The book also considers the order of their practical use, allowing complete provision of organizational needs for building and managing IT architecture and IT infrastructure. Extensive material gives systematic description of the state of the modern IT company and demonstrates the main models and approaches of creating an IT strategy, risk management, IT service control, risk analysis and quality management, IT audits, and integration and interaction of various approaches and methods. The book is for the general public and will be useful to:
•Top-managers, IT curators, CIO’s of the large and middle companies since it provides better understanding of TOGAF based Enterprise Architecture, the IT role and involvement ИТ in business and indicators of financial investments distribution in IT services. Business representatives will be able to understand the general aspects of the functioning of the IT infrastructure, technical terms, the fundamental differences between various architectural solutions, and principles of building and maintenance of technical solutions. The book allows you to create metrics and IT infrastructure effectiveness reports understandable by both parties.
•Heads of IT department, IT architects and middle managers, and project managers who need theoretical basis of IT service management (ITSM) using ITIL recommendations and practices, project integration management (PMI) in IT, Control Objectives for Information and Related Technologies (CobiT) and information security.
This book is not supposed to be used by small IT infrastructure since the cost of paper is higher than IT requirements. It will also be ineffective for large enterprises with corporate governance, as every direction is likely to be managed by the narrowly focused experts.
Special Thanks
I express my gratitude to my friends, teachers, managers and colleagues for their help in writing the book and their invaluable experience and knowledge obtained via communication with such people as Alexander Buslayev (“AIC Group”), Irshad Guliyev (“SINAM”), Fazil Mammadov (“ROTABANK”), Yana Khmelnitskaya and Karsten Stellner (“LFS Financial Systems GmbH”), Thomas Engelhardt (“Microfinance Bank of Azerbaijan”), Andrew Pospielovsky (“ACCESSBANK”) and Alan Crompton (“Baku European Games Operation Committee BEGOC 2015”).
Legal Notice
The information contained in the book does not carry any trade secrets or other confidential information. The materials are collected from open sources, revised by the author by using his experience and knowledge. Some of the examples reviewed are for reference only and are fictional. Any similarity with real people or organizations is accidental. All companies and product names mentioned in the book may be trademarks of their respective owners.
Copyright
The information specified in the book may not be reproduced, duplicated, copied, transmitted, distributed, stored or used for any commercial and non-commercial use without the written consent of the author.
@ Copyrights Vadim Aldzhanov, 2018
Disclaimer
The author makes no warranties or statements about the accuracy, suitability or completeness of the information, links or other items contained in this document. The book is available to all readers “as is” without any express or implied representations or warranties, including warranties regarding merchantability or suitability for a particular purpose. The document may contain inaccuracies or spelling errors.
The author does not assume any liability for direct, indirect, incidental or other damages when using this guide. The reader of this manual is informed.
This book is dedicated to my parents, my loving wife and two wonderful daughters.
CONTENT DETAILS
The first book of a series includes a discussion of the theoretical basis for building an IT company and considers the following:
•Chapter 1: Building the Enterprise Architecture deals with the issues of building Enterprise Architecture, IT strategies, and so on.
•Chapter 2: Project Management discusses the foundations, applied methodologies, accepted methods of the Project Management, and so on.
•Chapter 3: Risk Management considers methods of risk assessment, risk classification and risk response.
•Chapter 4: Quality Management describes the basic principles and methods of project management when using methods based on the principles of quality management and economical production.
•Chapter 5: Business Process Management and Business Models of various business areas considers the basis of building business processes, the type of business organization and linkages with information systems.
•Chapter 6: Information Systems and Data Integration addresses issues of data integration between different information systems, various architectural solutions, challenges and opportunities. It also deals with the levels of centralization of automated management systems are considered.
•Chapter 7: Information Security considers information security issues and arranging interaction of information security and IT.
•Chapter 8: IT Service Management considers the processes of building IT service management using ITIL.
•Chapter 9: IT Control and Audit addressed general issues of IT control and auditing.
•Chapter 10: IT financing considers financing models, principles of evaluating IT projects, methods and practices for valuation of IT services, etc.
•Chapter 11: Organization of IT Activities discussed general issues on the structure, organization, management of the IT department.
•Chapter 12: Components of IT Infrastructure considers high-level components of IT infrastructure.
•Chapter 13: Components of IT Support Systems considers the high-level components of engineering and support systems.
IT ENTERPRISE ARCHITECTURE
General Provisions
This chapter describes the general information on Enterprise
Architecture. A generic definition can be represented as depicted below:
“Relationships of IT methodologies”
Enterprise Architecture is a set of principles, methods and models used in the design and implementation of an organizational structure, business processes, information systems and technologies. It is a management practice aimed at maximizing the impact of the enterprise, investing in IT, developing systems in achieving the enterprise goals, converting the business vision and strategy into an effective change of the company through creating, discussing and improving key requirements and principles that describe the company’s future state and enable its development.
Since the Enterprise Architecture is a complex solution including the intersection of various methodologies and techniques, building an Enterprise Architecture should take into account, but not be limited to, the recommendations of the following standards:
•TOGAF – Enterprise Architecture
•ISO/IEC 20000 – Quality in IT Service Management
•ISO/IEC 27000 – Best Practice IT Security Standards
•CobiT v5 – Audit and Control Framework
•ITIL v3 – Best practices in IT Service Management
•MOF – Microsoft Operations Framework
•PMI – Project Management Institute
The architecture is designed to respond to such challenges and problems of the organization as:
• Business discontent of the IT service for objective or subjective reasons.
• Inability to assess the effectiveness of IT use in business.
• Mess in IT solutions and systems implemented in the organization.
• The complexity of making IT-related decisions.
• The complexity of IT budget coordination and the launch of IT projects.
• Growth of “Information” value and connectivity between business and IT.
• Lack of transparent and clear connections between business and IT.
• Whether solving the actual business problems using IT is possible?
• How to make IT give companies greater value?
• How to change IT with changes within business?
• IT systems are complex, unmanageable and expensive to maintain.
• IT systems restrain an organization from responding adequately to changes within business.
• Business-critical information is untimely and inadequate.
• Communication culture between business and IT is missing.
As a result, the business does not see any value in information technologies. CIO’s face difficulties in pushing new ideas if they talk about technology. They are not understood. Everything they can do is to support what already exists and do the objectives pitched by the business. The serious problems arise with the justification of IT budgets. In fact, the CIO acts more like a foreman who fills in the holes, rather than a top manager who is developing the company. Top managers quickly lose interest in IT projects, and therefore, they lose funding and fail. IT department are replaced with various system integrators to implement “fancy schmancy” solutions that will “save” the business. The ideas also arise to take all company’s IT assets and services and outsource them. It will be difficult for the IT department to fight with integrators and the result is predictable – the integrators have one key competence, i.e. technology, and that is their forte. The IT department is turning into a “swamp”, and the best employees leave taking away the unique knowledge and skills. The goals of an integrator or an outsourcing company are the same as your company’s – making a profit. But unlike the IT department, whose interests coincide with the interests of your company, the integrator’s interests may not coincide with yours, including unique ideas and visions. At best, it will be “like everyone else,” and the business will lose its identity (if it is inextricably linked to IT) or quoting one movie character: “… we will have everything new in an old fashioned manner…”. The end is sad.
The Main Aspects of Enterprise Architecture
To fight the above-mentioned problems and consequences, the Enterprise Architecture helps shape the following important criteria.
Structuring the Enterprise
When building an Enterprise Architecture, the first and most important aspect is an understanding of the enterprise’s organizational structure, principles of management, decision-making, etc. The organizational structure is a fixed and ordered set of objects and connections between them. Depending on the specialization and operations the organization may have:
•Vertical structure – in terms of subordination
•Horizontal structure – in terms of functions and operations.
Accordingly, the management structures are distinguished as linear based on “chief – subordinate” principle and functional, i.e. “professional integration based on the operational specifics”. As a result, organization structure can be represented as the following main types and their varieties:
• Flat, the simplest structure, is suitable for work or project teams, or a small organization.
• Breakdown (bureaucratic) is based on the organizational structure, the functional division of labor and employees’ responsibilities.
• Linear, direct control (head – subordinate), communication between departments occurs through heads of departments only.
• Functional, interaction is based on function.
• Linear-functional – the interaction is combined in a linear and functional type (the most used model).
• Linear and staff – separate functional groups (staffs), conducting work independently with departments or organizations. As an example, a group of companies in the holding.
• Divisional is characterized by central coordination with decentralized management. The key figures in this case are not the heads of functional units, but the managers of individual branches, factories, and so on.
• Organic (adaptive) – the structure formation is based on the need to adapt to changes. Relationships are based not on the structure, but on the nature of the objectives set.
• Project – organized during project management.
• Matrix (program-targeted) – the principle of dual reporting, direct reporting to the manager and project manager
• Brigade (cross functional) – work in separate groups with independent management and decision-making (contrary to breakdown).
Organizational structure may depend on a number of factors:
•Specificity and diversity of operations;
•Geographical location;
• The centralization level of the organization;
• Organization strategy;
• Number and range of services provided.
IT role in the organization
One of the main criteria of building an Enterprise Architecture is to identify the IT role within the organization. If we ignore articles and recommendations about the importance of IT in the modern world given by consultants and other small talks, we have to rigidly fix the role of IT in the organization, the objectives, rights, opportunities and degree of responsibility. To understand the IT role in a particular organization, one needs to answer the following questions:
How is IT involved in business? How much does business depends on IT? Many business processes and functions are tied to complex, centralized or specific IT solutions. Business development is impossible without rapid and quality IT work. There are entire industries that depend on IT such as banks, insurance companies, other financiers, service companies, Public agencies, technology and power companies, etc. (as an example, two-thirds of the bank employees work in one way or another with a centralized banking program, while only a few rural organizations use mostly autonomous IT solutions, where majority the employees work on the field or the computerization of the company is low).
Whether your organization can be attributed to large or medium-scale business. In my opinion, as long as all the technologies of the company are stored in one head, and the CIO communicates directly with the management it is too early to think about the enterprise architecture. For small-scale businesses, enterprise architecture is superfluous.
Whether your company is actively developing IT. The company has several IT projects per year, or at least one project on implementing ERP, CRM or other complex solution. Enterprise Architecture will help to make a decision save from most alterations, errors, inconsistencies, delays and other problems. There must be one person, or groups of people in the company to have a general picture of the future and understand the development process. Otherwise, the pieces of different projects will never make a puzzle.
Whether the company periodically faces IT crises having a significant impact on the business, or there are failures in information systems affect the business and even stops it. Failures are caused by integration problems, miscalculations in infrastructure solutions, temporary solutions and just a mess. Not all projects, including IT, end successfully, meeting the deadlines, budget and stated requirements. If your company management is fed up with failures, delays, exceeding the budgets of IT projects, it is worth thinking.
Companies are looking for speed, quality and efficiency of IT development. One of the parties (business or IT) is developing much faster than the other one. If business develops faster than IT, the latter one impedes the company’s development. Conversely, if IT develops faster than the business needs, business lose money (good IT costs money) and profits (the business does not use all the potential IT capabilities). Both parties should be on the same wavelength to allow the harmonious development of all company’s elements.
Building a relationship between business and IT
IT actions should be focused on business goals and objectives. Business and IT parties see the objectives, goals and expectations differently. This is what IT staff says “…we are good in technology, we are paid for the ability to program, configure, install and solve technical problems, etc. Our work commences as we receive the statement of work…". While business sees it as “…there are so many IT innovations, IT should give us some kind of solution to increase sales. In the worst case scenario, we need a solution our competitors already have. So their sales are higher …you are welcome to implement it since you’ve made a decision though you don’t understand how this business works…”. The task of the CIO is to have an equal share in the discussion of business strategy. The general principle can be defined as: “a business describes its requirements and expectations (business requirements), while IT creates a statement of work to achieve the goals.”
Establishing collaboration between business and IT
All above mentioned is followed by another important problem, i.e. the “vacuum” in communication between business and IT employees. The task of the organization’s management and the CIO is to establish communication between the organization’s employees not only at the top-level, but also between the middle-level employees and the direct executors of business and IT. As the saying goes “the devil is in the details.” Any cool idea in general should be fine-tuned. At this stage, the specific thinking of IT specialists with having causal link, and WH-questions such as “…what happens if…,”, “… how to control…”, “…how to measure …”, as well as analysis of limit state scenarios, will help develop an optimal solution. In addition, such questions will help business representatives to understand and work out the solution from a business point of view and what to demand from IT, the ongoing solution capabilities and their future opportunities or limitations.
Getting maximum value from IT
Most organizations, except IT company, IT is used only as a tool to achieve business goals, a secondary service, just like accounting or administration, providing support for key areas and processes. IT evaluates solutions in terms of technical maturity, completeness, functionality, and so on. At the same time, the business’s only interest is making profit. A perfectly developed technical solution can nullify the business advantages of the idea itself, make it difficult to use and expensive to implement and maintain. It reduces financial benefits and makes the solution inconvenient for customers, etc. The tasks of CIO is not to develop the best solution from the IT point of view, but the most correct one. The most correct solution will be made by using the formula and of the following key components:
VALUE = BENEFIT – COSTS
From a business perspective, it can be interpreted as getting maximum value from IT. The value of information technology is the difference between the benefits of using information technology and the its cost. From an IT perspective: Compliance with IT values and requirements i.e. workability, security and manageability.
Transferring part of the work to the IT department or refusing to automate a number of elements can reduce the cost of the solution, increase ease of operation and convenience for customers.
One of the primary objectives is to define the boundaries to search for opportunities and identify the border, beyond which is destroing the foundations of IT manageability and information security.
Management of change
What we mean in the context of this chapter is the readiness for changes initiated by the business. The business environment can change quickly and radically: new business niches emerge, new products are developed, mergers and acquisitions take place. This can lead to the situation when technical solution used in the organization does no longer meet the organization’s requirements. The IT objective is to adapt an existing solution or develop a new one as soon as possible spending minimum budget to meet the business’s new requirements. As a result, when developing IT strategies and IT solutions in particular, it is necessary to keep in mind a certain flexibility and generality.
Sorting out and managing IT development
Modern realities of business and technology development lead requirement to implement more and more new technological solutions. Different methods and models of their implementation, i.e. independent development, the purchase of a Commercial Off-the-shell solution, implementation and maintenance by a third party, etc. leads to a large number of different duplicated hardware and software in IT infrastructure, obsolete solutions, and so on. Moreover, it generates constant dependence on professionals with “unique” knowledge and experience. The task of the CIO is to arrange IT management, continuous training on new technologies for employees, selection of promising directions to benefit business.